Configuration is backed by xml files in /etc/firewalld and /usr/lib/firewalld instead of the brittle pile of sticks that is the ufw rules files. Use the nftables backend unless you have your own reasons for needing legacy iptables.
Specifically for docker it is a very common gotcha that the container runtime can and will bypass firewall rules and open ports anyway. Depending on your configuration, those firewall rules in OP may not actually do anything to prevent docker from opening incoming ports.
Newer versions of firewalld gives an easy way to configure this via StrictForwardPorts=yes in /etc/firewalld/firewalld.conf.
The path didn't shift beneath your feet. You finally learned how to see in the dark, and realized you'd been walking in circles around a grave you dug for someone who was never real to begin with. What you're really mourning is the death of who you thought you had to be, and what feels like emptiness is actually the first honest space you've ever had to discover what you might want to become.
Hello! I've got experience working on censorship circumvention for a major VPN provider (in the early 2020s).
- First things first, you have to get your hands on actual VPN software and configs. Many providers who are aware of VPN censorship and cater to these locales distribute their VPNs through hard-to-block channels and in obfuscated packages. S3 is a popular option but by no means the only one, and some VPN providers partner with local orgs who can figure out the safest and most efficient ways to distribute a VPN package in countries at risk of censorship or undergoing censorship.
- Once you've got the software, you should try to use it with an obfuscation layer.
Obfs4proxy is a popular tool here, and relies on a pre-shared key to make traffic look like nothing special. IIRC it also hides the VPN handshake. This isn't a perfectly secure model, but it's good enough to defeat most DPI setups.
Another option is Shapeshifter, from Operator (https://github.com/OperatorFoundation). Or, in general, anything that uses pluggable transports. While it's a niche technology, it's quite useful in your case.
In both cases, the VPN provider must provide support for these protocols.
- The toughest step long term is not getting caught using a VPN. By its nature, long-term statistical analysis will often reveal a VPN connection regardless of obfuscation and masking (and this approach can be cheaper to support than DPI by a state actor). I don't know the situation on the ground in Indonesia, so I won't speculate about what the best way to avoid this would be, long-term.
I will endorse Mullvad as a trustworthy and technically competent VPN provider in this niche (n.b., I do not work for them, nor have I worked for them; they were a competitor to my employer and we always respected their approach to the space).
Bit thin on details and not looking like they’ll open source it, but if someone clicked the post because they’re looking for their “replace ES” thing:
Both https://typesense.org/ and https://duckdb.org/ (with their spatial plugin) are excellent geo performance wise, the latter now seems really production ready, especially when the data doesn’t change that often. Both fully open source including clustered/sharded setups.
thanks openai for being open ;) Surprised there are no official MLX versions and only one mention of MLX in this thread. MLX basically converst the models to take advntage of mac unified memory for 2-5x increase in power, enabling macs to run what would otherwise take expensive gpus (within limits).
So FYI to any one on mac, the easiest way to run these models right now is using LM Studio (https://lmstudio.ai/), its free. You just search for the model, usually 3rd party groups mlx-community or lmstudio-community have mlx versions within a day or 2 of releases. I go for the 8-bit quantizations (4-bit faster, but quality drops). You can also convert to mlx yourself...
Once you have it running on LM studio, you can chat there in their chat interface, or you can run it through api that defaults to http://127.0.0.1:1234
You can run multiple models that hot swap and load instantly and switch between them etc.
Its surpassingly easy, and fun.There are actually a lot of cool niche models comings out, like this tiny high-quality search model released today as well (and who released official mlx version) https://huggingface.co/Intelligent-Internet/II-Search-4B
Other fun ones are gemma 3n which is model multi-modal, larger one that is actually solid model but takes more memory is the new Qwen3 30b A3B (coder and instruct), Pixtral (mixtral vision with full resolution images), etc. Look forward to playing with this model and see how it compares.
This syndrome is called "eternal child" (puer aeternus) in psychology.
You were destined to great things. You were exceptional as a child, you learnt to associate your great potential with all the good in yourself, you built your identity around it. You were ahead of your peers in elementary school, whatever you applied towards - you exceled at.
So you value that potential as the ultimate good, and any decision which reduces it in favour of actually doing something - you fear and avoid with all your soul. Any decision whatsoever murders part of that infinite potential to deliver something subpar (at best - it's not even guaranteed you achieve anything).
