> “This was an email address that looked like the real thing,” says Exempt, explaining the mechanics of how he tricked Charter Communications. “The real domain of the Jacksonville Sheriff’s Office in Florida is jaxsheriff.org. We purchased jaxsheriff.us and then spoofed our number as the department’s, so that when we called them to verify receipt of the legal process, when they searched the number, it would come back to the sheriff’s office, giving them no reason to doubt it. We use real badge numbers and officer names as well.”

I'm honestly impressed. It's an interesting situation where the companies can only verify the same information that the hackers have access to

"No problem, Deputy Smith. I'll call you back at your listed number now to complete your request."

What am I missing? Not doing this is negligent. Same advice we'd give to phishing targets.

Their listed number on jaxsheriff.us? What if they bought Google ads to get the first result for Jacksonville Office?

> The real domain of the Jacksonville Sheriff’s Office in Florida is jaxsheriff.org. We purchased jaxsheriff.us

This would not be an issue if RFC 1480 had been taken seriously.

Too many edge cases, some would still be exploitable. Eg if the real address was:

    Sheriff.CI.Jacksonville.FL.US

Malicious actors could register:

    Sheriff.Jacksonville.FL.US

Unless your solution is to add some verification step as part of .us registrations.

Can people register a subdomain of fl.us willy-nilly though? Isn't the root domain owned by the state?

From the RFC (note the "or businesses"):

   Name Space Within States:
   ------------------------

   "locality" - cities, counties, parishes, and townships.  Subdomains
   under the "locality" would be like CI.<city>.<state>.US,
   CO.<county>.<state>.US, or businesses. For example:
   Petville.Marvista.CA.US.

   "CI" - This branch is used for city government agencies and is a
   subdomain under the "locality" name (like Los Angeles). For example:
   Fire-Dept.CI.Los-Angeles.CA.US.

So you'd be counting on the sub-registrar of jacksonville.fl.us not to allow a registration for the fraudulent "business" of Sheriff, Inc. -- multiplied by every municipality across the country.

Many top-level TLDs have requirements you need to fulfill, .edu is a good example. Similarly you need to prove you're a local entity for many country-specific TLDs. At the end of the day though, this attack vector will always be there, no matter how diligent you are about it. Phishing is all about numbers and one in is often all you need.

Wouldn't make any difference, you'd just hack one email at any random sheriff department in the country. Or pay $5 for one, anyway.

How is this different than testing the temperature?

How does temperature explain the variance in response to the inclusion of the word "critical"?

It isn't, and it reflects how deeply LLMs are misunderstood, even by technical people

gpt-5* reasoning models do not have an adjustable temperature parameter. It seems like we may have a different understanding of these models.

And, like the other commenter said, the temperature may change the distribution of the next token, but the reasoning tends to reel those things in, which is why reasoning models are notoriously poor at creative writing.

You are free to run these experiments for yourself. Perhaps, with your deeper understanding, you'll shed new light on this behavior.

It surely is different. If you set the temp to 0 and do the test with slightly different wording, there is no guarantee at all the scores would be consistent.

And if an LLM is consistent, even with a high temp, it could give the same PR the same grade while choosing different words to say.

The tokens are still chosen from the distribution, so a higher probability of the same grade will result in the same grade being chosen regardless of the temp set.

I think you're restating (in a longer and more accurate way) what I understood the original criticism to be, that this grading test isn't testing what's it's supposed to, partly because a grade is too few tokens.

The model could "assess" the code qualitatively the same and still give slightly different letter grades.

The irony is strong here.

> Lest alone to use a distro with opaque financing sources that fully endorses government developed/sponsored platforms such as Signal and Tor.

So you're against Signal, Tor, and Graphene, and suggest to instead use.. Lineage?

Don't get me wrong, I love Lineage, it was my first custom ROM, but this seems a little tinfoil

It's inaccurate that GrapheneOS fully endorses Signal and Tor. The GrapheneOS founder was blocked by Moxie (when they were still leading the project) for criticising their approach. They have also warned countless times about the limitations and weaknesses of Tor.

Start menu loads in under 250ms seconds

I run Arch Linux on my M1, is that not arm?

