litchralee
@litchralee@sh.itjust.works
- Comment on In the United States; is it illegal to use a single serve wrapped slice of Kraft cheese as a postcard? 1 day ago:
At the very minimum, this type of mail would incur the $0.46 non-machinable surcharge because it’s smaller than one of the minimum USPS dimensions for postcards, namely that one size has to be 5 inches (127 mm exact). You may also have issues with it being too floppy for basic handling by the postal carrier, especially if it was previously left in a warm mailbox.
But perhaps a more practical issue may arise first: will stamps even adhere to the wrapping of a Kraft Cheese single? If you cannot affix postage, that’s the most immediate impediment.
- Comment on Infinite interrupts except when logic analyzer is connected. Tried a pull-up resistor. 1 day ago:
Switching noise is naturally the first place to look, when an IRQ is firing rapidly and unexpectedly. But have you verified that your IRQ handler is completely handling each interrupt event? And that another interrupt event while handling the prior one will not lead to unusual behavior?
It could very well be a rare, spurious interior firing due to noise, but then exacerbated by an IRA handler that doesn’t clear properly, leading to high speed sprioois events.
What are the approximate sizes for the internal and external pull-up resistors you’ve attached? And what is the impedance for the actual interrupt source, when it actually fires?
- Comment on If I snapped you back in time 650 years right this very second, how would you use your current knowledge to succeed? 2 days ago:
no rubber for seals
Modern synthetic rubber would indeed be unavailable, but I vaguely recall reading something to the effect that early steam engines used leather seals or something like that.
But yeah, there’s a lot of missing prerequisites for machinery. Even simple rotary power – like from a windmill or waterwheel – would suffer from being incapable of long distance transmission
- Comment on 2 days ago:
should
when it comes to legality
This needs clarification. Are you asking about the legal status of Character AI’s chatbot, and how its output would be treated w.r.t. to intellectual property rights? Or about the ethical or moral questions raised by machine-generated content, and whether society or law should adapt to answer those questions?
The former is an objective inquiry, which can be answered based on the current laws for a given jurisdiction. The latter is an open-ended, subjective question for which there is no settled consensus, let alone a firm answer one way or another.
I decline to answer the latter, but I think there’s only one answer for the objective law question. IANAL, but existing fanfiction does not imbue its author with rights over characters from another author, at least in the USA. But fanfiction authors do retain copyright over their own contributions.
So if an author writes about the 1920s Mickey Mouse character (now in public domain) but set in a gay space communist utopia, the plot of that novel would be the author’s intellectual property. But not the character itself, which remains public domain. However, character development that happens would be the author’s property, insofar as such traits didn’t exist before.
What aspects of this situation do you envision would require different treatment just because it’s the output from a chatbot? Barring specific language in a Terms of Use agreement that transfers ownership to the parent company of Character AI chatbot, machines – and gorillas – are not eligible to own intellectual property. The author would be the human being which set into motion the conditions for the machine to produce a particular output.
In conventional writing, an author does not relinquish ownership to Xerox Corporation just because the final manuscript was printed using a Xerox-made printer. But just because an author uses a machine to help produce a work, that will not excuse plagiarism or intellectual property violations, which will accrue against the human being commiting that act.
(I express no opinion on whether intellectual property is still a net positive for society, or not)
- Comment on What's the point in getting married? 3 days ago:
There’s at least !bestoflemmy@lemmy.world
- Comment on How do man made hiking trails keep the grass from overgrowing? 4 days ago:
I should clarify that my original comment – foot traffic keeps paths in decent shape – was in answer to the OP’s titular question, about why vegetation doesn’t grow atop the intended walking/hiking trail. But you’re right that traffic will cause other impacts, even if plantlife isn’t getting in the way.
I’m in 100% agreement that for trail upkeep, people have to be mindful how they step. The advisories here in California focus on not eroding the edges of the trail, such as by walking around muddy areas, which would only make the restoration work harder and damage more of the adjacent environment. We have a lot of “stay on trail” signs. We advise people to either be prepared to go right through the mud – only worsens an existing hole – or don’t walk that trail at all.
- Comment on How do man made hiking trails keep the grass from overgrowing? 4 days ago:
Obligatory reference to desire paths: !desire_paths@sh.itjust.works
- Comment on [deleted] 1 week ago:
My understanding is that the de minimis tariff treatment for import shipments is different than the duty-free personal exemptions that apply for “accompanied baggage” when re-entering the USA.
