HTTP 1.1 and later will have the browser supply the domain name that was used to access the site, and even though *.localhost all resolve to 127.0.0.1, nginx will pluck out the correct configuration and proxy_pass the correct one.
One thing extremely worth noting that the article does not:
The reason "temperature" is called such is because softmax is mathematically identical to the Boltzmann distribution [1] from thermodynamics, which describes the probability distribution of energy states of an ensemble of particles in equilibrium. In terminology more well understood by ML folks, the particles' energies will be distributed as the softmax of their negative energies divided by their temperatures (in Kelvin). Units are scaled by the Boltzmann constant (k_B).
Setting an LLM's temperature to zero is mathematically the same thing as cooling an ensemble of particles to absolute zero: in physics, the particles are all forced to their lowest energy state, in LLMs, the model is forced to deterministically predict the single most likely logit/token.
Now to drow another analogy for what happens at high temperatures: the reason a heating element glows red when it is hot is because if you take the expectation value (mean) of energies under this softmax distribution, that mean goes up with temperature, and when the energy gets high enough, the particles start shaking off energy in the form of photons that are now high energy enough to be in the visible spectrum. Incandescent bulbs with tungsten filaments are even hotter than that heating element, and glow white because as temperature T is even higher, the softmax distribution's mean energy moves higher and flattens out, and it roughly covers the whole visible spectrum somewhat more uniformly. In the case of the bulb, photons of all sorts of wavelengths are being spewed out, that's white light. Likewise, if you set an LLM's temperature to an absurdly high number, it spews out a very wide spectrum of mostly nonsense tokens.
You absolutely can market make on Polymarket. The barrier to entry is actually extremely low; you can do it from an AWS instance in Dublin (the closest non-geo-restricted region to the Polymarket exchange), and don't need the kind of infra that is needed to market-make on US stocks. Retail can absolutely do it on anything crypto-based.
In order to market make, you just need to price probabilities better than everyone else. That's it.
On Wall Street on the other hand it has come down to FPGAs and free space microwave links because fiber optics' index of refraction causes a ~31% reduction in the speed of light. If you don't have millions of dollars you can't get into that game. Over-regulation cas resulted in this space being only accessible to the ultra-rich.
I've been quite successful trading weather prediction markets.
The prediction markets were never about predicting outcomes. If that's the level you are playing on, you're playing at the lowest possible level, and probably won't win.
The markets are now about properly modelling other peoples' manipulation of prediction. That's how Wall Street works as well. Companies can beat earnings and their stocks crash immediately after. It makes zero sense if you just model companies. It makes full sense if you stochastically model how an ensemble of humans behave under incentives and human-written bots behave under human-written policies.
"Hairdryer sometimes get pointed at the weather sensor" and "Government sometimes fudges jobs/CPI data" are more or less the same thing. Build it into your model. That's the level you need to play on to profit in these markets. It's not that different from how a chess engine works.
I am getting into trading on my own (my main job was in machine learning and I studied math in university). I've also come to a similar conclusion that you pretty much have to model these "manipulations" on top of the statistics/Brownian-motion-driven behavior of any security. I am currently working on a hybrid model for something on Polymarket but it's not yet sophisticated. Do you have any resources that you can point me to that expand on this very idea of adding human behavior to financial modeling?
Without giving away my exact strategies, I'm also an ML engineer and I'll just say that ML is in 90% of cases the wrong tool, whereas simple regressions and scatter plots will unearth loads of statistical anomalies if you know where to look. You want to find anomalous behavior then hone in on how to make them your counterparty.
ML can help you optimize things after that, but locating diamonds in a soup of noise is not really where ML shines.
> "Hairdryer sometimes get pointed at the weather sensor" and "Government sometimes fudges jobs/CPI data" are more or less the same thing. Build it into your model.
Is this comment satire? Bet on things being intentionally and secretly manipulated by people you will never meet? In what direction? This just sounds like a recipe for participating in the most financially dangerous questions.
