TheColorYellow (u/TheColorYellow)

TheColorYellow commented on Please don't say mean things about the AI I just invested a billion dollars in mcsweeneys.net/articles/p... · Posted by u/randycupertino

mediaman · 2 months ago

How? They are all losing tens of billions of dollars on this, so far.

Open source models are available at highly competitive prices for anyone to use and are closing the gap to 6-8 months from frontier proprietary models.

There doesn't appear to be any moat.

This criticism seems very valid against advertising and social media, where strong network effects make dominant players ultra-wealthy and act like a tax, but the AI business looks terrible, and it appears that most benefits are going to accrue fairly broadly across the economy, not to a few tech titans.

NVIDIA is the one exception to that, since there is a big moat on their business, but not clear how long that will last either.

TheColorYellow · 2 months ago

I'm not so sure thats correct. The Labs seem to offer the best overall products in addition to the best models. And requirements for models are only going to get more complex and stringent going forward. So yes, open source will be able to keep up from a pure performance standpoint, but you can imagine a future state where only licensed models are able to be used in commercial settings and licensing will require compliance against limiting subversive use or similar (e.g. sexualization of minors, doesn't let you make a bomb etc.).

When the market shifts to a more compliance-relevant world, I think the Labs will have a monopoly on all of the research, ops, and production know-how required to deliver. That's not even considering if Agents truly take off (which will then place a premium on the servicing of those agents and agent environments rather than just the deployment).

There's a lot of assumptions in the above, and the timelines certainly vary, so its far from a sure thing - but the upside definitely seems there to me.

TheColorYellow commented on Your brain on ChatGPT: Accumulation of cognitive debt when using an AI assistant media.mit.edu/publication... · Posted by u/misswaterfairy

PatronBernard · 2 months ago

> a hierarchical graph layout algorithm based on the Sugiyama framework, using Brandes-Köpf for node positioning.

I am sorry for being direct but you could have just kept it to the first part of that sentence. Everything after that just sounds like pretentious name dropping and adds nothing to your point.

But I fully agree, for complex problems that require insight, LLMs can waste your time with their sycophancy.

TheColorYellow · 2 months ago

This is a technical forum, isn't pretentious name dropping kind of what we do?

Seriously though, I appreciated it because my curiosity got the better of me and I went down a quick rabbit hole in Sugiyama, comparative graph algorithms, and learning about the node positioning as a particular dimension of graph theory. Sure nothing ground breaking, but it added a shallow amount to my broad knowledge base of theory that continues to prove useful in our business (often knowing what you don't know is the best initiative for learning). So yeah man, lets keep name dropping pretentious technical details because thats half the reason I surf this site.

And yes, I did use ChatGPT to familiarize myself with these concepts briefly.

TheColorYellow commented on Anonymous credentials: rate-limit bots and agents without compromising privacy blog.cloudflare.com/priva... · Posted by u/eleye

hedora · 4 months ago

I don’t understand the problem they are trying to solve, and this article is long, so apologies if they actually get around to explaining.

I have a credit card, and an agent. I want a pizza.

These credentials do what, exactly? Prevent the pizza place from taking my money? Allow me to order anonymously so they don’t know where to deliver it?

Also, they are security professionals, so when they say anonymous, they don’t mean pseudonymous, so my agent can produce an unlimited number of identities, right? How do they keep the website from correlating time and IP addresses to link my anonymous requests to a pseudonym?

My cynical take is that the pizzeria has to pay cloudflare a few pennies to process the transaction. What am I missing?

TheColorYellow · 4 months ago

Although this is clearly the equivalent of Cloudflare propaganda, they are trying to address the issue of connecting a user and an agent in a way that respects the users privacy.

They effectively use credentials and cryptography to link the two together in a zero-knowledge type of way. Real issue, although no one is clearly dying for this yet.

Real solution too, but blind credentials and Chaumian signing is equally naive to think it addresses the root issue. Something like Apple will step in to cast a liability shield over all parties and just continue to trap users into the Apple data ecosystem.