Assuming this CBP page is accurate, the $800 exemption is one of three possible exemptions that can still apply. The $1600 exemption only applies when returning with stuff from Guam, American Samoa, or USVI, and the $800 can only be claimed every 30 day. The last resort is the $200 exemption, which is always available, and ostensibly is there to allow Americans living near Canada or Mexico to not have to deal with border taxation just because they had to buy lunch or gasoline during day trips.
- Comment on Need help getting domain to resolve over LAN 1 week ago:
I agree with this comment, and would suggest going with the first solution (NAT loopback, aka NAT hairpin) rather than split-horizon DNS. I say this even though I have a strong dislike of NAT (and would prefer to see networks using flat IPv6 addresses, but that’s a different topic).
Specifically, problems arise when using DNS split-horizon where the same hostname might resolve to two different results, depending on which DNS nameserver is used. This is distinct from some corporate-esque DNS nameservers that refuse to answer for external requests but provide an answer to internal queries. Whereas by having no “single source of truth” (SSOT) for what a hostname should resolve to, this will inevitably make future debugging harder. And that’s on top of debugging NAT issues.
Plus, DNS isn’t a security feature unto itself: successful resolution of internal hostnames shouldn’t increase security exposure, since a competent firewall would block access. Some might suggest that DNS queries can reveal internal addresses to an attacker, but that’s the same faulty argument that suggests ICMP pings should be blocked; it shouldn’t.
To be clear, ad-blocking DNS servers don’t suffer from the ails of split-horizon described above, because they’re intentionally declining to give a DNS response for ad-hosting hostnames, rather than giving a different response. But even if they did, one could argue the point of ad-blocking is to block adware, so we don’t really care if SSOT is diminished for those hostnames.
- Comment on Little weapons 1 week ago:
Well, since I’ve already linked to two of my not-quite-a-lathe projects, I might as well link to the one which started it all: sh.itjust.works/post/16087080
This one does have a motor, but not a conventional one at all. And this only worked because the thing I’m turning would need a center hole drilled through anyway.
- Comment on Little weapons 1 week ago:
Thank you for the kind words! All of the tools I used were things that were laying around. I’m marginally better at woodworking than metalworking, so that’s why the jig holding the bar was all wood.
I did think about attaching the motor from a disused drill press to spin the bar, but that seemed like it would invite all manner of complexity.
Lathe is in my future, but I kinda want a CNC first. But a CNC + lathe would be god-tier.
- Comment on Little weapons 1 week ago:
I am a big fan of makeshift lathes, for tasks that don’t necessitate a full metal workshop. Though I do hope to have a small lathe one day.
- Comment on How come there are components in TO220 packages that supposedly take 100A with their small legs? 1 week ago:
The datasheet for the IRF1404Z does indeed show that the TO-220 package has a limit of 120 A continuous at 25 C. It should be noted that the junction temperature is rated for up to 175 C, which might provide a lot of headroom for, but we’ll see.
The minimum dimensions for the drain and source leads are 0.36 mm by 1.14 mm. This gives us some 0.41 mm^2 cross sectional area. Assuming the leads are made of aluminum – I’m on mobile and can’t quickly check the composition for the generic TO-220 package – which has a resistance of about 60 Ohm per km, and with the lead being a maximum length of 14.73 mm, the resistance of either lead will be some 0.88 mOhm.
At 120 Amps, the resistance heating would be about 12.6 Watts. That’s quite hot for a short lead, and there’s two of them. But the kicker is that these aluminum leads are also thermally conductive, either into the package towards the junction, or away and into a generous PCB layer or to suitably-sized copper wires.
Either way, that will sink a fair amount of heat, although the thermal resistance for the package legs is not given in this datasheet. It may be defined for generic TO-220 packages though.
As a practical matter, to operate a MOSFET ar 120 A would likely require active cooling, and their test jig plus all reasonable implementations will have a fan. Moderate airflow over the leads will also wick temperature away, which might bring the leads down to a “hot but not fire-inducing” levels. But an EE or thermal engineer would need to sit down to do that simulation.
- Comment on Why do some drivers turn off the signal sound so quickly? 1 week ago:
Is this question about drivers that turn off their indicators while still mid-turn? Or about drivers that turn or change lanes in very little time at all?
IMO, the correct time to use indicators is precisely when in preparation for a turning or lane-change manoeuvre, during such manoeuvre, and that’s it. Once the manoeuvre is done, the indicators should be extinguished to avoid ambiguity, unless a follow-up manoeuvre is planned.
