# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 2032
# self = https://watcher.sour.is?uri=https://anthony.buc.ci/user/abucci/twtxt.txt&offset=532
# next = https://watcher.sour.is?uri=https://anthony.buc.ci/user/abucci/twtxt.txt&offset=632
# prev = https://watcher.sour.is?uri=https://anthony.buc.ci/user/abucci/twtxt.txt&offset=432
One drawback of Goryon is that I don't get to see my rad pod icon π€
@darch WinAmp reportedly works well under wine / PlayOnLinux.
I spent some time yesterday playing with Quarto and it's pretty dang cool. Of course, I figured out how to get it to use the scala kernel since there is no way I'm using python or R for anything significant.
How are there still people who call Microsoft's business strategy "genius"? They follow a century-old (at least) monopolist playbook. In the 1990s they came close to being broken up for this, but since then the enforcement of antitrust laws in the US has slackened significantly, and Microsoft has returned to its old ways. If it weren't so damaging it'd be boring.
@ocdtrekkie @prologic clearly we're all just going to have to meet up and have a key exchange party, preferably somewhere sunny and nice. ππ
that said, i have caddy with Let's Encrypt sitting in front of my yarn pod, so.....can't beat the convenience.
@prologic yeah, a full-on user management system that allows you to inspect who can do what and add/revoke people and services and whatnot would be very handy. But since Authelia sounds like it does RBAC already the immediate need for integrating with IndieAuth is the authentication component, like you said. That prioritization makes sense to me.
@prologic I have to say, these automagical methods that generate certificates and keys on the fly make me very nervous, securitywise. I think they defeat some of the purpose behind certificates: an automated system is not really an "authority".
@ocdtrekkie @prologic I played around in the demo and it looks great. It does the stuff I'd want it to do. I didn't really play around with collaborative authoring because I didn't have a pal to write with, but I assume that works well enough.
@prologic After reading your bug report I'm thinking of adding HedgeDoc to my growing list of things to self host!
@prologic Oh well shit that ought to be pretty straightforward (I'm saying as a person who's never used Authelia)? Yeah I have no sense for how it works or what it'd take to write an authentication backend for it so I'm not sure what to say requirements-wise. Will have to play with it first.
@prologic ohhhhhhhhhhhhhhhhhhhhhhhhhhhh.
Sorry!
Then yes, everything I wrote is overkill. Scratch that!
@prologic RBAC may be overkill, I dunno.
- Role: Webmail User
- Service: Roundcube
- User: abucci
- Policy: Webmail User has access to Roundcube.
^ It can't be overscoped, because you need to specify that kind of stuff one way or another; otherwise you're not really doing authorization. RBAC is just one way of organizing this information.
Giving user abucci the Webmail User Role allows abucci to start using Roundcube. You'd have to store the credentials and login flow and so on for user abucci of course.
@prologic oof. I just π'ed your report.
I feel the same way about that ecosystem. I'm fairly terrified of using anything in that world for personal stuff (I'm stuck with it at work mostly) because of the tendency of people to just throw half a dozen calls to third party web services into everything. I swear if someone invented an AdditionService where you could send two numbers and get back their sum, there'd be a dozen web projects using it when they had to add stuff.
@ocdtrekkie I wonder how far you could get with ABAC (Attribute Based Access Control), which Casbin supports directly. Casbin has a meta-model that can probably express capability based access control. I haven't tried that so I can't say for sure. Anyway, since we're spitballing requirements maybe we should consider CBAC too.
@movq I know right? It is weird. I can confirm it's not always shown.
I've confirmed that it's shown when certain proprietary drivers are updated. For instance, I have an NVIDIA graphics card and I use their proprietary driver; whenever that is updated, a reboot is needed. I don't know if that fully explains it though. The NVIDIA driver doesn't update that frequently.
@prologic Sure, off the top of my head:
User management:
- Add/edit/delete users
- Monitor user actions (at least login)
In a RBAC (Role Based Access Control) setting:
Role management:
- Add/edit/delete roles
- Monitor role usage by user
Service management:
- Add/edit/delete services
- Monitor service usage (at least logins)
Policy management:
- Add a service to a role
- Grant a role access to a service
- Revoke a role's access to a service
- Revoke a user's access to a service
If you haven't seen it before, Casbin is pretty great for structuring a lot of this policy stuff, and it can handle other models like ACL if you don't like RBAC. I *think* it was even written in golang originally!
@prologic One thing I'd like to see a bit more about is how it looks in practice to configure some existing web app with Authelia (obv with mocked config values). I have trouble getting my head around how much work it'd take to set up something like this and configure the actual apps I use to work with it, short of installing it and trying it myself. So a paragraph about that would be helpful!
