Oh, yeah, it’s not that ollama itself is opening holes (other than adding something listening on a local port), or telling people to do that. I’m saying that the ollama team is explicitly promoting bad practices. I’m just saying that I’d guess that there are a number of people who are doing things like fully-exposing or port-forwarding to ollama or whatever because they want to be using the parallel compute hardware on their computer remotely. The easiest way to do that is to just expose ollama without setting up some kind of authentication mechanism, so…it’s gonna happen.

I remember someone on here who had their phone and desktop set up so that they couldn’t reach each other by default. They were fine with that, but they really wanted their phone to be able to access the LLM on their computer, and I was helping walk them through it. It was hard and confusing for them — they didn’t really have a background in the stuff, but badly wanted the functionality. In their case, they just wanted local access, while the phone was on their home WiFi network. But…I can say pretty confidently that there are people who want access all the time, to access the thing remotely.

I mean, the article is talking about providing public inbound access, rather than having the software go outbound.

I suspect that in some cases, people just aren’t aware that they are providing access to the world, and it’s unintentional. Or maybe they just don’t know how to set up a VPN or SSH tunnel or some kind of authenticated reverse proxy or something like that, and want to provide public access for remote use from, say, a phone or laptop or something, which is a legit use case.

ollama targets being easy to set up. I do kinda think that there’s an argument that maybe it should try to facilitate configuration for that setup, even though it expands the scope of what they’re doing, since I figure that there are probably a lot of people without a lot of, say, networking familiarity who just want to play with local LLMs setting these up.

EDIT: I do kind of think that there’s a good argument that the consumer router situation plus personal firewall situation is kind of not good today. Like, “I want to have a computer at my house that I want to access remotely via some secure, authenticated mechanism without dicking it up via misconfiguration” is something that people understandably want to do and should be more straightforward.

I mean, we did it with Bluetooth, did a consumer-friendly way to establish secure communication over insecure airwaves. We don’t really have that for accessing hardware remotely via the Internet.

While that is true in theory, it’s also true that it’s a little more complicated than that.

My understanding is that in the past, the US tried placing tariffs on steel originating from China — steel being a strategic good, something where there’s a positive externality to having a secure supply — and it wound up effectively being routed through other countries.

A second issue is that it’s not just a matter of the steel moving through countries directly, but the fact that products can be manufactured in other countries using steel from China, and there isn’t any system for tracking that. Like, say I buy a desktop computer case made of sheet metal from, oh, Taiwan. Where did the Taiwanese manufacturer get the steel from?

searches

Here’s something from Brookings (Brookings not being particularly enthusiastic about either Trump or protectionist trade policy):

https://www.brookings.edu/articles/is-china-circumventing-us-tariffs-via-mexico-and-canada/

Since 2018, the U.S. has imposed and ratcheted up tariffs on a broad range of Chinese imports. U.S. tariffs on China have created incentives for Chinese products to circumvent these tariffs by entering the U.S. via Canada and Mexico, paying either the United States-Mexico-Canada Agreement (USMCA) tariff rate of zero or the U.S. WTO Most-Favored-Nation (MFN) rate, which has been well below U.S. tariffs on China. Chinese circumvention of U.S. tariffs undermines the U.S. policy of reducing economic integration with China and addressing the impact of China’s imports on U.S. manufacturing. This paper analyzes the extent of Chinese circumvention of U.S. tariffs up until the end of 2024. Since President Donald Trump came into office in 2025, he has raised tariffs further on imports from China and (but to a lesser extent so far) on imports from Canada, Mexico, and other countries as well. At the time of writing, U.S. tariffs were in flux, but the end result will most likely be U.S. tariffs on imports from China that continue to be higher than U.S. tariffs on imports from Canada and Mexico, thereby maintaining the incentive for circumvention.

This paper analyzes three ways that Chinese products can circumvent U.S. tariffs:

1. Transshipment, which occurs when an import from China passes through Mexico or Canada on its way to the U.S.
2. Incorporation of Chinese products into North American supply chains. This includes manufacturing in Mexico and Canada to produce products that are then exported to the U.S.
3. Chinese foreign direct investment (FDI) into Mexico and Canada to produce goods that are then exported to the U.S.

Even aside from the whole Russia angle, an oil tanker running aground is bad news, just from an “huge oil mess potential” standpoint. I wonder if it was empty, seeing as the article didn’t mention oil spill risk?

searches

Doesn’t sound like it was empty.

https://uawire.org/french-forces-escort-seized-russian-shadow-fleet-tanker-grinch-to-marseille-hand-over-to-prosecutors

On January 25, AFP published video provided by the French Armed Forces General Staff. The footage shows a military helicopter hovering above the tanker as armed French personnel fast-rope onto the deck, make contact with the crew and conduct an inspection.

