• 5 Posts
  • 1.08K Comments
Joined 1 year ago
cake
Cake day: October 4th, 2023

help-circle



  • The downside of building the phone/tablet into the car, though, is that phones change more quickly than cars.

    A 20 year old car can be perfectly functional. A 20 year old smarphone is insanely outdated. If the phone is built into the car, you’re stuck with it.

    Relative to a built-in system, I’d kind of rather just have a standard mounting point with security attachments and have the car computer be upgraded. 3DIN maybe.

    I get the “phone is small” argument, but the phone is upgradeable.

    And I’d definitely rather have physical controls for a lot of things.



  • despite editing the .sh file to point to the older tarballed Python version as advised on Github, it still tells me it uses the most up to date one that’s installed system wide and thus can’t install pytorch.

    Can you paste your commands and output?

    If you want, maybe on [email protected], since I think that people seeing how to get Automatic1111 set up might help others.

    I’ve set it up myself, and I don’t mind taking a stab at getting it working, especially if it might help get others over the hump to a local Automatic1111 installation.


  • venv nonsense

    I mean, the fact that it isn’t more end-user invisible to me is annoying, and I wish that it could also include a version of Python, but I think that venv is pretty reasonable. It handles non-systemwide library versioning in what I’d call a reasonably straightforward way. Once you know how to do it, works the same way for each Python program.

    Honestly, if there were just a frontend on venv that set up any missing environment and activated the venv, I’d be fine with it.

    And I don’t do much Python development, so this isn’t from a “Python awesome” standpoint.


  • The Jia Tan xz backdoor attack did get flagged by some automated analysis tools – they had to get the analysis tools modified so that it would pass – and that was a pretty sophisticated attack. The people running the testing didn’t catch it, trusted the Jia Tan group that it was a false positive that needed to be fixed, but it was still putting up warning lights.

    More sophisticated attackers will probably replicate their own code analysis environments mirroring those they know of online, make a checklist of running what code analysis tools they can run against locally prior to making the code visible, tweak it until it passes – but I think that it definitely raises the bar.

    Could have some analysis tools that aren’t made public but run against important public code repositories specifically to try to make this more difficult.


  • I don’t think that that’s a counter to the specific attack described in the article:

    The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency.

    That’d be a counter if you have some known-good version of a package and are worried about updates containing malicious software.

    But in the described attack, they’re not trying to push malicious software into legitimate packages. They’re hoping that a dev will accidentally use the wrong package (which presumably is malicious from the get-go).


  • I mean, this kind of stuff was going to happen.

    The more-important and more-widely-used open source software is, the more appealing supply-chain attacks against it are.

    The world where it doesn’t happen is one where open source doesn’t become successful.

    I expect that we’ll find ways to mitigate stuff like this. Run a lot more software in isolation, have automated checking stuff, make more use of developer reputation, have automated code analysis, have better ways to monitor system changes, have some kind of “trust metric” on packages.

    Go back to the 1990s, and most everything I sent online was unencrypted. In 2024, most traffic I send is encrypted. I imagine that changes can be made here too.





  • Apparently, some London residents are getting fed up with social media influencers whose reviews make long lines of tourists at their favorite restaurants, sometimes just for the likes.

    As Gizmodo deduced, the trend seemed to start on the r/London subreddit, where a user complained about a spot in Borough Market being “ruined by influencers” on Monday:

    “Last 2 times I have been there has been a queue of over 200 people, and the ones with the food are just doing the selfie shit for their [I]nsta[gram] pages and then throwing most of the food away.”

    So, I don’t know what the situation is in London.

    But COVID-19 really clobbered a lot of commercial establishments, and particularly eateries. I’m guessing that at least some traffic might be a return of the public to restaurants, with the supply of restaurant capacity at a low due to having gone through hard times over the past our years or so.

    kagis

    Ah, right. This is Europe, and while the US got hit by higher energy costs too, the Ukraine invasion really dicked up energy prices in Europe for a while. And then you have the hangover from the COVID-19-related spending happening, as inflation bites, and reducing spending on restaurants is an easy thing to cut on one’s budget. And this points out that restaurants are a labor-intensive industry, and Brexit has driven labor costs up by cutting the labor pool.

    https://www.ft.com/content/a36ad5fd-db20-4ba8-89ea-e185838c8aa0

    UK restaurant sector hit by cost of living and Covid legacy

    Stuart Devine thought his chain of fish and chip restaurants in Aberdeen had survived the worst when the UK government lifted Covid-19 lockdowns for good in spring 2021 and customers returned to enjoy the classic British meal.

    But before the Ashvale could fully recover it was dealt another blow, when Russia’s full-scale invasion of Ukraine in February 2022 disrupted global supply chains and sent energy and food prices soaring.