@ocdtrekkie sandstorm.io looks cool. It'd definitely be great to have a sort of off-the-shelf way of setting up the kinds of things sandstorm currently has. I spent a lot of time back in the mid 2010s sorting all this out on my own!
@prologic I did know that about IndieAuth and yarn!
I'd love to be able to use IndieAuth to manage authentication for all my web apps. That'd be close to ideal for me I think.
@prologic sounds great so far!
It's interesting. I was laid off from a company in 2013 or so and then spent three years consulting independently. That time period is when I started self hosting a bunch of services: git, secure file share, project management (kanban), email/CalDav/CardDav, and XMPP, so that I could run my entire consulting business off self hosted web apps. I moved on from consulting eventually but all the setup I'd done for self hosting these things has been invaluable. It sounds not unlike your own use case with your business?
Fortunately, I never had too many people using any of this stuff so it wasn't toooooo painful to manually create accounts (I don't want to use LDAP, it frightens me lol plus some of the web apps I use don't directly support it). But since then I've added a bunch more services (photos, some VOIP stuff, STUN/TURN, a private SyncThing relay, among others) and it's starting to get painful just managing my own credentials to all these things. Hence my interest.
@movq I'm never not in this state:
I use a spaced repetition app to keep momentum in projects I care about, and I currently have 13 cards due π±π±
Creepy π±
@prologic @taigrr I've never bothered to track down *why* my computer wants to reboot and why the live patch thing didn't prevent the need to. If I had the time/inclination that'd be illuminating. Being an Oldβ’ who has used Linux since 1996 (!!!), I've grown weary of providing free beta testing to the Linux community, though, so I tend to just suffer through annoying things rather than try to track them down and fix them.
@prologic Nice, I've been looking for SSO for my self-hosted stuff. It's one of those things on my never ending TODO list lol. When you get a second could you share a short write-up of what you like about it? The candidates I meant to check out (in no particular order) are:
- loginsrv
- authelia
- Gluu
- a guide (check out for other options)
- FusionAuth page that suggests they cover virtually anything I could want. There is a free version
- Vouch
- IndieAuth
- Played around a bit with caddy-security
@lyse just in time for Halloween!
@eaplmx that's good to know, thanks! I don't know if I was off the internet but I might have been so maybe that's what happened
I'm on my phone posting this from a web browser logged into my pod. I'd logged into my pod from the Goryon app yesterday and posted a few tines from it, including a few hours ago. But here we are and only my web browser remains logged in.
Dangit, Goryon logged me out for no apparent reason?
@taigrr my OS does not do that in practice.
Stop sending me links to how my OS could be acting when I'm telling you that in practice it does not do that. Come on.
@prologic maybe it did, but if so that does not seem to have much impact in practice because I feel like I'm constantly being told to reboot
What if I don't want to reboot my computer, Ubuntu? What then????
@prologic dear imgui is used a lot in games and is pretty well respected I take it.
@movq I imagine so. Not cool.
@prologic I totally want a phone with the guts exposed
@prologic One other thing I can say in favor of kanboard that offsets the PHP a little bit is that it has a really nice REST API that I've used a fair amount. Pretty much anything you can do in the user interface you can also do programmatically through the API.
@prologic yes, I think the flexibility is great! π
Unfortunately, I have a growing backlog of things I'd like to self host and not very much free time π
@prologic ah cool, it has a dark theme *and* a kanban board mode. I don't like todo list style planning with due dates etc. because too much of what I do is research-y and can't be given a solid due date (if you try, everything is overdue all the time). I might have to self host this one!
I do like the LoRa add-on board option, though. I could see my wife and me using that a lot.
@prologic Right? The one thing that gives me pause is that making voice calls requires SIP/WiFi. If you want to call an ordinary phone number, you'll need a SIP provider that bridges SIP to the phone network, and those usually cost money (I don't know enough about that world to know if you can self-host your own; maybe you can). Nobody I know uses SIP and there's no way I'm going to be able to convince them to start using it, so for this to be an actually useful gadget and not just a toy I'd need to be able to make voice calls to ordinary phone numbers. On their blog they state they might develop an LTE add-on board, which is interesting to consider. I've been exploring SIP-to-telephone bridge providers too, so this might be one of those things I explore for a year and then finally jump on, idk.
@prologic Vikunja looks interesting, thanks! I think I might play with that.
Self-driving cars and web3 live in the same world as "Human-level AI is right around the corner" and "We live in a simulation!". Scams and cons.
Hi, you could have an artificial general intelligence that was less capable cognitively than any person you know, and it'd still be an amazing feat of engineering.
