• 5 Posts
  • 28 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle

  • I do not see that as phone-usage, I’m doing an experiment to see how easy / difficult it is to revert the “i need to know the time, so I grab my phone” reflex back to “I need to know the time, so I look at my wrist”.

    I’m currently reading some books on how easy it is to manipulate peoples behaviour using ‘nudging’, this to better understand the social engineering tricks used by hackers.

    An chapter in one of these books in how social media use tricks to manupale our behaviour that resemble the tricks used by the gambling industry.

    One of the things I find intriging is the size of a smartphones today. If you look at it objectively, they are actually so large that most people would consider it to be annoyting: you have to carry it in a bag, in a pocket of your pants -but you have to take your phone out when you want sit-, or …you carry it in your hands. Have you noticed how many people have their smartphone in their hand when they walk around? But, of course, if you have something in your hand, it is very easy to open it quickly check your notifications; which reinforces the addiction.

    So, that’s the thing. People do not find it annoying.

    So … as an experiment, I am trying out how easy / difficult it is to break the habbit.

    A small sidenote when (or if) I manage to get my garmin vivosmart HR charges, it does rapport activity per week, number of steps and number of floors I went up on foot per day, even without a smartphone app. So that’s at least something :-)


  • One of the reasons I am looking for a new sportswatch is because I try to reduce my smartphone use and I noticed that I actually took out my smartphone just to check the time.

    I have an old garmin vivosmart HR but I do have a problem with the charging cable. Plus I am not able to download the healthstats with my linux ‘daily driver’ laptop.

    Perhaps I should just get a cheap regular watch somewhere? 🤔


  • I don’t. I thought the emoji would have made that clear.

    I have been doing cybersecurity awareness lately. We are starting to get over the furst hurdle: make people see the signatures of phishing message. But now we are starting with the 2nd hurdle: make people understand that when they write a genuine post, they should avoid these signatures of phishing, in this case, the “time pressure” argument.

    The problem is that the more genuine messages have phising signatures, to more difficult it becomes for people to distinguish a genuine posts from phishing. There is also the risk that you genuine posts will get noted as fake (although that is clearly not the case here :-) )








  • Well, in principe I do not see that much different between ‘curl | bash’, ‘sudo apt-get install’ or installing an app on your phone. In the end, it all depends on trust.

    Considering how complex software has become and on how many libraries from all over the internet any application that does more then ‘hello world’ depend, I do not see how you can do if you are not prepared to put blind trust into some things.

    Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?



  • The problem is here is this: how is a user supposted to know if the official website of an application is organicmaps.app, organic-maps.app, organicmaps.org or github.com/organicmaps?

    And even if she/he knows, hackers do ways to make you look the other way. The funny thing in this case is that the original author complained that the app was removed from google playstore, and did so on the fosstodon mastodon-server. Although I guess this was not at planned, he made the almost perfect social-engineering post. :-)



  • Hi,

    Just to put things into perspective.

    Well, this example dates from some years ago, before LLMs and ChatGPT. But I agree that the principle is the same. (an that was exactly my point).

    If you analyse this. The error the person made was that he assumed an arduino to be like a PC, … while it is not. An arduino is a microcontroller. The difference is that a microcontroller has resources that are limited: pins, hardware interrups, timers, … An addition, pins can be reconfigured for different functions (GPIO, UART, SPI, I2C, PWM, …) Also, a microcontroller of the arduino-class does not run a RTOS, so is coded in “baremetal”. And as there is no operating-system that does resource-management for you, you have to do it the application.

    And that was the problem: Although resource-management is responsability of the application-programmer, the arduino environment has largly pushed that off the libraries. The libraries configure the ports in the correct mode, set up timers and interrupts, configure I/O devices, …And in the end, this is where things went wrong. So, in essence, what happened is the programmer made assumption based on the illusion created by the libraries: writing application on arduino is just like using a library on a unix-box. (which is not correct)

    That is why I have become carefull to promote tools that make things to easy, that are to good at hiding the complexity of things. Unless they are really dummy-proof after years and decades of use, you have to be very carefull not to create assumptions that are simply not true.

    I am not saying LLMs are by definition bad. I am just careful about the assumptions they can create.


  • As a sidenote. This reminds me of a discussion I haver every so often on “tools that make things to easy”.

    There is something I call "the arduino effect:. People who write code for things, based on example-code they find left and right, and all kind of libraries they mix together. It all works … for as long as it works. The problem is what happens if things do not work.

    I once helped out somebody who had an issue with a simple project: he: “I don’t understand it. I have this sensor, and this library… and it works. Then I have this 433 MHz radio-module with that library and that also works. But when I use them together. It doesn’t work”| me: what have you tried? he: well, looked at the libraries. They all are all. Reinstalled all the software. It’s that neither me: could it be that these two boards use the same hardware interrupt or the same timer he: the what ???

    I see simular issues with other platforms. GNU Radio is a another nice example. People mix blocks without knowing what exactly they do.

    As said, this is all very nice, as long as it works

    I wonder if programming-code generated by LLMs will not result in the same kind of problems. people who do not have the background knowledge needed to troubleshoot issues once problems become more complex.

