despite editing the .sh file to point to the older tarballed Python version as advised on Github, it still tells me it uses the most up to date one that’s installed system wide and thus can’t install pytorch.

Can you paste your commands and output?

If you want, maybe on !imageai@sh.itjust.works, since I think that people seeing how to get Automatic1111 set up might help others.

I’ve set it up myself, and I don’t mind taking a stab at getting it working, especially if it might help get others over the hump to a local Automatic1111 installation.

venv nonsense

I mean, the fact that it isn’t more end-user invisible to me is annoying, and I wish that it could also include a version of Python, but I think that venv is pretty reasonable. It handles non-systemwide library versioning in what I’d call a reasonably straightforward way. Once you know how to do it, works the same way for each Python program.

Honestly, if there were just a frontend on venv that set up any missing environment and activated the venv, I’d be fine with it.

And I don’t do much Python development, so this isn’t from a “Python awesome” standpoint.

The Jia Tan xz backdoor attack did get flagged by some automated analysis tools – they had to get the analysis tools modified so that it would pass – and that was a pretty sophisticated attack. The people running the testing didn’t catch it, trusted the Jia Tan group that it was a false positive that needed to be fixed, but it was still putting up warning lights.

More sophisticated attackers will probably replicate their own code analysis environments mirroring those they know of online, make a checklist of running what code analysis tools they can run against locally prior to making the code visible, tweak it until it passes – but I think that it definitely raises the bar.

Could have some analysis tools that aren’t made public but run against important public code repositories specifically to try to make this more difficult.

I don’t think that that’s a counter to the specific attack described in the article:

The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency.

That’d be a counter if you have some known-good version of a package and are worried about updates containing malicious software.

But in the described attack, they’re not trying to push malicious software into legitimate packages. They’re hoping that a dev will accidentally use the wrong package (which presumably is malicious from the get-go).

I mean, this kind of stuff was going to happen.

The more-important and more-widely-used open source software is, the more appealing supply-chain attacks against it are.

The world where it doesn’t happen is one where open source doesn’t become successful.

I expect that we’ll find ways to mitigate stuff like this. Run a lot more software in isolation, have automated checking stuff, make more use of developer reputation, have automated code analysis, have better ways to monitor system changes, have some kind of “trust metric” on packages.

Go back to the 1990s, and most everything I sent online was unencrypted. In 2024, most traffic I send is encrypted. I imagine that changes can be made here too.

Not really a language-specific problem. Like, there are numerous languages that have distribution mechanisms for libraries that might potentially be malicious.

Only way I can think that the language might be a factor would be if a language were designed to only run in a restricted mode.

I guess this is called a “full keyboard”?

Used to be “104-key keyboard”, or “full-sized” but I see “percent” measurements of that 104-key as being increasingly-common today.

https://www.keychron.com/blogs/news/keyboard-size-layout-buying-guide

I would call Hades and pretty much anything people call an “action roguelike” a roguelite, but I have a hard time calling something not a roguelike for using graphics, even being pretty strict about the definition. Like, there are a number of originally-ASCII roguelikes that have tilesets. Those don’t functionally change the game in any way than other than directly dropping the tiles in. Does that mean that Nethack-family games or Dungeon Crawl: Stone Soup aren’t roguelikes?

My red lines are:

• Gotta be turn-based. Maybe I’d accept a purely forced-turn version of a turn-based roguelike, like Mangband.

• At least some element of procedurally-generated maps and loot that alters how one needs to play the game from run to run. I’d definitely call many games that still have many handcrafted maps – Tales of Mag’eyal 2 or Caves of Qud, say – roguelikes.

• At least the option for permadeath, and that that be the primary mode of play. Some Caves of Qud was originally permadeath-only, but added a mode that avoids it.

• Grid-based. Hex grid is fine, like Hoplite.

Those are Berlin Interpretation elements. In addition:

• Top-down view (or functionally-equivalent, like equivalent, like isometric). I wouldn’t call a first-person grid-based game – and there were a lot of 1980s and 1990s RPGs that used that structure – a roguelike.

• Only direct control of one character at a time. I wouldn’t rule out Nethack for indirectly-controlled pets or Caves of Qud for letting one switch which character the player’s “mind” is controlling.

I don’t think that I’d make it a hard requirement, but all good roguelikes that I’ve played involve a lot of analysis and trying to find synergies among character abilities or item or monster or map characteristics, often in nonobvious ways. That’s a big part of the game.

IIRC, the sprites were pretty large for the time.

“My dream from the start was to open a museum in Japan: it’s the only developed country that doesn’t have its own national design museum,” he says.

Huh. That kind of surprises me.

Kagi has an AI search option which IIRC is on by default – or at least was at one point – where it’ll try to also synthesize an answer and stick it in a box with the results, but you can just turn it off in your preferences. I have it off.

There may be a day when we have AI assistants that are so good that their summaries are better than looking at the original source, but I’d put a high bar on that, and think that we’ve got a way to go.

I’m assuming that they’re Bluetooth, as if they were wired, the problem couldn’t really come up.

