Pup Biru

You can do all that with a CSS variable though…

and then people have to learn what it all means, where those variables are, how your mess of custom CSS hangs together, and probably what overrides what in your hierarchy

you end up with this soup of classes on every single element

it’s either than or a soup of stuff in CSS. the difference is largely academic in modern HTML because it’s all contained in components anyway

they have to be as short as possible, and so they can’t use font-size and font-weight.

they don’t have to be; they could easily use font size and font weight, but i much much prefer the -lg notation… it makes your flow so much quicker. it reduces cognitive load significantly

I still suspect you’re better off just using the effort you would need to learn the tailwind classes to instead learn plain flexbox.

i know flexbox and grid plenty well, and similar applies across the board for things like tailwind: containing everything together so that you don’t have to mess around switching between different places to define things, and using classes that kinda just represent what you want in shorthand literally makes my frontend development literally 10x quicker, and just feel smoother… even when i’m just doing personal projects

you don’t have to believe me; that’s fine… but i used to think similarly to you, had a couple of failed attempts and hated tailwind, and my most recent personal projects it just clicked and everything feels so nice. i’m a principal engineer, and have done plenty of work on all kinds of projects so it’s not like i’m inexperienced and just go with the latest fad. these small time savings really add up

i’m not a frontend engineer so don’t know the difference between text- and font- without looking but that’s another good example of why frameworks are great: 6px is an explicit size, where md, 2xl, etc are all relative… per project you can decide what those sizes are and everything just falls into place… you rarely really care what the size is in pixels; mostly you only care about sizes relative to other parts of the UI… so again, people joining on a project don’t need to memorise magic numbers, because they just know without needing to guess what the size suffixes are

i’ve only recently started to use tailwind (originally i saw no point, pretty much for the reasons you’re stating: why use classes like that when you can just use styles on the element and we know that’s bad) but since i embraced it i’ve started writing quality components much much faster… especially for layout like flexbox and grid it just flows really nicely, and i really don’t find that it feels like i’m repeating myself at all (partly because “repeating yourself” should be avoided by simply using components these days: CSS is an over-complicated and ill-fitting solution to the problem of styling in modern UIs)

(okay i looked up text- and font-: text is size, font is weight… which tracks with my understanding of the other parts of tailwind and the way type is handled in software generally… i think there are no good options here)

the same could be said for languages that aren’t binary: what does it save you! you still have to write stuff to get the program you want, and you still have to come up with the business rules

almost all software engineering tools just save you keystrokes, or save you from needing the knowledge to implement repeatable things… or for having a standardised way of doing things so new people can approach your project without having to learn as many details (eg rails, django, nextjs, etc: the terminology and layout of such projects are familiar; daos/views/etc all behave the same)

for css frameworks for example, perhaps you have a .rounded-corners class… sure you could just implement it yourself, but if you’re using a framework you save a few minutes, the outcome is likely the same, you don’t need to know about the border radius details (and likely css frameworks implement things like shims or accessibility correctly; freeing you from needing to have deep knowledge of some esoteric details), and if the framework is big (like tailwind etc) then if you employ someone new, they know exactly what .rounded-corners means

… obviously .rounded-corners is a pretty simple example, but you can imagine when these libraries fill out with many many tools the shorthand’s get much more complex

they might, but the point is the volume of data rather than the speed… CERN is obviously an outlier, but not by as much as you’d think. copious amounts of data is kinda par for the course in a lot of cases, and training data just doesn’t even come close to the volume of data that large data users produce (data warehouses/lakes in the order of PB and EB are not that uncommon)

honestly servers don’t need the latest hardware: just build using DDR4 (or even DDR3): it’s half the price per GB or less each step down, and honestly the biggest reason you want RAM in a server is for a ZFS cache, which is going to be bottlenecked on plenty of other things far before your RAM speed (IMO; i’ve done exactly 0 testing)

(though the max size of a DDR3 module is 8GB so on most consumer hardware that will limit you to 32GB total)

relative to the hard drive market in general, that seems like a drop in the bucket. research labs like CERN write TBs per SECOND

quality data sets don’t even come close

LLMs don’t have to be random AFAIK: if you turn down the temperature parameter and send the same seed every time you get the same result

https://dylancastillo.co/posts/seed-temperature-llms.html

for most people this isn’t exactly what you want because “temperature” is sometimes short-handed as “creativity”. it controls how out of left field the result can be

https://youtu.be/EU0kBVqNM38

TLDR: probably not going to happen for more reasons than you think

what kind of monster writes a script without a shebang?

