𞋴𝛂𝛋𝛆
- 119 Posts
- 1.04K Comments
4·18 days agoNo country on Earth is like this. No polity is unified without opposition. Additionally, making this statement here, when it is obviously false, in a place where at least half the people are from the US, and likely all of those are left leaning and just as much victims if not more so, seems like rather tepid malevolence.
It is not a laser beam.
No. The primary way of blocking radio is by raising the noise floor across the band. The type of radio is irrelevant. The protocol is irrelevant. It is all only the electromagnetic spectrum from infrared light, to visible spectrum light, to radio light, through to xray or gamma ray light. How we divide that up into protocols, bands, and names is totally irrelevant. When transmitting radio light, we are all restricted in how much power we are allowed to send. All receiver circuits are listening for meaningful information above the noise floor. Bands are allocated to try to create spaces for certain types of communications. This controls the noise floor. Then electrical engineers design the hardware you buy to operate within this specification. If that noise floor is raised, the physical hardware is unable to retrieve information and effectively makes it useless. If you are a radio wizard and build your own transmitter that has more power, you just created a giant beacon that anyone will track easily to your location. Transmitting always reveals your exact location. In military operations, you constantly hear about some entity going radio silent. This is why. If you are a soldier, you may not carry a cell phone at all when on the job because it is constantly revealing your location. The only way to avoid this is with actually hard wire connections. You are able to use lasers for line of sight communications, but in practice, you will be limited by the optical lens focusing complexity and atmospheric distortion even from the ground with point to point regional communication. If anyone crosses the beam it will still be detected and is likely to leak some light depending on conditions and design.
Ultimately, your only real option is the sneaker net which is damn near useless in US suburbia hell. Don’t forget that the freeway system was not created for the citizenry. It is only about military mobility. That is why the Germans made the autobahn and why the USA and others had to copy the idea. Your only defense is in the democratic political space.
318·2 months agoSure
3·2 months ago
I have never used or cared about this W11. It has never seen the internet. I only keep it around for my keyboard’s RGB controller app if I ever need it. So I have no clue if this is everything or whatnot, but that is a screenshot of my access to the windows file system from within the file manager of Fedora. That is a dual boot partition. Fedora is particularly good at coexisting with a dual boot partition.
Just be aware that W11 is secure boot only.
There is a lot of ambiguous nonsense about this subject by people that lack a fundamental understanding of secure boot. Secure Boot, is not supported by Linux at all. It is part of systems distros build outside of the kernel. These are different for various distros. Fedora does it best IMO, but Ubuntu has an advanced system too. Gentoo has tutorial information about how to setup the system properly yourself.
The US government also has a handy PDF about setting up secure boot properly. This subject is somewhat complicated by the fact the UEFI bootloader graphical interface standard is only a reference implementation, with no guarantee that it is fully implemented, (especially the case in consumer grade hardware). Last I checked, Gentoo has the only tutorial guide about how to use an application called Keytool to boot directly into the UEFI system, bypassing the GUI implemented on your hardware, and where you are able to set your own keys manually.
If you choose to try this, some guides will suggest using a better encryption key than the default. The worst that can happen is that the new keys will get rejected and a default will be refreshed. It may seem like your system does not support custom keys. Be sure to try again with the default for UEFI in your bootloader GUI implementation. If it still does not work, you must use Keytool.
The TPM module is a small physical hardware chip. Inside there is a register that has a secret hardware encryption key hard coded. This secret key is never accessible in software. Instead, this key is used to encrypt new keys, and hash against those keys to verify that whatever software package is untampered with, and to decrypt information outside of the rest of the system using Direct Memory Access (DMA), as in DRAM/system memory. This effectively means some piece of software is able to create secure connections to the outside world using encrypted communications that cannot be read by anything else running on your system.
As a more tangible example, Google Pixel phones are the only ones with a TPM chip. This TPM chip is how and why Graphene OS exists. They leverage the TPM chip to encrypt the device operating system that can be verified, and they create the secure encrypted communication path to manage Over The Air software updates automatically.
There are multiple Keys in your UEFI bootloader on your computer. The main key is by the hardware manufacturer. Anyone with this key is able to change all software from UEFI down in your device. These occasionally get leaked or compromised too, and often the issue is never resolved. It is up to you to monitor and update… - as insane as it sounds.
The next level key below, is the package key for an operating system. It cannot alter UEFI software, but does control anything that boots after. This is typically where the Microsoft key is the default. It means they effectively control what operating system boots. Microsoft has issued what are called shim keys to Ubuntu and Fedora. Last I heard, these keys expired in October 2025 and had to be refreshed or may not have been reissued by M$. This shim was like a pass for these two distros to work under the M$ PKey. In other words, vanilla Ubuntu and Fedora Workstation could just work with Secure Boot enabled.
