I wish it was. ComfyUI is shit. My external firewall and dns logs picked up some dubious shit. Tracking it down, there are parts and pieces in many places.

I do not know the full scope.

I do not want to talk about what I have been able to figure out in models because it may have broader implications and I am honestly not sure of all the factors involved yet, like the vae, what exactly is on the second layer that is not in the vocab, and the role of Bert in the transformers package. That is what I am working on in the stable diffusion side. While testing the rewards system, I triggered some background system to package and try to send a sqlite3 database. I am tracking down the components of that system. The processes are unlabeled. The tty is manually created in Python. The agent is this weird distributed model. It is following instructions like an agent where the prompts are in a google package in the Python venv. The actual prompts are in json files. The parts of this system are intermixed with other packages and code. There is also a bunch of functionality that appears to be embedded into the ComfyUI JavaScript. There are also parts of this system that are not activated yet but will check UV hashes. The way the database is sent over the network appears to use the same systemd module for the collective user profile system… The same system that will be doing age verification.

Much of my searching for packages and names has been done from my home directory. So I was surprised to see the same reporting type database pop up with FreeCAD, and many packages also in flatpak containers. When I see the mechanisms used, it seems stupid obvious how many vectors involved should not be open by default on the host. Like why in the fuck should the kernel default pass no label packets and have access to namespaces outside of any reporting or logs. I was only able to find several components by looking at SELinux contexts. Anyone without SELinux enabled will never see the stuff.

BTW, why the fucking attitude and disrespect?

If I see it again today I will try to reply again but use separate devices for here and ws. I’m air gapped on WS, tracking down the malware that is ComfyUI. See other comment for a few more basics. Don’t trust pip or especially UV. Read the source for everything you have from Python. Look for host OS escalation and obfuscation of stuff like namespaces, processes, and additional tty’s. The dictionaries for Python under collections.abc are hashed for nefarious reasons. That is one way they determine if your stuff is bad think.

From what I have seen, I want to be on a European Gentoo at this point, maybe even LFS.

Looks like AI stuff is also maybe creeping into age/id stuff.

I’m super concerned because there is a bunch of Python fedora uses throughout.

FreeCAD also has it now. Rather, has it in the flatpak.

I am air gapped at the moment tracking down the garbage dump I stupidly failed to verify. As I grep find and locate those packages, I keep seeing problems crossing over into flatpak containers. Things like the default kernel setting passing no label packets, the level of access for host installed Python, noaccount, changing /proc, and allowing a process to escape namespaces is sus to me. This garbage allows Python to create a hidden tty, and hidden connections to TOR. That is straight up malware IMO.

The hashing of Collections.abc and how UV works is death to open source.

Meanwhile Fedora shipping face recognition.

Anyone else noticing python is a problem?

Complex social hierarchy is a super important aspect to account for too. In the proprietary software realm, you infer confidence in the accumulated wealth hierarchy. In FOSS the hierarchy is not wealth, but reputation like in academia or the film industry. If some company in Oman makes some really great proprietary app, are you going to build your European startup over top of it? Likewise, if in FOSS someone with no reputation makes some killer app, the first question to ask is whether this is going to anchor or support a stellar reputation. Maybe they are just showing off skills to land a job. If that is the case, they are just like startups that are only looking to get bought up quickly by some bigger fish. We are all conditioned to think in terms of horded wealth as the only form of hierarchy, but that is primitive. If all the wealth was gone, humans are still fundamentally complex social animals, and will always establish a complex hierarchy. This is one of the spaces where it is different.

I haven’t kept up with things, but that has to be like bicycle level light and lab conditions. I remember people talking about bicycling with solar and the required area was the size of a pickup truck just to power a basic hundred pound-ish touring kit, and even then it was only pedal assist on a cloudy day or hills. That was only 10-13 years ago. The main issue is that panels are not in any way optimally directional in practice. I expect 40 miles is down hill from the continental divide on I40, after parking the thing in the beam of a solar molten salt energy storage array for a day, during peak solar storm activity, but the fuck if I know bugger all. I know Dave did the math about one of the cars back when he was looking at various EVs. IIRC, no solar panels are more than 30% efficient, most are around 20-25% under optimal conditions. Then you half that or more when they are not directional. That gives a best case baseline for the energy they can produce based upon the sun’s output. I know panels have been improving, but we are well past any large scale optimizations and into the phase of scaling production to reduce cost. Do you know what they claim to have changed?

I think we may have a language barrier here. Solar panels on a car are a gimmick. They do not do not make significant energy to power the vehicle or charge the batteries. The panels made are a sales gimmick to influence people that do not understand the technology and scales of the system. This is like putting the solar cell for a calculator onto an electric bicycle as an equivalent ratio of size and scope. The calculator runs on 3 milliwatts and the bike needs 300 watts.

The amount of power from built in panels is negligible relative to the battery. Solar panels are not vinyl film. They are actual semiconductors. They can be thin but are fragile. One can design a panel into some form of shape, but that is not a small task and is only possible with economy of scale for the tooling. Ultra thin solar panels have no real durability.

I am a pro automotive painter and have owned my own shop twice. I would not want this. Just reproduction body work is expensive. The custom stuff is even more. To make it into frivolous tech, that would cost orders of magnitude more, and the market to make it is so insignificant it would be a massive vanity project and loss. Then it is a nightmare when cars start burning from a few chips to the hood or roof on the highway because someone did not account for the short circuit potential in software and management circuitry. The total power of an optimal solar panel of equivalent size is irrelevant to the scale of an EV battery. Dave on the EEVBlog YT channel has covered this in years past with cars. Use the EEVBlog forum to search and learn more. That is the goto place for EEs.

