Votes on this comment:

1. Came from 14 different instances - many of them major. Of those instances, the instance with the most votes contributed was lemmy.world (i.e. your own instance), from which my instance has seen 14 votes for that comment.
2. Of the voters, I looked at the distribution of the person IDs assigned on my instance, which approximately represents the order they were seen by my instance (e.g. they voted on or interacted with another comment). If there was vote manipulation, I’d expect to see lots of IDs close together. However, there are not runs of IDs that are close together. To avoid this when manipulating votes, they’d need to have planned in advance, and made accounts and used them individually over time before finally deploying them to downvote you.

If there are instances that are a significant source of vote manipulation, and the local admins are unwilling to address it, there are options available to instance admins like defederation.

However - in the case of your comments, there is no meaningful evidence of vote manipulation.

The best option is to run them models locally. You’ll need a good enough GPU - I have an RTX 3060 with 12 GB of VRAM, which is enough to do a lot of local AI work.

I use Ollama, and my favourite model to use with it is Mistral-7b-Instruct. It’s a 7 billion parameter model optimised for instruction following, but usable with 4 bit quantisation, so the model takes about 4 GB of storage.

You can run it from the command line rather than a web interface - run the container for the server, and then something like docker exec -it ollama ollama run mistral, giving a command line interface. The model performs pretty well; not quite as well on some tasks as GPT-4, but also not brain-damaged from attempts to censor it.

By default it keeps a local history, but you can turn that off.

I think the most striking thing is that for outsiders (i.e. non repo members) the acceptance rates for gendered are lower by a large and significant amount compared to non-gendered, regardless of the gender on Google+.

The definition of gendered basically means including the name or photo. In other words, putting your name and/or photo as your GitHub username is significantly correlated with decreased chances of a PR being merged as an outsider.

I suspect this definition of gendered also correlates heavily with other forms of discrimination. For example, name or photo likely also reveals ethnicity or skin colour in many cases. So an alternative hypothesis is that there is racism at play in deciding which PRs people, on average, accept. This would be a significant confounding factor with gender if the gender split of Open Source contributors is different by skin colour or ethnicity (which is plausible if there are different gender roles in different nations, and obviously different percentages of skin colour / ethnicity in different nations).

To really prove this is a gender effect they could do an experiment: assign participants to submit PRs either as a gendered or non-gendered profile, and measure the results. If that is too hard, an alternative for future research might be to at least try harder to compensate for confounding effects.

I think (unless I misunderstood the paper), they only included people who had a Google+ profile with a gender specified in the study at all (this is from 2016 when Google were still trying to make Google+ a thing).

True, except the difference Israel is still taking occupied land and building settlements, and excluding the people born there from them.

The government at least needs to pick one of the two options to move forward (as well as acknowledging and making reparations for those with traditional connections to the land who were affected by past injustices):

1. The two state solution: Palestine is a genuinely separate sovereign state, with a right to self determination, airspace, control of their territorial waters and so on. Israeli government representatives only enter Palestine on invitation from the government. Anyone born on Palestinian land, even on a former settlement, is a Palestinian unless they find another state to accept them and renounce their citizenship. Palestinians have equal protection of the law, and are expected to follow Palestinian laws on Palestinian land, or face the Palestinian justice system. If they renounce their citizenship, they are subject to Palestinian immigration law and might have to leave Palestine.
2. The one state solution: The entire Israeli occupied ‘river to sea’ area is one state, and everyone born there is an Israeli citizen, with equal rights under the law, power to vote, etc…

The problem is the current right-wing extremists in power in Israel do not want either solution; they want to have it both ways - when it comes to ownership and control, they want to deny the existence of a Palestinian state. But when it comes to citizenship, they want to claim everyone born on the land they occupy is not Israeli so they can deny them rights and exploit them. Their life is substantially controlled by the Israeli state, but they get no say in the leadership of the state - undermining claims it is a democracy. They don’t have equal protection under the law - Israeli authorities protect settlers taking land against people with generational connections to the land.

None of this is new in history, as you point out. Most of the Roman Empire, most of the former British Commonwealth, etc… had similar things in the past, with massacres of the native people, lands confiscated, native people been treated as having fewer rights than the colonialists, etc…

What is different is that those are all past atrocities (although fair reparations have still not been paid in many cases, at least further atrocities are generally not continuing to anything like the same extent), while Israel continues to commit the same atrocities to this very day.