Says "prediction markets were never about predicting outcomes", writes long winded tripe stating that "prediction markets exactly about predicting outcomes". Thank you Tai Lopez.
You don’t need a rooted phone. An open source OS with reproducible builds is enough. That way you can validate what the code does without giving up verified boot, or opening up another attack vector, etc.
1. I need to be able to change SSL root cert, disable SSL cert pinning, and intentionally MITM installed apps and see what they are sending about me to their servers. Open source OS isn't enough if the apps aren't open source.
2. "Apps sending information about me to their motherships that I don't consent to them sending" is a MUCH bigger problem these days than people messing with SSL, so I accept the risks of (1)
3. Verified boot is big brother's dream. I want to be able to verify my own OS.
> Agents also often respond well to user frustration signs, like threatening to not continue your subscription.
From the phrasing, I can't but imagine you as a very calm, completely unemotional person that only emulates user frustration signs, strategically threatening AI that you'll close your subscription when it nukes your code.
A passkey is just a thing that authenticates with FIDO2 (or is it WebAuthn?), I believe.
With a password, you open your password manager, copy the password in memory, paste it into the input field and trust that nobody could read it from your clipboard and that the program handling the password does it correctly. If your password leaks on the way, it's leaked.
With FIDO2, the server sends a challenge and asks your HSM (or TPM, not sure what the right word is) to sign it with your private key. So the server can verify that you own the private key, but if the challenge or the response leaks, it's just this one time. Next time it will be a new challenge.
Also for the average Joe, the result is that the "passkey" is the fingerprint or the face recognition and there is no password. It feels like they have only one password: the biometry/face recognition (or a master password, I guess?). So passkeys are superior to passwords in that sense.
Fun fact 1: some people hate passkeys because they don't want to be forced to rely on TooBigTech for them. Currently I use my Yubikeys as passkeys everywhere and it works well, so I do NOT depend on TooBigTech.
Fun fact 2: FIDO2 on current Yubikeys (and HSM in general, I think) tend to use classic cryptography which would be broken by quantum computers. A password used with symmetric encryption is not broken by quantum computers. So there may be a period of time where this becomes a tradeoff (you may have to decide whether the most likely attack is a quantum computer breaking your authentication or a malware stealing your password)?
> With a password, you open your password manager, copy the password in memory, paste it into the input field and trust that nobody could read it from your clipboard and that the program handling the password does it correctly. If your password leaks on the way, it's leaked.
I don't do that. My password manager simulates keystrokes 2 seconds after I hit the button. I switch to the other window and my password gets punched in without going through the clipboard. Specifically to avoid this attack.
> Currently I use my Yubikeys as passkeys
I have Yubikeys but for 2FA. So we're back to 1FA now but just "something you have" and no "something you know" ?
> I don't do that. My password manager simulates keystrokes 2 seconds after I hit the button.
So a malware on your computer can just listen to the keystrokes, or read on the screen? If the OS is compromised, they can extract the password. With a passkey they can't.
> So we're back to 1FA now but just "something you have" and no "something you know" ?
You can set up a PIN on your Yubikey, so that's "something you have" and "something you know", and you can request physical presence ("touching the yubikey") on top.
> A passkey is just a thing that authenticates with FIDO2 (or is it WebAuthn?), I believe.
Not quite. First of all, passkey is not a standardized term. But usually it refers to a key that can be used for authentication on its own, not as a 2FA along with a password.
A FIDO2 key can be a passkey, or not, depending on the service or configuration.
FIDO2 and WebAuthn added some fields necessary to make this work "securely", e.g. asking the key to verify the user separately (e.g. a PIN, which serves as a second factor), or asking the key whether it is device bound or roaming, so individual sites/enterprises can enforce their security policies
Quite the opposite for me. I'd like to have freedom to work on things I want to work on without "paying rent", "paying medical bills", or "short term profitability" being a constraint.
I went the lean FIRE route, and now work on whatever open-source projects I feel like, plus local in-person volunteer activities. It's a much better quality of life, even though my job had been enjoyable, the extra scheduling flexibility is really nice.