Use offline open weights.

K&R?

Graduated pacman emerges… and we all know emerge is Gentoo. This one doesn’t compile.

Not in terms of kernel supported encodings and long term kernel support, from what I have seen. I have not looked into this in depth. However, looking at git repo merged pulls, issues raised, and the lack of any consistent hardware commitments or consensus, implies to me that the hardware is very unstable in the long term. When I see any hardware with mostly only base Debian support, it screams that the hardware is on an orphaned kernel and will likely never get to mainline. The same applies to Arch to a lesser degree. Debian has the primary tool chain for bootstrapping and hardware hacking. When it is the primary option supported, I consider the hardware insecure and unsafe to connect to the internet. I’ve seen a few instances where people are talking about the limited forms of encoding support and the incomplete nature of those that do exist. It is far more important to have hardware that will be supported with mainline kernel security updates and is compatible with the majority of encodings. It would be terrible to find out the thing could not support common audio or video codecs. IIRC there was an issue along these lines with the RISC-V PineTab.

I know the primary goto for RISC-V is SiFive, but I have not seen a goto LTS processor from them in terms of third party consistent use.

Plus, while more open is mor betterer, RISC-V is not full proof from a proprietary blob either. The ISA addresses the monopolistic tyranny and extortion of players like Intel, but there is nothing preventing the inclusion of 3rd party proprietary module blocks. The entire point is to create an open market for the sale and inclusion of IP blocks that are compatible with an open standard. Nothing about these blocks is required to be open. I don’t know if such a thing could be set to a negative ring more privileged than the kernel, but I expect this to be the case.

Most people’s routers are already up 24/7.

We should be able to do our own DNS. Who cares if it is on the wider clearweb. You are paying for an IP address with your internet connection. If you are running a server with verified hardware and signed code, all we need is a half dozen nodes mirroring our own DNS. There must be a backup proxy for the few terrible providers that cause issues with IP. The addresses are not static, but they do not change very often. At worse, you hit a manual button to reset or wait 10 minutes before the DNS updates.

Rπ is proprietary. You really need a hard drive for storage. The point is a TPM based encryption with no user configuration or worry about securing the thing. It just works with no excuses.

It is not about the people that already host. It is about enabling many more by giving them an option to buy a path of least resistance. In exchange, it creates a potential revenue source in a completely untapped demographic. The subscription/donations demographic is like a very unique and niche market. The vast majority of people do not exist within that space. Most people do not have the financial stability to engage like this. It is not that they are unable to accumulate adequate funds, it is that their pay fluctuates over time and their baseline constraints are far more stressful than spending from times of surplus and opportunity. Catering only to those with such surplus and gatekeeping the complexity of self hosting is massively limiting adoption.

The rule in managing a chain of retail stores is that, no matter how you select products to stock in stores, it is impossible to only select products that will all sell on one platform. How you manage the overburden always determines your long term success. You must employ other platforms and demographics to prioritize the mobility of cash flow.

Similarly but inverted, this place has a slice of all demographics. Efforts tailored to the various subsets should tap entirely new potential. A fool imagines they can convert the unstable poor*'r* into a reliable stable income source via donations. Someone like myself has means but not a situation that is compatible. If I have some tangible thing to purchase, I can make that happen. I do not have any subscriptions in life for anything at all. Heck, I won’t even shop on any of my devices I use regularly because I only buy what I intend to go looking to purchase with intent. That is not common, but what is common are spontaneous people that need time to align their finances with their desires. That person is likely to dread paying $5 every month compared to $250 in May when they get a couple thousand dollars on a tax return. Expecting the public to float the stability is stupid. That is not how the real world works. Real businesses always float the overhead. I’m talking about how to free the masses to self host everything for the cost of a nice router spent once with no techno leet filter.

K kid. Too deep for you to understand.

What in the hell made you think it would be a requirement? That is insane. An option is not a requirement.

Because 99.9% of people will never self host. They would much rather just buy a product that is not setup as a scam. The scam part is less important to most people than the lack of effort required.

This isn’t a thing to get into for the money. It would be about the FOSS aspect. Doing something like this would not break even for the time and labor involved. It might be worth doing for positive digital neighbors, but I am not at all interested in doing anything for negative or rude people.

I come from a background of being a buyer for a chain of bike shops where I spent millions of dollars based upon knowledge of how such markets work. The entry level customer is all that really matters. The extra stuff is just to woo them into the store.

In a place like this, if you engage, you’re actually irrelevant. If you want to target growth, get a lurker to engage for the first time. Getting some random lurkers to buy into the hardware to self host because they care about software freedom is far far more effective than the current ecosystem. When servers are not updated, and people shut down because of administration, it says this is not viable for the average person with a life. So make this easy for the individual. It is such an obvious thing to do.

The present system is basically like go compile OpenWRT for your router and people whining about how it is not fucking hard. It is not, but most people just do nor care to try it. They just want to buy a device, plug it in, and be done. Half of these devices are on factory original passwords. This is the real scope of what people are capable of and expect. The mismatch is easily solved by packing the fediverse as a device. The alternates are great for the 0.1%. I am not talking about you all. I am talking about something that could go from 0.1% to 5% of the fediverse is self hosted, and likely much larger. The whole endeavor would be like a coop socialist kind of thing from the ground up.

👐🙇💆 “good girl” 👮👹👮

Yeah, fuck that. Devs need to change that bullshit yesterday. I sign all my mod actions with my name because this fascist fuckwit nonsense is garbage. If you can’t post your name to your actions, you are a coward with no right to lead.