The right way to do this is to give the user sovereignty over their identity and usage such that platforms cater to users rather than the middle-men in-between. Harder than what Cloudflare probably wants to truly solve for.

Still, cool article even if a bit lengthy.

TheColorYellow commented on Changing Directions jacobian.org/2025/jun/3/c... · Posted by u/speckx

TheColorYellow · 9 months ago

As a Fireman/EMT of 7 years whos been in high-tech for almost 10 - I feel sorry for this guy.

Sure, some parts of work will definitely get better and feel different. But a lot will get worse.

Say goodbye to good working conditions and simple problems. Work life balance is meaningless when your work has a habit of sticking around everytime you close your eyes. And the hero culture of EMS wears off quick when you realize 90% of the time you're societies janitor. That 10% you make a difference is amazing, but for the most part it's medics who are really making an impact and that world is almost as political and overmanaged as technology is.

The real problem is trying to make your career your life source rather than just an income stream. Tech utopia is no different than emergency-medicine utopia - its all fantasies that have no bearing to real life.

I wish the author the best of luck, and the issues they bring up are oh so real, but the source of the problem lies elsewhere in my humble opinion.

TheColorYellow commented on How Waffle House helps Southerners and FEMA judge a storm's severity apnews.com/article/waffle... · Posted by u/geox

itake · a year ago

I wish the article would communicate more about how WaHo does this. I see they tend to stock their stores with generators, but is that the only thing? Does WaHo have longer shifts, reducing the need for staff missing shifts? Why is WaHo a better indicator than other services, like public transit?

TheColorYellow · a year ago

As a southerner who has also pondered this, I think it's simply the basic nature of the menu and local nature of the employees.

Food is basically just pre-made batter, eggs, potatoes, and processed meat; all of which holds well and only requires limited refrigeration. Staff is pretty basic crew: Cooks and customers can order directly at the register if waiter isn't available.

Add to that a culture of staying open at all costs and there you go.

TheColorYellow commented on Defenders think in lists, attackers think in graphs (2015) github.com/JohnLaTwC/Shar... · Posted by u/akyuu

jiggawatts · 2 years ago

> If you've answered no to any of these questions, you have chosen to prioritize something else over better cyber security defense.

To add to this: I get irrationally irritated when some hack occurs and someone makes the comment: "Their databases weren't even encrypted! Amateurs!"

Okay mister wise-guy, let us see you "encrypt" the database at an organisation where that database produces a billion dollars of revenue annually.

Are you sure you aren't going to lose the encryption keys? Many billions of dollars sure?

Okay, you've made sure that the keys are safely backed up! Good job! Now rotate them. On a schedule. That's a process you will be required to hand over to a secops team to avoid you being a "bus factor of one". Good luck with writing out that process so nobody ever screws up.

Now provide access to the encrypted data to... everything and everyone. Because that's the point of business data. It's supposed to be consumed, reported on, updated, saved, exported, imported, and synchronized. Not just to systems you control either! To the CFO's tablet, to the third-party suppliers' ERP, and to every desktop in the place. There's a hundred thousand of them, across every content bar Antarctica.

It's surely because they're amateurs that they haven't figured this all out already: cheaply, robustly, and securely!

TheColorYellow · 2 years ago

It's never the encrypted database that gets hit, it's always the other database that was made because our first database was encrypted....

TheColorYellow commented on Defenders think in lists, attackers think in graphs (2015) github.com/JohnLaTwC/Shar... · Posted by u/akyuu

tpmoney · 2 years ago

Even if they put it near the top, it's still going to be reduced in effectiveness by the actual needs and goals of the organization. Any company that has a VPN and remote employees is objectively and inherently weaker from a cyber security standpoint than an otherwise equally equipped company with no external access to the network. But they do that because remote employee access means they can do their actual business better. Any company that uses networked computers in objectively and inherently weaker from a cyber security standpoint than one which requires physically moving data from one machine to another by way of personal handoffs between employees at the same physical location, but they do that because it means they can do their actual business better.

