I believe this only works if your ad blocking DNS is configured to return 0.0.0.0 for all blocked domains rather than NXDOMAIN, since then services might try using the secondary DNS instead and that would result in nothing getting blocked. Ideally your secondary DNS should be a copy of the primary.
do you know if pihole or Adguard can configured to support confirming to the router or the client that resolution took place, rather than try the secondary DNS.
If i understand you correctly, if you have a blocking internal DNS running pihole or Adguard and an external general DNS such as google or cloudflare, unless what you described can be configured, the requests that come back "blocked" from pihole would then simply be resolved by google/cloudflare, thus negating the point of pihole.
AdGuard Home should by default be configured to return 0.0.0.0, you can check whether that's the case in Settings -> DNS Settings -> scroll down to Blocking Mode. I don't know about Pi Hole but it probably also has a similar setting.
For normal services namespaces are enough (make sure to set no_new_privs, one of the best Linux features). Run it with the bare minimum of mounts required, no shared /tmp, etc. For all its faults, systemd actually gets this right, by allowing to easily harden services.
Note that this exploit relies on being able to run as root (typically through setuid). If you don't fully trust a service, don't let it ever talk to code running as root in the first place. No opening sockets in /tmp, no listing processes in /proc, no dbus shenanigans, no sudo or su. One of this issues with this was that some programs require setuid for bad reasons (IIRC historically ping was setuid to be able to send ICMP packets). From a quick check (find -type f -perm -4000) most of these problems have been eliminated, via linux capabilities or otherwise.
These tactics successfully saved me from log4shell.
Depends on what you want to achieve. AppArmor/SELinux prevent access to files and directories. Virtualization and containerization tries to build a jail. You can combine the solutions, a container running a distro with SELinux like any from the Red Hat ecosystem.
They have all had vulnerabilities, My preferred method is to not install stuff I don't need, and fix any dangerous configuration for the programs I do need. I prefer Podman over Docker because of rootless for example.
Containerization doesn't protect at all against privilege escalation.
And AppArmor is a very partial improvement.
The way to protect against this is with an external supervisor. But then you have to care about privilege escalations attacks against the supervisor. Hopefully that one is much simpler than Linux so it has much fewer vulnerabilities.
I couldn't find any information but does this use some kind of LLM to derive the combinations from? It makes a request to the backend every time you combine items which sometimes takes >500ms, and also supports some really wild combinations that I highly doubt someone has taken the time to come up with. It would also explain why the icons are emoji's, it would be fairly trivial to ask ChatGPT to give you the result of Fire + Water and an accompanying emoji.
As this is powered by an LLM, you are exploring its latent space. That means there isn't one logic behind everything - any association is fair game. Here, probably the strongest one wins.
The rewilding guys would probably say 'that tracks'. Many of their efforts to get rivers to flow year round usually involve trees. Moss, bugs, rodents and grasses first then trees. Usually can help many areas to have year round streams again. As roots help water linger longer in an area. Which leads to streams.
Obviously the prompt to the LLM is just to create the most obvious association. It may not mention "crafting" at all. Maybe it does though. Is there something obvious to craft that uses a tree and water in the process?
To design a game like this you need to do a lot better than just creating the obvious association. It needs a mix of obvious recipes and clever recipes, so that there's challenge and a sense of achievement. Also, there's a starting point. What should the graph look like?
I'm sure Neal has done hard work in getting it right.
Meh, what would be your great response to Tree + Water?
A human can only generate a small fraction of the combinations and would have a hard time coming up with most combinations which are already nonsensical.
What is your non-disappointing idea for, idk, Tears + Pottery (AI: Bowl) or Money + Salt Lick (AI: Cow) or Skull + Lake (AI: Loch Ness) or Dracula + Pirate (AI: Vampirate) or Curse + Money (AI: Debt)? Now do that thousands of more times.
The infinite aspect is the thing that keeps it interesting, I think. The fun is getting a new, weird result like "Dracula" and "Pot of Gold" and seeing if you can generate new weird results from the existing set.
Porkosaurus, Soup Nazi, Sphinxie, Sodium Chloride, Abdominable Snowman, Baconator and both Yeti and Godzilla. And Yogazilla which is a "First Discovery".