Same - I wasn't sure where I'd stop (always been a minimalist anyways, savings rate above 2/3) but ran into a health issue so seeing what the future holds: taking another crack at the 'career' or maybe something more low key that aligns with my passions or a side project. I just want more time for learning, everything else feels like a distraction.
I'm pretty sure that being at the beach is really just universal marketing shorthand for "being somewhere that no one would ever expect you to even reply to emails from"
Or more generally, just doing whatever you want. I dont think anyone literally wanted to sit on a beach 24/7 365 days a year. However plenty of people would want the ability to just wake up one day and on a whim fly to a hawaii until they get bored then fly somewhere else.
If you pay for beach accommodation instead of a dwelling in some higher-priced metropolitan area, sure. As an add-on though, still more expensive.
I'd wager that most people are working towards a home base in the lands they're used to, then go on trips every now and then. Selling your metropolitan home base gets you the permanent beach lifestyle for sure, but permanently removing oneself from more densely populated areas is not for everyone.
> You can get a 400 watt solar panel on Amazon for $300.
Too expensive. It's probably producing 200 watts average for 8 hours a day. That's 1600 watt hours, which is about $1.60 at PG&E prices. That would take 187 days to recoup the cost of just the panel.
If you include installation costs and "what PG&E steals if you wire it to the same grid" it's probably more like 4x that, which is too long.
Tell me when we can have 400 watt solar panels for $50. Stupid capitalism literally forces solar panel prices to make it unprofitable.
People should never have to take out loans for solar. Solar should be subsidized and forced by the government to be so cheap that it repays for its cost within a month. Then we're talking. Most things I buy to save money, I expect them to repay within a month. Maybe 2 months max.
I'm not "worried" about that cost, I would rather just pay PG&E electricity if the solar panel cost $300.
Just pointing out why capitalism + solar is a failure. Capitalism reprices the good thing to be equally expensive to the bad thing, so that nobody buys the good thing anymore.
A 3D printer, at least of the Prusa variety, is really just a bunch of stepper motors and a dumb motor driver executing a series of effectively "rotate by X steps" commands, which is what the gcode file is. It doesn't know what it's printing. It doesn't even know that it's a printer.
If they wanted a gate on designs it would have to happen in slicing software, not the actual printer.
Yup. Wait till our genius lawmakers figure that out! Then we'll have all software that can be used to do that job require registration and inspection to certify that it "won't print gun parts." Or maybe "all software" for good measure, in case any sneaky so-and-sos try to make an IRC client with a secret "slicing easter-egg." Better yet, all software of any kind has to be sold through an App Store so we can have Google, Microsoft and Apple gatekeep. That'll work. Gun problem solved.
Unable to find the article quickly, but, I read a compelling perspective recently: DoD vendors seeking to restrict use of 3d printed replacement parts that they would normally supply. There was some speculative tie-in with the recent wave of consumer level regulation.
“We’re basically saying, ‘Hey colonel, hey general, you have to make the decision. If a door handle is broken on an ISV, you need to get it into the field. If you think that replacement door handle is sufficient, send it out.’
“A lot of howitzers are down right now for very simple pieces that we could 3D print and have known how to 3D print, and actually have the design files to 3D print, but we haven’t done it,” Driscoll said. “So we, the Army, have kicked off a very aggressive approach to that.”
Indeed. I grew up in a a machine shop than ran both manual and CNC machines and spent my summers in front of mills and lathes running jobs. I now do industrial automation and machine repair. With that being said, yeah, no way will this work. Ever.
And software? My Bridgeport and Logan were built before computers were available to the home consumer. Good luck stopping someone like me.
http:// means port 80 unless specified otherwise
https:// means port 443 unless specified otherwise
ftp:// means port 21 unless specified otherwise
sftp:// means port 22 unless specified otherwise
...
The practical solution for TFA is actually just an nginx server running on port 80 with proxy_pass
...reply