If they’re still paired to a device, crank the volume up and try playing something loud enough that you can hear it.

For Bluetooth devices that are powered on and responding to queries for nearby Bluetooth devices, you can also try asking a device that can pair with Bluetooth devices and show signal strength, like a laptop, to query for nearby devices, can kind of use to “home in” on the device.

I don’t know about Halloween as such, but ghost-themed, I guess Ghost Master. Twenty years old now, but try to make use of various ghosts with different abilities to drive people out of various buildings and houses.

Never is a long time.

Thanks. Bookmarking.

Apparently, some London residents are getting fed up with social media influencers whose reviews make long lines of tourists at their favorite restaurants, sometimes just for the likes.

As Gizmodo deduced, the trend seemed to start on the r/London subreddit, where a user complained about a spot in Borough Market being “ruined by influencers” on Monday:

“Last 2 times I have been there has been a queue of over 200 people, and the ones with the food are just doing the selfie shit for their [I]nsta[gram] pages and then throwing most of the food away.”

So, I don’t know what the situation is in London.

But COVID-19 really clobbered a lot of commercial establishments, and particularly eateries. I’m guessing that at least some traffic might be a return of the public to restaurants, with the supply of restaurant capacity at a low due to having gone through hard times over the past our years or so.

kagis

Ah, right. This is Europe, and while the US got hit by higher energy costs too, the Ukraine invasion really dicked up energy prices in Europe for a while. And then you have the hangover from the COVID-19-related spending happening, as inflation bites, and reducing spending on restaurants is an easy thing to cut on one’s budget. And this points out that restaurants are a labor-intensive industry, and Brexit has driven labor costs up by cutting the labor pool.

https://www.ft.com/content/a36ad5fd-db20-4ba8-89ea-e185838c8aa0

UK restaurant sector hit by cost of living and Covid legacy

Stuart Devine thought his chain of fish and chip restaurants in Aberdeen had survived the worst when the UK government lifted Covid-19 lockdowns for good in spring 2021 and customers returned to enjoy the classic British meal.

But before the Ashvale could fully recover it was dealt another blow, when Russia’s full-scale invasion of Ukraine in February 2022 disrupted global supply chains and sent energy and food prices soaring.

Devine’s struggles are shared by roughly 40 per cent of UK restaurant owners, who are operating at or below break-even point, after the sector was hit by a perfect storm of pandemic shutdowns and the cost of living crisis, according to data from UKHospitality.

The trade body estimates that up to 30 per cent of businesses in the sector have closed since Covid struck. About 1,169 restaurants shut in the past year alone, equivalent to more than three a day, according to UKHospitality and consultancy CGA by NIQ.

“The money coming from the front door is just not enough to offset the significant cost of doing business that the restaurants are facing,” said Kate Nicholls, chief executive of UKHospitality.

While energy prices have fallen from their peak over the past 12 months, restaurants continue to bear the brunt of elevated food costs. The particularly labour intensive industry has also struggled with staff shortages, worsened by Brexit, and to keep pace with the statutory minimum wage. It stands at £10.42 an hour and will rise to £11.44 in April.

Devine said “the hardest thing is that the only thing you can do is put your prices up”, noting that there was a limit to how much lifting prices could help at a time of already weak consumer confidence and tight household budgets.

So the combination of all those things would tend to have squeezed the supply of restaurants, and it might be that if there’s enough demand to consistently fill restaurants in London, expand existing or open new ones, that things will tend to return to a more-normal state.

I don’t think that the problem is 2FA itself so much as poor UX on existing systems.

Let’s say that I have a little USB keychain dongle in my pocket with an “approve” button and a tiny screen. When I sign in, at the time that I plug my password in, I plug the dongle in. It shows the information for whom I am approving authentication. I push the “approve” button.

It’s got a trusted display (unlike a smartcard, so that a point-of-sale system can’t claim that I’m approving something other than what I am).

It can store multiple keys, and I basically use it for any credentials that I don’t mind carrying with myself.

I then keep another, “higher security” dongle at home with more-sensitive keys.

Does that add some overhead relative to just entering my password? Yeah. But is it a big deal? No. And it makes it a lot harder for someone to swipe credentials.

I agree that using phone-linked SMS 2FA authentication is problematic (for a number of reasons, not just because it locks you to a phone, but because there are also privacy implications there).

