Off-and-on trying out an account over at @[email protected] due to scraping bots bogging down lemmy.today to the point of near-unusability.

  • 57 Posts
  • 1.45K Comments
Joined 2 years ago
Cake day: October 4th, 2023
  • tal@lemmy.todaytoWorld News@lemmy.worldPush by lawmakers to ban Russian steel sets up clash with EU capitalsEnglish
    4·
    1 day ago

    Why buy Russian Steel?

    Without looking at the numbers, I’d guess that Russia is probably the cheapest option for those companies importing it from Russia.

    It also sounds like it’s not just steel in general, but some specific stuff:

    Sanctions on Russian exports have blocked most steel products from flowing into the EU, especially the most basic ones. Yet semi-finished slabs are still permitted into the bloc because Belgium, Czechia and Italy requested they remain available for factories that they say have no alternative sources of supply.

    I’m a little skeptical that nobody else out there produces those, though.

    searches

    Apparently they look like this:

    https://kavehmetal.com/steel-slab-7-essential-tips2025-guide/

    Steel slab plays a vital role in the production of steel sheets, plates, and other related products. Its use is particularly prominent in the manufacture of:

    Hot-rolled sheets or black sheets: The slab is heated to a specific temperature, then passed through rollers to reduce thickness and achieve the desired dimensions.

    Structural components: It is also used in the production of I-beams, rebars, and steel pipes, which are essential for construction and infrastructure projects.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldI made a way to remotely control my homelab without any internet access requiredEnglish
    26·
    2 days ago

    So an internet

    The highest data rate it looks like is supported by LoRa in North America is 21900 bits per second, so you’re talking about 21kbps, or 2.6kBps in a best-case scenario. That’s about half of what an analog telephone system modem could achieve.

    It’s going to be pretty bandwidth-constrained, limited in terms of routing traffic around.

    I think that the idea of a “public access, zero-admin mesh Internet over the air” isn’t totally crazy, but that it’d probably need to use something like laser links and hardware that can identify and auto-align to other links.

  • tal@lemmy.todaytoLinux@lemmy.worldMix and match login managers and desktop environmentsEnglish
    1·
    4 days ago

    Mix and match login managers and desktop environments

    So, I was wondering if it would be possible to use just the GDM login prompt, but have it feed into KDE desktop and if so what I’d need to tinker with to configure it.

    I imagine that it’d depend on the login manager.

    I use emptty, which allows me to log in on a text console.

    For that login manager, I:

    Add a ~/.config/emptty-custom-sessions/sway-wrapped.desktop file:

    Name=Wrapped Sway
Exec=/home/tal/bin/my-wrapped-sway.sh
Environment=wayland

    And add ~/bin/my-wrapped-sway.sh:

    #!/bin/bash

. ~/.bash_profile

export XDG_SESSION_TYPE=wayland

exec dbus-run-session sway "$@"

    I mark my-wrapped-sway.sh executable (chmod +x ~/bin/my-wrapped-sway.sh), and done.

    searches

    https://blog.boristerzic.com/posts/2023-09-17-build-your-own-desktop-environment/

    Adding a New Custom Desktop Environment in Arch Linux

    Your desktop environment is typically started right after your login to the system using your display manager (or login manager). In graphical display managers like gdm you can select one of several session types from a list. This is where we want to add a new entry for our labwc based desktop environment.

    On Arch linux these sessions are stored in /usr/share/xsessions in separate .desktop files. A /usr/share/xsessions/labwc.desktop file could look like this:

    [Desktop Entry]  
Encoding=UTF-8
Name=labwc
Comment=labwc
Exec=labwc
Type=Application

    I’d probably give that a try.

  • tal@lemmy.todaytoTechnology@beehaw.orgToo much open-source AI is exposing itself to the webEnglish
    2·
    6 days ago

    Oh, yeah, it’s not that ollama itself is opening holes (other than adding something listening on a local port), or telling people to do that. I’m saying that the ollama team is explicitly promoting bad practices. I’m just saying that I’d guess that there are a number of people who are doing things like fully-exposing or port-forwarding to ollama or whatever because they want to be using the parallel compute hardware on their computer remotely. The easiest way to do that is to just expose ollama without setting up some kind of authentication mechanism, so…it’s gonna happen.

    I remember someone on here who had their phone and desktop set up so that they couldn’t reach each other by default. They were fine with that, but they really wanted their phone to be able to access the LLM on their computer, and I was helping walk them through it. It was hard and confusing for them — they didn’t really have a background in the stuff, but badly wanted the functionality. In their case, they just wanted local access, while the phone was on their home WiFi network. But…I can say pretty confidently that there are people who want access all the time, to access the thing remotely.

  • tal@lemmy.todaytoTechnology@beehaw.orgToo much open-source AI is exposing itself to the webEnglish
    8·
    6 days ago

    I mean, the article is talking about providing public inbound access, rather than having the software go outbound.

    I suspect that in some cases, people just aren’t aware that they are providing access to the world, and it’s unintentional. Or maybe they just don’t know how to set up a VPN or SSH tunnel or some kind of authenticated reverse proxy or something like that, and want to provide public access for remote use from, say, a phone or laptop or something, which is a legit use case.

    ollama targets being easy to set up. I do kinda think that there’s an argument that maybe it should try to facilitate configuration for that setup, even though it expands the scope of what they’re doing, since I figure that there are probably a lot of people without a lot of, say, networking familiarity who just want to play with local LLMs setting these up.