You could have an artificial general intelligence that required 90% of Earth's power resources to play a game of chess.
Etc. etc. etc. SV fools want you to believe that this stuff is inevitable, but it's only because that's their only move, convincing a bunch of people that the things that SV wants are inevitable and that there are no other possibilities.
We're not on the cusp of human-level artificial intelligence, any more than we're on the cusp of having self-driving cars (remember that hype fest?). We're not.
And even if we did develop artificial general intelligence, there's no reason to believe that this would immediately develop into a "super intelligence" that decides to extinct humans.
We're not living in a simulation either.
All that stuff is a fever dream of people who've spent too much time in Silicon Valley's toxic bubble.
I'm very curious about the WiPhone but I think I'd like to play around with one before committing to buying.
Is it really that hard to say "yeah, we fucked up, we'll do better next time and here are the steps we're planning to take to avoid this kind of thing in the future" ?
@prologic I've been using gitbucket for years, since 2013-ish I think? It appeared before gogs/gitea and is very mature and stable at this point. I'm surprised more people don't use it. I guess the JVM puts some people off, although I suspect you could compile it down to native if you wanted too, and even the JVM version is light on resource usage, and is extremely easy to deploy and maintain.
Kanboard is pretty nice too if you're into self-hosted, trello-like kanban boards. Though, it is written in PHP and you inherit all the madness of that world if you want to self host. They do have a Dockerized version I believe. There's a nice plugin ecosystem for it; it can take webhooks from github/gitea for instance, can SMS/XMPP/email you notifications, produce Gantt charts and reports if you're into that, etc etc.
@prologic Logging into a pod from a mobile web app works really well, so that's what I've been doing when I'm not at my computer. A dedicated app is cool though!
@will It depends.
- If there is existing code I plan to modify, I use TODO:, FIXME: etc. Sublime Text has a nice plugin called Todo Review that you can run on a project to produce a report of all your TODOs and FIXMEs (or any other tag you want). The report is clickable so you can click any instance of a tag and be taken to the spot in the code where the tag is located
- If there is existing code I plan to add significant features to, I usually use issues/enhancements in gitbucket (another self-hosted github clone like gitea)
- If I'm still planning, I use a kanban board of some kind. I like kanboard, which is a self-hosted web app, but lately I've been using Obsidian for general notetaking and it has a kanban board plugin that is pretty handy
@prologic I never used the app before so for me this is new territory!
@eaplmx working for me as well. This post is from the app!
If you shake out the stupid fancy economic math, you find that they'd say it is *moral* to brutally murder 7 billion people if, somehow, that's what was necessary to reach a possible future with trillions of simulated humans.
Longtermism is transparently stupid and dangerous.
@darch thank you for amplifying my important opinions about text editors! π
@eaplmx I use Codium (the de-microsofted VS Code) sometimes, and it's very useful. I like that it has a goto-anywhere-like feature. I like to credit Sublime for pioneering that idea. I think that's important. On the other hand I'm happy other apps run with the idea too.
Not that anyone else should give a crap about my preferences in editors--I'm just babbling--but I know exactly one vi command (:q!) and one emacs command (Ctrl-X-Ctrl-C) and I'd like to keep it that way forever.
Anyhow, remembering one keyboard shortcut for the goto anywhere feature and then using autocompletion or filtering based on a few extra keystrokes makes getting to the command you want almost as fast as keyboard shortcuts, with orders of magnitude less cognitive load, memory storage requirements, or learning curve. That feels like a significant advance in user interfaces to me and it's hard to give it up when using software that doesn't have it.
I don't know if I'll ever switch away. Old school editors and their modern progeny feel like big steps backwards to me. Modal anything is poison to my way of thinking so no way I'm going there. Memorizing byzantine keyboard shortcuts is not something I'm going to start doing--that's exactly the sort of thing that a computer should be doing for you. Memorizing stuff like Meta-Ctrl-X-C or whatever is like writing assembly language instead of writing a high-level language and using a compiler.
Just checked and I bought my first license from them in June 2013, so over 9 years. I used it awhile before buying, so perhaps close to 10 years.
I'm a long-time Sublime Text user, and one of the stickiest features of that app is the "goto anywhere" menu. Apps that don't have something like that feel old and clunky to me nowadays, the way X11 apps from the 1990s feel.
@eaplmx hmm yeah it seems like something is wrong!
@movq Offices confer status, and you can't let the worker bees feel like they have any status in the company! They might get Ideas.
that name lookup works fine on my phone in tmux/nslookup as well as in mobile web browsers, so the error goryon is giving is spurious.
observation #2: I cannot log into my pod. Error in attached screenshot. The error seems wrong to me because I can view my pod in mobile web browsers with no problem, and do often. 