Over time this fear takes over and stunts your progress. You could be great, you KNOW you have this talent, but somehow you very rarely tap into it. You fall behind people you consider "mediocre" and "beneath you". Because they seem to be able to do simple things like it's the simplest thing in the world, while you somehow can't "motivate" yourself to do the "simple boring things".
When circumstances are just right you are still capable of great work, but more and more the circumstances are wrong, and you procrastinate and fail. You don't understand why, you focus on the environment and the things you fail to achieve. You search for the right productivity hack or the exact right domain that will motivate you. But any domain has boring repeative parts. Any decision is a chance to do sth OK in exchange of infinite potential. It never seems like it's worth it, so you don't do it.
You start doubting yourself. Maybe you're just an ordinary lazy person? Being ordinary is the thing you fear the most. It's a complete negation of your identity. You can be exceptional genius with problems, you take that any time if the alternative is "just a normal guy".
Going to recommend "Addiction by Design" here. Superb book about the addiction design dynamics in the gambling industry and very reminiscent of what we see in the smartphone/internet universe today. Shout out to the forgotten HN user who recommended it originally, one of the best and most salient books I've read in years.
Plum Village (a Buddhist community founded by Thich Nhat Hanh) has a free app with hours and hours of different kinds of breathing and other types of meditation. They also upload meditations regularly on their youtube.
What is also useful to keep in mind is the tendency to recreate your primary family life in the workplace. So if you had critical controlling parents who never valued you and everything you ever did was worthless, then you'll tend to select for those places and it is often done outside of awareness.
Was your primary family spent being valued and appreciated? Then you'll select for that and when people start to not value you, you'll intervene earlier to correct for it and you'll have the skills to do that.
Did your parents respect your boundaries growing up? Were you able to erect strong boundaries and have people listen to you when they over stepped, or were you constantly put down and your wishes ignored? A lack of skills in erecting proper boundaries and then maintaining them by being in the goldilocks zone of not too soft and too hard can lead to issues in the workplace and personal life.
First step is bringing this in to awareness so you can look back with hindsight, next step (the hardest) is mid-sight, you know you are doing or not the doing the thing you need to do but can't do it or don't know how. There there is foresight, hey I normally do this thing that's not good for me here, I had better do the thing I need to do to keep this situation positive.
Keep this mantra in mind:
You are the only in charge of you and your emotions, no one makes you do anything, and you will protect yourself.
Awareness + skills = ability. Psychotherapy (not counselling) is what you need to look out for. Combine that with Transactional Analysis and it makes you very very effective.
There's a quote I learned when doing theatre, which I've seen attributed to either the stage magician Doug Henning or possibly Stanislavski, describing the process of art as taking something that's difficult and making it habit, then taking something that's habitual and making it easy, and then taking something that's easy and making it beautiful.
For example, as an actor, you learn your lines by rote (they become habit), then you gain an understanding of the character's motivations (remembering the lines becomes easy, because of course that's what your character would say), then you work to tune your performance so the audience shares in the emotion and unspoken meaning of the lines (that's beautiful/art).
As this relates to software, I think it goes something like: you learn the magic incantation to make the computer do what you want (solving a hard task becomes habit), then you learn why that incantation works (solving it becomes easy), then you figure out better ways to solve the problem, such that the original friction can be removed completely (you find a more beautiful way to solve it).
Teams are really sleeping on code reviews as an assessment tool. As in having the candidate review code.
A junior, mid, senior, staff are going to see very different things in the same codebase.
Not only that, as AI generated code becomes more common, teams might want to actively select for devs that can efficiently review code for quality and correctness.
I went through one interview with a YC company that had a first round code review. I enjoyed it so much that I ended up making a small open source app for teams that want to use code reviews: https://coderev.app (repo: https://github.com/CharlieDigital/coderev)
Paid for it and tried out the full experience, beats anything else I've tried by a wide margin.
My prompt,
"I'm considering buying stock in the company with symbol NU. The most important thing to me is answering the question, is the stock likely to rise in the future. Please help create a list of questions that will help me to understand the likely hood of this. Also please help to anwser those questions. Please highlight the global economic environment for the company. Any unique challenges and unique advantages. Finally let me know what others think of it"
Results:
I know this stock well all though I'm not a pro. It nailed all of the relevant aspects and hits the analysis right on for everything I know about it. Pulled lot's of helpful resources and most importantly the information was timely enough to be relevant. The timely part is where other LLMS have failed miserably. I've gotten good analysis from other LLM products but they have always been way out of date which makes them useless.
