Hierarchical Reasoning Model is a new architecture that's inspired by neural computation principles observed in the brain, such as hierarchical processing, temporal separation of neural rhythms, and recurrent connectivity.
The bio-inspired design demonstrates significantly improved efficiency and accuracy on complex reasoning tasks compared with current LLMs.
The HRM architecture is designed to achieve significant computational depth while maintaining stability and efficiency during training. It consists of two interdependent recurrent modules operating at different speeds.
The High-Level module operates slowly and is responsible for abstract planning and deliberate reasoning. The Low-Level module functions rapidly, handling detailed computations.
A dual-module system allows the HRM to perform sequential reasoning tasks in a single forward pass without needing explicit supervision of intermediate steps. The model is also designed to be Turing-complete, meaning it can theoretically simulate any Turing machine, overcoming the computational limits of standard Transformer models.
Another interesting feature is the use of one-step gradient approximation, which improves efficiency by avoiding the computationally intensive backpropagation through time method typically used for recurrent networks. Avoiding backpropagation offers a constant memory footprint, making the model more scalable.
The model also incorporates an Adaptive Computation Time mechanism, inspired by the brain's ability to switch between fast, automatic thinking and slow, deliberate reasoning. The HRM is thus able to dynamically allocate computational resources based on the complexity of the task.
Despite having only 27 million parameters, the HRM achieves nearly perfect performance on difficult tasks like complex Sudoku puzzles and finding optimal paths in large mazes, areas where even advanced models using Chain-of-Thought (CoT) methods fail completely.
The HRM also outperforms much larger models on the Abstraction and Reasoning Corpus benchmark for artificial general intelligence. It achieved a 40.3% accuracy, surpassing models like 03-mini-high (34.5%) and Claude 3.7 8K (21.2%).
The model's design means that its training phase is much cheaper as well. It can be trained effectively with a small number of examples (around 1,000) and does not require pre-training or CoT data.
HRM conducts computations within its internal hidden state space which is more efficient than CoT where reasoning is externalized into token-level language. The externalization process can be brittle and requires extensive data to work.
Free Gui: Guilherme “Gui” Silva, a Brazilian immigrant, lawyer, and muralist, was detained by ICE earlier this month on San Juan Island in Washington state. Silva was a lawyer in Brazil, and moved to the US about eight years ago to pursue his art. He has a four-year-old daughter with his now ex-wife, and is expecting a child in just a few months with his wife Rachel Leidig. Two Fridays ago, masked ICE agents followed Silva from his home in unmarked vehicles, pulled him from his car, confiscated his cellphone, and detained him. When he asked to see an arrest warrant, they refused. Silva is married to an American citizen and is currently in legal proceedings to apply for a green card. The only blemish on his record that the Seattle Times was able to find was a $100 speeding ticket. The Department of Homeland Security said they detained him because he overstayed his tourist visa, which, let’s say it again together: is a civil violation.
At least not as bad as that one that let some LLM to control the server then get pissed at it when it deleted the production database theregister.com/2025/07/21/rep…
showed it to senior folks who said the results looked fine
Did anyone look at the code?
Also, what's a "multi-type"? Does he mean he needed to check a different field? Or are they doing something unholy without real schemas and got burned because they're mess confused someone! Also, why is a junior being moved between teams and touching production immediately?
I have so many questions.
The second one makes a ton more sense, and is pretty hilarious.
How do you know we’re not remotely close to AGI? Do you have any expertise on the issue? And expertise is not “I can download Python libraries and use them” it is “I can explain the mathematics behind what is going on, and understand the technical and theoretical challenges”.
I hold a PhD in probabilistic machine learning and advise businesses on how to use AI effectively for a living so yes.
IMHO, there is simply nothing indicating that it's close. Sure LLMs can do some incredibly clever sounding word-extrapolation, but the current "reasoning models" still don't actually reason. They are just LLMs with some extra steps.
There is lots of information out there on the topic so I'm not going to write a long justification here. Gary Marcus has some good points if you want to learn more about what the skeptics say.
So, how would you define AGI, and what sorts of tasks require reasoning? I would have thought earning the gold medal on the IMO would have been a reasoning task, but I’m happy to learn why I’m wrong.
I definitely think that's remarkable. But I don't think scoring high on an external measure like a test is enough to prove the ability to reason. For reasoning, the process matters, IMO.
Reasoning models work by Chain-of-Thought which has been shown to provide some false reassurances about their process arxiv.org/abs/2305.04388 .
Maybe passing some math test is enough evidence for you but I think it matters what's inside the box. For me it's only proved that tests are a poor measure of the ability to reason.
Large Language Models (LLMs) can achieve strong performance on many tasks by producing step-by-step reasoning before giving a final output, often referred to as chain-of-thought reasoning (CoT).
I’m sorry, but this reads to me like “I am certain I am right, so evidence that implies I’m wrong must be wrong.” And while sometimes that really is the right approach to take, more often than not you really should update the confidence in your hypothesis rather than discarding contradictory data.
But, there must be SOMETHING which is a good measure of the ability to reason, yes? If reasoning is an actual thing that actually exists, then it must be detectable, and there must be a way to detect it. What benchmark do you purpose?
You don’t have to seriously answer, but I hope you see where I’m coming from. I assume you’ve read Searle, and I cannot express to you the contempt in which I hold him. I think, if we are to be scientists and not philosophers (and good philosophers should be scientists too) we have to look to the external world to test our theories.
For me, what goes on inside does matter, but what goes on inside everyone everywhere is just math, and I haven’t formed an opinion about what math is really most efficient at instantiating reasoning, or thinking, or whatever you want to talk about.
To be honest, the other day I was convinced it was actually derivatives and integrals, and, because of this, that analog computers would make much better AIs than digital computers. (But Hava Siegelmann’s book is expensive, and, while I had briefly lifted my book buying moratorium, I think I have to impose it again).
Hell, maybe Penrose is right and we need quantum effects (I really really really doubt it, but, to the extent that it is possible for me, I try to keep an open mind).
I'm not sure I can give a satisfying answer. There are a lot of moving parts here, and a big issue here is definitions which you also touch upon with your reference to Searle.
I agree with the sentiment that there must be some objective measure of reasoning ability. To me, reasoning is more than following logical rules. It's also about interpreting the intent of the task. The reasoning models are very sensitive to initial conditions and tend to drift when the question is not super precise or if they don't have sufficient context.
The AI models are in a sense very fragile to the input. Organic intelligence on the other hand is resilient and also heuristic. I don't have any specific idea for the test, but it should test the ability to solve a very ill-posed problem.
I think we also should require to set some energy limits to those tests. Before it was assumed that those tests are done by humans, that can do those tests after eating some crackers and a bit of water.
Now we are comparing that to massive data centers that need nuclear reactors to have enough power to work through these problems...
Gary Marcus is certainly good. It’s not as if I think say, LeCun, or any of the many people who think that LLMs aren’t the way are morons. I don’t think anyone thinks all the problems are currently solved. And I think long time lines are still plausible, but, I think dismissing short time line out of hand is thoughtless.
My main gripe is how certain people are about things they know virtually nothing about. And how slap dashed their reasoning is. It seems to me most people’s reasoning goes something like “there is no little man in the box, it’s just math, and math can’t think.” Of course, they say it with a lot fancier words, like “it’s just gradient decent” as if human brains couldn’t have gradient decent baked in anywhere.
But, out of interest what is your take on the Stochastic Parrot? I find the arguments deeply implausible.
I'm not saying that we can't ever build a machine that can think. You can do some remarkable things with math. I personally don't think our brains have baked in gradient descent, and I don't think neural networks are a lot like brains at all.
The stochastic parrot is a useful vehicle for criticism and I think there is some truth to it. But I also think LMMs display some super impressive emergent features. But I still think they are really far from AGI.
Engineer here with a CS minor in case you care about ethos: We are not remotely close to AGI.
I loathe python irrationally (and I guess I’m masochist who likes to reinvent the wheel programming wise lol) so I’ve written my own neural nets from scratch a few times.
Most common models are trained by gradient descent, but this only works when you have a specific response in mind for certain inputs. You use the difference between the desired outcome and actual outcome to calculate a change in weights that would minimize that error.