@prologic observation #1: when you install this apk it is named "app" instead of Goryon
@prologic the thing is, to do anything specialized you get much better results if you train your own model, usually. So besides not being able to realistically run existing models on consumer-grade hardware, you have very little hope of customizing and fine tuning models to your own use case by training them. It stinks.
Do you remember before they released these GPT language models OpenAi was making these press releases like "we found this amazing AI for NLP but it would be irresponsible of us to release it to the public because it's TOO GOOD"? Utter hype.
@prologic sone of those language models take tens or hundreds of days to train on an NVIDIA A100 and use the electricity it would take to run a town. These results aren't even replicable for all but the largest organizations.
@prologic I hate all the hype around things like GPT-3 so much. A model with 200 billion parameters that ingested a trillion words of text damn well better perform well. It should also be able to make coffee and play chess and sing.
You could literally re-write this same story by cherry-picking a best-in-class deep parser result and saying that scientists are re-affirming their belief in deep knowledge structures based on the latest results in computational linguistics. That's how you know it's a B.S. hype story and not grounded in evidence.
Yes, they mention this new (not yet peer reviewed) version of GPT-2 might be able to perform similarly with significantly less input. Still, it's carefully curated, written text input, and it's still a huge amount. There's no way people learn language like that. There has to be something else going on.
Meanwhile, what doesn't get hyped at all for some reason is that there are wide-coverage, deep parsing techniques that produce deep semantic representations of the text they ingest, whose output resembles a lot more what people seem to do with language. I guess because those methods require some knowledge of linguistics to understand, and they don't produce headline-grabbing performance on simple tasks the way neural networks do.
AI is changing scientistsβ understanding of language learning | Ars Technica
OK, we can't have this debate all over again.
> But new insights into language learning are coming from an unlikely source: artificial intelligence. A new breed of large AI language models can write newspaper articles, poetry, and computer code and answer questions truthfully after being exposed to vast amounts of language input. And even more astonishingly, they all do it without the help of grammar.
The "AI" (actually neural network in most cases) models that can do this thing are exposed to trillions and trillions of words worth of *written* text. The typical person is exposed to many many orders of magnitude less language data over their whole lives, let alone in the first two years of life--you'd have to experience 16 words per second, every second, minute, and hour of every day for two years.
@eaplmx I like this video a lot for that: https://www.youtube.com/watch?v=8pTEmbeENF4 , especially starting around 2:30 when he talks about how people who used to code computers directly in binary machine code resisted assembly language as "not real programming" when it first appeared (late 1950s?).
@eaplmx I think so too. You often have these "aha!" moments when learning. I think that process never stops--you can always learn more about a subject!
@eaplmx cool, good luck! I hope it goes well.
@eaplmx yeah, I don't think Turing completeness is the be all/end all of programming. Total functional programming languages (especially theorem provers) are not Turing complete, but they are very useful anyway. However, every time I've taught this course I've had at least one student ask about whether the system is a "real" programming language, and at a theoretical level, Turing completeness is it.
None of this is to say that people shouldn't learn programming languages. Quite the opposite. I think learning a programming language can be a great thing for some people. But a 3 week bootcamp is not enough to really *learn* a programming language, and on top of that it's not necessary to learn a programming language to do really cool stuff with a computer. I urge for more realism about all this, is all.
Incidentally, a number of "no code" systems are Turing complete, so they are as capable as any programming language. Tut tuting that they're not "real" programming only exposes the tut tutter as ignorant of what computing actually is. Older people sometimes have a prejudice against languages that aren't "close to the metal", but I think that comes from a place of ignorance, too. Nowadays, you'd have to be writing things like CPU microcode to be close to the metal--which you're not, come on.
One observation we note from prior research is that gaining fluency in a programming language takes roughly the same amount of time--730 hours, depending on lots of factors--as gaining fluency in a natural language. Most people don't have 730 hours of free time to spend learning another language, and if they did have that free time there are lots of other things they'd probably need to do with it. Nevertheless, as we demonstrated over and over in our course, students with very limited prior background in STEM can learn a "no code" system for data analysis in a few weeks of class, lab, and homework time--at least an order of magnitude faster. When I say "learn", I mean by the end of those few weeks they are capable of producing non-trivial data analysis programs on their own.
Recent computer science education research strongly suggests that "computational thinking"--a way of logical/analytical thinking--is distinct from learning to code. Based in part on that research, my wife and I designed and taught a course for several years and wrote a number of articles about it. The latest was titled "Programming Without Code". While I'm not a "no code" evangelist, I strongly believe that pushing the "learn to code" message is pedagogically unsound and intellectually dangerous, and I wish it would stop.