The Insider reviewed the AFP video and noted the tanker was riding low in the water — in places the waterline was barely visible due to waves. Such draft typically indicates the ship is carrying a full or near-full load.

Oh, “grounded” here must be some kind of bad translation. I suspect that they mean “impounded” or something like that.

An order had been issued on Friday prohibiting British activists from gathering for a planned “stop the boats” protest nicknamed Operation Overlord in the departments of Nord and Pas-de-Calais.

They named a protest aimed at stopping boats from crossing the English Channel…after what was probably the largest crossing of boats across the English Channel ever?

https://en.wikipedia.org/wiki/Operation_Overlord

Operation Overlord was the codename for the Battle of Normandy, the Allied operation that launched the successful liberation of German-occupied Western Europe during World War II. The operation was launched on 6 June 1944 (D-Day) with the Normandy landings (Operation Neptune). A 1,200-plane airborne assault preceded an amphibious assault involving more than 5,000 vessels. Nearly 160,000 troops crossed the English Channel on 6 June, and more than two million Allied troops were in France by the end of August.

Have a limited attack surface will reduce exposure.

If, say, the only thing that you’re exposing is, oh, say, a Wireguard VPN, then unless there’s a misconfiguration or remotely-exploitable bug in Wireguard, then you’re fine regarding random people running exploit scanners.

I’m not too worried about stuff like (vanilla) Apache, OpenSSH, Wireguard, stuff like that, the “big” stuff that have a lot of eyes on them. I’d be a lot more dubious about niche stuff that some guy just threw together.

To put perspective on this, you gotta remember that most software that people run isn’t run in a sandbox. It can phone home. Games on Steam. If your Web browser has bugs, it’s got a lot of sites that might attack it. Plugins for that Web browser. Some guy’s open-source project. That’s a potential vector too. Sure, some random script kiddy running an exploit scanner is a potential risk, but my bet is that if you look at the actual number of compromises via that route, it’s probably rather lower than plain old malware.

It’s good to be aware of what you’re doing when you expose the Internet to something, but also to keep perspective. A lot of people out there run services exposed to the Internet every day; they need to do so to make things work.

I was going to wince at a US publication not doing European geography, but no, it’s actually the British The Independent, of all places.

I mean, there are a number of cases in mythologies where you can find common elements. I’d buy that in some cases, there might be common elements causing it, but I don’t think that it’d need to be a common hallucinogen.

Off-the-cuff, some examples:

• Dragons

• “Hybrid” animals that are a conglomeration of different animals.

• Ghosts

• Mermaids.

• House spirits

• Sun gods

It’s not just EVs that are connected.

Society can’t have females stripping for males — which I’m assuming from the official’s phrasing does not constitute a “direct and cynical violation of basic moral norms and traditional spiritual values” — if they’re not leaving the kitchen.

I am somewhat-cynically wondering if the optimal political strategy is to sit on Twitter (which has more European voters to see one’s actions) and loudly complain about a lack of Twitter alternatives (which probably scores points with European voters) than to actually use a Twitter alternative.

Well…I mean…even assume that they did. Mastodon fits that, and was built specifically to be a Twitter alternative. Heck, even on the Threadiverse, Mbin supports both formats, does both Reddit-style Lemmy/PieFed Threadiverse communities and Twitter-style Mastodon microblogging.

Speaking in an interview with News.ru, Ivanov declared: "The creators of GTA 6 deliberately go to include destructive and vulgar content in their product, completely unacceptable to the moral health of society.

“This includes the planned inclusion of scenes of male striptease in the game, which is a direct and cynical violation of basic moral norms and traditional spiritual values.”

So…is this because the state has an issue with homosexuality, or are, say, bachelorette parties off-limits too?

The issues run deeper, Kaas Elias explained, than just these most recent cuts. “Unfortunately, the federal government has taken a step backward when it comes to public transport,” he said. For example, the Deutschlandticket for regional public transport across the country has transformed from a €9 a month COVID-19 era mega-success to €63 a month as of January 2026.

If I remember correctly back when that was announced, and there was some discussion on Reddit about it, that was intended from the beginning to be a temporary program.

searches

https://en.wikipedia.org/wiki/Deutschlandticket

The Deutschlandticket (Deutschlandticket, lit. ‘Germany ticket’), also known as the D-Ticket, is a monthly subscription for local and regional public transport valid throughout Germany. It was introduced in May 2023 by the Scholz cabinet as the successor to the temporary 9-Euro-Ticket offered in summer 2022.

WP says it was temporary too.

