CallMeAl (Not AI)

I agree with the idea of debloating and hardening your systems.

It helps to have some context as the approach I would take depends on what kind of system I’m running. I think its also good to identify your priorities to hone your approach.

When I want stability, fast security updates, minimal install size, I usually use Alpine which indeed uses the lighter busybox bin/sh instead of bash.

When it comes to my workstation shell I’m more focused on utility than size. So bash or zsh or fish, or whatever you find the most useful, makes sense to use.

If you want to be extreme, you only use devices that you control all the software on and you are very careful about what software you run. You always use a killswitch vpn. You choose carefully the websites you use and you use all the standard counter measures (ublockorigin,DoH,uMatrix,pihole,etc) at all times. You keep another laptop that has whatever you need to install to be able to use your bank and the online shopping you can’t live without. You use it for nothing else.

Even then its not perfect. I’m pretty sure that all Android, iOS, and Windows devices track the wifi access point name and mac address of all the ones you use. They also track the location of all the access points as seen by everyone elses location enabled devices. Easy for them to combine that to basically know where every visible wifi in the world is.

They can tie it to you by cross-referencing all the signals they have about you with data collected from other data collectors and aggregators. With enough data they can connect things like browser fingerprints and so-called anonymous ad IDs with your real identity.

Keep in mind that there is a good number of technical people whose job it is everyday to continuously figure out new ways to track everything they can about every person they can. These data collector and brokers have demonstrated time and again that they don’t really care about following the rules either. Here’s a good resource for more info https://noyb.eu/en

In terms of how they use it against you, this is some good info and it applies even if you aren’t American https://epic.org/issues/consumer-privacy/data-brokers/

Like a dossier which identifies you only by some ID which is used to compile data about you but never includes your direct personal info (name, email, home address, mobile number) so they don’t have to tell you or ever delete it, even under laws like GDPR.

The Verge is a terrible source if you care about privacy. They have literally 100s of trackers embedded on every page.

Everything you type in the chat box is sent to the LLM provider but they get Duck Duck Go’s IP instead of yours.

So if you type personal things its mostly just like typing them directly to ChatGPT. However, with duck.ai your IP, Browser info, Location (if shared), etc is seen by Duck Duck Go instead of OpenAI.

I don’t think DuckDuckGo is lying when they say that they don’t use your chats to train models. However, that leaves plenty for OpenAI and Duck Duck Go to do with your chats, like building shadow profiles.

I suggest that if you want to be anonymous to Duck Duck Go, then use duck.ai via vpn or tor. Always assume the content of your chat session is being logged by the LLM provider.

alias la=‘ls -lAhF’

Perfect for those late night Zork sessions!

My work gave me a choice of a chromebook or a windows laptop when I started since the company uses the Google stack for everything.

I asked if I could get a high end chromebook and it was approved. Its easy to install linux apps in the dev container and they run seamlessly with the the chrome apps on the desktop and the window manager has multiple desktops (which is how I like to do things). Since I have to use Gmail and Google Docs for work anyway, the chromebook is really not bad and much better than having to use Windows.

it happens all the time in bash. i write some and there’s no error but everyone complains that i didn’t use brainfuck

Yes, 100 projects from the Fat Head would make sense.

Do you have any way to establish that these 100 more often come from the Long Tail?

If an app includes 50 well-known big projects and 1000 small projects, the sum result can still be that small projects make up for a large fraction of the code.

I understand your point that this is possible. It is an assumption to assume it is most likely the case however.

I would expect the Fat Head of most used open source projects to make up the vast majority of the open source code included in apps. It is not a common practice to include 1000 small projects into a code base for an app, or even 100.

Is it not reasonable then to expect that the 77% of app code from open source is because the most popular app building blocks are open source? Aren’t the popular open source languages, frameworks, and databases are themselves big enough to exceed the number lines of internally written code for the app business logic most of the time?

For example, if I make a “small” electron app its going to be 90% or more open source because the electron base is so large already.

The insight that a majority of open source projects are small contributions by hobby developers, and that it is their summed joint effort what matters, is very interesting.

The vast majority of open source projects are by hobby developers but how much of those projects make up the 77% of the open source included in apps mentioned in the study?

The author assumes an even distribution but I challenge that.

The most popular (Top listed by Github, Gitlab, etc) open source languages (python, typescript, etc), frameworks (rails, flutter, react, etc), and databases (postgres, mongo, redis etc) are all either directly corporately funded (Google, Microsoft, Meta, etc) and/or have robust foundations and sustainability plans.

I would expect these to make up the vast majority of the open source code in modern apps.

What does “optimized for desktop use over Tor” mean? Please explain the optimizations.

we had it back in the day https://en.wikipedia.org/wiki/ZipSlack

If you ask me, you are better off focusing on monitoring, fast detection, and auto-healing in a homelab rather than High Availability. I use an ancient tool called monit and newer tools like uptime kuma for this. Detection and restart is easier than having 2 of everything.

I’ve been using Quad9 DoH for a few months now. Very happy with it so far.

A young broke me once spent 3 weeks after school each day in 1994 downloading slackware floppy images from my Dad’s AOL account via modem so I could try it on my 386.