JPEG XL

made a complaint https://github.com/GoogleCloudPlatform/gsutil/issues/1732

On the smallest GCP instances the iops aren't great[1], so if you create a fresh VM, and then run `sudo apt upgrade`, the `google-cloud-sdk` package can take around 20 minutes to update. Not a great look for people's first experience of cloud computing. [1]: They have a burstable system, so it is fine until you reach a certain level of usage, then slows to a crawl. Unfortunately the burst pool starts out empty on a fresh install.

https://markshreeve-tributealbum.bandcamp.com/track/fractured

<@167023260574154752> i have a couple yubikeys but i'm not sure what to do

how old are they

if they are quite old, they are kinda shit because the only widely supported thing in those is PGP, which sucks

less than a year

perfect

you can easily use them for SSH, some password managers instead of or in addition to a master password, and ofc WebAuthn

bro this made me laugh just by reading the headline

i'm interested in all of those, however, i don't know how to backup my key data securely

You cannot

There's no way to get data off of a yubikey

you need to ensure that both keys are set up properly for all your uses, and then store one in a secure location as a backup

what password manager can use it without a master password?

because bitwarden requires a password to decrypt so it's only used as a 2fa for accessing the server with the data

KeePassXC uses it for encryption and decryption, though actually I've never *tried* to have a zero length password, so I don't know if it would let you. I haven't tried because KeePassXC uses the old challenge response protocol instead of FIDO2, so there's no pin, only hitting the button.

Ok, it does let you not have a password

and it doesn't seem keepassxc has an option to use a server

can i put a certain key onto them?

yes

but keep in mind, yubis and similar devices have many different "applications" on them, which have different properties

So the PGP applet will let you upload PGP keys to it, meaning you could upload the same PGP keys to multiple yubis, and I believe that the PIV smart card applet is similar.

oh ok

Challenge Response allows you to set the secret seed.

But I don't think FIDO2 has anything about setting your own key.

There the idea is that the Yubi has its own secret master key, and generates application-specific keys on the fly.

This is how OpenSSH's FIDO2 support works. Creating a yubi-backed SSH key just generates a bunch of random nonsense (which becomes your private key file), and when you want to use SSH to sign something, that random nonsense is sent to the yubi which generates the real private key, to sign stuff or to generate the public key.

There is something called *resident* keys, but those are also generated on the Yubi, from whatever you send to it as above, but is stored so that you don't need to keep a copy of the original data.

SSH supports both options.

For website's that support WebAuthn, the original material that generates the private key is some combination of the URL (so websites can't pretend to be each other) plus some other data that the website thinks is important to the authentication process, like your user ID.

oh ok

I just read that Apple's implementation of Passkeys explicitly does not support attestation, so I guess attestation will never be a viable requirement for passwordless auth.

I wonder what the “densest” language is, in the sense of assigning meaning to the most sequences of sounds (possibly weighted by how often they would occur in other languages)

the thought occurred to me when I heard people speaking a language I don’t understand but from time to time, I could still interpret a few fragments as if it were English

it would be amusing if there was a language that made this easier

where you can just produce a random string of sounds and it means “my grandpa ate a rock rebelliously tomorrow”

basically https://stackoverflow.com/questions/11695110/why-is-this-program-valid-i-was-trying-to-create-a-syntax-error but for natural languages

didn't someone try to do that, something like a very small vocabulary

oh I was thinking of Toki pona which is just supposed to be easy

But I also remember reading something like all the spoken languages average out to the same speed/information density because of the amount of data a person can process

although if the intended use were to be not spoken to a human but instead a computer, that might be interesting

https://en.m.wikipedia.org/wiki/Ithkuil

thank you for sharing this

> so websites can't prtend to be each other

literally the point of TLS, right?

that's why i think having anything other than a signing/authentication key for communication with websites is overkill

obv use TLS once handshake is completed

now for p2p, i think having your own keypair is better

since p2p could imply that there are no trusted authorities except those verifiable by multiple channels

obligatory im not a professional cryptographer

the writing system seems odd, but seeing it i'm now interested in exploring what writing would be like if developed by computers

webauthn is kinda confusing. Why would you need many keys, each for own site? Why would it be managed on some kind of device thing, instead of just exporting and importing armored gpg key? Thought is there, but it's utterly unusable in practice.