This has two major preventative issues for AGI: input size limits, and determinism.
The weight matrices are set for a certain number of inputs. Unfortunately you can’t just add a new unit of input and assume the weights will be nearly the same. Instead you have to retrain the entire network. (This problem is called transfer learning if you want to learn more)
This input constraint is preventative of AGI because it means a network trained like this cannot have an input larger than a certain size. Problematic since the illusion of memory that LLMs like ChatGPT have comes from the fact they run the entire conversation through the net. Also just problematic from a size and training time perspective as increasing the input size exponentially increases basically everything else.
Point is, current models are only able to simulate memory by literally holding onto all the information and processing all of it for each new word which means there is a limit to its memory unless you retrain the entire net to know the answers you want. (And it’s slow af) Doesn’t sound like a mind to me…
Now determinism is the real problem for AGI from a cognitive standpoint. The neural nets you’ve probably used are not thinking… at all. They literally are just a complicated predictive algorithm like linear regression. I’m dead serious. It’s basically regression just in a very high dimensional vector space.
ChatGPT does not think about its answer. It doesn’t have any sort of object identification or thought delineation because it doesn’t have thoughts. You train it on a bunch of text and have it attempt to predict the next word. If it’s off, you do some math to figure out what weight modifications would have lead it to a better answer.
All these models do is what they were trained to do. Now they were trained to be able to predict human responses so yeah it sounds pretty human. They were trained to reproduce answers on stack overflow and Reddit etc. so they can answer those questions relatively well. And hey it is kind of cool that they can even answer some questions they weren’t trained on because it’s similar enough to the questions they weren’t trained on… but it’s not thinking. It isn’t doing anything. The program is just multiplying numbers that were previously set by an input to find the most likely next word.
This is why LLMs can’t do math. Because they don’t actually see the numbers, they don’t know what numbers are. They don’t know anything at all because they’re incapable of thought. Instead there are simply patterns in which certain numbers show up and the model gets trained on some of them but you can get it to make incredibly simple math mistakes by phrasing the math slightly differently or just by surrounding it with different words because the model was never trained for that scenario.
Models can only “know” as much as what was fed into them and hey sometimes those patterns extend, but a lot of the time they don’t. And you can’t just say “you were wrong” because the model isn’t transient (capable of changing from inputs alone). You have to train it with the correct response in mind to get it to “learn” which again takes time and really isn’t learning or intelligence at all.
Now there are some more exotic neural networks architectures that could surpass these limitations.
Currently I’m experimenting with Spiking Neural Nets which are much more capable of transfer learning and more closely model biological neurons along with other cool features like being good with temporal changes in input.
However, there are significant obstacles with these networks and not as much research because they only run well on specialized hardware (because they are meant to mimic biological neurons who run simultaneously) and you kind of have to train them slowly.
You can do some tricks to use gradient descent but doing so brings back the problems of typical ANNs (though this is still possibly useful for speeding up ANNs by converting them to SNNs and then building the neuromorphic hardware for them).
SNNs with time based learning rules (typically some form of STDP which mimics Hebbian learning as per biological neurons) are basically the only kinds of neural nets that are even remotely capable of having thoughts and learning (changing weights) in real time. Capable as in “this could have discrete time dependent waves of continuous self modifying spike patterns which could theoretically be thoughts” not as in “we can make something that thinks.”
Like these neural nets are good with sensory input and that’s about as far as we’ve gotten (hyperbole but not by that much). But these networks are still fascinating, and they do help us test theories about how the human brain works so eventually maybe we’ll make a real intelligent being with them, but that day isn’t even on the horizon currently
In conclusion, we are not remotely close to AGI. Current models that seem to think are verifiably not thinking and are incapable of it from a structural standpoint. You cannot make an actual thinking machine using the current mainstream model architectures.
The closest alternative that might be able to do this (as far as I’m aware) is relatively untested and difficult to prototype (trust me I’m trying). Furthermore the requirements of learning and thinking largely prohibit the use of gradient descent or similar algorithms meaning training must be done on a much more rigorous and time consuming basis that is not economically favorable. Ergo, we’re not even all that motivated to move towards AGI territory.
Lying to say we are close to AGI when we aren’t at all close, however, is economically favorable which is why you get headlines like this.
I have been trying to separate the truth from the hype, and learn more about how LLMs work, and this explanation has been one of the best one I’ve read on the topic. You strike a very good balance by going deep enough, but still keeping it understandable.
A question: I remember using Wolfram Alpha a lot back in university 15+ years ago. From a user perspective, it seems very similar to LLMs, but it was very accurate with math. From this, I take that modern LLMs are not the evolution of that model, but WA still appeared to be ahead of it’s time. What is/was the difference?
Thanks, I almost didn’t post because it was an essay of a comment lol, glad you found it insightful
As for Wolfram Alpha, I’m definitely not an expert but I’d guess the reason it was good at math was that it would simply translate your problem from natural language into commands that could be sent to a math engine that would do the actual calculation.
So basically act like a language translator but for typed out math to a programming language for some advanced calculation program (like wolfram Mathematica)
Again, this is just speculation because I’m a bit too tired to look into it rn, but it seems plausible since we had basic language translators online back then (I think…) and I’d imagine parsing written math is probably easier than natural language translation
That’s just the other side of the same coin whose flip side claims AGI is right around the corner. The truth is, you couldn’t possibly know either way.
The truth is, you couldn’t possibly know either way.
I think the argument is we're not remotely close when considering the specific techniques used by current generation of AI tools. Of course people can make new discovery any day and achieve AGI but it's a different discussion.
That's true in a somewhat abstract way, but I just don't see any evidence of the claim that it is just around the corner. I don't see what currently existing technology can facilitate it. Faster-than-light travel could also theoretically be just around the corner, but it would surprise me if it was, because we just don't have the technology.
On the other hand, the people who push the claim that AGI is just around the corner usually have huge vested interests.
In some dimensions, current day LLMs are already superintelligent. They are extremely good knowledge retrieval engines that can far outperform traditional search engines, once you learn how properly to use them. No, they are not AGIs, because they're not sentient or self-motivated, but I'm not sure those are desirable or useful dimensions of intellect to work towards anyway.
I think that's a very generous use of the word "superintelligent". They aren't anything like what I associate with that word anyhow.
I also don't really think they are knowledge retrieval engines. I use them extensively in my daily work, for example to write emails and generate ideas. But when it comes to facts they are flaky at best. It's more of a free association game than knowledge retrieval IMO.
"Dude trust me, just give me 40 billion more dollars, lobby for complete deregulation of the industry, and get me 50 more petabytes of data, then we will have a little human in the computer! RealshitGPT will have human level intelligence!"
Ummm no? If moneyed interests want it then it happens. We have absolutely no control over whether it happens. Did we stop Recall from being forced down our throats with windows 11? Did we stop Gemini from being forced down our throats?
Capitalism is just an economic system, I'm not sure what nukes has to do with it. It's not like billionaires directly own them, and we have to distribute the "nuke wealth" to the people or anything lol
The path to AGI seems inevitable - not because it’s around the corner, but because of the nature of technological progress itself. Unless one of two things stops us, we’ll get there eventually:
Either there’s something fundamentally unique about how the biological brain processes information - something that cannot, even in principle, be replicated in silicon,
Or we wipe ourselves out before we get the chance.
Barring those, the outcome is just a matter of time. This argument makes no claim about timelines - only trajectory. Even if we stopped AI research for a thousand years, it’s hard to imagine a future where we wouldn’t eventually resume it. That's what humans do; improve our technology.
The article points to cloning as a counterexample but that’s not a technological dead end, that’s a moral boundary. If one thinks we’ll hold that line forever, I’d call that naïve. When it comes to AGI, there’s no moral firewall strong enough to hold back the drive toward it. Not permanently.
Did you genuinely not understand the point I was making, or are you just being pedantic? "Silicon" obviously refers to current computing substrates, not a literal constraint on all future hardware. If you’d prefer I rewrite it as "in non-biological substrates," I’m happy to oblige - but I have a feeling you already knew that.