It does not matter if cyber security is at the top or the bottom of your budget list, if the choice is ever "better cyber security" or "do more business", cyber security is always going to lose that battle. You will never convince a company to use E2E encrypted email for all communications with all customers and vendors, no matter how high on the budget list cyber security is, because doing so would actively hinder the day to day operations of the business.

TheColorYellow · 2 years ago

I don't think this is relevant. Even on-prem "air gapped" networks get breached. I would say it happens on as frequent a basis as any other network tbh. Microsoft hacks get headlines because Microsoft is a public company; there are lots of undisclosed breaches happening out there.

Security vulnerabilities come from the same place they always have. Where IO happens, where transactions happen, and where an operating system does a lot of work. How attackers get to these points, what happens when they do, and then how the system reacts when a malicious event occurs are the factors that matter.

In today's world of complex technologies, I have yet to meet a single organization that is invulnerable to these threats. I've seen a lot of organizations limit damage, patch vulnerabilities, and generally manage their risk profile effectively - but losses are a part of the business.

IMO, the only thing that will really make a difference is when we have technologies that are sufficient enough to male the user more resilient. Only then can we have a truly safer web.

TheColorYellow commented on Movable tree CRDTs and Loro's implementation loro.dev/blog/movable-tre... · Posted by u/czx111331

danielvaughn · 2 years ago

If your application makes active use of multiple tabs, it might make sense to use YJS or something, because it's very effective in resolving those types of problems.

However, if your profile edits are single-user only, it's probably overkill to introduce a CRDT. At first glance, it seems the two-tabs-open scenario is your highest source of bugs, so what you could do is use a BroadcastChannel to signal update events to all other tabs.

TheColorYellow · 2 years ago

How is YJS different from introducing CRDT? Doesn't it basically just do that for you anyways?

If CRDT is complications and difficult to manage, either YJS resolves that completely, or more likely that complexity will leak out of the abstraction layer no matter what.

To me it seems more like that OP should compare and contrast concurrency solutions, one of which is CDRT via YJS or another could be something like concurrency based on Go routines.

Edit: Should obviously mention Loro, the literal thread we're in now lol

TheColorYellow commented on Garage: Open-Source Distributed Object Storage garagehq.deuxfleurs.fr/... · Posted by u/n3t

fijiaarone · 2 years ago

I don’t understand why everyone wants to replicate AWS APIs for things that are not AWS.

S3 is a horrible interface with a terrible lack of features. It’s just file storage without any of the benefits of a file syste - no metadata, no directory structures, no ability to search, sort, or filter.

Combine that with high latency network file access and an overly verbose API. You literally have a bucket for storing files, when you used to have a toolbox with drawers, folders, and labels.

Replicating a real file system is not that hard, and when you lose the original reason for using a bucket —- because your were stuck in the swamp with nothing else to carry your files in — why keep using it when you’re out of the mud?

TheColorYellow · 2 years ago

Because at this point it's a well known API. I bet people want to recreate AWS without the Amazon part, and so this is for them.

Which, to your point, makes no sense because as you rightly point out, people use S3 because of the Amazon services and ecosystem it is integrated with - not at all because it is "good tech"

TheColorYellow commented on A look inside a Sharia Courtroom newyorker.com/culture/the... · Posted by u/wouterjanl

hotdogscout · 3 years ago

>Yet nowhere in any standard interpretation of religious law does it state that women may not work or get an education.

Women are not allowed to work outside the home according to the Quran, there are exceptions but this is not generally allowed.[1]

Anand Gopal is very anti-US so he seems to be sugar coating things a bit.

[1]https://islamqa.info/en/answers/106815/guidelines-on-women-w...

TheColorYellow · 3 years ago

The preceding lines in this surah explicitly mention this is addressed to wives of the Prophet who are unlike other women. The answer in your link even explicitly mentions this is their interpretation outside of what is explicitly written.

Islam is no different from the other Abrahamic religions. It is the culture of organized Islam that is uniquely violent, conservative, and extreme in its views today.

But please, DYOR.