It would be a very confusing language. Languages, like all forms of information coding, are always balancing two fundamentally contradictory things: compression and redundancy. In the case of languages, compression is mostly achieved by introducing new words that concisely describe something that would otherwise require many more words. Redundancy is achieved by using only a fraction of the code space (most pronounceable letter combinations are not actual words), by having grammar (imposing constraints and structure) and duplicating some pieces of information (like the French "ne... pas" or the combination of pronouns and conjugation). Without redundancy, it would be really easy to mishear something. Mishearing still occurs now even though all common languages are very redundant. If languages would be significantly less redundant (i.e. denser), I bet it wouldn't result in more efficient communication, just in more misunderstanding (which slows down communication a lot).

I doubt any language is optimal in that regard, since languages are mostly evolved, not designed, so I would expect them to reach only local optima, not global ones.

But I don't expect "maximum density" to be anywhere close to optimal, since it implies completely error-free communication channels which is not realistic at least for spoken languages.

No. A phishing website can trick you into entering your password for another site, but this is impossible with webauthn. The domain name is used as part of the key material used to generate the private key used to authenticate you.

how is this impossible?

why does extra authentication prevent lookalike sites from tricking you into entering that credential

Because you're not entering any credential

The browser takes the raw bytes of the domain name in the URL, and sends them to your webauthn device (yubikey, or tpm, or a soft device), which uses that as a seed to get a subkey from the secret master key.

The only thing you're ever entering is your pin code, which will be in a browser popup not in the website.

hold up

so you have to enter a password in a browser UI element

why is this not just a password manager

That is actually another thing supported by the webauthn standard, generating a specific value to be sent back, rather than a key to sign with

Though if anyone manages to ever get a hold of that value, they could log in

With a non-exfiltratable key, that is impossible, since a different message would have to be signed each time.

Also a pin is not a password :) Pins can be much shorter than passwords and still be secure, since you only have a few guesses until it locks itself.

Actually, some password managers are planning to implement the device API of webauthn, so that they can act as soft auth devices

a pin is absolutely a password

it's a magic phrase that if you know grants you access

Sure

Anyway, the point here is that webauthn is just a standard, that can be implemented in many ways.

I definitely wouldn’t expect it to be, but it _would_ be entertaining

I guess you could construct something that gets close to optimally dense by making a prefix code (say over an alphabet of syllables, to ensure it's pronounceable) based on n-gram probability distributions.

First of all, GPG in unusable, both in practice and in theory. If you used the same key across websites, its use could be correlated between websites, either by the website operators themselves trying to track you across the web, or by attackers. So it has a small privacy benefit. But the main benefit is domain separation (domain here used generically, not the DNS meaning). If the same key is used for many things, great care is needed to prevent confusion between different things. By baking the separation into the keys, it is much harder to fuck up and get the wrong thing signed. You do this with GPG too, with subkeys.

IIRC, languages that are denser tend to be spoken slower, while less dense languages tend to be spoken faster. So for spoken language, there may well exist an "optimal range" for human brains that we are already inside of with all natural languages.

oh, and WebAuthn is just the web version of FIDO2, which is used for all sorts of stuff. I use it for SSH and to sign git commits. It's nice that my ssh private key is literally unstealable and I don't even need to remember a really good password to do it.

just something about TPM that was mentioned in <#803574970180829194> I use TPM stored key to access 1Password without always typing full password, with TPM it just wants PIN (from Windows Hello) I have problem with last part here: https://support.1password.com/windows-hello-security/ > If you use other applications that ask you to authorize with Windows Hello, make sure you trust them. Using the Trusted Platform Module with Windows Hello delegates the responsibility of authentication solely to Windows Hello. A malicious application could prompt you to unlock 1Password to access your information. So any software on my PC can just decide to prompt for Windows Hello PIN and if I accidently type it, it will give it my 1Password password? and from here: https://1password.community/discussion/comment/640813/#Comment_640813 > I'm unsure if it possible to retrieve a list of applications specific to your device that have access Windows Hello. If this is an area of concern, it would be worth reaching out to Microsoft support for help or to see if this is possible. and here: https://1password.community/discussion/comment/641974/#Comment_641974 > There is no way to have additional secret entropy added in, since Windows doesn’t provide a secure place to store data that only our app can fetch (akin to the macOS keychain, for example). I dont know what did they think when creating TPM but why doesnt it have list of apps that can access TPM? Why doesnt it have separation of software, that one app cannot access TPM data for other app? Windows Hello prompt doesnt even tell you what app asked for authentification. You just have to trust that it's the last app you opened or interacted with. If MacOS Keychain can so it why not Windows? TPM should be improving security but the way it's implemented it seems more like security hole.