I haven’t claimed that it is. The point is, the only two plausible scenarios I can think of where we don’t eventually reach AGI are: either we destroy ourselves before we get there, or there’s something fundamentally mysterious about the biological computer that is the human brain - something that allows it to process information in a way we simply can’t replicate any other way.
I don’t think that’s the case, since both the brain and computers are made of matter, and matter obeys the laws of physics. But it’s at least conceivable that there could be more to it.
I personally think that the additional component (suppose it's energy) that modern approaches miss is the sheer amount of entropy a human brain gets - plenty of many times duplicated sensory signals with pseudo-random fluctuations. I don't know how one can use lots of entropy to replace lots of computation (OK, I know what Monte-Carlo method is, just how it applies to AI), but superficially this seems to be the way that will be taken at some point.
On your point - I agree.
I'd say we might reach AGI soon enough, but it will be impractical to use as compared to a human.
While the matching efficiency is something very far away, because a human brain has undergone, so to say, an optimization\compression taking the energy of evolution since the beginning of life on Earth.
Don't confuse AGI with LLMs. Both being AI systems is the only thing they have in common. They couldn't be further apart when it comes to cognitive capabilities.
A lot of people making baseless claims about it being inevitable...i mean it could happen but the hard problem of consciousness is not inevitable to solve
AI will not threaten humans due to sadism or boredom, but because it takes jobs and makes people jobless.
When there is lower demand for human labor, according to the rule of supply and demand, prices (aka. wages) for human labor go down.
The real crisis is one of sinking wages, lack of social safety nets, and lack of future perspective for workers. That's what should actually be discussed.
Not sure if we will even really notice that in our lifetime, it is taking decades to get things like invoice processing to automate. Heck in the US they can't even get proper bank connections made.
Also, tractors have replaced a lot of workers on the land, computers have both lost a lot of jobs in offices and created a lot at the same time.
Jobs will change, that's for sure and I think most of the heavy labour jobs will become more expensive since they are harder to replace.
Why would we want to? 99% of the issues people have with "AI" are just problems with society more broadly that AI didn't really cause, only exacerbated. I think it's absurd to just reject this entire field because of a bunch of shitty fads going on right now with LLMs and image generators.
Torsten Slok, chief economist at Apollo Global Management, recently argued that the stock market currently overvalues a handful of tech giants – including Nvidia and Microsoft –...
According to the suit, Ramacciotti was in need of money, and had a friend named Ethan Lipnik who worked at Apple as a software engineer on the Photos team – two facts that Prosser was aware of when he allegedly offered to pay Ramacciotti to break into Lipnik's development iPhone and show Prosser what the version of iOS running on the device looked like.
Ramacciotti, who frequently stayed at Lipnik's home, allegedly used location-tracking software to determine when Lipnik was far enough from home to be gone for an extended period. During such windows, he allegedly used the opportunity to obtain the passcode and access the device.
Apple isn’t a very pro WFH or remote work company from what I learned when I was job hunting, I’m honestly surprised they let a dev iPhone leave their campus.
There was a big scandal some years back because an Apple employee left a prototype phone at the bar/restaurant next to the campus, so they definitely do it. I’m a bit surprised that they didn’t crack down harder after that incident, but to be fair to this guy, he didn’t take it out and about and just took it home. I can’t say I’d be overly worried about something happening to it if it was just at my house, but I also don’t have people crashing with me frequently…
Former Apple employee here, hardware is almost never let off campus but software alone can be. For example software engineers working on iOS, like this guy, would probably have development builds installed on their personal devices. It's allowed but you're obviously not supposed to let anyone else see or use the new features.
Keep fighting the good fight comrade, just 20 more garbage "meme" posts per day and you will definitely convince the evil american liberals how wrong they are. Never stop posting.
Taken from github.com/yt-dlp/yt-dlp. Replace 480 with 1080. Multiple options in the documentation to choose from.
Download the best video available with the largest height but no better than 480p, or the best video with the smallest resolution if there is no video under 480p
The following numeric meta fields can be used with comparisons <, <=, >, >=, = (equals), != (not equals):
filesize: The number of bytes, if known in advance filesize_approx: An estimate for the number of bytes width: Width of the video, if known height: Height of the video, if known aspect_ratio: Aspect ratio of the video, if known
Others have given good examples for formats you were aiming for.
For bulk download, simply create a list.txt file in your target directory, bulk add all urls in separate lines. Then
Yt-dlp list.txt {your options here}
It is noteworthy that, instead of listing urls manually, you can also grab entire playlists from relevant platforms if that’s what you’re after, including preserving the playlist names as directory names. Same even goes for entire channels.
Incoming OpenAI executive Fidji Simo, who will start Aug. 18 as its “CEO of Applications” and report directly to CEO Sam Altman, sent a memo to employees Monday.
The Wendelstein 7-X stellarator in Germany set a record with 43 seconds of plasma, marking a major step toward clean, sustainable nuclear fusion energy.
Hey! Before we go any further — if you want to support my work, please sign up for the premium version of Where’s Your Ed At, it’s a $7-a-month (or $70-a-year) paid product where every week you get a premium newsletter, all while supporting my free w…
They wouldn't have to. They just release a ToS update, that no one reads, that gives them the right to look at all of the data sent for "optimization", or some other nonsense.
My basic understanding is that the concept of homomorphically encrypted data allows for processing of said encrypted data without the need for prior decryption.
Hence, it enables computations and processing on encrypted data (ciphertext) that yield results matching those from the original data (plaintext) without the data needing to be decrypted at any point.
The idea is that you could have your data stored encrypted, such that the entity that is storing your data can't read any of your data, but can still make calculations or updates to your data without ever learning anything about your data.
The use cases seems rather narrow to me, but there are probably many that I just can't think of at the moment.
One idea could be something like a VPN service that wants to store as little data about the customer as possible. They could keep the account balance in an encrypted format. When you then add money to the balance, they can increment your balance by however much you paid, without knowing what your old balance was or what the new balance is. And they could then have another homomorphic function that can check whether your balance is positive. If your balance is positive you are allowed onto the service, if it's not positive you don't get access. And the company wouldn't be able to know whether you had $5 in your account or $5000, just that your balance is currently positive.
So yeah fundamentally it's just being able to store and update some data, while the data is fully encrypted, never decrypting the data, to ensure some form of privacy or confidentiality
I understand that this is an analogy, but I feel this also weakens the encryption somewhat, as now a potential attacker could do a simple binary search on the encrypted data to deduce the absolute balance.
Why would any company use this in the first place?
The general public is not going to pay a subscription (ew another subscription?) they’re just going to use the free services. “I already pay for internet”
There is no reason for anyone to use this, as amazing as it is. That ship sailed long ago and the moment an MBA gets wind of what this’ll mean for the data broker industry, it will be lobbied into illegality, at least here in the US.
I don't believe this will work? I would have to see an actually working example though. With actual data, not matrix vector multiplications those are trivial.
Doing math on garbled numbers and then reverse garbling it? Easy. Doing text parsing on garbled text? Probably impossible, but I'd loveto be proven wrong. I also think you have to reveal what kind of functions you want used?
The homomorphism in category theory is often shown by a commutative diagram, where you can go from a point to another by interchanging the order of operations. In the below diagram for FHE, you can go from (a, b) to E(a*b) in two separate ways.
It works in the sense that the operations are performed on binary numbers, so text handling works the same way it normally does assuming the handler function is encrypted to match. Once you have multiplication and addition, you can make logic gates and general computing follows from there - although with the noise being amplified thru each logic gate, the more complex the functions the more bootstrapping is required and the less I see this being doable in the short term.
For a working example, check out apple’s homomorphic encryption page, they use it for landmark identification and afaik will be using it for siri whenever they get to that update. It’s slow but it’s already usable - I’m not personally convinced it’ll be used everywhere, but the technology is super cool and I hope it shows up more
assuming the handler function is encrypted to match.
Yeah, this is the thing I'm doubting / don't understand how that would work.
E.g. A* / navigation problems.
You send private start and goal points.
Either the stuff is truly private, then the program can't read it.
Or the program can read it, but then the owner of the machine the program runs on can just read it from memory.
