The Bohr radius is the result of a simple classical physics calculation (a common exercise for undergraduates in their first year). It depends only on the electron mass and the fine structure constant which is the strength of the electromagnetic interaction. In the SI system, the speed of light has a fixed value which defines the unit of length.
IQ tests only work if the participants haven't trained for them. If they do similar tests a few times in a row, scores increase a lot. Current LLMs are hyper-optimized for the particular types of puzzles contained in popular "benchmarks".
Companies are optimizing for all the big benchmarks. This is why there is so little correlation between benchmark performance and real world performance now.
Yes, LLMs have become extremely good at coding (not software engineer though). But try using them for anything original that cannot be adapted from GitHub and Stack Overflow. I haven't seen much improvement at all at such tasks.
No shot, their classic engineering ability has exploded too.
The amount of information available online about optics is probably <0.001% of what is available for software, and they can just breeze through modeling solutions. A year ago was immediate face-planting.
The gains are likely coming from exactly where they say they are coming from - scaling compute.
This is highly misleadling. Nobody is setting the price, it is determined by an open market. This naturally drives it towards the price of the cheapest energy source with available capacity (often natural gas). It would be irrational to sell electricity for cheaper than this. If more batteries get deployed, the price will more often get set by battery storage instead.
> In this model, the price of electricity is set by the most expensive source needed to meet demand at any given time. Often, this is gas-fired power plants. Even if cheaper renewable sources like wind and solar are supplying a significant portion of electricity, the overall market price is influenced by the cost of gas.
If you don't cover 100% of the current power usage from batteries, the price will be price of gas plants.
The gas plants could be 1% of given moment, yet still set price
It's not like the price is set for the whole year, though. The price is set each half-hour, so it does matter what percentage of the time the gas peaker plants are necessary to supply the grid. This makes the effect of renewables on prices quite nonlinear: if they can never supply 100% of the grid, then they have zero effect on the average wholesale price. But going from 0% to 99% is a large part of the hurdle, then the transition from 99% to 105% will have a very large effect on the pricing (of course, given the variable nature of renewables, this will get blurred a bit more: currently the UK grid is entirely renewables about 1% of the time. But doubling the renewable capacity will raise that percentage to a lot more than 2%).
> The gas plants could be 1% of given moment, yet still set price
Makes sense. Since no one would build that last 1% (or then, last 10%) of needed capacity due to it being wildly unprofitable. Then you are dealing with rolling blackouts or even worse.
The cost of a watt is not fungible. Reliable electricity is worth many multiples more than an unreliable grid no one can rely on being there when they need it.
This is a very sensible way to structure an electricity market. It’s got to be set at the marginal price, otherwise you mess up incentives of cheaper producers.
Sure, it's a marginal price. It is surprising to me that HN struggles to understand marginal pricing, it makes me more likely to assume when I see such people unhappy with taxation that they probably also don't understand marginal taxation.
Marginal differences have a cliff effect, which is one of the things US Republicans are worried about in the event Trump isn't able to subvert or abolish entirely this year's elections. If you've gerrymandered every seat so that you'll win by 3-5% and then your support collapses 10% across the board then you lose all those seats, not 10% of them. Ouch.
For that 1% in reality it's probably not quite the case, my understanding is that most of the gas plants pay a significant price in terms of efficiency loss and wear on the turbine, for restarts, so e.g. make 10MW for an hour, switch off for an hour, then make 10MW for an hour is 20MWh produced, but incurred a stop-start. The 20MWh might equate to £1000 of gas burned, but the stop-start has an effective price of £500. So you need to charge £75 per MWh to break even. Or, you could sell for £60 per MWh, deliver 10MWh for all three hours, 30MWh, £1500 of gas burned, no stop-start overhead, your overall costs were the same but you got more profit because 30 x £60 = £1800 instead of 20 x £75 = £1500.
Very true about the Republicans. In the special elections since the general we have seen shifts of this level. Unfortunately, I strongly suspect subvert is what's going to happen.
That is exactly what I wrote. Gas plants being at 1% implies that there is no cheaper source with available capacity. Why should anyone sell electricity for less then?
So if I offer my services providing electricity through a bicycle transformer for the cheap cheap price of $1000 per kWh does that mean everyone has to pay that price.
Every 30 mins the UK energy suppliers put in a bid for how much energy they can produce and what price they will do it for. The UK then selects the cheapest N companies to fufill the predicted energy demand. Each company selected is then paid the price of the most expensive supplier chosen which is usually gas.This is a simplification of what the Octopus Energy CEO explains in the link below starts ~1:40.
No. The operative word there is "required". The grid sorts the various providers cheapest to most expensive, then uses all the power from each until they don't need the power anymore, at which point they pay everyone who they did take power from the rate of the highest winning bidder.
