• 0 Posts
  • 58 Comments
Joined 2 years ago
cake
Cake day: October 28th, 2024

help-circle

  • Moore’s law continuing was due to a ton of different advancements and innovations, not just one. And yes it’s slowing down but it still went for 30+ years. If AI continues to improve at this rate for 30 years, hard to imagine how good it could get.

    There’s been a ton of innovation in the space right now. Like MoE, which was only introduced like 2 years ago and now it’s everywhere. It’s hard to say what can happen when you have millions of engineers working on something.


  • in response to your first point: 24B models from this year are far better than 24B models from 3 years ago. Same model size, similar energy consumption, far better results.

    30 years ago there was a lot of doubt that Moore’s law could continue the pace for so long. There was no evidence that PCs would continue improving, and yet they did.

    So it’s really anybody’s guess whether or not AI will continue improving. But with the amount of money being poured into it I’m willing to bet it will.





  • honestly, I wouldn’t be so hard on yourself. This stuff is way harder than people think. People don’t realize how hard it is to establish trust starting from none. Normally you type a website into Google, and Google has already done the work for determining which website is the legit one and which is the shady phishing site, and will filter out the shady site. This convenience does not exist for darknet sites, so you just have to establish trust yourself.

    even asking for the true php keys from you right now is submitting to defeat

    not necessarily. You can get the pgp keys from random strangers online. It’s just not the only source you should rely on. Get it from multiple sources and then verify if they are all the same. If they are, think to yourself how likely it is that all 3 sources are actually the same attacker giving you a fake key.

    DM me if you’re actually interested in the pgp key and I’ll dig it up from my notes










  • If I have a bare metal dedicated server, which has only access to IPs contained in my whitelist on a dedicated opnsense, I have less to wory about.

    Sure, someone could still find a openbsd/opnsense exploit and get me, but my point is: complex systems break in complex ways, the more complex systems you use, the more attack surface u have, need to know and understand to control and mitigate it.

    The way I would frame it is: using complex systems that you are unfamiliar with is risky. In your case, you are familiar with OPNsense and firewalls. So that may be the more secure option for you. But for somebody who isn’t familiar with firewalls, there are a lot of ways to mess up. For example, IP and mac spoofing is very easy. OPNsense and firewalls often don’t have very good defense against IP spoofing, especially if the malware is already inside your LAN (for example, a malicious app running on a smartphone).

    Using proxmox and other virtualization platforms has one big advantage: you can experiment and play around and learn, without much risk. With a physical server, if you mess up and get infected, you may have to throw away the whole server. You can’t just re-install the OS, because the malware could have installed a rootkit or infected the bios or other firmware. But with a VM, if the VM gets infected you can just delete the VM and create a new one. One of the main goals of a hypervisor is to sandbox the VM, so that malware is contained.


  • “best” is of course subjective. Bare metal could be better, but imo the marginally smaller attack surface isn’t worth it. If the Qubes project trusts that a hypervisor is secure enough, then I trust it as well.

    I run 10+ VMs all the time, no way am I going to buy 10 bare metal servers. The ability to create new secure environments on-demand is unbeatable.

    And bare metal does have security disadvantages too. It has a physical attack surface that a VM does not. For example, defending against usb attacks. Of course for a VM, the hypervisor/host can be attacked physically, but you only need to worry about securing that one. Securing 10 physical servers is a lot more work than securing just one, so you’re more likely to get lazy, slip up, etc.



  • Moonlight/sunshine can be used for remote desktop, and doesn’t have many controversies that I can remember, far less than Rustdesk at least. You just don’t get the free relay servers, which some might call a plus.

    Don’t get me wrong, I personally still consider Rustdesk a viable alternative, I just think the controversies are recent enough and concerning enough that they should be brought up for consideration.

    As for the forgive/forget bit, don’t mind it that was just me poking at Lemmy’s hypocrisy a bit