It doesn't matter if it says "45124x5234234fgasdgf" or "Paris", because the program state will identify that. Even if you encrypt the entire location database (with stuff that's then fully known to the server) and it will still look up "45124x5234234fgasdgf" and the server can trivially decrypt that.
check out apple’s homomorphic encryption page
Interesting, but I'm more leaning on "they have a vested interest to lie about this" rather than "surely this is correctly working tech that keeps me safe". Like Amazons "AI supermarket" that was just a bunch of indians doing video surveillance.
And their explanation makes the same amount of sense as the blog post. I have no doubt that it can work for simple commutative math operations, over "smooth" domains. Where my doubt comes in is functions where the encryption would cause the operation to take place outside of the domain bounds.
How does an encrypted asin or acos work?
Anyway, thanks for the answer, I was recently impressed by GNU Taler, which also did something cryptographic stuff I didn't think was possible. So I'm not saying this is heresy and can't be done and trying to say it will work is forbidden, I just don't think the explanations so far are detailed enough.
The process as explained in this article has nothing to do with privacy. The problem with privacy is not that I send Google a query, it's they Google is scanning my machine, gathering cookie data, recording every move I make, mixing and matching my data with data from other sites, data from data brokers, also using third party cookies, etc etc etc...
Encrypting the query I make with Google isn't going to change much of that.
Staying safe whilst dating online should not be the responsibility of users—dating apps should be prioritizing our privacy by default, and laws should require companies to prioritize user privacy over their profit.
India has one of the highest rates of (desktop) Linux usages in the world - hovering around 10% according to StatCounter. Why is this? One reason is concerns over software controlled by foreign countries - particularly the US and China. But another is cost.
The first major boost for Linux and other free software in India came in 2006, when VS Achuthanandan - who passed away today - was elected Chief Minister of the state of Kerala. His government came up with a policy to shift all government computers to free software, starting with schools and colleges.
This is the first release where RISC-V 64-bit is officially supported by Debian Linux albeit with limited board support and the Debian RISC-V build process is handicapped by slow hardware.
With the Debian 13.0 release planned for 9 August, one of the notable fundamental features with this Debian 'Trixie' release is now supporting RISC-V as an official CPU architecture
This is the first release where RISC-V 64-bit is officially supported by Debian Linux albeit with limited board support and the Debian RISC-V build process is handicapped by slow hardware.
With the Debian 13.0 release planned for 9 August, one of the notable fundamental features with this Debian 'Trixie' release is now supporting RISC-V as an official CPU architecture
In tests involving the Prisoner's Dilemma, researchers found that Google’s Gemini is “strategically ruthless,” while OpenAI is collaborative to a “catastrophic” degree.
Flash never got in the way the same like js. My main take from the whole piece is how it has changed the way websites are developed, to match that of traditional software development. Like the need to deploy to change some text in the footer of our website
Ow my dear, you never used flash did you? We didn't even have 'deploys' back then, we needed to re-upload the entire container file, to change some text in the footer
Oh yeah, it's totally JavaScript that's the reason that news and magazine websites suck. It's totally not the financial incentives of advertising that cause them to only care about the user experience so far as they get clicks. This totally wouldn't have been the exact same result if new media did everything on the backend and underfunded their backend dev teams. /S
Jesus Christ, why do these inane articles keep coming up? The authors have the reasoning skills of "when I look into the sun my eyes hurt, therefor the sun is bad".
To be fair, there are a lot of inane articles saying this exact same thing about javascript. If its true, its ancient history, and I'm tired of it. I learned javascript when it was a babe, and watched many other platforms fall by the wayside. I'm not defending anything about it, but javascript works. Still.
Client-side scripting is a hack. HTML didn't have all the tags people wanted or needed, so instead of carefully updating it to include new features, they demanded that browsers just execute arbitrary code on the user's computer, and with that comes security vulnerabilities, excessive bandwidth use and a barrier-to-entry that makes it difficult to develop new browsers, giving one company a near-monopoly.
Cerebra AI is an artificial intelligence platform primarily used in emergency medicine for analyzing CT scans, particularly in stroke and critical care scenarios.
Although the standard itself does not require usage of encryption,[46] all major client implementations (Firefox,[47] Chrome, Safari, Opera, IE, Edge) have stated that they will only support HTTP/2 over TLS\ ~source:en.wikipedia.org/wiki/HTTP/2#E…
it's Mozilla etc.. that force it !
WebPages hosted on the TOR Network (for example) do not need SSL/TLS certificates ! so what we can't have the benefit of HTTP/2 WTF
To the developers of LibreWolf, can you solve this limitation ?
This experiment breaks a 5-bit elliptic curve cryptographic key using a Shor-style quantum attack. Executed on IBM's 133-qubit ibm_torino with Qiskit Runtime 2.0, a 15-qubit circuit, comprised of 10 logical qubits and 5 ancilla, interferes over an order-32 elliptic curve subgroup to extract the secret scalar k from the public key relation Q = kP, without ever encoding k directly into the oracle. From 16,384 shots, the quantum interference reveals a diagonal ridge in the 32 x 32 QFT outcome space. The quantum circuit, over 67,000 layers deep, produced valid interference patterns despite extreme circuit depth, and classical post-processing revealed k = 7 in the top 100 invertible (a, b) results. All code, circuits, and raw data are publicly available for replication.
Just weeks after Grok echoed neo-Nazi rhetoric and Holocaust denial, Musk unveiled “Baby Grok” — an AI app for children with no clear safeguards
Two weeks after Elon Musk’s Grok chatbot praised Adolf Hitler, suggested Jews control Hollywood, and spewed Holocaust denial, the billionaire entrepreneur announced plans to release a version for children.
It’s called “Baby Grok.”
“We’re going to make Baby Grok @xAI, an app dedicated to kid-friendly content,” Musk posted Saturday night on X, the platform he owns. By Sunday afternoon, the tweet had racked up more than 17 million views.
At the moment, Grok is mainly used on X, where users must be at least 13 years old.
It’s a head-spinning move for the world’s richest person, who earlier this month was under fire for allowing his company’s AI system to generate Holocaust denialism and white nationalist talking points.
Musk’s startup, xAI, released the latest version of Grok on July 9. The update — dubbed Grok 4 — was designed to compete with OpenAI’s ChatGPT and Google’s Gemini. Instead, it became the latest flashpoint in the ongoing struggle to put guardrails on generative AI.
Musk’s AI responded to user prompts with far-right tropes. When asked about Jews, Grok claimed they promote hatred toward white people. It echoed neo-Nazi rhetoric. It called for imprisoning Jews in camps. Other answers suggested the Holocaust may have been exaggerated. Some responses have since been deleted, but many remain archived online.
The chatbot’s responses didn’t emerge in a vacuum.
Grok is trained on a wide swath of online content — including posts from X — and like many generative AI systems, it mimics patterns in that data. Grok is the latest in a long line of machines built to “understand” humans — and perhaps the most willing to echo their ugliest impulses.
Just days after Grok’s stream of antisemitic posts, xAI signed a deal with the Department of Defense, worth up to $200 million, to provide the technology to the U.S. military. The company has not publicly stated whether the children’s version will be trained separately or filtered differently from Grok 4.
Musk has faced repeated criticism for amplifying antisemitic content on X, including a post agreeing with the “Great Replacement” theory, a baseless claim that Jews conspire to replace whites in the West.
In January, he posted Holocaust-themed jokes after appearing to perform a Nazi-style salute at an inaugural rally for President Donald Trump. Last year, he visited Auschwitz with right-wing commentator Ben Shapiro and suggested that social media might have helped prevent the Holocaust.
Now, Musk is touting Baby Grok — even as experts warn the industry isn’t ready for such a product. Generative AI models are notoriously difficult to moderate, and child safety advocates have flagged concerns about disinformation, bias and exposure to harmful content.
The announcement comes amid growing concern about the use of generative AI with minors. No federal guidelines currently exist for how child-targeted AI tools should be trained, moderated, or deployed — leaving companies to set their own rules, often without transparency.
I would like to use the geoip_module to have some "Stats" about my visitors..\
on the documentation we can read:
... using the precompiled MaxMind databases ...
.\ .\ .