But will the proprietary license(s) update correctly?

shrugs

I couldn’t say. If licenses are tied to the computer, there are a number of ways that they could have done that.

Unless you’re sure that they are tied to the hardware, though, may not be an issue. Like, they may phone home to some authentication server and just check for concurrent copies running with the same key or whatever.

X is no longer a public square

A group of 54 members of the European Parliament called for European alternatives to the dominant social media platforms on Monday.

IIRC the EC actually paid for some of the development of Kbin (now Mbin) with a grant.

The Threadiverse is also social media. I mean, it’s distributed and not owned by a single company, and much of it is funded by donations, but…

EDIT: And Mastodon is a direct competitor to Twitter, and it also runs on the Fediverse.

I’ve never used the software package in question.

If you already own the software, and if the hardware it uses to talk to the microcontroller is on a serial port or USB-attached serial port, then you can most-likely just run it under WINE. This isn’t a VM, but a Windows compatibility layer — you don’t need to run a copy of Windows in a VM and all that. It’d be my first shot. That way, you can just use it like any other Linux program, don’t need to blow extra memory or overhead on running Windows in a VM.

So, say the program in question has an installer, picbasic-installer.exe.

So you’re going to want to install WINE. I don’t use Arch, so I’ll leave that up to you, but I believe that the Arch package manager is pacman. They may have some graphical frontend that you prefer to use.

Then go ahead and, in a virtual terminal program, invoke picbasic-installer.exe — assuming that that’s what the installer is called — under WINE:

$ wine picbasic-installer.exe

That’ll run the installer.

Now, my guess is that that much won’t have problems. And that WINE will run the thing. And it’ll probably let you compile BASIC programs.

You can go ahead and fire up your PICBASIC PRO program. I don’t know how you launch Windows programs in your Arch environment. In general, WINE installers will drop a .desktop file under ~/.local/share/applications, and that can be started the way any other application can. I use a launcher program, tofi, to start programs like that under sway using tofi-drun, but you probably have a completely different environment set up. My guess is that your desktop environment on Arch probably has some kind of system menu of applications or something like that that will include WINE programs with a desktop file in it. Or maybe you have some program that shows a searchable list of programs and can launch from that. KDE Plasma, GNOME, Cinnamon, etc will probably all have their own routes, but I don’t use those, so I can’t tell you what they do. I’ll leave that up to you.

What you’re likely to run into problems with is that if the PICBASIC PRO program wants to talk to that microcontroller programmer via a serial port (which on Windows would probably be COM0 or COM1 or whatever), it’s going to need to talk to /dev/ttyS0 or /dev/ttyS1 or whatever on Linux, or if it’s a USB-attached, /dev/ttyUSB0, /dev/ttyUSB1, etc. Ordinary users probably don’t have permission to write directly to them, by default.

There are a couple ways to grant permission, but one of the most-straightforward ways is to add your user to a group that has permission.

The basic Unix file permission system has each file — including device files, like /dev/ttyS0 — owned by one user and one group.

On my Debian trixie system:

$ ls -l /dev/ttyS0
crw-rw---- 1 root dialout 4, 64 Jan 15 20:46 /dev/ttyS0
$

So that serial port device file is owned by the user root, which has read and write privileges (the first “rw”) and the group dialout, which has read and write privileges (the second “rw”). Any user that belongs to that group will be able to write to the serial ports.

On my system, my user doesn’t belong to the “dialout” group:

$  groups
tal cdrom floppy sudo audio dip video plugdev users render netdev bluetooth lpadmin scanner docker libvirt ollama systemd-journal
$

So I’m going to want to add my user to that group:

$ sudo usermod -aG dialout tal
$

Group permissions get assigned to processes when you log in (that is, usermod just sets what groups the process started when you log in as has, and then all its child processes). Technically, you don’t have to log out to do this — you could run sg dialout at this point, and then from that shell, run wine and see if it works — but I’d probably log out and then back in again, to keep things simplest. After you do that, you should see that you’re in the “dialout” group:

$ groups
night_petal <list of groups> dialout
$

After that, you should be able to use the program and write code to the microcontroller.

Altman responds to Musk

Never wrestle with a pig. You’ll get mud all over you, and the pig enjoys it.

Are Motorola ok?

Depends on what you value in a phone. Like, I like a vanilla OS, a lot of memory, large battery, and a SIM slot. I don’t care much about the camera quality and don’t care at all about size and weight (in fact, if someone made a tablet-sized phone, I’d probably switch to that). That’s almost certainly not the mix that some other people want.

There’s some phone comparison website I was using a while back that has a big database of phones and lets you compare and search based on specification.

goes looking

This one:

https://www.phonearena.com/phones