If you were offering power at $1000/kWh, you would simply lose the auction.
Imagine the scenario where Alice, Bob, Charlie, and Daniel are each selling power at $1/kWh, $2, $3, and $4 respectively. We need 30 kW of power.
Alice bids 10 kW at $1/kWh. We draw power from her, but we still need 20 kW
Bob bids 15 kW at $2/kWh. We draw power from him, but we still need 5 kW.
Charlie bids 30 kW at $3/kWh. We draw 5 kW from him. We don't need any more power, so Charlie has set the price at $3/kWh
Over the next hour, Alice gets $30, Bob gets $45, and Charlie gets $15. Daniel gets nothing, because he was out bid.
There is a significant fine to be paid by the non delivering supplier. This still happens and that is why there is also an auction for reserve power. Oversupply is fined even higher as that is also bad for grid stability.
Think about this like a market. Suppose yes, there is demand for your power at $1000/kwh.
What is the market pressure here? Suddenly a ton of new capacity in solar, gas, etc, will come online and drive that price down because there will be much more capacity before you reach the point of $1000/kwh purchases.
The alternative is that people get paid at cost of production, which if you think about it is less fair. Why should a gas turbine get paid $67/kwh and a solar cell or battery get paid less? It also means that the market incentivizes more cheaper energy as a rule, because they take profit.
Would you go to the gas station charging $2 above market price just because their costs are higher to produce the gas?
As I understand it (and even if I’m broadly right I’m greatly simplifying) there’s an auction system and if demand is X kilowatts, they line up all the bids to supply in cost order and draw a line at X kilowatts. All successful bidders receive the price bid by the highest successful bidder.
There are rare times in this kind of market where the price does go very high (though not to $1000 per kwh), and those brief periods push average prices up substantially.
In markets where batteries are going gangbusters, they are squashing many of these peaks and thus reducing average prices paid by consumers (though not as much as you’d hope because the majority of retail electricity costs are distribution rather than generation).
The EV-1 was launched with lead-acid batteries and later upgraded to NiMH. It would still not be possible to make a practial BEV with these battery chemistries. The breakthrough came through the microelectronics industry producing billions of cheap devices with lithium ion batteries in them.
Correct. It was never going to be a mass-market vehicle; it was an early adopter's product. Those products can still succeed, and their success proves the market and drives further innovation.
this[0] page makes it seem 500~1000 cycles till 80% starting performance is common. So if you were charging it every other day from a 40~50 mile round trip commute, after 3~5 years you'd go to charging it every day.
As described there, this assumes slow overnight charging, and latest generation of batteries (not sure how viable that was the time of EV1).
Even LiOn batteries have charging patterns as the blocker to adoption, which means that practically, you'd get cars with less than 50% capacity by 2 years.
Also, not like it just keels over and dies, that's just the 80% performance criteria. Most people wouldn't need to replace the batteries at that point.
> Mobil and other oil companies are also shown to be advertising directly against electric cars in national publications, [...] Chevron bought patents and a controlling interest in Ovonics, the advanced battery company featured in the film, ostensibly to prevent modern NiMH batteries from being used in non-hybrid electric cars.
> car makers engaged in both positive and negative marketing of the electric car [...] In later days it ran "award-winning" doomsday-style advertising featuring the EV1 and ran customer surveys which emphasized drawbacks to electronic vehicle technology
> the federal government of the United States under the Presidency of George W. Bush joined the auto-industry suit against California in 2002. This pushed California to abandon its ZEV mandate regulation.
> A portion of the film details GM's efforts to demonstrate to California that there was no consumer demand for their product, and then to take back every EV1 and destroy them. A few were disabled and given to museums and universities, but almost all were found to have been crushed. GM never responded to the EV drivers' offer to pay the residual lease value; $1.9 million was offered for the remaining 78 cars in Burbank, California before they were crushed.
Lithium ion batteries existed in the 90s and were being explored for BEV use by Nissan in 1996. They were already fairly ubiquitous in consumer electronics, at least high end ones, at the time the EV-1 was killed.
GM just tapped out too early because despite the cars being incredibly popular, they didn't want the short-term hit to the books that a niche product full of brand new technology represents.
I was given an iPad at work and had to make an Apple account to use it. Every time, the form on the website errored out with "Your account can currently not be created" without any further information. By trial and error, I figured out that creating an account with the exact same information on the iPad worked. Not the best first impressions of the "it just works" company.
Ok, it's not just because I'm trying this from my Linux computer with fake phone numbers to jailbreak the stupid iPad 3 I found in a drawer (and on which the registration form of course doesn't work anymore). Thanks.