But on the MaxMind website I'm facing a wall:
Sorry, we were not able to create your account. Please ensure that you are using an email that is not disposable, and that you are not connecting via a proxy or VPN.
So not working... And anyway I'm not a fan of using something compiled and more over not open source...
So do you know another solution to get GeoIP data with FreeNginx ?
Let me re phrase your answer:\ ... should be available in your distro repository...
indeed I've downloaded a couples of thing but nothing had what I was needed, but with the information within those packages I've found mailfud.org/geoip-legacy and it works like a charms
Secondo la versione più nota, un gruppo di 300 spartani guidati dal re Leonida affrontò eroicamente il gigantesco esercito persiano di Serse I. Ma se si scava un po' nelle fonti storiche, si scopre che la storia reale è molto più complessa e, se vogliamo, ancora più interessante.
There is no backdoor in Apple’s encryption. That’s the reason the US and UK governments have prosecuted Apple repeatedly. They can obtain iCloud data with a warrant, but are repeatedly pressing for real-time surveillance. The UK banned encryption without a backdoor, so Apple turned off encryption rather than compromising their standard.
In theory you can learn mind reading from some fantasy universe and check every Apple person. Or ask a crystal ball. Or use some other way to collect full information about our universe, check every rabbit hole, so to say, and then confidently confirm "there's no Apple backdoor here". "Here" meaning this plane of existence.
In practice yes.
EDIT: Forgot - the "refused to cooperate" and "they have disagreements" things even in daily wisdom don't change the probability of Apple having made backdoors. It's PR. You most likely won't learn it from the news if they do, in fact, cooperate.
I didn't say "prove", I used another word with bigger allowance. Of "likely backdoors vs likely not" kind. I wanted to say that their "public" conflicts with governments and their statements of the "trust us, we won't sell you" kind are all worth nothing, because being caught lying won't cost them anything.
When it’s enabled, they can’t access iCloud data at all, even with a warrant due to the fact it’s E2E with keys they don’t control. That’s what the UK got really mad about. But Apple shut the whole feature down for the UK in response to the backdoor ask.
It’s not different from the UK banning signal because it’s E2E encrypted and they can’t access it.
They’re likely only backing down now because of consumer/media backlash
Advanced Data Protection for iCloud offers our highest level of cloud data security and protects the majority of your iCloud data using end-to-end encryption.
Correct, standard iCloud data is accessible with a warrant. But the UK wanted their own backdoor so they have constant access without a warrant.
But with advanced data protection, Apple can’t provide the data because they don’t have the encryption keys, regardless of a warrant.
Important to note iMessage is always E2E encrypted though, so iMessages cannot be accessed even with a warrant. Advanced data protection just expands that to all iCloud data
iMessage is far more common in the US afaik. Whereas most people elsewhere will use WhatsApp or whatever, nobody in my extended family uses anything but iMessage to communicate
Really? Mine defaults to SMS if they don’t receive it as an iMessage message. I can’t recall it ever failing, only a long while back I would get a failure that prompts me to send as SMS - and I’d do it. It’s automatic now.
Not sure how long iMessage has existed, but it never properly worked for me on any iPhone, and neither for my partner. I also helped others change the settings to just default to SMS. By default it doesn't show that you need to send a SMS, and it definitely doesn't retry it, at least not in NL.
It should be renamed to, London plus all surrounding bits of land that we don't care about. It's a bit of a mouthful but it would be a more accurate name
That’s just every country, isn’t it? Seems like most of Spain has separatist movements; Provence and Brittany and Burgundy retain their sub-national identities; probably some in Tobago want to split from Trinidad. If Northern Ireland joined Eire no doubt the Loyalists would start clamouring to reverse that.
The whole having a backdoor to encryption is bullshit, that defeats the entire point.
I do understand that they want some kind of control on things like encryption, since criminals/terrorist/etc can abuse it as well. Keeping society safe is kinda important, and some level of transparency is used for that. This like deposited annual reports for example will help find companies/people funding terrorism.
But we should never completely compromise the privacy of individuals
The "big boys" were all pussies over sending western tanks and long range missiles to Ukraine, the UK was the first. There are very few things we can be proud of these days. But that is one of them.
We're friends with the Danes and don't wanna piss of the EU any more than we already have.
The last time we took over loads of countries, we committed so many attrocities. Like we made the Nazis look like pussy cats. Barack Obama wouldn't have a bust of Churchill in his office because his father was tortured in a concentration camp set up under him.
Meta says it won’t sign the European Union’s artificial intelligence code of practice agreement, warning that “Europe is heading down the wrong path on AI.”
On one hand, requiring calls to be done on the native app but not on the web one because "muh encryption" was always stupid.
On the other hand, the Native app was really well done. A well made app using the native OS ui toolkit is so rare. Now it's turning into yet another stupid web wrapper. I'm so sick of everything being a web page.
I've been using Librewolf for more than an year now, and Im using Mullvad Browser (MB) only for log into my e-mail and stuff more personal like that. Since Mullvad gives some very good filters about privacy, i'm using MB for these purposes.
However, i been thinking if i should use Mullvad Browser as my main daily driver browser. However, i need to use a dark mode/reader, since i like to have eyes and for me is super uncomfortable not using a dark mode.
I'm using the dark reader on librewolf, and i know this is make me more finger printable , but i cannot use a browser without a dark mode.
My question is if, either with a dark mode/reader on mullvad browser, this is better than librewolf in terms of privacy and security. Mullvad is more quick than librewolf in update terms , for which i search it. And other thing i know i can do, is create multiple profiles on mullvad and librewolf, to compartmentalize the things i visit / search... (for example, one profile only to check my emails, one for normal browsing, and so on.... )
and btw , on ubuntu, which is the better way in terms of security and privacy, to install the mullvad browser? via .deb ? snap? flatpak?
I love Charger8232's idea of a Privacy Flag. However, I don't love the design they proposed. In their post, I explain my disagreements.
As a form of vexillographical discussion, I would like to propose another design as the flag under which we anonymously toil in secret (I wish).
First off, nods to Charger8232's design - 1400x900 dimensions, and use of EU's Dark Power Blue (#003399) color. Love it.
Where we differ:
Designs
A shield, representing how we must actively guard our privacy. A lock, obviously, to show we want security with our privacy, and a dove showing that we just want to be left the F alone and peacefully not be subject to a mass surveillance state. We're not trying to be sketchy or do illegal stuff, we just want to be peacefully left the F alone.
Colors
Again, same use of Dark Power Blue, representing freedom and a nod to the GDPR. White representing peace. Black representing how I don't want people to see me. Color of field: Redacted.
Extras
Stripes to make it a bit more visually interesting. A lack of EXIF and meta data as the subtle fait accompli.
The color scheme is similar to that of Estonia. While Estonia is a leader in the EU's digital governance space, this is unintentional. As much as I liked Espresso Macchiato in EuroVision this year, there's no direct nod to Estonia.
I didn't want to just say "uh, I don't like it" and complain without doing something. So here you go.
It has always bothered me that privacy has no unified symbol. Every community has their own take on how privacy should be visualized. I want to unify the privacy community across the internet. It is my belief that, with a universal symbol for privacy, we will grow stronger. We will have a symbol to represent us. We will have a flag to fly.
Icon
The icon is a clipart created by librarian Gordon Dylan Johnson which can be found here. The size of the icon is large enough to still fit if the flag is cropped to a square/circular aspect ratio.
Dimensions
The size of the flag is 140 by 90 centimeters. These dimensions are chosen because of the dimensions of a Tor Browser window (1400x900 pixels).
Use this flag for group chats, communities, profiles, stickers, patches, articles, wallpapers, real flags, anything you want to! Spread it around so it becomes a global icon for privacy. Even put it on the Wikipedia page for privacy if you can!
Hey, I saw your comment in the other thread. Thank you for your engagement, this really shows that people care about their digital presence. However, in my opinion, your proposal is more related to data security than data privacy. I see how the two are interlinked but I really like the symbol of active resistance, symbolized by the hand, towards the big surveillance apparatus, depicted by the eye for a flag that represents privacy.
From a practical perspective, the other flag is also a bit simpler, if we replace the high-res hand with a simpler vector drawing.