windows 2fa/passkey tells me what app sends the request

example

in Win10 and 1Password it looks smilar to this

but while searching for good example I found that many Windows Security prompts actually identify the app that is asking... so maybe it's fault of 1Password

https://news.ycombinator.com/item?id=37060528

When I view YT video it gets downloaded into my RAM, omg that means I am pirating, FBI will get me 😄

yeah, but still constant attempts from some companies to declare ytdl as something illegal

and here too

https://youtu.be/uf5FkGnb6RE

go nuts

https://www.androidpolice.com/firefox-bringing-back-full-extension-support-android/

oooo

how is it literally unstealable

If someone has access to your machine, why can't they steal your private key

how does your machine read your SSH private key

and why can't an attacker just do whatever that is, if your machine is compromised

it doesn't. everything involving the private key happens on the security key.

ssh asks the yubikey "could you please sign this", and then I have to approve it by clicking the button the yubikey

an attacker who took over my machine could trick me into signing something, but not get the key to sign unlimited stuff

Oh, it's a hardware device on which the private key is stored

and the OS never sees the private key, it just sees the signature. I see

yeah

Not sure how that's possibly able to be implemented on the web tho

webauthn is an api available in JS, and the browser has to forward that to your security stuff in whichever way

and what if I don't have a hardware security device?

the API will say that there's no device, and after that I guess it's up to the website to decide what to do

usually using these things is something you set up after you already have an account

why would I want to do that

the original use case was fool-proof 2FA

what if I want to access that account from any other device

what if my hardware key malfunctions? do I lose access to the site?

if you don't have an alternate way of accessing the site, yes

and if there exists an alternative way of accessing the site, how does that improve security in any way

if conventional password field authentication is still permitted

if used for 2FA, it's done exactly like any other 2FA: backup codes

2FA is designed to prevent a compromised machine from gaining access

that's... not something it accomplishes

Basically, I don't understand how a security hardware device improves security, beyond simply not having one, if you don't actually need it to authenticate

yes it does, and I don't think 2FA is intended that way. I mean, most 2FA impls depend on phones, either via SMS or via an authenticator app. But phones just like computers can log into websites, so you have a single device that has both the ability to do the login, and the ability to gain the second factor.

this is why I think 2FA is stupid

You could always throw the backup codes away

Then you do need it

personally I keep backup codes on a physical notebook in my apartment.

but my main backup strategy is having multiple security keys, so if I lose one I have more that I already registered.

Basically, what I'm saying is either (1) you need the device to authenticate (2) you don't need the device to authenticate (1) risks permanent lockout if anything happens to the electronics, such as a housefire. (2) risks nothing but also gains nothing as a malicious actor could just do that

The main thing both 2FA and security keys are supposed to protect against is people using stolen passwords, not compromised machines.

If that's the case then why are passwords stolen in the first place?

Sites don't store passwords in their databases - they store password hashes. The only way to gain access to a password is to compromise the user

either by tricking them, or compromising their client (e.g. computer)

database leaks are by far the biggest source of passwords, followed by phishing

databases don't store passwords

you're too optimistic

if your site is storing passwords in a database, and not password hashes, there's nothing you, as a user, can do, as that's a level of gross incompetence that cannot be fixed by you

anyway, I personally know how to use a password manager, so I don't have to worry about the most common ways passwords are stolen, but I find security keys very convenient

most people use the same password in multiple places

Those people don't use hardware security keys

You don't need a hardware device to use different passwords - software password managers make that painless

they do when the companies they work at make security keys the only way to log into company stuff

and they do when every iphone has a built in security key

makes me glad I don't buy apple products

just because it's built in doesn't mean you have to use it...?

It does if they require it

android is the same anyway

android is not hardware

no, but google wants this stuff in every smartphone

Essentially, I don't trust electronic methods for authentication that don't require human intervention

so far it seems to always require human intervention

A recovery password can be written down on a piece of paper, put in a safe, or mailed to your mom.

A master password can be memorized

But anything that doesn't require a human can be done with a compromised machine

as I said earlier, my yubikey requires that I click it for every usage.

on apple devices, you have to either input your pin code or use the biometrics every time

so what do you gain by having a yubikey then?

and again, what happens if it breaks?

nothing because I have 3 more?

are they all in the same place?

and frankly I literally never managed to memorize my master passowrd

what if your appartment burns down

it's a real question

one is on my keychain, one is plugged into my PC, one is stored at my dad's place

and not one that is exceedingly unlikely either

if you have one at a separate place, that's good

so the first thing I bought a yubikey for was to use to unlock my password manager

just as a convenience thing

So you don't have to type in your master password?

