then either your drives are overprovisioned or read-mostly.

it's not that hard to hit 300 cycles on flash.

it's all 4TB or larger plus the drives do wear leveling internally.

I find it very odd that there is so much faith in "innovation" (and probably "economies of scale").

there is no sign of any impending breakthroughs that would change flash economics much.

slc-mlc-tlc-qlc was very nice but plc will not happen. layer-based flash was also nice but it is ultimately linear (more layers, more cost, lower yield). dimensional shrinks are already stalled because of a tragic electron shortage (per cell).

I guess there's no harm in pining for some other NVRAM technology (spins, etc).

I'm still pining for Optane to make a comeback.

Didn't help that they used "Optane" for two very different products. I agree on the good one though !

the interesting thing is that scaling laws (at least Moore's and the like) are complete lies. (Moore is fine if you treat it as a weak observation that shrinking features to half gives you 4x as many devices in the same area.)

what happens is that the industry goes through certain discrete technical upgrades. for instance, EUV in fabs, or GMR disk heads. none of these are really planned, none of them are exponential. and they usually interact with other phenomena (such as Dennard scaling).

in a sense, the phenomenon is more like "expectations are exponential, and this motivates manufacturers to schedule updates".

hard disks are still improving, arguably similar to how they have in the past, but there are limits to demand. the consumer market has mostly dropped out, for instance due to flash.

even in flash, there is no exponential scaling in devices. people got excited in the initial startup, when for instance, mature TLC is so much better than early SLC. but all that's over: it's both mature and we'll probably never see PLC. even QLC is interesting in that it illustrates that most of our storage is very cold.

if your model is that linux is just about single-user desktops, this local exploit isn't too bad. or if your model is nothing but DB servers or the like.

mystifying to me that shared, multi-user machines are not thought of. for instance, I administer a system with 27k users - people who can login. even if only 1/10,000 of them are curious/malicious/compromised, we (Canadian national research HPC systems) are at risk. yes, this is somewhat uncommon these days, when shell access is not the norm.

but consider the very common sort of shared hosting environment: they typically provide something like plesk to interface to shared machines with no particular isolation. can you (as a website owner or 0wner) convince wordpress/etc to drop and execute a script? yep.

> if your model is that linux is just about single-user desktops, this local exploit isn't too bad.

For example, if you have passwordless sudo, you've already got a widely known LPE vulnerability lurking on your system.

Only for your user, and it means a keylogger on the system if it gets rooted can't pull your password to try on other machines. Personally I always either login as root or use passwordless sudo.

Yubikeys are also surprisingly annoying when setup for the as well. A working developer just needs sudo a lot.

Realistically a "sudo button" would be handy, on the keyboard, with a display to show a confirmation pin for the request (probably also needs a deny button so you can try and identify weird ones).

Sounds like a good use case for that new Copilot button you see on newer keyboards.

You don't even need a button. Just a secure dialog like Windows has.

I mean, that's what you have pinentry for.

hmm have i missed anything?

Any program on your computer can just run "sudo" to escalate itself.

The problem is not the passwordless sudo but running untrusted programs on your computer under your user. They don’t need sudo to steal your SSH keys or inject malicious code in your .bashrc.

Ubuntu is not really targeting multi-user any more. Security update installation is deliberately delayed for all users, until at some point all unprivileged users ended all processes launched from the vulnerable snap image. (Firefox RPC breaks when you replace the binary, so having to reopen your browser to keep opening tabs simple because security upgrades were applied in the background would be inconvenient)

I guess most of this is mobile use in India.

"Raping society" seems an appropriate term, though a better metaphor is cutting a public forest or mining in public lands, which are other examples of converting public properties into private properties.

Actually I, and apparently many others, would have no problem with the fact that companies like OpenAI or Google have gathered huge amounts of information from all over the world into their training sets.

What bothers me is that I do not have access to the same information. If I would try to run a bot, it would be blocked immediately by all sites. If I would copy pirated books or movies, that is supposed to be punishable legally.

None of what is forbidden for me was forbidden for the big companies. What I want is not that they should be punished, but I want for myself and for any other people the same rights, i.e. access to the same training sets.

For now, I must be grateful that a part of the hoarded information is available for the public in a non-deterministic manner in the existing open-weights models.

This is much better than nothing, but I would prefer access to the training sets, even if in that case the AI companies would keep for themselves any trained models. There are many tricks that they have used during training, but by far the input training data is much more important, since anyone can discover better training algorithms.

What I find unacceptable is that now they consider as their private property what they have mined from public lands.

> What I find unacceptable is that now they consider as their private property what they have mined from public lands.

So how do you propose to fix that without a law similar to copyright? (At least similar to the intent of copyright, the specific implementation leaves much to be desired, obviously.)

While I don't agree with your conclusion, I like the phrase -- "raped society" does quite well capture the feeling of violation I think many feel at having their own publications turned into machines meant to impoverish them.

GNU was never anything but a flag-of-convenience. The number of people who take RMS seriously was and is small.

I wonder if anyone in trumpland has thought of a T-branded distro.

Considering that most distros are basically just a new set of desktop backgrounds, this seems like a sure thing!

Yes. Noting that yum and dnf are basically the same.

dnf replaced yum, didn't it? I had it in my head that they were like apt and dpkg, but apparently not.

I need to get get into Redhat^W Fedora^W Rocky again some time soon.

Let me guess, you're impressed by desktop decorations and which file-browser is the default.

Ubuntu differs from Fedora only in newbie stuff, for instance.

Fedora pisses me off more than Ubuntu does, and Ubuntu pisses me off least of all distros, except for Alpine which pisses me off in totally different directions for different reasons to all of the "proper desktop" distros.

All OSes are shit.

Even the ones you like.

Even the ones I like.

Especially the ones I like, I guess.