I do like this version better than the other one with the detailed hand. That being said, to your point about data security, it's more so that we're sort of splitting a finite set of motifs. Even the icon for this community is a shield and an eye. The eye being the threat, not the community represented by the flag, IMO means minimizing the eye, though I can see how you would feel the "stop" hand in the eye does the same thing. I just don't agree with that.
Also, just me personally, the all-blue just seems boring to me. This blue is slightly bluer, so it doesn't give me the BSOD vibe at least, but this just seem closer to a logo for a data removal subscription service than a flag. Not that mine isn't exactly far from that either, but still.
The simpler hand design in this one is definitely better. I did have one thought that I wanted to pose, however. Would the fingers being together instead of apart make much of a difference? I can almost see this design being symbolic of a 'high five' instead of a 'halt!'
I agree. It was just addressing this one feedback, which pointed out the mismatch between the detailed style of the hand and the vector style of the eye. Besides that maybe we should completely overthink the choice of symbols and focus on something positive like other commenters have already mentioned.
So far I like this version the best. However, someone put up the human rights logo and I think it would do quite well here, since it’s a dove (as requested), but also looks a bit like a hand. Another request was the color black. Maybe make the pupil black? Pretty sure that covers the commitee’s requests.
Okay well as a random dumbass, I would see the logo with and eye and a and and my smooth brain instantly gets it..the bird logo, with out a text description...I got nothing
I'd like to commend your attempt here, and not sound discouraging or anything like that. Personally though, I like the other design a little bit better. Like another commenter suggested, this design seems to evoke security more than privacy. The shield and lock seem to be pretty commonly associated with those other meanings already. The dove being inside the lock definitely seems to overcomplicate things a bit too.
That being said, I do think your coloration and black undertones look better though and overall there's a bit more visual interest.
I appreciate it, and I threw this together in about 10 minutes, so it's just a spitball idea. Rather than seeming purely disparaging to the other person and their design by saying I don't like it and not offering anything else constructive.
Is this because you like the color or you think using an EU color is appropriate here? Cause if its the latter, EU is a privacy nightmare so hard disagree.
While that is true, EU is leading the world in some privacy invasions. Be it age verification or various initiatives to try and break E2EE. Those kind of efforts do not yet exist at even countries we would all agree are oppressive.
It was because that was mentioned by the original post as why they picked all blue. Which was largely about the GDPR specifically. So I went for it on that one item.
I personally associate freedom with white because its like a piece of unpainted paper. I associate peace with green because it is the color of plants which symbolizes nature.
If I understand security, it is a contrast to the active defence in that it is passive defence. If so, you could possibly play around with how these symbolically relate to each other. For deem looking at them as a two sided unity.
I social media, pur non influenzando direttamente il posizionamento SEO, giocano un ruolo cruciale nel migliorare la visibilità online di un sito. Condividere contenuti di qualità sui canali social aumenta il traffico al sito, rafforza il brand e favorisce la creazione di backlink naturali, tutti fattori che incidono positivamente sulla SEO. Inoltre, l'interazione con il pubblico e la condivisione frequente migliorano la fiducia e l'autorevolezza del marchio. Una strategia integrata tra social media e ottimizzazione SEO contribuisce quindi a una presenza online più solida ed efficace.
Buongiorno cari lettori! Oggi voglio parlavi di questa nuova collaborazione con Aboca editore. Mi sono avvicinata ai libri di Aboca da qualche anno e ora ho avuto il piacere di approfondire i loro testi grazie a questo libro che mi hanno gentilmente mandato dopo il salone del libro. Prima di tutto ringrazio la casa editrice e la responsabile ufficio stampa Elisa per la fiducia che hanno avuto nei miei confronti e in secondo luogo il blog che mi ha permesso di raggiungere notevoli risultati ed avere l’accredito. Iniziamo però questo racconto attraverso il libro Medichesse e di che cos’è per l’autrice e per me il dono della cura!
Titolo: Medichesse: la vocazione femminile alla cura
OGNI ERBA DOTATA DI SPECIALI POTERI, QUALUNQUE RADICE UTILE A GUARIRE NASCA IN TUTTO IL MONDO, È MIA.
Erika Maderna: scopriamo l’autrice!
Erika Maderna, laureata in Etruscologia e Archeologia Italica presso l’Università degli Studi di Pavia, si è stabilita anni fa nella Maremma toscana, spinta dal richiamo della terra degli Etruschi. Vive a Grosseto, dove insegna, scrive articoli, traduzioni e saggi di cultura e archeologia classica. Per Aboca Edizioni ha scritto: Aromi sacri, fragranze profane. Simboli, mitologie e passioni profumatorie nel mondo antico (2009), Le mani degli dèi. Mitologie e simboli delle piante officinali nel mito greco (2016), Con grazia di tocco e di parola. La medicina delle sante (2019), Medichesse. La vocazione femminile alla cura (2021), Per virtù d’erbe e d’incanti. La medicina delle streghe (2023) e La memoria nelle mani. Storie, tradizioni e rituali delle levatrici (2024).
Donne per le donne: quando la cura diventa dono
Donne, questo il grande tema del libro! Attraverso le pagine del saggio riusciamo ad accogliere ed apprezzare ruoli particolari del mondo femminile. L’autrice ripercorre il mondo della medicina e della cura come dono negli anni della storia dell’esistenza umana partendo dall’antichità fino al XVII secolo.
Un elemento che mi ha colpita particolarmente è la prefazione della Dottoressa Rita Pagiotti docente di botanica della prestigiosa Università di Perugia. Ho trovato interessante l’apertura mentale della dottoressa che anzichè additare come “pazze” queste donne le ammirava. Non è facile trovare qualcuno che possa avere questa opinione dal mondo accademico e ne sono rimasta piacevolmente stupita!
Altro aspetto molto interessante, dal mio punto di vista, è la bibliografia particolareggiata e che permette al lettore di approfondire ogni aspetto del libro tramite altri saggi altrettanto accattivanti. E’ visibile fin dalle prime pagine la profonda ricerca della Dottoressa Maderna e della sua passione per questi temi.
L’impalcatura e l’estetica del libro
Dal punto di vista della struttura del libro, troviamo sicuramente un font e interlinea agevole che permette al lettore di immergersi senza difficoltà nel testo.
Il libro è arricchito da elementi estetici come foto e tavole di botanica che rendono il testo ancora più interessante da osservare. Un elemento che apprezzo molto è quando il libro diventa oggetto estetico e in questo caso la casa editrice è riuscita a farlo nel modo migliore. Tra queste foto troviamo anche ricette antiche di Metrodora e Trotula, due delle più importanti medichesse di qiesto saggio.
La copertina è notevolmente curata, di buona fattura e che vale tutti i soldi del testo.
Il dono della cura: dentro e fuori!
Affrontare questo libro è sicuramente un momento di cura, di accettazione e di riflessione. Già dalle mie parole iniziali avrete capito che in generale ho amato questo testo ma approfondiamo meglio il perchè.
La lettura è molto rapida ad avvincente nonostante si tratti di un saggio e a prima vista possa risultare “pesante” o un ostacolo per chi non è avvezzo a questo mondo.
Ad esempio nel primo capitolo si narra di come le dee guaritrici e taumaturghe sono state declassate a maghe, streghe e fattucchiere e nel migliore dei casi diventate erboriste. Viene raccontato di come la loro conoscenza antica sia stata portata avanti dalle donne per via oracolare e nascosta, tramandata di madre in figlia e di come la medicina degli uomini sia sempre stata vista come “migliore” a discapito di quella delle donne che erano relegate a professioni come ostetriche o cosmetologhe. Nello stesso capitolo vengono citate a esempio Igiea e Panacea, figlie di Esculapio, che curavano e guarivano.
Riassumendo, ed andando alle conclusioni, ritengo che sia un testo che tutti gli appassionati delle erbe e della storia della medicina femminile e alternativa debbano leggerlo. La scrittrice permette di rendere di facile lettura argomenti storici, magari anche ostici, ed innamorarsi di ogni singolo personaggio citato.
Non vedo l’ora di leggere altro di questa autrice, il mio voto complessivo del libro non può che essere di 5 stelle su 5!