These church-owned entities in Germany are almost 100% government fincanced [1], while abusing a loophole in the German constitution to discriminate their employees for religious reasons. For example, the Catholic ones are notorious for firing employees that get divorced. This system is an absolute disgrace, but the churches are still too powerful in German society and have so far been able to block any attempt at fixing the constitution.
It’s not uncommon in the U.S. either. Providence Health is a Catholic nonprofit that owns 51 hospitals, including several of the big ones in Seattle. It was a big deal when they bought Swedish and people were afraid they would stop offering abortions even in cases of medical necessity.
Parent edited their comment. It used to just say “In Germany.” as if to dismiss the comment for not being about the United States.
I was not intending to say that Catholic healthcare providers in the U.S. are notorious for firing employees who get divorced. In fact, Providence got caught in controversy for firing an employee who refused to provide contraceptives on personal religious grounds.
If your router had only NAT and someone (i.e. your ISP) sends it a package addressed to somewhere inside your internal IP range, it will happily forward it. A firewall would block it.
The same problem applies to masquerading. Routers are happy to route packets they receive, and NAT (in whatever form) isn't the tool you use to drop those packets.
If there is more than one machine behind the NAT which one would it forward it to? This hypothetical simple NAT without firewall AFAICT doesn’t exist in reality, even if it exists in specs. I don’t see how it actually could.
Ugh, this is part of the reason why I left them, but https://free.fr still does this AFAIR. They were deploying IPv6 to all their consumers well before the other ISPs (more than 15 tears ago), but they have stagnated since.
IPv6 firewall disabled by default. There is only one config for the firewall: on / off. Accept all inbound or reject all inbounding.
To think that they used to brand themselves as "for the geeks", with reverse DNS customization, built-in user-configurable server on the router (all of their routers offer a Wireguard VPN, torrent client, audio output with DLNA & others), a m3u for IPTV, etc. I wouldn't advise anyone to use them due to this issue.
Their basic firewall dates back to 2019: https://dev.freebox.fr/bugs/task/27268 (a lot of spam in the replies there). There was none before, and it is still off by default.
This is no small ISP either, they have more than 50 millions clients (including mobile), and are in the top 10 ISPs in Europe. Baffling.
I don’t think you understand symmetric NAT. Requiring an entry in the port address translation table to propagate a packet is not the same thing as a stateful firewall.
You absolutely can have a port address translation implementation without a stateful v4 firewall that wouldn’t forward packets destined for inner IPs on the outer interface. Just put an ACL on the external interface to not allow traffic to the inner IP block.
If your public IP from your ISP is 12.13.14.15, and your internal block is 192.168.0.0/24, then your ISP can send a packet to 12.13.14.15 destined for 192.168.0.7, and without a firewall your router will happily forward it. An attacker who can convince intervening routers to send traffic destined for 192.168.0.7 to 12.13.14.15 (and these attacks do exist, particularly over UDP) can also do that.
You're using somewhat sloppy terminology that will confuse things. An IP packet can't be addressed both to 12.13.14.15 AND to 192.168.0.7.
The realistic attack here is that your ISP sends a packet with destination address 192.168.0.7 to the MAC of your router (the MAC that corresponds to 12.13.14.15). This is a realistic attack scenario if the device that your router connects directly to gets compromised (either by an attacker or by the ISP itself).
Getting a public route that would take packets destined for 192.168.0.7 to reach your router over the Internet is far more unlikely.
True, the frame is addressed to the router's hw interface but I'm talking to people who think NAT drops traffic so I figured keep it simple
But, yes, the ISP (or whoever has compromised/suborned/social engineered the ISP) is absolutely the main worry here and I don't understand how people are dismissing that so easily
> I don't understand how people are dismissing that so easily
Because that’s not where 99.9999% of attacks come from
Fire up a web server on a public ipv4 address and you’ll get hundreds of requests per day from bots probing endpoints for vulnerabilities. Same thing goes for weak passwords on an SSH endpoint.
Okay, so not only do you have to create a bogus packet, you have to convince every piece of equipment in between you and the end user to collude with it, in the hopes that the final router is so woefully misconfigured as to act upon it?
The ISP is the primary threat vector here (do you trust yours? Along with their contractors and anyone who might have compromised them?). But like I said route-poisoning attacks do exist.
yeah but the likelihood of this is incredibly remote. It would shock me if ISPs didn't have alarms going off if RFC1918 space was suddenly routable within their BGP table.
Not to mention the return packet would be NAT'd so the attacker would have to deal with that complication.
The return packet wouldn't be NATed, because stateful NAT tracks connections and only applies NAT to packets that belong to outbound connections.