I see no logical reason to enforce a prescribed minimum for indicator time, and it’s why I see minimum-three-blink on some modern cars as an anti-feature. After all, there’s no minimum (nor maximum) time to prepare and make a turning manoeuvre.
To use a USA example, the driving style of Los Angeles Intercity freeways is – for betre or worse – going to necessitate fairly quick lane changes, because of the tighter spacing between cars. In hard figures, a lane change might be prepped and done in 3 seconds. Some might say that all these drivers are violating good driving behaviors for following each other so closely, but it’s sadly a practical necessity when no amount of “just one more lane” can solve the systemic issues with regional road transportation there; it’s why LA is doubling down on public transit building.
Compare this with changing lanes on a rural Interstate freeway to pass a semi-truck, where a lane change can be more sedate because there might not be any other traffic in sight except for the two vehicles involved. Smooth driving on a road-trip might have this manoeuvre prepped and completed over 10-15 seconds, as the car might also be accelerating while also changing lanes.
In both circumstances, the indicators should remain blinking while mid-manoeuvre. Anything short of that is “too quick” in my book.
But if your question is how far in advance should drivers begin indicating before the manoeuvre, that’s a joint matter of regional convention and of law. And the former usually is the strongest influence.
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
Not “insecure” in the sense that they’re shoddy with their encryption, no. But being free could possibly mean their incentives are not necessarily aligned with that of the free users.
In security speak, the CIA triad stands for Confidentiality, Integrity, and Availability. I’m not going to unduly impugn Proton VPN’s credentials on data confidentiality and data integrity, but availability can be a legit security concern.
For example, if push comes to shove and Proton VPN is hit with a DDoS attack, would free tier users be the first to be disconnected to free up capacity? Alternatively, suppose the price for IP transit shoots through the roof due to weird global economics and ProtonVPN has to throttle the free tier to 10 Mbps. All VPN operators share these possibilities, but however well-meaning Proton VPN and the non-profit behind them are, economic factors can force changes that aren’t great for the free users.
Now, the obv solution at such a time would be to then switch to being a paid customer. And that might be fine for lots of customers, if that ever comes to pass. But Murphy’s Law makes it a habit that this scenario would play out when users are least able to prepare for it, possibly leading to some amount of unavailability.
- Comment on How do I securely host Jellyfin? (Part 2) 2 weeks ago:
I previously proffered some information in the first thread.
But there’s something I wish to clarify about self-signed certificates, for the benefit of everyone. Irrespective of whichever certificate store that an app uses – either its own or the one maintained by the OS – the CA Browser Forum. which maintains the standards for public certificates, prohibits issuance of TLS certificates for reserved IPv4 or IPv6 addresses, among others. See Section 4.2.2.
This is because those addresses will resolve to different machines on different networks. Whereas a certificate for a global-scope IP address is fine because it should resolve to the same destination. If certificate authorities won’t issue certs for private IP addresses, there’s a good chance that apps won’t tolerate such certs either. Nor should they, for precisely the reason given above.
A proper self-signed cert – either for a domain name or a global-scope IP address – does not create any MITM issues as long as the certificate was manually confirmed the first time and added to the trust. Thereafter, only a bona fide MITM attack would raise an alarm, the same as if a MITM attacker tries to impersonate any other domain name. SSH is the most similar, where trust-on-first-connection is the norm, not the outlier.
There are safe ways to use self-signed certificate. People should not discard that option so wontonly.
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
Physical wire tapping would be mostly mitigated by setting every port on the switch to be a physical vlan
Can you clarify on this point? I’m not sure what a “physical VLAN” would be. Is that like only handling tagged traffic?
I’m otherwise in total agreement that the threat model is certainly not typical. But I can imagine a scenario like a college dorm where the L2 network is owned by a university, and thus considered “hostile” to OP somehow. OP presented their requirements, so good advice has to at least try to come up with solutions within those parameters.
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
I had a small typo where “untrusted” was written as “I trusted”. That said, I think we’re suggesting different strategies to address OP’s quandary, and either (or both!) would be valid.
My suggestion was for encrypted L3 tunneling between end-devices which are trusted, so that even an untrustworthy L2 network would present no issue. With technologies like WireGuard, this isn’t too hard to do for mobile phone clients, and it’s well supported for Linux clients.