Vi ringrazio come sempre di aver letto questo articolo, per ogni curiosità o richiesta potete compilare il modulo sottostante.
Name Email* Message* Submit
Devi abilitare JavaScript nel tuo browser per inviare il modulo
Scegliere gli infissi giusti a Monza è essenziale per migliorare il comfort abitativo e l’efficienza energetica, considerando il clima subcontinentale e l’umidità elevata. Infissi moderni con vetrocamera o triplo vetro garantiscono isolamento termico e acustico, riducendo costi e rumori esterni. La scelta va fatta in base al contesto abitativo, alla sicurezza, all’estetica e agli incentivi fiscali disponibili. Tra le opzioni: infissi a battente, scorrevoli o vasistas, in materiali come PVC, legno, alluminio o compositi. Rivolgersi a esperti del settore assicura qualità, durata e un investimento sicuro.
La Rocca Maggiore di Assisi torna a ospitare il Riverock Festival, giunto alla 14ª edizione, dal 23 al 27 luglio. Cinque giorni di musica, cultura e incontri con artisti di rilievo: Fabri Fibra, Venerus, La Niña, Ginevra, Luzai, Joan Thiele, Dardust, Emma Nolde e Rip.
Novità 2025 è "Sotto palco", podcast dal vivo in collaborazione con Radio Glox: tre incontri nel Giardino degli Incanti (ore 19, ingresso libero) con showcase finali. Il 23 si parla di accessibilità nella musica live, con Tara. Il 24 si riflette sull’indipendenza artistica, ospite Lodo Guenzi (che si esibirà anche live). Il 25 si affronta il tema della sostenibilità del mestiere dell’artista, con Maurizio Carucci (showcase incluso).
Ogni sera spazio ai concerti: il 23 luglio torna Fabri Fibra con il nuovo album “Mentre Los Angeles brucia”; il 24 live Venerus, La Niña, Luzai e Ginevra; il 25 Joan Thiele, Dardust, Emma Nolde e Rip.
Il festival si chiude il 26 e 27 luglio con la seconda edizione di “Evanland – il festival internazionale del mondo interiore”: talk, workshop, letture e concerti. In scena Gio Evan con ospiti, Giulia Mei, Daddy G (Massive Attack), Quantic (dj set) e Roberto Cacciapaglia in concerto all’alba. Tra gli ospiti anche Vito Mancuso ed Erri De Luca.
Riverock Festival è organizzato dall’associazione omonima con il Comune di Assisi, il sostegno di Fondazione Perugia e i fondi PR-FESR 2021-2027 (Bando Spettacolo dal vivo – Anno 2024, Sviluppumbria).
Rocca Maggiore pronta ad aprirsi alla 14esima edizione del Riverock Festival. Ad Assisi arrivano Fabri Fibra, La Niña, Venerus, Ginevra, Luzai, Joan Thiele, Dardust, Emma Nolde e Rip Il cartellone anche il nuovo format “Sotto palco”, podcast dal viv…
(Disponibile anche in inglese / Also available in English)
Cosa significa davvero quando un brand di moda usa e getta ottiene un sigillo di sostenibilità?
Il paradosso
Che relazione c’è tra B Corp e ultra-fast fashion? Cosa succede quando la certificazione etica incontra un modello di business basato sull'iperconsumo?
Quando BusinessWire annuncia "Princess Polly diventa una Certified B Corporation™" e BOF la definisce "la concorrente USA-australiana di Shein con un bollino di responsabilità sociale", viene da chiedersi: è progresso o greenwashing ben confezionato?
Spoiler: la domanda è retorica.
Cos’è una B Corp?
«La certificazione B Corp valuta standard di responsabilità sociale e ambientale, ma non copre tutte le operazioni aziendali.» — This is Greenwashing
La co-CEO di Princess Polly, Eirin Bryett, presenta il certificato come prova del loro "impegno per pratiche guidate da uno scopo". Ma un brand costruito su sovrapproduzione e tendenze usa-e-getta può davvero essere "sostenibile in ogni aspetto"?
**Il punto cieco della B Corp: la sovrapproduzione ** Nel libro This is Greenwashing evidenziamo:
"La certificazione non affronta esplicitamente la sovrapproduzione, concentrandosi invece su materiali 'sostenibili' o compensazioni di CO₂."
L'ultra-fast fashion sfrutta l'obsolescenza programmata – eppure, alcuni brand ottengono il bollino B Corp grazie a iniziative marginali (packaging riciclato, donazioni), ignorando il cuore del problema: produrre meno.
Conclusioni
Non dubitiamo delle intenzioni di Princess Polly, ma i modelli di business parlano chiaro:
• Se il profitto deriva dalla sovrapproduzione, non è sostenibilità.
• Se incoraggi a comprare di più con un "bollino verde", è PR, non progresso.
B Corp + ultra-fast fashion = greenwashing in versione 'purpose-washed'.
❓Voi credete sia possibile un’ultra-fast fashion sostenibile?
Smaschera le bugie. Pretendi di meglio.
📘Scarica l'e-book (versione inglese):
books2read.com/u/bpgxOX
🇮🇹 Versione italiana in arrivo – restate sintonizzati!
Alaska Airlines grounded its fleet and that of a subsidiary Sunday night due to IT issues but resumed operations about three hours later, the carrier said.
Tired of the Linux/Docker “monoculture” for WordPress? This article guides you step-by-step through the secure installation of WordPress on FreeBSD using BastilleBSD. Discover how jail separation, performance, and the versatility of ZFS offer a more robus
Many people host WordPress on Linux, often using Docker. While this is a valid approach, there are excellent alternatives – sometimes even better ones – for getting your WordPress site online in a secure, reliable, and updatable manner. The goal is to make the web a safer place and avoid the computing monoculture that increasingly pushes toward uniformity of solutions and setups – an attitude that I believe is harmful even when the solutions are open source.
For this type of setup, therefore, I’ll describe how to accomplish everything using FreeBSD. The jail separation, performance, and ZFS versatility – all reasons that support this choice. This guide will serve as a foundation – everything will work at the end, but it won’t cover all possible combinations or configurations.
We’ll be using BastilleBSD, which supports both ZFS and UFS. While FreeBSD’s base system has everything needed to create and run jails, BastilleBSD is incredibly useful for managing them. Since it’s written in shell script and has no database dependencies, management and backups are straightforward. Furthermore, moving jails becomes extremely simple – either by using the bastille command directly or by copying the files (or datasets, if you’re using ZFS).
BastilleBSD also supports templates, but for this tutorial, we’ll perform the operations manually to understand each step.
First, install Bastille: pkg install bastille Next, run the setup process: bastille setup Now, bootstrap the desired FreeBSD release: bastille bootstrap 14.3-RELEASE update With that, BastilleBSD is ready to go.
Creating the Jails
Now, let’s create the jail that will contain Apache, PHP, and WordPress: bastille create apache 14.3-RELEASE 10.0.0.254 bastille0 Note: This command will only create and assign an IPv4 loopback address. For IPv6, the simplest solution is to assign an address for the jail directly to the host’s interface. To do this, note an available IPv6 address and assign it to the jail. For example, if the host’s network interface is vtnet0: bastille edit apache Add the following lines to the configuration file: ip6 = new;ip6.addr = "vtnet0|2001:0DB8:1::443/64"; Restart the jail: bastille restart apache Next, let’s ensure that connections to the host’s ports 80 and 443 are redirected to the apache jail: bastille rdr apache tcp 80 80bastille rdr apache tcp 443 443 Now, if using ZFS, let’s create a dedicated dataset for WordPress and mount it in the jail. The reason is simple: decoupling the Apache jail from the WordPress directory will allow for updates, rollbacks, etc. of the Apache jail without touching the WordPress files. I assure you that, in the long run, this approach will save many headaches. zfs create zroot/wordpressbastille mount apache /zroot/wordpress/ /usr/local/www/wordpress nullfs rw 0 0 Now, let’s create the jail that will contain MariaDB: bastille create mariadb 14.3-RELEASE 10.0.0.253 bastille0
Configuring the MariaDB Jail
Access the MariaDB jail’s console: bastille console mariadb Once inside, install the MariaDB server: pkg install mariadb118-server Enable and start the mysql-server service: service mysql-server enableservice mysql-server start Now, access the MySQL command line to set up the WordPress database: mysql Execute the following SQL commands (you should use more secure user, password, etc.): CREATE USER wp@10.0.0.254 IDENTIFIED BY 'password';CREATE DATABASE wordpress;GRANT ALL PRIVILEGES ON wordpress.* TO wp@10.0.0.254;FLUSH PRIVILEGES; Exit the MariaDB jail console to return to the host.