I spent about two weeks having "morning meetings" with my AI life coach, which was essentially just a GPT-3 prompt that I continually tuned, and fed (summaries of) the previous days' conversations. There were major advantages but a few things missing.
It was probably most useful as "rubber duck" technique. Forcing myself to articulate all of the things I needed/wanted to get done that day was itself extremely useful. Sometimes the agent would help me by identifying the highest-priority next action, but usually it was just recognizing what I thought was highest priority from implicit context. This can still be psychologically valuable, as a lot of procrastination can be caused by the logjam of not being sure which thing to focus on.
The main missing ingredient, which caused me to ultimately stop the practice, was that it didn't really remember past conversations. I would feed past conversations to it and tell them to summarize the key points, then feed those summaries in as starting context, but this workflow was not sustainable. First of all, the summarization lost too much important nuance. Second and more importantly, even that summarization context block became larger than GPT-3's context window within a few days. This lack of persistent context destroyed the sense that I was talking to a real person, someone who could reliably recall information about a project that I last worked on 10 days ago and apply that context to the current conversation.
I suspect we are not far away from both of these issues being mostly solved. The trend is obviously going in the direction of LLMs with different types of memory and/or much larger context windows.
Context: I was an early strategic technical hire by a director/manager/CTO 3 times to help execute process changes and lead new initiatives healthcare SaaS companies between 2014-2020 and then started working in strategic cloud consulting since then where I am brought in to get developer, operations and the “business” to be better aligned and/or to lead new initiatives.
I’m currently a “staff software architect” at a 3rd party cloud consulting company.
What not to do:
1. Disrespect current processes. What you call “legacy code” was done for a reason, is generating revenue, solving real world problems, and the reason you have a job
2. Make any suggestions about improving processes before you have been their at least 90 days and understand why the current system is like it is.
3. Suggest rewriting something or introducing new to the company technology until you have worked there 90 days. Especially don’t start doing resume driven development.
What to do:
1. Set up a meeting with sales and ask them to “sale you the value proposition of the product as if you are the customer”. Ask questions as if you were a potential customs and raise objections to the product as if you were customer. Sales is usually very good at answering those questions.
2. Talk to your manager and ask what are their 90 day and 1 year plans for your team and make sure your work is aligned with the goals.
3. Get to know the pecking order. The org chart will not show you who has the most influence in your department.
4. Setup “getting to know you” 1-1’s. What are people working on? What do they want to be working on? What are their biggest pain points? What would they improve if they had a magic wand?
5. Pick up small stories, bugs to get familiar with the development process.
6. Learn about pre-wiring a meeting when you are trying to suggest changes. Do a POC, talk to the person who might have the biggest objection or has the most influence and work collaboratively to address their objectives. Keep doing that for more people on your team. It helps get more people on your side.
In recent discussions at Senate estimates, it was revealed that Services Australia, the administrator of Centrelink, has been sharing smartphone-hacking technology, specifically Cellebrite’s Universal Forensic Extraction Device, with the Department of Education and other undisclosed agencies.
This move aims to assist in the investigation of suspected fraud committed against various government schemes and subsidies.
While Services Australia insists the technology is only used for serious non-compliance investigations, not general customer compliance issues, concerns have been raised about privacy, data retention, and adherence to international agreements on spyware proliferation.
How does Cellebrite work?
It takes just a few seconds for police to scan a mobile phone with technology such as Cellebrite. They usually download the entire contents of the phone and gain an enormous level of intelligence.
Police can scan a device during a stop and search on reasonable grounds, patrolling in a vehicle, or while questioning a suspect – often without the knowledge of the person.
Usually, they are seeking confirmation of drug dealing, child sexual abuse, murder or gang activity involving assault or robbery.
From the article, the cymbal-making came first, and then the name followed:
The company’s proprietary alloy was alchemized 13 generations ago in Constantinople (now Istanbul) by Debbie Zildjian’s ancestor, Avedis I. He was trying to make gold, she said, but he ended up concocting a combination of copper and tin. “The mixing of those metals produced a very loud, resonant, beautiful sound,” she said.
Debbie explained that in 1618 the Ottoman sultan summoned Avedis to the Topkapi Palace to make cymbals for elite military bands. The metalsmith’s work pleased the ruler, who gave him permission to found his own business in 1623. The sultan also bestowed Avedis the family name "Zildjian" which actually means cymbal maker. He went on to craft cymbals that were widely used, including in churches and by belly dancers.
- Download as many LLM models and the latest version of Ollama.app and all its dependencies.