The government just has to print for the money, and use it for that

Printing money means taxing those that have cash or assets valued directly in the units of the currency being measured. Those who mostly hold other assets (say, for example, the means of production, or land / buildings, or indirect equivalents of those, such as stock) are unaffected. This makes printing money a tax that disproportionately affects the poor.

What the government really needs to do is tax the rich. Many top one percenters of income fight that, and unfortunately despite the democratic principle of one person, one vote, in practice the one percenters find ways to capture the government in many countries (through their lobbying access, control of the media, exploitation of weaknesses of the electoral system such as non-proportional voting and gerrymandering).

instead of bailing out the capitalists over and over.

Bailing out large enterprises that are valuable to the public is fine, as long as the shareholders don’t get rewarded for investing in a mismanaged but ‘too big to fail’ business (i.e. they lose most of their investment), and the end result is that the public own it, and put in competent management who act in the public interest. Over time, the public could pay forward previous generations investments, and eventually the public would own a huge suite of public services.

Yes, but the information would need to be computationally verifiable for it to be meaningful - which basically means there is a chain of signatures and/or hashes leading back to a publicly known public key.

One of the seminal early papers on zero-knowledge cryptography, from 2001, by Rivest, Shamir and Tauman (two of the three letters in RSA!), actually used leaking secrets as the main example of an application of Ring Signatures: https://link.springer.com/chapter/10.1007/3-540-45682-1_32. Ring Signatures work as follows: there are n RSA public keys of members of a group known to the public (or the journalist). You want to prove that you have the private key corresponding to one of the public keys, without revealing which one. So you sign a message using a ring signature over the ‘ring’ made up of the n public keys, which only requires one of n private keys. The journalist (or anyone else receiving the secret) can verify the signature, but obtain zero knowledge over which private key out of the n was used.

However, the conditions for this might not exist. With more modern schemes, like zk-STARKs, more advanced things are possible. For example, emails these days are signed by mail servers with DKIM. Perhaps the leaker wants to prove to the journalist that they are authorised to send emails through the Boeing’s staff-only mail server, without allowing the journalist, even collaborating with Boeing, to identify which Boeing staff member did the leak. The journalist could provide the leaker with a large random number r1, and the leaker could come up with a secret large random number r2. The leaker computes a hash H(r1, r2), and encodes that hash in a pattern of space counts between full stops (e.g. “This is a sentence. I wrote this sentence.” encodes 3, 4 - the encoding would need to limit sentence sizes to allow encoding the hash while looking relatively natural), and sends a message that happens to contain that encoded hash - including to somewhere where it comes back to them. Boeing’s mail servers sign the message with DKIM - but leaking that message would obviously identify the leaker. So the leaker uses zk-STARKs to prove that there exists a message m that includes a valid DKIM signature that verifies to Boeing’s DKIM private key, and a random number r2, such that m contains the encoded form of the hash with r1 and r2. r1 or m are not revealed (that’s the zero-knowledge part). The proof might also need to prove the encoded hash occurred before “wrote:” in the body of the message to prevent an imposter tricking a real Boeing staff member including the encoded hash in a reply. Boeing and the journalist wouldn’t know r2, so would struggle to find a message with the hash (which they don’t know) in it - they might try to use statistical analysis to find messages with unusual distributions of number of spaces per sentence if the distribution forced by the encoding is too unusual.

Or use it as a Progressive Web App. This could be a good thing for awareness of PWAs and for them being seen as a killer feature that people won’t buy a smartphone unless they support them well. A transition away from app stores to PWAs can only be good.

If they are doing TikTok, maybe they should do Facebook, Reddit and YouTube next.

While Milei doesn’t have a lot going for himself, in this case it could also be that the companies supplying the fuel have some US component / have more to lose from not having access to American markets than they gain from supplying that airline, and it is the US government to blame.

The US blockade of Cuba is, of course, very hypocritical; there have been human rights abuses in Cuba relatively recently (e.g. the crackdown on peaceful July 11 2021 protestors), but if that is grounds for continuing sanctions of an unrelated industry for links to that country, then if there wasn’t a double standard the US should firstly be sanctioning Israel for years of brutal repression and apartheid in Israeli-occupied Palestine, and secondly be sanctioning itself for the police crackdowns on protestors calling for righting the wrongs in Palestine.

My grandparents had a lot of antiques, some probably which they inherited. My grandfather was particular proud of his clockwork wind-up clock (which was an antique even back then). I disassembled it to find out how it worked, but couldn’t figure out how to reassemble it (and my granddad couldn’t either).