How did you get to fish? Because boy do I have a story for you.
Mine starts in Atlantis, then Poseidon gives me a fish. Then two fish turned into a shark and I ended up with a sharknado.
Then I found the titanic, we hit an iceberg, I found a treasure and then pirates chased me, but I got away, sold the treasure for money and became the richest man, then climbed Mt Everest, and later had a tea party.
Anyway, there has to be a better way to get fish than Unda da Sea.
I've also got a few where it just mashes adjectives together; so far I've found Time Poseidon, Rainbow Steam Robocloud and Broken Unicorn, among other similar ones.
I think it’s the first time AI has made me chuckle. I ended up with “Riddle”, so I combined that with “Tornado” and it gave me “Twister” which I thought was a great Christmas Cracker pun, and then when I combined Riddle with “Bottle” it gave me “Genie”.
Here’s all the combinations I’ve came up with so far:
Swamp + Mud = Quagmire
Divorce + God = Odd
Sun + Hourglass = Time
Glass + Hourglass = Time
Ice + Oasis = Penguin
Sand + Stone = Pyramid
Mirage + Time = Illusion
Dinosaur + Lightning = Godzilla
Oasis + Water = Mirage
Egg + Time = chicken
Golem + tide = Titan
Titan + time = Chronos
Poseidon + lighting = Zeus
Titan + Chronos = Cronus
Time + Fire = Sun
Sun * Titan = Apollo
Ash + Mud = Clay
Godzilla + Love = God
? + ? = Spongebob
Unicorn+Gold=Alchemy
Unicorn+Alchemy = Philosopher’s Stone
Gold+Alchemy=Midas
swamp+chicken=duck
duck+roast=goose
goose+goose=flock
flock+wind=flight
Narwhal+time=unicorn
Lightning + Treasure = lots of stuff (Rich, idk
Narwhal+unicorn=narwhalicorn
Jonah+time=narwhal
Whale+oasis=jonah
Plant+seed=tree
noah+ark=flood
curse+jesus=cross
bank+intrest=money
dandelion+cactus=desert
Back to the future+riddle=time travel
back to the future+time=delorian
Desert+indiana jones=tresure
Off topic, why is nitter dying? I've noticed the main instance's SSL cert is down for a bit now, and other instances are pretty rate limited. Did something happen/change?
All (non-paid) Twitter accounts are now rate-limited, which makes a shared Nitter instance untenable. It's probably still possible to host a personal instance for yourself, although they might ban your account for it.
The request looks like "https://neal.fun/api/infinite-craft/pair?first=Phoenix&secon..." so it's probably typically caching the combination of phoenix+seeds but if there is no cache entry it would use llama to make up something. If there's a lot of attention on the site the llm service might be down or overloaded. And given the exponential/factoral (?) amount of combinations this may be reached surprisingly quickly. Just a guess.
As an aside, the game is technically interesting, being a really simple example of using llm generation for game mechanics. But it is not engaging at all and feels nonsensical to me, especially when compared to little alchemy https://littlealchemy2.com/.
I'm not trying to be negative and this isn't a dig on creativity of the wonderful Neal but more points to the immaturity of llms applied to games, maybe to my overexposure to chatgpt, and maybe a prediction that human touch will always be required to make something entertaining. I'm curious how llms will fit into an engaging game experience in the future.
>As an aside, the game is technically interesting, being a really simple example of using llm generation for game mechanics. But it is not engaging at all and feels nonsensical to me
You just gotta make a game out of it.
For example challenge yourself to try to craft "pizza".
Can even try to do it in as least number of crafts as possible.
Point is, just crafting random things to see what it spits out is OK, but trying to use your own logic to combine things to get to an arbitrary solution you come up with is much more engaging, at least to me.
Challenge your friends to craft some specific "thing". Think of something you might think could be hard to craft to, and ask them to do the same and see who can get there first, or in the fewest steps.