    Devine’s struggles are shared by roughly 40 per cent of UK restaurant owners, who are operating at or below break-even point, after the sector was hit by a perfect storm of pandemic shutdowns and the cost of living crisis, according to data from UKHospitality.

    The trade body estimates that up to 30 per cent of businesses in the sector have closed since Covid struck. About 1,169 restaurants shut in the past year alone, equivalent to more than three a day, according to UKHospitality and consultancy CGA by NIQ.

    “The money coming from the front door is just not enough to offset the significant cost of doing business that the restaurants are facing,” said Kate Nicholls, chief executive of UKHospitality.

    While energy prices have fallen from their peak over the past 12 months, restaurants continue to bear the brunt of elevated food costs. The particularly labour intensive industry has also struggled with staff shortages, worsened by Brexit, and to keep pace with the statutory minimum wage. It stands at £10.42 an hour and will rise to £11.44 in April.

    Devine said “the hardest thing is that the only thing you can do is put your prices up”, noting that there was a limit to how much lifting prices could help at a time of already weak consumer confidence and tight household budgets.

    So the combination of all those things would tend to have squeezed the supply of restaurants, and it might be that if there’s enough demand to consistently fill restaurants in London, expand existing or open new ones, that things will tend to return to a more-normal state.


  • In total, there were 118 false positives — a rate of 4.29%.

    Earlier this year, investors filed a class-action lawsuit, accusing company executives of overstating the devices’ capabilities and claiming that “Evolv does not reliably detect knives or guns.”

    I mean, in terms of performance, I’d be more concerned about the false positive rate than the false negative rate, given the context. Like, if you miss a gun, whatever. That’s at worst just the status quo, which has been working. Some money gets wasted on the machine. But if you are incorrectly stopping more than 1 in 25 New Yorkers from getting on their train, and apply that to all subway riders, that sounds like a monumental mess.



  • tal@lemmy.todaytoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    22 days ago

    Did NVIDIA stop selling videocards in Russia?

    kagis

    https://www.pcmag.com/news/nvidia-to-stop-all-product-sales-to-russia

    Nvidia Stops All Product Sales to Russia

    March 5, 2022

    So, yes, though I don’t think that it matters a huge amount, since companies are just gonna re-export them out of China or Kazakhstan or wherever. I mean, it’s not like the hardware has some kind of region-locking. It’s a piece of consumer hardware, sold and resold anonymously all over the place. It’s not some kind of specialized military hardware with four end customers and tight control over the movement of the product.

    kagis

    https://hardwaretimes.com/nvidia-loses-just-2-of-its-revenue-as-offices-are-shut-down-in-russia/

    In October [2022], NVIDIA officially shut down all its operations in Russia as sales of both data center and consumer graphics cards were wrapped up. At the time, around 240 employees worked for the Santa Clara-based company. These folks were given the option to either relocate abroad or look for other jobs.

    Furthermore, NVIDIA hardware has been banned from sale via official channels.

    Fortunately for Team Green, the Russian Federation represented a minor market for its wide portfolio. Disclosures from the Q3 2022 earnings report indicate that the Federation accounted for just 2% of its revenue and 4% for the gaming business.

    Although channel partners are forbidden to sell the latest GeForce RTX 40 series graphics cards, Russian gamers can still procure them from the grey market.

    It’ll probably add cost and some risk of getting ripped off and no manufacturer’s warranty, but I would be surprised if someone who wanted a new GPU couldn’t continue to get ahold of one in Russia, given enough funds.

    EDIT: Does make me wonder about Windows-side driver updates. Like, people here are talking about Linux. Windows requires driver signing, and I don’t know if those signatures are region-specific.



  • tal@lemmy.todaytoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    22 days ago

    Most sanctions, aside from ones aimed at individuals, are going to have indirect effect. That is, they will produce pressure on Russia in aggregate, and that means that they’ll impact the typical citizen.

    But that being said, there have been a lot of sanctions applied, and…the impact on Nvidia drivers isn’t, I think, really a huge one relative to those. Like, things like cutting off access to all kinds of electronics parts and payment system access and stuff are going to be, I’d say, a lot more impactful to a typical person in Russia, even if the impact is secondary.


  • tal@lemmy.todaytoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    23 days ago

    Other than as a mind game, I don’t see the point.

    Google provides a centralized service. They own the generator system.

    You could solve the whole problem much more simply and reliably by just retaining a copy of all generated text at Google – the quantities of data will be miniscule compared to what Google regularly deals with – and then just indexing it and letting someone do a fuzzy search for a given passage of text to see whether it’s been generated. Hell, Google probably already retains a copy to data-mine what people are doing anyway, and they know how to do search. And then they could even tell you who generated the text and when.