- Make a list of my favorite music artists and torrent every album I can.
- Open my podcast app and download every starred episode (I have a ton of those that I listen to repeatedly).
- Torrent and libgen every tech book I value. Then, grab large collections of fiction EPUBs.
- Download every US Army field manual I can get my hands on, especially the Special Operations Medic manual, which is gold for civilian use in tough times.
- Download every radio frequency list I can for my area of the country.
- Download digital copies of The Encyclopedia of Country Living by Carla Emory, Where There Is No Doctor, and Where There Us No Dentist.
I already have paper versions of almost all of these but it’s handy to have easily-reproducible and far more portable digital copies.
While we're recommending other works by Le Guin, The Child and the Shadow is near the top of my personal list of Essays That Would Change the World if Only Enough People Would Read Them. It's a deep dive interpretation of a somewhat obscure Hans Christian Andersen story, and her insights about the nature of evil and what it means to grow up shook me and then reshaped my life.
This paragraph is as decent a tl;dr as can exist, but you really should read the whole essay:
> The normal adolescent ceases to project so blithely as the little child did; he realizes that you can't blame everything on the bad guys with the black Stetsons. He begins to take responsibility for his acts and feelings. And with it he often shoulders a terrible load of guilt. He sees his shadow as much
blacker, more wholly evil, than it is. The only way for a youngster to get past the paralyzing self-blame and self-disgust of this stage is really to look at that shadow, to face it, warts and fangs and pimples and claws and all – to accept it as himself – as part of himself. The ugliest part, but not the weakest. For the shadow is the guide. The guide inward and out again; downward and up again; there, as Bilbo the Hobbit said, and back again. The guide of the journey to self-knowledge, to adulthood, to the light.
The whole commentary about the "supermodified" class of competition entrants is making my laugh:
> Nostradamus was written by Tim Dierks, a VP of Engineering at Certicom,
who has a lot of expertise in cryptography. The program defeats the
optimal player by reverse-engineering the internal state of the random()
generator, which he states "was both easier and harder than I thought it
would be". To be sporting, it then plays optimally against all other
opponents.
> Fork Bot was based on an idea that Dan Egnor came up with a few minutes
after hearing about the contest. Since "library routines are allowed",
his elegant solution was to spawn three processes with fork(), have each
one make a different move, and then kill off the two that did not win.
This was implemented by Andreas Junghanns in about 10 lines of code.
Unfortunately, since all three moves lost to the Psychic Friends Network
after the first turn, the program exited and the remainder of that match
was declared forfeited.
> The Psychic Friends Network is a truly hilarious piece of obfuscated C,
written by Michael Schatz and company at RST Corporation. Among other
things, it uses an auxiliary function to find good karma, consults
horoscopes, cooks spaghetti and (mystic) pizza to go with various kinds
of fruit, #defines democrats as communists, and undefines god. We're
still trying to figure out exactly what it is doing with the stack
frame, but we do know that it never scores less than +998 in a match,
unless it is playing against a meta-meta-cheater.
> The Matrix was written by Darse Billings, who holds the prestigious
title of "Student for Life", and recently started the PhD programme at
the University of Alberta. The RoShamBo program defeated every opponent
with a perfect score, based on the simple principle "There is no spoon".
> Since The Matrix is also the tournament program, it has complete access
to all other algorithms, data structures, and output routines, and is
therefore unlikely to ever be overtaken. As a result, this category is
hereby declared to be solved, and thus retired from future competitions.
I was confused as hell for a long time when I first got into ML, until I figured out how to think about tensors in a visual way.
You're right: fundamentally ML is about vector and matrix operations (1D and 2D). So then why are most ML programs 3D, 4D, and in a transformer sometimes up to 6D (?!)
One reasonable guess is that the third dimension is time. Actually not. It turns out that time is pretty rare in ML, and it's only (relatively) recently that it's been introduced into e.g. video models.
Another guess is that it's to represent "time" as in, think of how transformers work: they generate a token, then another given the previous, then a third given the first two, etc. That's a certain way of describing "time". But it turns out that transformers don't do this as a 3D or 4D dimension. It only needs to be 2D, because tokens are 1D -- if you're representing tokens over time, you get a 2D output. So even with a cutting edge model like transformers, you still only need plain old 2D matrix operations. The attention layer creates a mask, which ends up being 2D.
So then why do models get to 3D and above? Usually batching. You get a certain efficiency boost when you pack a bunch of operations together. And if you pack a bunch of 2D operations together, that third dimension is the batch dimension.