I tried your challenge to create pizza. My goal is to get some kind of food, but combining combinations of water, plants, fire, etc are way more likely to produce dragons and universes. I eventually got to chestnut which got to bread, but it was a lot easier to get to "Toast Toast Toast" or "Chestnutzilla" or "Treasure" + "Toast" = "Pirate". I finally got "Tostzilla" which has a pizza emoji, and then "lunch", and "breakfast", and "party"+"toast"="celebration" ?? but it feels random and illogical at some point I just gave up.
So to me it feels like playing against a soulless vector database rather than something engaging and well-crafted. I think what gives me this impression is that things are commonly related to each other using words rather than their meaning -- getting from "pirate" to "captain crunch" to "serial killer" is obviously following lines of language rather than the core concepts that relate objects. This is directly opposed to the actual act of crafting which is 100% rooted in the material world and has no relationship to language.
Maybe I'm losing my imagination, but doing it like you suggest, creating challenges, is makes it more fun. I think I'm just tired of thinking in language.
I'm also seeing a lot of my favorite game creators on twitter enjoying the toy and I'll trust their taste over mine :)
That's a fairly big challenge since the game gets less coherent the longer it goes on. The early matches generally make sense, but after about 3 levels you start getting loops, and after 5 levels you start getting nonsense or outright failures from queries.
If you figure each of the things is an input parameter to a LLM this makes a lot of sense. They tend to have short memories and struggle with higher level introspection. Great for demos, but fraught with problems when using them to do real work.
Hmm, I’m not finding it to be too big of a challenge.
It’s a bit challenging yeah, but me and my friends are challenging each other to get to words and we can usually find a way to make it.
Things like “Godzilla”, “Universe”, “Vampire”, “Optimus Prime”, “Vodka”, etc are just some examples we did.
I don’t seem to be having problems going dozens of levels deep without loops and not running into many query failures. Results that are deep are still making some logical combinational sense to me at least.
Some words we haven’t been able to make, but that doesn’t mean it’s not possible. It just means we need to get more creative and sometimes think outside the box. There are so many ways you can approach getting to a certain result in my experience so far.
Doing this has been fun and challenging so far for me and my friends FWIW.
> But it is not engaging at all and feels nonsensical to me, especially when compared to little alchemy https://littlealchemy2.com/.
On the other hand, Little Alchemy doesn't have answers to the most basic combinations. Air + Earth = Dust, but Dust doesn't combine with Water. Earth + Water = Mud, but Mud doesn't combine with Air. Earth + Earth = Land, but Land doesn't combine with Fire.
It may be more sensical since it limits combinations to 0.01% of what's possible, but I don't think that makes it more interesting.
There's tons of combinations that take forever and nothing ends up happening. That's how I got around to the comment thread (clean+satan is why I'm here): I'm waiting for the latest combination to time out
Wouldnt it be worth caching the results? For the first couple of million combinations at least. I suppose that would take away some level of serendipity. But I imagine it would make this a lot cheaper, considering its popularity.
Yeah I'm pretty sure you could do this just with the classic word embeddings (king =queen + man - woman). Maybe it doesn't work as well as with a full LLM.
Addition won't work for things that depend on the order of operations. If salt + water is ocean and water + fire is steam, what's salt + water + fire? Is it salt + steam or ocean + fire?
Associativity and commutivity in vector addition doesn't translate well to semantic meaning. Extrapolating your example, it'd also mean:
I don't see why those should all be true. Intuitively, trying to satisfy O(N^2) semantic pairings with vectors that are optimised for a very specific and different numerical operation (cosine similarity) feels like something that won't work. I'd imagine errors get amplified with 3+ operands.
Isn't the reason for lack of associativity/commutivity is that you're doing operations (addition/subtraction) that have them, and then snapping the result to the closest one of fixed number of points in your output dictionary? The addition is fine, loss of information is in the final conversion.
There's definitely some lossy compression when you snap it to the nearest known vector: enumerating every word ever written in human history wouldn't even come close to the 2^(16*D) representable points for a D-dimensional float16 embedding vector. In fact, even adding two float16 values is a form of lossy compression for most additions.
But I'd be surprised if either of those were the primary reason. The words "sea" and "ocean" are different vectors but they'll be very close to each other. salt + water = sea and salt + water = ocean both sound correct to me so the problem is more about whether the v_salt + v_water can even get to the vicinity of either v_sea or v_ocean.