If I understand your suggestion, it is to improve the LAN so that it can be trusted, by way of segmentation into VLANs which separate the trusted devices from the rest. The problem I see with this is that per-port VLANs alone do not address the possibility of physical wire-tapping, which I presumed was why OP does not trust their own LAN. Perhaps they’re running cable through a space shared with other tenants, or something like that. VLANs help, but MACsec encryption on the wire paired with 802.1x device certificate for authentication is the gold standard for L2 security.
But seeing as that’s primarily the domain of enterprise switches, the L3 solution in software using WireGuard or other tunneling technologies seems more reasonable.
- Comment on How to use GPUs over multiple computers for local AI? 2 weeks ago:
Prior-gen Epyc boards show up on eBay from time to time, often as CPU+mono bundles from Chinese datacenters that are upgrading to latest gen. These can be had for a deal, if they’re still available, and would provide PCIe lanes for days.
- Comment on How to use GPUs over multiple computers for local AI? 2 weeks ago:
I agree with the idea of not using a 10 Gbps network for GPU work. Just one small nitpick: PCIe Gen 1 in an x1 slot is only capable of 2.5 GTransfers/sec, which translates to about 2 GBits/sec, making it about 5x slower than a 10 Gbps line-rate network.
I sincerely hope OP is not running modern AI work on a mobo with only Gen 1…
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
After reviewing the entire thread, I have to say that this is quite an interesting question. In a departure from most other people’s threat models, your LAN is not considered trusted. In addition, you’re seeking a solution that minimizes subscription costs, yet you already have a VPN provider, one which has a – IMO, illogical – paid tier to allow LAN access. In my book, paying more money for a basic feature is akin to hostage-taking. But I digress.
The hard requirement to avoid self-signed certificates is understandable, although I would be of the opinion that Jellyfin clients that use pinned root certificates are faulty, if they do not have an option to manage those pinned certificates to add a new one. Such certificate pinning only makes sense when the client knows that it would only connect to a known, finite list of domains, and thus is out-of-place for Jellyfin, as it might have to connect to new servers in future. For the most part, the OS root certificates can generally be relied upon, unless even the OS is not trusted.
A domain name is highly advised, even for internal use, as you can always issue subdomains for different logical network groupings. Or maybe even ask a friend for a subdomain delegation off of their domain. As you’ve found, without a domain, TLS certificates can’t be issued and that closes off the easy way to enable HTTPS for use on your untrusted LAN.
But supposing you absolutely do not want to tack on additional costs, then the only solution I see that remains is to set up a private VPN network, one which only connects your trusted devices. This would be secure when on your I trusted LAN, but would be unavailable when awat from home. So when you’re out and about, you might still need a commercial VPN provider. What I wouldn’t recommend is to nest your private VPN inside of the commercial VPN; the performance is likely abysmal.
- Comment on What efforts would it take to strip the name Americans from the folks inhabiting the US? 2 weeks ago:
But outside it’s a very different story especially in places where the language isn’t English.
What is the demonym for something that can be found or belongs to “The Americas”, comprising both North and South America (and potentially Central if you go by the Three Americas way of splitting the continent)?
This is a fair question, and I suspect there simply is no generally accepted demonym in English. One could be introduced, but contrast that fairly simple exercise with the replacement of the broadly-recognized demonym for USA residents: “American”. Quickly, it becomes apparent that replacement is far harder than introducing a new demonym, even if the demonym itself isn’t very logical within the English language.
English is the same language that calls people from Deutschland as “German”, and then American English specifically might also call them “Dutch”, as in, the Pennsylvania Dutch, whom immigrated from Germany. Consistency is not strong in the English language, even over only a few hundred years.
- Comment on What efforts would it take to strip the name Americans from the folks inhabiting the US? 2 weeks ago:
I’ve not known any USA residents that call the continent as “America”. Instead, the continent – which in this case basically just means USA + Canada – would be “North America”. And if they meant the whole post-1490s “New World”, it would be “The Americas” for both North and South America together.
- Comment on How can you oppose tariffs, while supporting a hardline against China on Taiwan? 3 weeks ago:
Thank you for you kind words!
- Comment on How can you oppose tariffs, while supporting a hardline against China on Taiwan? 3 weeks ago:
I had an inkling that was the case. But I figured that, for my own benefit, I’d elucidate my position a bit more. If it falls on deaf bot ears, then that’s just how it is. There’s not much else I was going to say anyway.