Some context:

https://en.wikipedia.org/wiki/Robert_H._Goddard

Goddard eschewed publicity, because he did not have time to reply to criticism of his work, and his imaginative ideas about space travel were shared only with private groups he trusted. He did, though, publish and talk about the rocket principle and sounding rockets, since these subjects were not too “far out.” In a letter to the Smithsonian, dated March 1920, he discussed: photographing the Moon and planets from rocket-powered fly-by probes, sending messages to distant civilizations on inscribed metal plates, the use of solar energy in space, and the idea of high-velocity ion propulsion. In that same letter, Goddard clearly describes the concept of the ablative heat shield, suggesting the landing apparatus be covered with “layers of a very infusible hard substance with layers of a poor heat conductor between” designed to erode in the same way as the surface of a meteor.[47]

Publicity and Criticism

The publication of Goddard’s document gained him national attention from U.S. newspapers, most of it negative. Although Goddard’s discussion of targeting the moon was only a small part of the work as a whole (eight lines on the next to last page of 69 pages), and was intended as an illustration of the possibilities rather than a declaration of intent, the papers sensationalized his ideas to the point of misrepresentation and ridicule. Even the Smithsonian had to abstain from publicity because of the amount of ridiculous correspondence received from the general public.[21]: 113  David Lasser, who co-founded the American Rocket Society (ARS), wrote in 1931 that Goddard was subjected in the press to the “most violent attacks.”[50]

On January 12, 1920, a front-page story in The New York Times, “Believes Rocket Can Reach Moon”, reported a Smithsonian press release about a “multiple-charge, high-efficiency rocket.” The chief application envisaged was “the possibility of sending recording apparatus to moderate and extreme altitudes within the Earth’s atmosphere”, the advantage over balloon-carried instruments being ease of recovery, since “the new rocket apparatus would go straight up and come straight down.” But it also mentioned a proposal “to [send] to the dark part of the new moon a sufficiently large amount of the most brilliant flash powder which, in being ignited on impact, would be plainly visible in a powerful telescope. This would be the only way of proving that the rocket had really left the attraction of the earth, as the apparatus would never come back, once it had escaped that attraction.”[51]

On January 13, 1920, the day after its front-page story about Goddard’s rocket, an unsigned New York Times editorial, in a section entitled “Topics of the Times”, scoffed at the proposal. The article, which bore the title “A Severe Strain on Credulity”,[52] began with apparent approval, but soon went on to cast serious doubt:

As a method of sending a missile to the higher, and even highest, part of the earth’s atmospheric envelope, Professor Goddard’s multiple-charge rocket is a practicable, and therefore promising device. Such a rocket, too, might carry self-recording instruments, to be released at the limit of its flight, and conceivable parachutes would bring them safely to the ground. It is not obvious, however, that the instruments would return to the point of departure; indeed, it is obvious that they would not, for parachutes drift exactly as balloons do.[53]

The article pressed further on Goddard’s proposal to launch rockets beyond the atmosphere:

[A]fter the rocket quits our air and really starts on its longer journey, its flight would be neither accelerated nor maintained by the explosion of the charges it then might have left. To claim that it would be is to deny a fundamental law of dynamics, and only Dr. Einstein and his chosen dozen, so few and fit, are licensed to do that. … Of course, [Goddard] only seems to lack the knowledge ladled out daily in high schools.[54]

Thrust is however possible in a vacuum.[55]

Aftermath

A week after the New York Times editorial, Goddard released a signed statement to the Associated Press, attempting to restore reason to what had become a sensational story:

Too much attention has been concentrated on the proposed flash pow[d]er experiment, and too little on the exploration of the atmosphere. … Whatever interesting possibilities there may be of the method that has been proposed, other than the purpose for which it was intended, no one of them could be undertaken without first exploring the atmosphere.[56]

In 1924, Goddard published an article, “How my speed rocket can propel itself in vacuum”, in Popular Science, in which he explained the physics and gave details of the vacuum experiments he had performed to prove the theory.[57] But, no matter how he tried to explain his results, he was not understood by the majority. After one of Goddard’s experiments in 1929, a local Worcester newspaper carried the mocking headline “Moon rocket misses target by 238,799 1⁄2 miles.”[58]

Though the unimaginative public chuckled at the “moon man,” his groundbreaking paper was read seriously by many rocketeers in America, Europe, and Russia who were stirred to build their own rockets. This work was his most important contribution to the quest to “aim for the stars.”[59]: 50

“A Correction”

Forty-nine years after its editorial mocking Goddard, on July 17, 1969—the day after the launch of Apollo 11—The New York Times published a short item under the headline “A Correction”. The three-paragraph statement summarized its 1920 editorial and concluded:

Further investigation and experimentation have confirmed the findings of Isaac Newton in the 17th Century and it is now definitely established that a rocket can function in a vacuum as well as in an atmosphere. The Times regrets the error.[60]

In total, there were 118 false positives — a rate of 4.29%.

Earlier this year, investors filed a class-action lawsuit, accusing company executives of overstating the devices’ capabilities and claiming that “Evolv does not reliably detect knives or guns.”

I mean, in terms of performance, I’d be more concerned about the false positive rate than the false negative rate, given the context. Like, if you miss a gun, whatever. That’s at worst just the status quo, which has been working. Some money gets wasted on the machine. But if you are incorrectly stopping more than 1 in 25 New Yorkers from getting on their train, and apply that to all subway riders, that sounds like a monumental mess.

Yeah, I was gonna say…GPUs have to be more significant today for general compute than they’ve ever been.

Okay, yeah, maybe you don’t need one for CAD acceleration in 2024, but that has to be a vanishingly small thing compared to parallel compute on stuff like AI work.