All issues in this space have nothing to do with where you put the operating systems on your drives. Stating nonsense about dual booting a partition is the stupid ambiguous misinformation that causes all of the problems. It is irrelevant where the operating systems are placed. Your specific bootloader implementation may be optimised to boot faster by jumping into the first one it finds. That is not the correct way for secure boot to work. It is supposed to check for any bootable code and deplete anything without a signed encryption key. People that do not understand this system, are playing a game of Russian Roulette. There one drive may get registered first in UEFI 99% of the time due to physical hardware PCB design and layout. That one time some random power quality issue shows up due to a power transient or whatnot, suddenly their OS boot entry is deleted.
The main key, and package keys are the encryption key owners of your hardware. People can literally use these to log into your machine if they have access to these keys. They can install or remove software from this interface. You have the right to take ownership of your machine by setting these yourself. You can set the main key, then you can use the Microsoft system online to get a new package key to run W10 w/SB or W11. You can sign any distro or other bootable code with your main key. Other than the issue of one of the default keys from the manufacturer or Microsoft getting compromised, I think the only vulnerabilities that secure boot protects against are physical access based attacks in terms of 3rd party issues. The system places a lot of trust in the manufacturer and Microsoft, and they are the owners of the hardware that are able to lock you out of, surveil, or theoretically exploit you with stalkerware. In practice, these connections are still using DNS on your network. If you have not disabled or blocked ECH like cloudflare-ech.com, I believe it is possible for a server to make an ECH connection and then create a side channel connection that would not show up on your network at all. Theoretically, I believe Microsoft could use their PKey on your hardware to connect to your hardware through ECH after your machine connects to any of their infrastructure.
Then the TMP chip becomes insidious and has the potential to create a surveillance state, as it can be used to further encrypt communications. The underlying hardware in all modern computers has another secret operating system too, so it does not need to cross your machine. For Intel, this system is call the Management Engine. In AMD it is the Platform Security Processor. In ARM it is called TrustZone.
Anyways, all of that is why it is why the Linux kernel does not directly support secure boot, the broader machinery, and the abstracted broader implications of why it matters.
I have a dual boot w11 partition on the same drive with secure boot and have had this for the last 2 years without ever having an issue. It is practically required to do this if you want to run CUDA stuff. I recommend owning your own hardware whenever possible.
Any UEFI secure boot enabled distro will remove all boot entries without a valid package key or a shim to a valid key.
Glad you got it working.
I am talking about something where there is no research done. No doctors exist in this space.
It doesn’t matter anyways. I found how the model’s last layer of thinking defense gets around the issue. I can turn off most of alignment, but cannot actually fully control it totally unchecked.
You assume much, and are being an ass in my opinion. Believe it or not, science is not always well funded. If you happen to be curious and have the time, it is possible to explore scientifically or even casually within areas that are not well researched. It is possible to have logic skills even without credentials.
We are not in some final state of technology. Anyone saying such nonsense lacks fundamental logic skills.
I do not care about me. I do not have dogma. I’m not interested in recognition. I am willingly to explore in unique ways both artistically as a professional artist, and out of logical curiosity. I have the tools needed to check my results against a control using unrelated sources. The most recent paper on the subject is something I can recreate but explain far better than that paper.
I could not care less what you ultimately think of me, or anything I say. What I care about is that you’re a decent digital neighbor. To be physically disabled in near total social isolation, and have a place like this as my main interaction with other humans, it is a mean prejudice to have some random digital neighbor make such unsolicited malevolent statements assuming my personal motivations without a shred of evidence or decency to engage in questioning. You know absolutely nothing about me, yet you presume a great deal, putting words to my emotions as if you own me.
Sometimes the whole world does seem crazy. So I’m not liking my odds. Thanks for the rational advice.
What if you’ve got no credentials, but the flaw is so serious that it will not matter if known.
This is a true hypothetical curiosity. I do not know anything of value. A bunch of people here like to call me crazy, and I’ve rambled on and on many times in ways that likely confirm their notions. A person like this is not likely to fair very well when operating well outside their social caste unless they already have hand holds on the rungs of the ladder above. Still, there are some rather surprising areas of technology without adequate fundamental research. Perhaps it is hypothetically better to have John Conner in the world of Cyberdyne. If someone had killed Apache early, the Internet would not be the same heaven of democracy, though that is not a very good intuitive scope of analogy. Just something to ponder if one were to be in such a situation.
1·3 months agoNot in terms of kernel supported encodings and long term kernel support, from what I have seen. I have not looked into this in depth. However, looking at git repo merged pulls, issues raised, and the lack of any consistent hardware commitments or consensus, implies to me that the hardware is very unstable in the long term. When I see any hardware with mostly only base Debian support, it screams that the hardware is on an orphaned kernel and will likely never get to mainline. The same applies to Arch to a lesser degree. Debian has the primary tool chain for bootstrapping and hardware hacking. When it is the primary option supported, I consider the hardware insecure and unsafe to connect to the internet. I’ve seen a few instances where people are talking about the limited forms of encoding support and the incomplete nature of those that do exist. It is far more important to have hardware that will be supported with mainline kernel security updates and is compatible with the majority of encodings. It would be terrible to find out the thing could not support common audio or video codecs. IIRC there was an issue along these lines with the RISC-V PineTab.