I do use a password too, but a much shorter one

unfortunately keepassxc doesn't support pin protected security key stuff yet, so I do want a bit more precaution

ah, I don't have any issue remembering my master password the only risk is I forget it, which I won't. I suppose unless I get hit in the head or something but then I have a bigger risk

I have my old one written down in the same notebook as all my backup codes

this was bad because it made me want to take that notebook with me in case I needed to unlock my password manager on my phone, lol

It might not be a bad idea to write it down and put it in the safe deposit box at the bank, since the master password is the only thing I need

my passwords are not randomly generated, they're procedurally generated using the domain name of the website and a hash of the master password. I wrote up a whole spec and a script for it, and they're both synced to the cloud

(among a few other fields)

the spec and script aren't useful without the master password (or rather, without its sha3-384sum)

after I set it up for keepassxc, I started using it for some other stuff. my ssh keys at home are normal and unprotected (because there's a 0% chance my computer will be compromised, yup, definitely) but on my laptop I only keep yubikey-dependant ssh keys, so that someone who steals my laptop while it's unlocked can't log into my PC.

nice

wait what do you do if you need to do a password reset on a site

one of the fields is "index"

ah

it's 0 by default, unless I need to change it to 1, for some reason

such as that one

and 2, etc.

<:kek:857018203640561677> I feel this tho I do have a passphrase for private keys that I consider to be particularly important

mm

like the one that gives me access to the FFmpeg infrastructure is a separate key that's not used for anything else

sensible

and I have it passphrased

which I have to enter every time I make a commit

(not that I do that very much, 95% of it is just jpegxl stuff)

the commits are also GPG signed but that's another can of worms

I have a few ssh keys on a usb stick on my keychain that are passphrase protected, but uh, I don't remember the passphrase

oops

I've started using SSH signing instead of GPG signing

very convenient since I already have SSH keys

I have one GPG key

which is in a keyserver

they did for the better part of 10 years/they always kept getting bigger

i think it started getting attention with titanfall 1, where I remember there was like 50gb of audio files

and then gta 5 with 7 discs

but if the update is that "big" then it's gotta be epic

i'm hyped

Yeah, most of the time all audio is WAV and all textures are 4K now with no 'HD Texture Pack' as an optional download. Not to mention cutscenes where 1 minute of video is a 1GB avi

The game engines haven't kept up with modern compression. It's either WAV or MP3, Bink video or none, ect

ogg is very popular also

Seems like Unity can accept OGG, MP3 or WAV, Unreal only accepts WAV and then compresses into XMA (A format used on the xbox360)

opus all da way

Highest disadvantage is that they're stuck on one device, or on devices from one vendor. I heard that Bitwarden and other password managers are working on storing keys in Vaults, but I'm not sure how would it work, is there API in browsers and OSes for that already?..

it's just FIDO2 / WebAuthn

But note: there's nothing stopping you from using devices from multiple vendors at the same time, or say having one yubikey and also registering bitwarden as a security key.

https://youtu.be/JcMKvhTUjiQ

Look what happens when you try to use #KilledByGoogle in YouTube

one reason game devs are still using vorbis over opus is the decode complexity

vorbis is much less complex, which tends not to matter for playback usually, but for a very cpu-intensive application like a video game where timing matters a lot, the cycles saved from vorbis over opus can be worth the ratio drop

especially since many games don't cache the decoded SFX in ram, as that would be too memory-hungry

Opus isn't *that* complex, afaik

Though I think the newer Xboxes have like 8 Opus DSPs

it isn't, but the issue has been brought up before

Chromium really is a new IE

https://news.adobe.com/news/news-details/2023/Adobe-Co-Founder-Dr.-John-Warnock-Passes-at-82/default.aspx

RIP

oh no

I might be mistaken, but IIRC it's BT.2020 but the peak luminance gets mapped to the displays luminance

well it could be 2020, srgb, rec 709 etc

it's designed as a fallback and probably wont get actually used

I may be mistaken but everyting you need is here and here https://manuals.plus/m/daba89fd26a25086fa5fbb4855bca4cf77e76cfecbf8bd748a139fcbdc220332#iframe https://web.archive.org/web/20171130183054/https://standards.cta.tech/kwspub/published_docs/CTA-861-F_FINAL_revised_2017.pdf

Continuing from the XML discussion: https://discord.com/channels/794206087879852103/794206170445119489/1143034575413575760

XML suffers from a lot of extra complexity by trying to solve every use case. Due to this is has complex features like references (needed for representing cyclical data structures), and the ability to reference other external documents. While it is theoretical possible to implement these features securely, it only takes a small slip-up in implementation for vulnerabilities to occur.