No, you run an Arch derivative.

> Arch Linux is an independently developed, x86-64 general-purpose GNU/Linux distribution that strives to provide the latest stable versions of most software by following a rolling release model.

- https://wiki.archlinux.org/title/Arch_Linux

> This page complements the Installation guide with instructions specific to Apple Macs. The Arch installation image supports Apple Macs with Intel processors, but neither PowerPC nor Apple Silicon processors.

(emphasis mine)

- https://wiki.archlinux.org/title/Mac

(FWIW, I understand that there is benefit to good coverage of a narrower scope, but I do wish Arch would fold https://archlinuxarm.org/ into the main project and be officially multi-arch, but that is not the world we live in.)

Arch package manager here, there is ongoing work behind the scenes to support multiple architectures (aarch64, riscv, etc), but as our volunteers (myself included) are doing this in our free time, progress is up in the air.

That's great to hear:) Given the long-term existence of eg. https://archlinux32.org/ and https://archlinuxarm.org/ I had always assumed that this was purely a question of policy and that Arch had no interest in supporting anything else. I found https://rfc.archlinux.page/0032-arch-linux-ports/ ; is there anything else I could read to catch up on the state of things?

Core arch linux doesn't support it, it's an offshoot.

Is it normal for incubators to ask founding engineers to come over on tourist visas?

I'm not sure about that being a requirement but participation in an accelerator/incubator while in the U.S. as a business visitor is fine and common.

Isn't this what a PM does

Linux is fine now, and has been for at least the past 5 years if not more. Even HiDPI works just fine now which has been a pain point for a while (at least, it works great on KDE).

That being said, my daily driver is macOS ever since apple silicon released, purely due to the laptop hardware. I keep a reasonably powerful Beelink mini PC mounted under my desk running ubuntu server and most of my work happens there over SSH with Tailscale. If you're primarily a laptop user, I'd definitely recommend this set up (or something similar), you get the best of both worlds.

I switched a month or two on my desktop. Then when that turned out good, I switched my laptop to Linux, too. No hardware issues on either one, and the WiFi on the laptop works just fine. (My desktop is connected by Ethernet.)

I've been on NixOS full time for probably 1.5 years. 0 problems, other than some games that need kernel anti-cheat to run.

EDIT: I was also able to connect to my solar panel gateway trivially from the CLI just a few days ago.

I haven't had issue with WiFi on Linux in over a decade.

Sleep/Hibernate on the other hand; well, let's just say that fast boot times "solved" those issues.

Sleep is really most useful for laptops and I'm not sure fast boot really solves that use case as well as it does on a desktop (where you really never got as much out of sleep anyways since you're always plugged in).

Just like Windows 11 isnt Windows 95, Linux today isnt Linux from 1995. Even if you use Arch, with nothing configured, still in the install CLI its pretty much just: 'station wlan0 connect "SSID"' 'enter Password:*** ' Done and this is the worst case scenario, with arch, a minimalist distro, where most things arent there or configured by default.

raises hand As of this month, my Windows-only desktop gaming computer is now dual-boot, and I only boot back to Windows for a particular game.

The main pain-point was that the remote backup service had no Linux client. I ended up solving it with restic, but I acknowledge that isn't a turnkey solution for archetypal Aunt Tillie.

I built a new desktop PC last fall and every Linux distro I have tried this year has WiFi working out of the box. Contrast that with Windows where I need to keep the drivers on a USB stick so I can bootstrap myself on a fresh install

The MacBook I use for work sucks and has weird issues when it wakes up from sleep. I've started having to restart my computer to fix them. I can't remember the last time I've had to do that.

I think your Linux knowledge might be out of date by about decade.

Well, unless someone gets recommended Arch Linux as a first Linux experience

It sounds like you haven't configured Wi-Fi on Linux in the last 10 or 15 years. It just works these days.

With MacBooks I'm over the premium on unfixable hardware.

Pfft, when was the last time you installed Linux, 1998? Nowadays it's all about getting audio to work ;)

Kept feeling like it was about to say something interesting, but by half way through nothing else was said

Even as someone interested in Hytale, I'm not interested in your AI slop. This could have been a couple bullet points