And also the videos were being used to incite people to retaliate. Immediately after the attack, a rioting mob seeking vigilante justice surrounded the church, trapping the paramedics (who were treating the assailant) and the assailant inside. The mob apparently injured dozens of police, damaged about a hundred cars, including writing off a number of police cars, and some people armed with illegal weapons climbed a ladder to try to get into the church.

I haven’t seen any source suggesting it was a pen. Several sources, such as https://www.aap.com.au/news/police-powers-bolstered-as-terror-attack-probe-widens/, describe the weapon as a “flick-knife”. Other sources say that the bishop victim was “seriously injured”, and the assailant was injured in the attack and his own finger was sliced off with the knife.

I think you are right that no one died, but wrong that the weapon was a pen - this was a serious attack with an actual knife.

I wonder if this is social engineering along the same vein as the xz takeover? I see a few structural similarities:

• A lot of pressure being put on a maintainer for reasons that are not particularly obvious what they are all about to an external observer.
• Anonymous source other than calling themselves KA - so that it can’t be linked to them as a past contributor / it is not possible to find people who actually know the instigator. In the xz case, a whole lot of anonymous personas showed up to put the maintainer under pressure.
• A major plank of this seems to be attacking a maintainer for “Avoiding giving away authority”. In the xz attack, the attacker sought to get more access and created astroturfed pressure to achieve that ends.
• It is on a specially allocated domain with full WHOIS privacy, hosted on GitHub on an org with hidden project owners.

My advice to those attacked here is to keep up the good work on Nix and NixOS, and don’t give in to what could be social engineering trying to manipulate you into acting against the community’s interests.

Most of mine are variations of getting confused about what system / device is which:

• Had two magnetic HDDs connected as my root partitions in RAID-1. One of the drives started getting SATA errors (couldn’t write), so I powered down and disconnected what I thought was the bad disk. Reboot, lots of errors from fsck on boot up, including lots about inodes getting connected to /lost+found. I should have realised at that point that it was a bad idea to rebuild the other good drive from that one. Instead, I ended up restoring from my (fortunately very recent!) backup.
• I once typed sudo pm-suspend on my laptop because I had an important presentation coming up, and wanted to keep my battery charged. I later noticed my laptop was running low on power (so rushed to find power to charge it), and also that I needed a file from home I’d forgotten to grab. Turns out I was actually in a ssh terminal connected to my home computer that I’d accidentally suspended! This sort of thing is so common that there is a package in some distros (e.g. Debian) called molly-guard specifically to prevent that - I highly recommend it and install it now.
• I also once thought I was sending a command to a local testing VM, while wiping a database directory for re-installation. Turns out, I typed it in the wrong terminal and sent it to a dev prod environment (i.e. actively used by developers as part of their daily workflow), and we had to scramble to restore it from backup, meanwhile no one could deploy anything.

Unfortunately a probe by Israel will likely result in: “We’ve investigated ourselves and found we did nothing wrong”, no matter what. These are people who deliberately bomb and kill hundreds of civilians for one suspected militants, and who are creating a famine affecting an entire population mere kilometres from places with abundant food through their deliberate policies on aid. Killing people trying to help the people they are genociding is by design in the eyes of the far right extremists who are running Israel at the moment.

Update: It looks like quite a few stories are paraphrases (AI rewrites?) of CNN stories, so the site might just be an attempt at SEO, rather than psyops.

CNN seems to be contorting themselves to not say anything too negative about Israel’s far-right government, hence the bias coming through on other sites based on it.

The history of that site is very interesting, leading me to suspect some kind of psyops operation.

The domain name was registered on 2021-06-13, but until at least 2024-01-01 it was a rather basic Indonesian language news site, with no English content - https://web.archive.org/web/20231228131909/https://www.infoterkiniviral.com/.

The domain name was updated on 2024-03-22. Their sitemap has content going back to 2024-03-09. Old URLs that existed back in January now return 404 not found.

There seems to be no attribution (e.g. who owns the site). It is using Hostinger for DNS, with PrivacyProtect used for WHOIS privacy, and is hosted on GCP.

That said, I haven’t found evidence that the less controversial stories (which psyops likely add to lend credibility to any propaganda by blending it in with real news) are word-for-word copied from anywhere. This could mean they have invested in writing them by hand, or maybe they are AI generated as a paraphrase from another news source.