right? a US friend of mine messaged me the other day “is VIC on fire?”… like… na, and actually this summer has been pretty mild so far lol. i haven’t even seen a single melting road!

it says self cleaning though

i’m guessing more like these

they’re all over in australia and generally pretty good. i wouldn’t call them clean, but for requiring very little maintenance they’re fricken spotless

i thought this too, and i just started actually working with it and DAMN is it fast… i agree that it’s kinda a technical “what the fuck are you doing?!?” but… yeah… i can’t even really explain why

there are different kinds of imagination, and there are different kinds of being creative… just because someone isn’t visual doesn’t mean they aren’t creative: especially when you’re talking about writers

they’re both wrong, and they’re both right

an AI can create concept art for a writer to better visualise their world to generate ideas in a pinch, but it shouldn’t ever be what you use to show anyone else: you still need real concept art

an AI can also create writing for their art so that they can flesh out a back story to make their visual art more detailed, but it’s not going to write anything that you’d want anyone to read as a book or act in for a movie

both things can be used for the described purpose, and both things are inadequate for quality output

we’ve had this juxtaposition for a while: “redneck X”… they’re scrapped together barely functional versions of the thing you’re trying to do, on the cheap, with home-made tools. you wouldn’t sell it, but it’s kinda fine for this 1 situation with many many asterisks

professionals often don’t like when someone can hack together something functional because they know the many many places where that thing falls down when you talk about long-term, and the general case… but sometimes a hack job solves a specific problem in a specific situation for a moment for cheap and that’s all you need

(just don’t try it with electricity or your health: the consequences of not understanding this complexity is death… of course ;p)

this time it hurt you in a way that you noticed

that’s the incredibly clever part

https://signal.org/blog/sealed-sender

susceptible to backdoors and other USA shenanigans.

that’s pretty much the major difference here: Signal is provably not back-doored:

• it’s frequently independently audited
• all their code is open, so there are plenty of eyes on it to catch shenanigans
• they have reproducible builds which means you can prove that the code that you can read is exactly the same code that produced the binary running on your device
  • if you don’t know what this means, basically every time you compile the code it produces the exact same binary result
  • there are people that do this automatically so that if there were different source code that created a binary - with a secret backdoor or something - it would be very obvious, and public
  • given that, it’s reasonable to assume that the binary running on your device was produced using the same open code everyone can read: you don’t need to do it yourself
• whilst you can’t prove their server is the exact same as what’s in their open repos, it doesn’t really matter… the point of their architecture is that it doesn’t matter what the server is running: it could be announcing all data publicly and it’d still be secure because the encryption, security, and privacy feature are all ensured by the client

they receive whatever Google/Apple give them which may be quite different from what’s in the source code.

i don’t disagree: it’d be better if we all had the time, skill, and energy to invest into auditing our own systems… but realistically nobody does, let alone people that don’t really care about privacy

with that in mind, it’s all about getting as close as possible… given signals reputation, you can be pretty sure the source code has a lot of eyes on it, and that if there were back doors found it would be news

and given reproducible builds, as i said earlier, you can (or rather, i certainly do) assume that if there were a mismatch between the binaries and the source you’d also hear about it

of course, that doesn’t stop targeted attacks by nation states, but that’s never what we talk about in personal security and privacy situations… it’s just not the threat model that most (i’d wager any) of us should be thinking about because that is not just a full time job: that is an entire teams full time job… we just aren’t being directly targeted like that, and if we are then tbh it’s all over. we protect against general surveillance… we can’t protect against zero days, physical device access, etc

If they can then Signal can as well, right?

kinda… again, reproducible builds: either of them could technically put code in their app that sends private keys to their servers somehow, but if you break it down it’s far more likely to be caught in signal than in whatsapp

more likely Google and Apple will

i’m not sure what you mean by this… sure, apple or google could send you an update to ios/android to extract data from apps, but again that seems much more likely a very large-scale attack… you can protect against this by running graphene etc which does similar reproducible builds, but in that case we aren’t talking about the app: signal is absolutely the app you would rely on if you’re going that far… you just wouldn’t ensure your hardware and OS integrity and then just skip the app integrity lol

or perhaps you mean that google or apple could send you specifically a binary of signal that’s been modified? but that’s actually not really likely because apps are signed by developers: apple and google can’t actually send you something that the developer hasn’t “approved”… sure, they control the OS so they can circumvent all the restrictions, but again that’s a massive attack, and really far beyond what’s reasonable to consider for most people (and again, that applies to both whatsapp and signal so it’s not really a point in favour of whatsapp)