Arguing over how likely this is is missing the point. If it can happen at all when you're running NAT, then it should be clear that NAT isn't providing security.
“if it protects 99.999% of attackers from reaching you but not this one specific attacker in this one case of misconfiguration, it’s not providing security”…
Dude, that’s a really shitty take and this is why people that do care about security end up ignoring advice from anyone who thinks this way.
You’re in the camp of “don’t use condoms because they can break”.
NAT doesn't protect you from 99.999% of attackers though. It doesn't do anything to incoming connections, so it actually protects you from 0% of attackers.
Nobody on the Internet can send a packet to an internal IP on your network except for immediate L2 neighbors (I.e. your ISP).
Symmetric NAT 100% stops inbound unsolicited connections to the public IP. And using the public IP is the only way 99.999% can address you.
I implore you to write down (even if just for yourself) what the packet headers would be for you to get a packet from Starbucks WiFi to the device at your home at 192.168.0.5 that has made no egress connections.
You’ll quickly find what you’re suggesting is nonsense. port address translation requires an entry to function. It’s not some optional security feature. It’s required information to get the packet header rewritten to reach private devices.
You can't get a packet from a random store wifi network to your home network when your home network is using 192.168.* (barring something like routing headers, which most routers wouldn't process). You said that yourself in the first part of your post, and I don't think I ever argued otherwise.
> Symmetric NAT 100% stops inbound unsolicited connections to the public IP
No, it doesn't. If it did it wouldn't be possible for routers to accidentally make their web admin or UPnP interfaces available to the Internet.
It doesn't stop connections to your router, and it doesn't stop connections through your router either. It just plain doesn't stop connections, which is why it protects you from 0% of attackers.
Okay, but unless you've poked a hole through NAT (and if you have, presumably you know what you're doing), what are those incoming connections going to connect to?
If there's nothing to connect to, is there really an incoming connection?
They connect to whatever IP is specified in the packet's "destination IP" header field. It's exactly the same behavior as if there was no NAT going on.
No, it might belong to the router. If it does then the connection goes to the router, but if it's set to a LAN machine's IP then the packet gets routed to the LAN machine.
You aren't in control of the contents of inbound packets, and NAT won't filter them to enforce anything about the destination IPs in them either.
Or more likely, network engineers who’ve been subpoenaed to collect the information?
Your scenario is plausible for high value targets. Like, what country wouldn’t want to have a friendly tech working at the ISP most politicians use in DC? That doesn’t seem improbable.
For the regular Joe Schmoe, I’d be more concerned with court-ordered monitoring.
Ah, that sounds like an American problem. If you're in the US, you're living in a hostile surveillance state that makes North Korea look like a hippy commune.
No, the router will only forward it with specific implementations that don’t isolate routing tables between the external and internal. Or an easier approach is just a stateless ACL on the external interface. Neither are a stateful firewall.
Send packets to the device? A NAT is in it's most basic form a mapping from one IP/port set to another IP/port set describable by some function "f" and its inverse "g". The common home user case has the firewall detect a flow from inside the network and modify "f" and "g" to allow this flow. Without the firewall, and assuming you want your devices to talk to the internet in some way, the NAT would forward (with modifications) traffic based on "f" and "g" to all your devices.
First they will have to change their policy of only providing one IPv4 address per ONT connection. Then they will have to convince me to disable NAT on my router, disable the DHCP server on my router, and bridge the WAN port with the LAN block.
Meanwhile in IPv6 land the ISP provided router that my relative has came configured by default to hand out globally routable addresses from the ISP provided /64. Thankfully it also had a stateful firewall enabled by default so there was no difference in practice.
> First they will have to change their policy of only providing one IPv4 address per ONT connection. Then they will have to convince me to disable NAT on my router, disable the DHCP server on my router, and bridge the WAN port with the LAN block.
No. They may be able to directly reach your internal addresses with source addresses that are outside your internal ranges through the WAN interface. For example: if you use 10.0.0.0/24 internally, and your special secret webserver is at 10.0.0.2, I might be able to reach it from 10.1.0.1 through your router's WAN interface.
It doesn't matter what the public IP is: the WAN interface is the default route, Linux will forward the traffic unless something is explicitly configured to block it.
Even if outbound traffic on the WAN interface is unconditionally SNAT'd to the public IP, and the replies have the wrong source address/port, I can still use a promiscuous mode AF_PACKET socket to receive them and interact with the internal server (the destination address will be correct, so the L2 frame will be addressed to the attacker's MAC). Or even just install my own SNAT rule to rewrite them again for me, I suppose.
Some ISPs have multiple subscribers on the same L2 segment, it's possible they can do this to each other.
Of course, I'd imagine many consumer grade routers out there do block this, but I've personally seen some that don't.
reply