I’d bet there might be a whole series of them if they are taking this approach, but they seem to have tried to make them hard to link them together.

I suggest having a threat model about what attack(s) your security is protecting against.

I’d suggest this probably isn’t giving much extra security over a long unique password for your password manager:

• A remote attacker who doesn’t control your machine, but is trying to phish you will succeed the same - dependent on your practices and password manager to prevent copying text.
• A remote attacker who does control your machine will also not be affected. Once your password database in the password manager is decrypted, they can take the whole thing, whether or not you used a password or hardware key to decrypt it. The only difference is maybe they need slightly more technical skill than copying the file + using a keylogger - but the biggest threats probably automate this anyway and there is no material difference.
• A local attacker who makes a single entry to steal your hardware, and then tries to extract data from it, is either advantaged by having a hardware key (if they can steal it, and you don’t also use a password), or is in a neutral position (can’t crack the locked password safe protected by password, don’t have the hardware key / can’t bypass its physical security). It might be an advantage if you can physically protect your hardware key (e.g. take it with you, and your threat model is people who take the database while you are away from it), if you can’t remember a sufficiently unique passphrase.
• A local attacker who can make a surreptitious entry, and then come back later for the results is in basically the same position as a remote attacker who does control your machine after the first visit.

That said, it might be able to give you more convenience at the expense of slightly less security - particularly if your threat model is entirely around remote attackers - on the convenience/security trade-off. You would touch a button to decrypt instead of entering a long passphrase.

the most voted for parties

Simple ‘first past the post’ systems like they have in the US are flawed. The biggest problem is that clones (candidates or parties with similar positions) split the vote. For example, suppose 10% of the population wants Evil Dictator, but the other other 90% each want one of 18 different candidates as their first preference, evenly divided on first preferences (so 5% on first preferences), but rank any of the other 17 higher than Evil Dictator. So Evil Dictator has 10% of first preferences, but is the last preference for 90% of the population. The other candidates have 5% each.

First Past the Post would elect Evil Dictator in this circumstance. Better electoral systems (e.g. the Schulze method) would elect one of the other candidates.

This applies still if you elect a plurality of people - e.g. there could be two Evil Dictators, who 90% of the public oppose, but who have the highest vote because there are fewer of them to split the vote. Better systems like the better STV variants ensure proportionality (it avoids a landslide where the same voters determine all the representatives in a winner takes all approach). A larger parliament means more representation of the perspective of smaller minorities - so they are at least heard.

A “score” based voting system, if it is just a ranking of parties, could work like this. But if you are suggesting adding up the votes (so, for example, a 5 is worth 5x as much as a 1), the problem is tactical voting. People will, in practice, vote to make their vote count them most.

Let’s say, for example, there are three candidates, Racist Evil Dictator, Racist, and Progressive. Let’s say we know for granted almost everyone is going to score Racist Evil Dictator as 1. If a progressive was voting honestly, they might vote Progressive as a 5, and apart from the racism Racist might have been doing well, so they’d get a 3. The racist supporters, however, if they were being honest, would give Racist a 5 and Progressives a 3. Let’s say there are 1000 progressive voters, and 600 racist voters. If voting honestly, the scores would be Progressive = 5 * 1000 + 3 * 600 = 6800, Racist = 5 * 600 + 3 * 1000 = 6000, Racist Dictator = 1 * 1600 = 1600. Now the problem is, you can’t really get people to vote honestly. So let’s say Racist riles up their followers to instead vote Progressive as a 1 to, even if they don’t really think that. Now the scores are Progressive = 5 * 1000 + 1 * 600 = 5600, Racist = 5 * 600 + 3 * 1000 = 6000. Racist wins.

In practice, when a system allows people to vote tactically and have an advantage, it becomes a race to the bottom. That’s how you end up with dynamics like the two-party system. A good voting system works by removing incentives to vote tactically - if you put your true preferences down, you will not be disadvantaged in your influence on the election, even if other people attempt to vote tactically. That means that genuine third parties have a chance if the people like them, even in the absence of coordination.

In the early 2000s, I bought a book for someone from amazon.com. I’d had good experiences with Amazon a few years earlier in the late 90s when it worked like a normal store - you pay Amazon and they send you the book you ordered. Little did I know that Amazon had since become a ‘marketplace’ where they let any old scammer list, take your money, and not send anything. After a couple of months with no book arriving, luckily I was able to charge back and get the money back from the bank.