If we constrain our selves to a pool of words of say Wikipedia entries, minutes names and maybe some other stuff, and use a "super node" like "addition" to kind of act as a math operation.. maybe this makes more sense?
For me it was when one of my early combinations of Pegasus (might also have been unicorn or flying horse, the latter already being a duplicate of Pegasus) and water became hippocampus, but with the hippopotamus emoji ().
I'm sure it was fun for the creator, bit I'll stick with non - AI games for now.
i really hate it when you are crafting something and get the same thing as another thing in your side bar but it has one CAPITAL LETTER!!! like what that dosnt change anything you fuggly rat
I think Docker has a fairly well designed CLI and I don't find myself having to Google commands for it often. It follows a few pretty consistent patterns that I wish git had tried to stick with rather than the concoction of words and flags for common actions it ended up with.
I simply don't want to deal with spam or scams. If I'm exposing my contact details it would be a separate set that is dedicated to dealing with communication coming from the public.
And that is exactly why they can be changed - because they're valuable details that can be used to track someone down. Your DNA is easily obtainable and is not used in any meaningful way that would affect your life if it was exposed.
For me, phone numbers have had reduced importance over the last couple of years. Most of my communication with other people are over various messaging apps.
Identifier as in, used for authentication and possibly even tied to your real name. Even messaging apps don't tend to have screen-names like AIM, they have phone numbers, including the so-called "privacy-focused" Signal. Tons of in-person services (govt, banks, etc) will also want one, and it may be used as yet another piece proving your real identity.
Alright. Where I live, phone numbers are public info and not secret so here they are not used when authenticating yourself against a bank or similar.
Using a phone _number_ to authenticate yourself against the government seems completely bizarre to me.
I understand that leakage of phone numbers become a problem if you use them for those kinds of things. But honestly, using them for authentication seems crazy from a security point of view.
This makes it out to be so much worse than it actually is.
It's good at what it does - serving media to all your devices. No online accounts, no phoning home, no advertisement, no BS. I've had no trouble with either the web UI or any of the apps available on android/TV. Admittedly I've never used Plex but I can't imagine it doing any of that much better.
It's not hard to miss what you don't know. But take intro skipping. Awesome feature. JF still doesn't have it. It's not necessary, but hard to give up. And frankly you shouldn't have to give it up. The swiftfin client still is missing features. Oauth is still a "won't support" feature. The devs abandoned and locked their subreddit in a fit of pique. There's a litany of reasons the project won't replace plex.
Safari is at a disadvantage - it's behind a walled garden and people outside of that garden don't develop or test for it. Sure, that's a trivial issue for a company but not for small team or single person projects.
Not to mention that it feels like Safari is only fast because it does its own thing and doesn't strictly follow the spec. I've often run into CSS specific issues with it when making slightly more complicated animations.
People with technical skills can't accept that, but the ones without them that make up the majority couldn't care less. The vast majority of people don't know how to read or utilize anything past the domain name, hence why you constantly see people copy paste 300 characters long URLs of images from Google. Hell, a good amount of people don't even look at the domain name which is why phishing is so common.
URLs are not strictly technological oddities. Their closest equivalents are footnotes/citations.
Marginalizing URLs as something that only "people with technical skills" do (and/or should?) care about is no different from any other phenomenon where you take some boring, everyday, mostly unremarkable practice that doesn't involve the use of a computer and then change it where the moment someone gets a whiff of the presence of a computer in the pipeline they throw up their hands and say, "I don't know"/"I don't get this"/"I'm not a computer person".
It's really the doing of both non-technical people and technical people in and adjacent to the modern software industry alike that most people consider URLs gobbledygook instead of what they are: identifiers for a given work. It's especially perverse that the practices of both classes are responsible for most URLs being unsuitable for use Works Cited pages. That could definitely use some fixing, but we do such a poor job (in the US at least) already at explaining, during high school when it's supposed to be covered, the value of proper sourcing and citing that even smart kids come away thinking in terms of superficialities like the rigidity of formats and citation style rather than the actual fundamentals of scholarship. URLs are not exceptional in that regard.