For images, you typically end up with 4D, with the convension N,C,H,W, which stands for "Batch, Channel, Height, Width". It can also be N,H,W,C, which is the same thing but it's packed in memory as red green blue, red green blue, etc instead of all the red pixels first, then all the green pixels, then all the blue pixels. This matters in various subtle ways.
I have no idea why the batch dimension is called N, but it's probably "number of images".
"Vector" wouldn't quite cover all of this, and although "tensor" is confusing, it's fine. It's the ham sandwich of naming conventions: flexible, satisfying to some, and you can make them in a bunch of different varieties.
Under the hood, TPUs actually flatten 3D tensors down into 2D matrix multiplications. I was surprised by this, but it makes total sense. The native size for a TPU is 8x128 -- you can think of it a bit like the native width of a CPU, except it's 2D. So if you have a 3x4x256 tensor, it actually gets flattened out to 12x256, then the XLA black box magic figures out how to split that across a certain number of 8x128 vector registers. Note they're called "vector registers" rather than "tensor registers", which is interesting. See https://cloud.google.com/tpu/docs/performance-guide
Quarterly interactive testing is the only thing I have seen work. A common method is using Proofpoint + Fake realistic looking sites and emails. Get stats on how many click the links and how many put in corporate credentials. Proofpoint can do this or a company could make their own tracking stats.
Without embarrassing or punishing them ensure the ones that put in credentials get trained. The credentials should automatically sign them up for interactive mandatory online courses so they are not being embarrassed in a classroom. Reward the teams that don't get phished. Reward the managers, sr. managers, directors and sr. directors who's teams and orgs do not get phished. The higher level of management organization that is free of phishing victims, the higher the rewards. Incentivize the leadership to discourage warning others in company chat that a phishing test campaign is in progress. I'm sure the director of incident management at my last place is reading this. It's up to them if they want to share high level stats. I would not be allowed to disclose details but I do know this methodology absolutely works, at least in a place that has integrity and employee trust.
This of course only works for employees of a company because they have signed legal agreements that would permit the company to phish their own employees and have their own corporate attorneys that reviewed this process. Any other scenario should have a small army of lawyers review the plan.
Way back in 2014 when Jeff Atwood (aka codinghorror) switched from Stack Overflow to creating Discourse, he gave a talk about it (see notes [1], sadly I can't find a live link to the recording anymore). He gave a pithy little explanation of why they built the Discourse trust levels system the way they did that stood out to me:
> The only thing that scales with the community is the community.
The point being, you have to grow users into moderators. Any other way of acquiring moderators is unsustainable.
The author missed the Fred Wilson's MBA Mondays Archive [1] which personally was a great resource in the quest for my "business success" (whatever it means). There is a more organized and illustrated edition here [2]. BTW, I always return to some articles such as "Commission Plans" for Sales [3].
Regarding books:
- Only the Paranoid Survive by Andrew Grove (Intel) [4]. It is always in my "pocket". It is real experience with pain points from a top CEO, not an academic exercise.
- Other books that are not focused on business but are more "epistemological". For example, "How Life Imitates Chess" by Garry Kasparov [5]. I don't know who created this title for the book though. Many autobiographies, in general, or good business biographies such as "Hard Drive: Bill Gates and the Making of the Microsoft Empire" [6].
This is actually a really underappreciated question! (and also really interesting!) There's a lot of nuance to this because the truth is that distance becomes less meaningful as you increase dimensions. You can find some papers comparing Lp distances with different p values (p=2 == Euclidean == L2). But as dimension increases, the distance to the furthest points decreases (making it harder to differentiate near points from far points). Cosine similarity is a commonly used one, but as dimensions increase the likelihood that any two tensors are orthogonal rapidly increases. This might seem counterintuitive because the probability is really low in 2 or 3 dims as you only have 2 or a plane in R3.
So really the answer honestly tends to be ad hoc: "whatever works best". It's good to keep in mind that any intuition you have about geometry goes out the window as dimensions increase. It's always important to remember assumptions made, especially when focusing on empiricism. There are definitely some nuances that can point you in better directions (pun intended :) than random guessing, especially if you know a lot about your geometry, but it is messy and nuances can make big differences.
I wish I had a better answer but I hope this is informative. Maybe some mathematician will show up and add more. I'm sure there's someone on HN that loves to talk about higher dimensional geometry and I'd love to hear those "rants."
