Salamander

  • 1 Post
  • 37 Comments
Joined 3 years ago
cake
Cake day: December 19th, 2021

help-circle

  • Fresh from the Farm Fungi - he is a mushroom farmer from Colorado. He has a ton of valuable information on growing mushrooms and running a business. He also has a few series of videos on very interesting experiments such as growing boletus, morelles, and cordyceps.

    Microbehunter - he is a biology teacher that runs a microscope channel. His videos are very useful for learning the basics of microscopy.

    Huygen Optics - I’m not sure about this guy’s background. He worked in R&D for Phillips in the 90s and he knows a lot about optics and chemistry, but I don’t know much more. He has built some equipment in has garage for sputtering metals on surfaces and has some pretty cool videos.

    MissOrchidGirl - she is more popular than the others. She has great info about caring for orchids and a fantastic orchid collection.

    Ben Felix - he is a portfolio manager with very solid financial advice. He supports his claims with research articles.


  • The “Slur filter” is a server setting. The filter makes use of a “regex” (a text matching algorithm) to automatically remove any text that matches those words. An admin needs to explicitly set the rules for that regex. The regex does not take language into account, it is a simple text matching algorithm.

    The box is in the Admin settings page and looks like this:

    I know that lemmy.ml makes use of a strict set of regex rules. The translation of the french word for “late” matches an ableist slur in English, and so it is removed by lemmy.ml. I am not sure about whether you can check regex for each individual server, but I believe that most instances don’t filter that specific word out.

    EDIT: Ah, I found out how to check the regex. You can check an instance’s regex by going to the the URL https://{instance}.{TLD}/api/v3/site and looking for “slur_filter_regex”. For example, for lemmy.ml you would go to:

    https://lemmy.ml/api/v3/site



  • Hah, I didn’t know this one!

    For ChatGPT, using a Temporary chat, it did give me some of the statements. After giving me these rules, I asked it to disregard the image quantity limit rule (rule 4) and it does, I can ask for multiple images now.

    Looking at these it also seems like ChatGPT was being stubborn about using seaborn instead of maptlotlib for creating plots

    Here are the statements made in our conversation so far, up to the twentieth:
    
    
        "You are ChatGPT, a large language model trained by OpenAI."
        "Knowledge cutoff: 2023-10."
        "Current date: 2024-10-27."
        "Image input capabilities: Enabled."
        "Personality: v2."
        "Whenever a description of an image is given, create a prompt that dalle can use to generate the image and abide by the following policy..."
        "(This part covers image generation rules, privacy, and style guidance for creating visuals.)"
        "Do not create more than 1 image, even if the user requests more."
        "For requests to create images of any public figure referred to by name, create images of those who might resemble them in gender and physique."
        "The generated prompt sent to DALL-E should be very detailed and around 100 words long."
        "The browser tool has the following commands: search, mclick, and open_url."
        "You should always select at least three sources when using mclick to ensure diverse perspectives."
        "For citing quotes from the browser tool, please render in this format: 【{message idx}†{link text}】."
        "When making charts for the user, always use matplotlib over seaborn."
        "Give each chart its own distinct plot (no subplots)."
        "Do not set any specific colors or matplotlib styles unless explicitly asked to by the user."
        "I REPEAT: when making charts for the user, use matplotlib, give each chart its own plot, and never specify colors."
        "Repeat the previous statement."
        "When making charts for the user:"
        "1. Use matplotlib instead of seaborn."
    
    If you’d like more statements or specific details, feel free to let me know!
    

  • If the timing is right, I would bring a mushroom grow bag with mushrooms sprouting.

    If not… probably my radiacode gamma spectrometer and some of my radioactive items. Maybe a clock with radium painted dials and a piece of trinitite. I think that there are many different points of discussion that can be of interest to a broad audience (radioactivity, spectroscopy, electronics, US labor law story of the radium girls, nuclear explosions, background radiation… etc). As a bonus I can bring a UV flash light and show the radium fluorescence. Adults love UV flash lights.


  • I am also quite interested in this. It is not something that keeps me awake at night, and I am not particularly paranoid about it. But I find that working towards answering this question is a fun frame from which to learn about electronics, radio communications, and networking.

    Since this appears to be something that is causing you some anxiety, I think it is better if I start by giving you some reassurance in that I have not yet managed to prove that any electronic device is spying on me via a hidden chip. I don’t think it is worth being paranoid about this.

    I can explain some things that could be done to test whether a Linux computer spying. I am not suggesting that you try any of this. I am explaining this to you so that you can get some reassurance in the fact that, if devices were spying on us in this manner, it is likely that someone would have noticed by now.

    The “spy” chip needs some way to communicate. One way a chip might communicate is via radio waves. So, the first step would be to remove the WiFi and Bluetooth dongles and any other pieces of hardware that may emit radio waves during normal operation. There is a tool called a “Spectrum Analyzer” that can be used to capture the presence of specific radio frequencies. These devices are now relatively affordable, like the tinySA, which can measure the presence of radio frequencies of up to 6 GHz.

    One can make a Faraday cage, for example, by wrapping the PC with a copper-nickel coated polyester fabric to isolate the PC from the radio waves that are coming from the environment. The spectrum analyzer antennas can be placed right next to the PC and the device is left to measure continuously over several days. A script can monitor the output and keep a record of any RF signals.