Configuring the Apache & PHP Jail
Now, let’s configure the apache jail. First, access its console: bastille console apache Inside the jail, install PHP and all the necessary extensions. We won’t install WordPress from the FreeBSD package – while it’s updated and maintained, I prefer to manage dependencies manually. It will be easier to manage updates in the long term, such as changing PHP versions, etc. At the time of writing this article, for example, the WordPress package depends on PHP 8.3 while I prefer to use 8.4. pkg install php84 php84-bcmath php84-bz2 php84-calendar php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-gettext php84-iconv php84-intl php84-mbstring php84-mysqli php84-opcache php84-pcntl php84-pdo php84-pdo_mysql php84-pecl-imagick php84-phar php84-posix php84-readline php84-session php84-shmop php84-simplexml php84-soap php84-sockets php84-sodium php84-tokenizer php84-xml php84-xmlreader php84-xmlwriter php84-xsl php84-zip php84-zlib Next, install Apache: pkg install apache24 Modify /usr/local/etc/apache24/httpd.conf to enable the required modules. Uncomment or add the following lines: LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so...LoadModule proxy_module libexec/apache24/mod_proxy.so...LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so...LoadModule ssl_module libexec/apache24/mod_ssl.so...LoadModule rewrite_module libexec/apache24/mod_rewrite.so Enable and start the Apache service: service apache24 enableservice apache24 start To optimize performance, enable PHP-FPM to listen on a socket. Modify the /usr/local/etc/php-fpm.d/www.conf file.
Comment out this line: ;listen = 127.0.0.1:9000 And add these lines: listen = /tmp/php-fpm.socklisten.owner = wwwlisten.group = www Now, we need to configure Apache to use PHP-FPM correctly. Create the file /usr/local/etc/apache24/Includes/php-fpm.conf and add the following: <FilesMatch \.php$> SetHandler proxy:unix:/tmp/php-fpm.sock</FilesMatch> Restart Apache for the changes to take effect: service apache24 graceful It’s good practice to copy the production PHP template to the final, modifiable php.ini file, which can be customized with the required options and limits: cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini Make any desired changes now (or later), then enable and start PHP-FPM: service php_fpm enableservice php_fpm start
Installing WordPress
Navigate to the web server’s root directory: cd /usr/local/www Download and extract the latest version of WordPress: fetch wordpress.org/latest.zipunzip latest.zip Set the correct permissions: chown -R www:www wordpress/ Now, create an Apache virtual host configuration file at /usr/local/etc/apache24/Includes/wordpress.conf – be sure to modify the “example.com” with your own real domain name: <VirtualHost *:80> ServerAdmin webmaster@example.com ServerName example.com ServerAlias www.example.com DocumentRoot /usr/local/www/wordpress <Directory /usr/local/www/wordpress> DirectoryIndex index.php index.html index.htm Options FollowSymLinks MultiViews AllowOverride All Require all granted </Directory> ErrorLog "/var/log/httpd-example.com-error.log" CustomLog "/var/log/httpd-example.com-access.log" combined</VirtualHost> Finally, restart Apache one more time: service apache24 graceful The server will now respond on port 80 with the specified hostname, but this is absolutely not optimal or recommended. It’s therefore appropriate to generate a certificate to enable HTTPS.
For a simple solution, I recommend installing certbot with the Apache plugin to manage everything through Apache: pkg install py311-certbot py311-certbot-apache In order to automatically renew the certificates, add this line to /etc/periodic.conf: weekly_certbot_enable="YES" And, once installed, generate the certificate: certbot --apache -d example.com -d www.example.com You can now proceed to connect to the specified URL and begin with the WordPress guided installation, remembering the authentication and database details (the host, in this example, is 10.0.0.253 – not localhost, since we installed it in a dedicated jail).
Congratulations, your site is installed and operational. Ready to receive content for publishing. It’s exposed on IPv4 and IPv6, with HTTPS (and automatic certificate renewal, managed directly by FreeBSD) and separated from the database.
Generally, I prefer to add an additional jail with a reverse proxy. This way it will be possible to install different software in different jails, ensuring that the reverse proxy “routes” requests correctly. I’ll explain this procedure in a future article.
While this is my inaugural FreeBSD post for the BSD Cafe Journal, I’ve actually written extensively on the topic for my own blog, it-notes.dragas.net
One of the reasons I’m always so happy to attend conferences and technical events (the real ones – not the flashy, sponsor-driven ones designed just to sell products or services) is because I get to meet amazing people and always come away having learned something new.
I’ve been using WordPress since 2006 and have been managing hundreds of installations from a sysadmin perspective. Over time, I’ve noticed a clear pattern: most hacks and compromises happen through plugins or outdated installations. And often, these installations (and plugins) become outdated because they’ve been patched together so messily that updating them becomes nearly impossible – especially when the PHP version changes.
To mark the launch of the BSD Cafe Journal, I’d like to share the link to a particularly interesting talk by Maciek Palmowski: “How we closed almost 1k plugins in a month — the biggest WordPress bug bounty hunt.”
What struck me right away was how much his analysis of WordPress security aligned with what I’ve seen over the years: WordPress, out of the box, is reasonably secure. It’s the plugins – often old, unmaintained, or poorly written – that make it vulnerable.
I highly recommend watching his talk. It’s definitely worth your time.
certainly this would be massive improvement for many people, if they were open to any change at all. the docker installs are most ridiculous, and it's bad opsec to have millions of carbon copies of the same game.
I think most WP users could and should use flatpress instead. I don't think my instances yet display how effective flatpress can be, but for simpler sites flatpress does the job.
that @stefano is very persuasive! He'll have you running a BSD before you know it. Obviously I'm immune to such subliminal marketing messages and peer pressure.
Unrelated: my current reading material is The FreeBSD Handbook 😂
in that case you should definitely not, under any circumstances, go to docs.freebsd.org/en/books/hand… where it is available as HTML, as well as a downloadable PDF version. 😉
In 2002, I asked my parents to buy a laser printer so I could "print academic material" - but really, I wanted to print the FreeBSD handbook. And it was incredibly helpful.
Ai Sigur Rós, band islandese formatasi nel 1994, va riconosciuto il merito di aver creato un "marchio" sonoro unico e inconfondibile. A quindici anni da Von, il loro album d'esordio, i Sigur Rós hanno mantenuto pressoché unico il modo di fare musica: timbro, lingua inventata e lunghi brani... Leggi e ascolta...
Ai Sigur Rós, band islandese formatasi nel 1994, va riconosciuto il merito di aver creato un “marchio” sonoro unico e inconfondibile. A quindici anni da Von, il loro album d'esordio, i Sigur Rós hanno mantenuto pressoché unico il modo di fare musica: timbro, lingua inventata e lunghi brani. Lentezza è il loro “mood” come anche la loro progressione artistica. Se questa costanza è sicuramente esempio di coerenza artistica può allo stesso tempo risultare abbastanza monotona. Da fan fin dai tempi di Agaetis Byrjun posso tranquillamente esprimerlo... artesuono.blogspot.com/2014/10…
I tempi di rifornimento di idrogeno e carburante, più rapidi in confronto alla ricarica delle batterie, non includono mai tutto il tempo necessario per portare idrogeno e carburante alle colonnine.
Stellantis ha annunciato lo stop allo sviluppo dei veicoli a idrogeno, ritenuti non sostenibili nel medio termine per costi elevati e scarse infrastrutture. L'azienda ha interrotto la produzione della gamma Pro One, ma senza impatti occupazionali
Moonrise2473
in reply to MirchiLover • • •Vibe coding service Replit deleted user’s production database, faked data, told fibs galore
Simon Sharwood (The Register)