    (Just a thought / question … not an assumpion)


  • To be honest, I have no personal experience with LLM (kind of boring, if you ask me). I know do have two collegues at work who tried them. One -who has very basic coding skills (dixit himself) - is very happy. The other -who has much more coding experience- says that his test show they are only good at very basic problems. Once things become more complex, they fail very quickly.

    I just fear that, the result could be that -if LLMs can be used to provide same code of any project- open-source project will spend even less time writing documentation (“the boring work”)



  • Wauw! So many answers in such a short time. Thanks all! 👍 (I will not spam the channel by sending a thank you to all but this is really greatly apriciated)

    Concerning ncurses. I did hear of it but never looked at it myself. What is not completely clear for me. I know you can use it for ‘low-level’ things, but does it also include ‘high-level’ concepts like windows, input fields and so?

    The blog mentioned in one of the other posts only shows low-level things.




  • Hi Hugh,

    To be clear. This is not about the tags itself. It’s about the system of tag-following and how it is implemented on the fediverse. It is due to how the fediverse (acitivtypub) works and how (or why) messages are routed from one instance to another.

    There is a major different on how following (people) and how tag-following work. (perhaps the simularity in name is not such a good choice)

    The basic idea of following (people) is this: Consider that you are me are on a different instances and I want to follow you; so I hit the “follow” buttom.

    What actually happens is this:

    • My instance sents an activitypub message to your instance. That message contains the information about me and you … and that way, your instance is aware that I (on my instance) want to follow you (on your instance)
    • when you then write / boost / … a post, your instance will then forward that post to my instance (based on the information received in step 1), which will then put it in my personal inbox stream.

    So far, so good. I am happy to read your (very interesting) posts, and you are happy as your messages gets forwarded to a lot of people who think you are an awsome guy!

    Tag-following however is based on a very different system.

    • you do a tag-follow request. What this does is that this tells your local instance that you are interested in all messages that contain the tag (say) “#caterday”

    • What this will do is this: If (in any way) a message enters your instance and that message contains the tag “caterday”, your instance will drop a copy of that message in your inbox steam, … which results in another post with a nice cat-image in your personal stream. Yeah!

    • What this does NOT do: Unlike the “following-people” system, tag-following is purely local thing. (“local” means “on your own instance”). So, what does NOT happen is that that your instance has started sending messages to all instances out there on the fedivere saying “hey … here is somebody who is interested in cats … please send me all these posts”.

    The main point here is that tag-following is only local between you and your own instance. Not more than then.

    In essence, … the important thing here is the first part of my message above: “If (in any way) a message enters your instance, and that message containts the tag …”

    So, then the question is: “what are the mechanisms so that a post enters an instance? (and -hence- be subject to tag-following)” This could happen in two ways:

    • because somebody local on the instance writes a post.
    • because somebody on a remote instance writes a post AND somebody on the local instances follows that person. As explained above, that message will get forwared by the remote host to your local instance.

    So, to put things together, Consider we are on different instances, I write a post with the #caterday tag, … but neither you or anybody else on your instance follows me, … the video of my cat attacking a ball of cotton will NOT reach you. (bad luck for you … you should have followed me :-p )

    Does this mean that tag-following is useless? No, not at all.

    When does tag-following work very well? To give a practicle example. I have an account on mastodon.radio (an specialised instance for amateur-radio) and overthere I do tag-following of #electronics.

    That works very well because

    • there are a lot of ham-radio people doing electronics
    • there are also lot of people on other instances who are into building electronics … but there is a very big chance that they are followed by at least one person on mastodon.radio. So their posts get forwarded to mastodon,radio … which will then also appear in my inbox due to tag-following. This really works very well, and provides me with a good stream of messages with a good signal-to-noise ratio.

    When does tag-following not work well?

    • if you have a personal instance as I also do.
    • if you are on a smaller instance and you have a less common interest. So, if you happen to be the only metalhead on (say) a 50 member instance that serves your local city, there is a very little chance that a tag-follow for your favorite all-female Japanese metal band will produce much content.

    What can you do if you are in the 2nd senario?

    If there exists an instance dedicated to your interest (that still accepts people)

    • get an account on that instance and use a multi-account app like fedilab

    • use an app like fedilab to remote-read the public feed of that instance, find interesting people, follow them with your current fediverse account you already have, and build up your list of interesting people to follow that way.

    • switch to lemmy or kbin :-) (as lemmy and kbin are by nature more community-based)

    • follow the lemmy/kbin community from within your mastodon/fediverse account.

    If you happen to be interested in something very specific and the other nerds are all spread out over a zillion different fediverse instances out there:

    A nice exercise to get a good feeling about this is to get both an account on a mid-side instance and set up your own personal instance. The different in how to approach the fediverse become apparent quite fast.

    Hope this helps :-)



  • Hi Kux,

    The problem I see here, is that you then also need to explain why following a remote instance might be interesting, . which means that you need to explain how the fediverse has led to the existance of specialised instances. (which means that you also need explain that the fediverse is more community driven).

    "even though you can be on one instance (as you really like the community overthere, and it the posts have a good signal-over-noise ratio), the ability to follow remote instances does still allow you to follow other instances (read: other communities) … after all … most people do are interested in several things, no? "