    EDIT: I do kind of think that there’s a good argument that the consumer router situation plus personal firewall situation is kind of not good today. Like, “I want to have a computer at my house that I want to access remotely via some secure, authenticated mechanism without dicking it up via misconfiguration” is something that people understandably want to do and should be more straightforward.

    I mean, we did it with Bluetooth, did a consumer-friendly way to establish secure communication over insecure airwaves. We don’t really have that for accessing hardware remotely via the Internet.

  • tal@lemmy.todaytoWorld News@lemmy.worldAs US influence wanes, the Chinese trade surplus strangles manufacturing across the globeEnglish
    3·
    8 days ago

    While that is true in theory, it’s also true that it’s a little more complicated than that.

    My understanding is that in the past, the US tried placing tariffs on steel originating from China — steel being a strategic good, something where there’s a positive externality to having a secure supply — and it wound up effectively being routed through other countries.

    A second issue is that it’s not just a matter of the steel moving through countries directly, but the fact that products can be manufactured in other countries using steel from China, and there isn’t any system for tracking that. Like, say I buy a desktop computer case made of sheet metal from, oh, Taiwan. Where did the Taiwanese manufacturer get the steel from?

    searches

    Here’s something from Brookings (Brookings not being particularly enthusiastic about either Trump or protectionist trade policy):

    https://www.brookings.edu/articles/is-china-circumventing-us-tariffs-via-mexico-and-canada/

    Since 2018, the U.S. has imposed and ratcheted up tariffs on a broad range of Chinese imports. U.S. tariffs on China have created incentives for Chinese products to circumvent these tariffs by entering the U.S. via Canada and Mexico, paying either the United States-Mexico-Canada Agreement (USMCA) tariff rate of zero or the U.S. WTO Most-Favored-Nation (MFN) rate, which has been well below U.S. tariffs on China. Chinese circumvention of U.S. tariffs undermines the U.S. policy of reducing economic integration with China and addressing the impact of China’s imports on U.S. manufacturing. This paper analyzes the extent of Chinese circumvention of U.S. tariffs up until the end of 2024. Since President Donald Trump came into office in 2025, he has raised tariffs further on imports from China and (but to a lesser extent so far) on imports from Canada, Mexico, and other countries as well. At the time of writing, U.S. tariffs were in flux, but the end result will most likely be U.S. tariffs on imports from China that continue to be higher than U.S. tariffs on imports from Canada and Mexico, thereby maintaining the incentive for circumvention.

    This paper analyzes three ways that Chinese products can circumvent U.S. tariffs:

    1. Transshipment, which occurs when an import from China passes through Mexico or Canada on its way to the U.S.
    2. Incorporation of Chinese products into North American supply chains. This includes manufacturing in Mexico and Canada to produce products that are then exported to the U.S.
    3. Chinese foreign direct investment (FDI) into Mexico and Canada to produce goods that are then exported to the U.S.
  • tal@lemmy.todaytoWorld News@lemmy.worldTwo British far-right activists arrested in FranceEnglish
    7·
    12 days ago

    An order had been issued on Friday prohibiting British activists from gathering for a planned “stop the boats” protest nicknamed Operation Overlord in the departments of Nord and Pas-de-Calais.

    They named a protest aimed at stopping boats from crossing the English Channel…after what was probably the largest crossing of boats across the English Channel ever?

    https://en.wikipedia.org/wiki/Operation_Overlord

    Operation Overlord was the codename for the Battle of Normandy, the Allied operation that launched the successful liberation of German-occupied Western Europe during World War II. The operation was launched on 6 June 1944 (D-Day) with the Normandy landings (Operation Neptune). A 1,200-plane airborne assault preceded an amphibious assault involving more than 5,000 vessels. Nearly 160,000 troops crossed the English Channel on 6 June, and more than two million Allied troops were in France by the end of August.

  • tal@lemmy.todaytoSelfhosted@lemmy.worldHow do I avoid becoming one with the botnet?English
    9·
    13 days ago

    Have a limited attack surface will reduce exposure.

    If, say, the only thing that you’re exposing is, oh, say, a Wireguard VPN, then unless there’s a misconfiguration or remotely-exploitable bug in Wireguard, then you’re fine regarding random people running exploit scanners.

    I’m not too worried about stuff like (vanilla) Apache, OpenSSH, Wireguard, stuff like that, the “big” stuff that have a lot of eyes on them. I’d be a lot more dubious about niche stuff that some guy just threw together.

    To put perspective on this, you gotta remember that most software that people run isn’t run in a sandbox. It can phone home. Games on Steam. If your Web browser has bugs, it’s got a lot of sites that might attack it. Plugins for that Web browser. Some guy’s open-source project. That’s a potential vector too. Sure, some random script kiddy running an exploit scanner is a potential risk, but my bet is that if you look at the actual number of compromises via that route, it’s probably rather lower than plain old malware.

    It’s good to be aware of what you’re doing when you expose the Internet to something, but also to keep perspective. A lot of people out there run services exposed to the Internet every day; they need to do so to make things work.