But as I understand it any US company will have to store and provide metadata, logs, etc when the government agencies tell them to

absolutely correct… the point of privacy like signal does is that they hand everything over and it’s useless: the information signal themselves can extract, even by modifying their code is completely worthless. they have your IP address, phone number, some timestamps, and encrypted blobs (AFAIK they don’t store a lot of that, but that’s not provable so we should assume that it’s stored either accidentally or because of coercion)… they can see when you messaged, but not even things like who you messaged

if signals infra and private keys etc were literally handed over to the US government right now and they specifically wanted to target you personally, it’s highly unlikely they would be able to do anything particularly useful with any of that before it’s noticed, and then you can stop using signal before they actually intercept new communications (and old communications are protected, assuming you wipe the app and all its stored info before they can send you a poisoned update)

and with all of this, it doesn’t really matter where signal is based: US, China, Russia, Guam, Switzerland, Iran: doesn’t matter… the structure is built in such a way that if Signal the organisation is coerced, it’s either:

• obvious, and therefore noticed by the community at large and thus you’d hear about it
• not useful: ie all information that Signal has is provably garbage
• such a large scale that we globally have huge problems (and we do, but that’s not something you can solve)
• targeted, in which case you have big problems and whilst this may be part of it, you need to have a lot more resources to detect and solve it. this just isn’t the reality for most people

it’s about your threat model: you can’t worry about massive scale, and you can’t worry about being individually targeted… unless that is part of your threat model, in which case signal is still part of your solution (along with auditing and validating every part of the chain from hardware to OS to the apps which all require reproducibility or building from your audited source) and whatsapp fundamentally is not

Signal punished their spec and WhatsApp re-implemented it, yes but critically only the messaging parts rather than all the other privacy parts

the reasons to switch basically start with WhatsApp is owned by Meta, and given that these things become more important:

• WhatsApp is closed source so it’s difficult to confirm if their implement is “correct”
• they may have the ability to extract your keys from your device somehow
• i’m not sure who is the ultimate key-holder for whatsapp: if it’s like apple, they hold your private keys and thus can decrypt anything they like (different to signal where devices transfer your keys between each other via qr codes etc)
• on that last point, i can confirm that to login with whatsapp on the browser just now my process was: enter phone number, type an 8-digit code from my phone… this could be an temporary key of some kind used to e2ee between the devices to transfer my master key or something, but i’m very suspect on this being anything more than plain text verification that meta could man in the middle
• whatsapp stores your contacts, and message metadata… that’s all i personally need to avoid it: meta doesn’t need to know who and how often i message people to add to their profile on me

meta says whatsapp is secure exactly for this reason: people think “why switch?” when it’s really about the metadata for them… they are experts and building a profile with scraps of metadata

writing a secure application is about more than technically rock-solid encryption and protocol

It’s the fediverse, signal is sacred and will not be questioned nor criticiced

you can question signal just as much as you want, but you’d better come with actual arguments rather than just conspiracy, because signal has counters to pretty much every claim that non-experts try to make

signal was built and is run by one of the worlds foremost security researchers and privacy activists

it uses standard encryption that is used in huge numbers of things. if there were a problem with any part of that, the world would have a much bigger problem than individual communications. the US government does not behave in a way that suggests these algorithms are compromised

it has been repeatedly audited by 3rd parties

the fact that it’s US-based is barely worth mentioning… why is that a problem? are you sure it’s not solely a knee-jerk reaction?

it’s free (so you’re not supporting the US economy), the client - and server, though that’s not important because E2EE - is FOSS (so it’s auditable and extendable by anyone: AFAIK they also ensure repeatable builds), the encryption is basically as good as it gets (they even have various protections for quantum computing), their architecture means they can’t even see metadata like senders… so, again, in this case what are you giving up by having it US-based? perhaps a little bit of soft power, perhaps an acknowledgment that in this 1 case the US produced a good product counter to their governments interests

the other guy who dared to like Telegram

because telegram is not for security or privacy conscious people, despite their marketing: they actively muddy the waters and make people less safe

their encryption is custom, written by mathematicians not cryptographers so doesn’t include features like perfect forward secrecy, replay protection, etc

and their default chat mode isn’t even e2ee - only secret chats use their custom encryption, and nobody actually uses them!

there are numerous sources documenting these problems, and plenty more

it’s okay to like telegram: i like it as a chat app, and i use it for the features it provides… but it’s not okay to say in a privacy and security context that they’re even remotely comparable

hell even just add NATO, EU, Canada, Mexico, and Panama to the list… prevent a problem for once