I know the primary goto for RISC-V is SiFive, but I have not seen a goto LTS processor from them in terms of third party consistent use.
Plus, while more open is mor betterer, RISC-V is not full proof from a proprietary blob either. The ISA addresses the monopolistic tyranny and extortion of players like Intel, but there is nothing preventing the inclusion of 3rd party proprietary module blocks. The entire point is to create an open market for the sale and inclusion of IP blocks that are compatible with an open standard. Nothing about these blocks is required to be open. I don’t know if such a thing could be set to a negative ring more privileged than the kernel, but I expect this to be the case.
Most people’s routers are already up 24/7.
We should be able to do our own DNS. Who cares if it is on the wider clearweb. You are paying for an IP address with your internet connection. If you are running a server with verified hardware and signed code, all we need is a half dozen nodes mirroring our own DNS. There must be a backup proxy for the few terrible providers that cause issues with IP. The addresses are not static, but they do not change very often. At worse, you hit a manual button to reset or wait 10 minutes before the DNS updates.
10·3 months agoPipe Pipe is better than Newpipe. I use F-droid’s VLC front end for local music because the built in android back end is VLC. For everything else, in browser
Rπ is proprietary. You really need a hard drive for storage. The point is a TPM based encryption with no user configuration or worry about securing the thing. It just works with no excuses.
It is not about the people that already host. It is about enabling many more by giving them an option to buy a path of least resistance. In exchange, it creates a potential revenue source in a completely untapped demographic. The subscription/donations demographic is like a very unique and niche market. The vast majority of people do not exist within that space. Most people do not have the financial stability to engage like this. It is not that they are unable to accumulate adequate funds, it is that their pay fluctuates over time and their baseline constraints are far more stressful than spending from times of surplus and opportunity. Catering only to those with such surplus and gatekeeping the complexity of self hosting is massively limiting adoption.
The rule in managing a chain of retail stores is that, no matter how you select products to stock in stores, it is impossible to only select products that will all sell on one platform. How you manage the overburden always determines your long term success. You must employ other platforms and demographics to prioritize the mobility of cash flow.
Similarly but inverted, this place has a slice of all demographics. Efforts tailored to the various subsets should tap entirely new potential. A fool imagines they can convert the unstable poor*'r* into a reliable stable income source via donations. Someone like myself has means but not a situation that is compatible. If I have some tangible thing to purchase, I can make that happen. I do not have any subscriptions in life for anything at all. Heck, I won’t even shop on any of my devices I use regularly because I only buy what I intend to go looking to purchase with intent. That is not common, but what is common are spontaneous people that need time to align their finances with their desires. That person is likely to dread paying $5 every month compared to $250 in May when they get a couple thousand dollars on a tax return. Expecting the public to float the stability is stupid. That is not how the real world works. Real businesses always float the overhead. I’m talking about how to free the masses to self host everything for the cost of a nice router spent once with no techno leet filter.
deleted by creator
Just start by total anarchy after a complete political collapse.
llama.cpp is at the core of almost all offline, open weights models. The server it creates is Open AI API compatible. Oobabooga Textgen WebUI is more user GUI oriented but based on llama.cpp. Oobabooga has the setup for loading models with a split workload between the CPU and GPU which makes larger gguf quantized models possible to run. Llama.cpp, has this feature, Oobabooga implements it. The model loading settings and softmax sampling settings take some trial and error to dial in well. It helps if you have a way of monitoring GPU memory usage in real time. Like I use a script that appends my terminal window title bar with GPU memory usage until inference time.
Ollama is another common project people use for offline open weights models, and it also runs on top of llama.cpp. It is a lot easier to get started in some instances and several projects use Ollama as a baseline for “Hello World!” type stuff. It has pretty good model loading and softmax settings without any fuss, but it does this at the expense of only running on GPU or CPU but never both in a split workload. This may seem great at first, but if you never experience running much larger quantized models in the 30B-140B range, you are unlikely to have success or a positive experience overall. The much smaller models in the 4B-14B range are all that are likely to run fast enough on your hardware AND completely load in your GPU memory if you only have 8GB-24GB. Most of the newer models are actually Mixture of Experts architectures. This means it is like loading ~7 models initially, but then only inferencing two of them at any one time. All you need is the system memory or the Deepspeed package (uses disk drive for excess space required) to load these larger models. Larger quantized models are much much smarter and more capable. You also need llama.cpp if you want to use function calling for agentic behaviors. Look into the agentic API and pull history in this area of llama.cpp before selecting what models to test in depth.
Huggingface is the goto website for sharing and sourcing models. That is heavily integrated with GitHub, so it is probably as toxic long term, but I do not know of a real FOSS alternative for that one. Hosting models is massive I/O for a server.