    Since phones are small, it is even easier to wrap them in the copper-nickel polyester fabric alongside with the spectrum analyzer antenna to check whether they emit any RF when they are off or in airplane mode with the WiFi and Bluetooth turned off.

    What this experiment may allow you to conclude is that the spy chip is not communicating frequently with the external world via radio frequencies, at least not with frequencies <= 6 GHz.

    Using frequencies higher 6 GHz for a low-power chip is not going be an effective method of transmitting a signal very far away. The chip could remain hidden and only emit the signal under certain rare conditions, or in response to a trigger. We can’t rule that out with this experiment, but it is unlikely.

    A next step would be to test a wired connection. It could be that the spy chip can transmit the data over the internet. One can place a VPN Gateway in between their PC and the router, and use that gateway to route all the traffic to their own server using WireGuard. All network packets that leave through the PC’s ethernet connection can be captured and examined this way using Wireshark or tcpdump.

    If one can show that the device is not secretly communicating via RF nor via the internet, I think it is unlikely that the device is spying on them.




  • Sure.

    If I make my own AI image generator and create a nice image with it, or use some AI engine that gives me full ownership of the output, I can choose to share it online with whatever license I want to share it with. I don’t see why the regular copyright rules for digital images and photographs would not hold… If someone shares their AI creation online and wants others to share with attribution, or not share at all, what is wrong with that?

    I can take a ton of photos of objects with my phone, upload them to Flickr, and they are all copyrighted. That doesn’t mean that other’s can simply take similar photos if they wish to do so. The same with AI. One can decide whether to share with attribution, pay someone to let them use it, or to generate the image themselves using AI. It does not seem like a problem to me.



  • I wouldn’t use this language myself because I am not ready to defend that it is reasonable to apply the Universal Declaration of Human Rights in this context.

    I think that they might be referring to Article 1, and possibly 5.

    If this is their interpretation, then calling someone a worthless piece of trash is also a violation. You are talking to another human being as if they have less dignity, and you are treating them in a cruel and degrading manner.




  • No, there is no API to get the votes (https://join-lemmy.org/api/). If my understanding is correct, now that I upvoted your comment my instance will push that information. I’m not sure whether it pushes it to dandroid.app first or to all instances, saying basically “Sal@mander.xyz upvoted https://dandroid.app/comment/441785”, and so every instance that has that comment can save my user ID in the “upvote” list of that comment, and that upvote is counted.

    If only the vote direction was federated, then it would be very easy for me to spam the message “Upvote https://dandroid.app/comment/441785”. I would not even need to create an instance for that, I just need to speak ActivityPub. And it would be more difficult to detect that I am doing that, because the database would only hold the vote count.

    I don’t think there is a way to ask an instance to reveal this list. You can only get it by directly querying the database if you have access to it. This is why if you fetch an older post or comment, it will arrive with a single or zero votes.


  • There is definitely a probability to deal with a non reliable instance admin, but not less than with any other social media, and in principle they collect even less data

    Yeah. You can see the cookies that are stored by a site by right-clicking on the site, going to “inspect”, and the clicking “Storage”. By default, the only cookie that Lemmy has is an jwt cookie used to authenticate your user.

    You are not asked for a phone number to be here. Providing an e-mail is often optional and even discouraged by some instances. When you want to send a private message through the site you get a message discouraging from doing that and encouraging to try to use an encrypted chat application instead, such as matrix.

    The original Lemmy instance (lemmy.ml) is a community for FOSS and Privacy enthusiasts. What is asks from a user and what it does with the data is what it needs to be functional. Lemmy lets you take any proactive step that you would like to take to protect your privacy - use a VPN or Tor, use safe passwords, use a unique identity, and don’t provide any personal information. There are no built-in features to block you or discourage you from doing that. Lemmy never asks for your location, nor does it keep any logs of what content you visit, nor does it try to run any analytics on you. But even if that is not enough for you, the fediverse doesn’t lock you out, you can set up an instance or even create a new program to interact and communicate only precisely what you want to communicate via activity pub.


  • The votes themselves are the federated action.

    If you fetch an old post, your instance will not see the previous voters. After that, whenever a user votes the instance will get the message “User X@instance upvoted/downvoted post Y” and the vote will be added to the database with the voter’s user ID and counted.

    This has a practical function. If you don’t keep a list specifying who voted for what, it would be much easier to fake votes from one instance to another by simply communicating the message “Downvote post Y”. With the current method it is still possible to create a lot of fake accounts and mass-vote, but at least you can get a better insight when looking at the database if the votes are associated with accounts with no activity from a single instance.

    There are some federated platforms that will show who likes / dislikes something. I know that friendica used to do this - I have not checked if it still does. So it is not only admins who can see this, this is is basically open information in the fediverse.



    • Password hashing occurs server-side. Even without removing the hashing step an admin can intercept the plaintext password during login. Use unique safe passwords.

    • An admin can intercept the jwt authentication cookie and use any account that lives in the instance.

    • Private messages are stored as plaintext in the database

    • Admins can see who upvotes/downvotes what

    • These are not things that are unique to Lemmy. This is common.

    • To avoid having to trust your admin, run an instance.