- Comment on How can you oppose tariffs, while supporting a hardline against China on Taiwan? 3 weeks ago:
I agree that requiring certain industries to be based domestically is the best route
This isn’t what I said at all. What I meant was, for service businesses (eg car dealerships, warehouses, restaurants) and heavy industry (eg oil refineries, plastics and chemicals, composites like wind turbine blades or aircraft fuselages) which practically must remain within the country, support those endeavors by making it easier or cheaper to operate, so that an internal economy for those products develops locally. Trying to force stronger internal ties would inevitably lead to resources and incentives spent where they’re not most needed.
If you don’t tariff everyone, how does that bring manufacturing back? They’ll just move to the next cheapest country, and then you’re playing whack-a-mole.
I’m not sure if you saw my Mexico example or not, but manufacturing that moves from China to Mexico would still further a USA policy of reduced economic dependency on China. It doesn’t matter so much that it’s not “Made in USA” so much that it’s not “Made in China”, if that’s the desired economic policy.
And that doesn’t even include the knock-on effects that anchoring the Mexican economy would create: economic migration – when people move from a place of poorer economic condition to a richer economic place – would naturally abate if the Mexican economy grew. Economic opportunity also displaces gang warfare and drug distribution, in part.
The alternative is to apply huge subsidies for manufactures to ignore Mexico and set up shop in the USA, but then the cost of land, labor, and capital is substantially higher, and the products less affordable because they must be higher priced to pay for those means of production. Why do all this when Mexico or Canada are right next door?
- Comment on How can you oppose tariffs, while supporting a hardline against China on Taiwan? 3 weeks ago:
If you don’t support tariffs to bring back manufacturing jobs domestically, how do you think we could make it through a war with our manufacturing partners?
I express no position here about China nor Taiwan, but the false dichotomy presented is between: 1) enforce trade barriers indiscriminately against every country, territory, and uninhabitable island in the world without regard for allies nor enemies, or 2) diversify economic dependency away from one particular country.
The former is rooted in lunacy and harkens back to the mercantilism era, where every country sought to bring more gold back home and export more. The latter is pragmatic and diplomatic, creating new allies (economically and probably militarily) and is compatible with modern global economic notions like comparative advantage, where some countries are simply better at producing a given product, so that other countries can focus on their own specialization.
As a specific example, see Mexico, which under NAFTA and USMCA stood to be America’s new and rising manufacturing comrade. Mexico has the necessary geographical connectivity to the mainland USA, its own diverse economy, relatively cheap labor, timezones and culture that make for easier business dealings than cross-Pacific, and overall was very receptive to the idea of taking a share of the pie from China.
Long-term thinking would be to commit to this strategic position, this changing the domestic focus to: 1) replace China with North America suppliers for certain manufactured goods, 2) continue to foster industries which are “offshore-proof”, such as small businesses that simply have to exist locally or industries that remain super-expensive or hazrdous to ship (eg lithium ion batteries).
It is sheer arrogance to believe that the economic tide for industries of yore (eg plastic goods, combustion motor vehicles, call centers) can be substantially turned around in even a decade, when that transition away from domestic manufacturing took decades to occur.
- Comment on On email privacy: can I store my own email and relay them through an email provider? 3 weeks ago:
Agreed. Email has its uses – ubiquity, mostly “Just Works” ™, most people know how to use it – and while I might send an encrypted PDF along with a plaintext email, I’m more inclined to suggest that my recipients adopt Signal and get all the benefits of e2ee. EFF even has a guide for it: ssd.eff.org/module/how-to-use-signal
- Comment on On email privacy: can I store my own email and relay them through an email provider? 3 weeks ago:
This 100%. It is well-advised to consider what your security/privacy objectives are, since encryption-at-rest is different than guarding against eavesdropping when sending outbound mail. What threat model you use will define what is or isn’t acceptable.
- Comment on On email privacy: can I store my own email and relay them through an email provider? 3 weeks ago:
I previously looked into doing exactly this, and recall this comment on HN: news.ycombinator.com/item?id=31245923
One could argue the price of smtp2go at $150/yr is a bit steep, but it would also neatly avoid issues with sending outbound mail, since you’re paying them to deal with those headaches. For inbound mail, I can’t see why any mail operator wouldn’t deliver to the server designated by your MX records, though you’ll also have to deal with spam and other concerns vis-a-vis self hosting.
On the same thread but different comment, VPS operators might already run an SMTP server that you can relay through.
I wish you good luck in this endeavor!