You see a lot of these same complexities in other serialisation languages, like YAML, or even specific things like python's pickle format.

JSON is nice as it is easy to understand and reason about, and restricts itself to a commonly supported subset of features. Because of this it can't represent every possible data structure, but works great for the 95% of cases.

JSON's also significantly more performant

since parsing it can be done without much more than a catalan string parser

ye but xmlllll :c

i love xml

xml best 💯

Json does not support comments, which makes it unsuitable for configs and such

you can argue that it doesnt need comments

Configs do not need comments?

Anyway, the worst format is YAML

Why

There exists supersets of JSON that support comments

There's even JSON libraries that support keeping track of comments so that when the data is reserialized, the comments can be written out again in the right places.

There's also CBOR: https://datatracker.ietf.org/doc/html/rfc8949

JUMBF (`jumb` boxes in jxl) allow storing various things (in a nested box structure), including XML, JSON and CBOR

https://noyaml.com/

Yaml has many of the issues that xml has, for essentially no gain

JSON originally had comments, but they were removed because people where putting parsing directives in them.

just put comments in strings

A lot of the most egregious issues with YAML are fixed with YAML 1.2 (though a lot of common parsers are still YAML 1.1), and it is a nice format for heavily nested config files. I wouldn't use it for data serialisation though.

yaml seems to be only useful for config

https://techcommunity.microsoft.com/t5/excel-blog/announcing-python-in-excel-combining-the-power-of-python-and-the/ba-p/3893439

Is python the new vbscript?

Yaml 1.1 and 1.2 are incompatible afaik, so what makes it better than, say, TOML?

Nested data structures. TOML is create for fairly flat config files, but gets ugly for data with more structure: ## YAML ```yaml title: Extract Instant Air Temperature description: | Extracts out the instantaneous 1.5m air temperature from a file and writes it to a new one. section: Grid Stat major_cat: Major Category 1 minor_cat: Minor Category 1 steps: - operator: read.read_cubes constraint: operator: constraints.generate_stash_constraint stash: m01s03i236 - operator: filters.filter_cubes constraint: operator: constraints.combine_constraints stash_constraint: operator: constraints.generate_stash_constraint stash: m01s03i236 cell_methods_constraint: operator: constraints.generate_cell_methods_constraint cell_methods: [] - operator: write.write_cube_to_nc # This is a magic value that becomes the runtime output file path. file_path: CSET_OUTPUT_PATH ``` ## TOML ```toml title = "Extract Instant Air Temperature" description = """ Extracts out the instantaneous 1.5m air temperature from a file and writes it to a new one. """ section = "Grid Stat" major_cat = "Major Category 1" minor_cat = "Minor Category 1" [[steps]] operator = "read.read_cubes" [steps.constraint] operator = "constraints.generate_stash_constraint" stash = "m01s03i236" [[steps]] operator = "filters.filter_cubes" [steps.constraint] operator = "constraints.combine_constraints" [steps.constraint.stash_constraint] operator = "constraints.generate_stash_constraint" stash = "m01s03i236" [steps.constraint.cell_methods_constraint] operator = "constraints.generate_cell_methods_constraint" cell_methods = [ ] [[steps]] operator = "write.write_cube_to_nc" # This is a magic value that becomes the runtime output file path. file_path = "CSET_OUTPUT_PATH" ```

IMO anything that uses spaces for syntax is a bad format to me, especially if it's one someone could be expected to write by hand

I mostly agree with you, and I would probably have gone with JSON in the above example if it supported comments.

Though to be fair I'm using it in a python context, so people are used to it.

yaml is scary

strictly speaking, you don’t _have_ to use spaces for syntax with yaml, you can use `{}`/`[]` notation like in JSON

some say that YAML is a superset of JSON; I haven’t verified whether it is strictly the case considering all edge cases and so on but it does seem to be at least roughly true

I think YAML 1.2 is meant to be a superset of JSON.

```json {"on": {"label": {"types": ["created"]}}} ```

JSON-like syntax can appear everywhere the value is allowed, including the topmost level

Below is a example of this [GitHub Actions workflow](https://github.com/MetOffice/CSET/blob/main/.github/workflows/pre-commit-update.yml) converted to JSON (which is also valid YAML). ## JSON ```json { "name": "Update pre-commit config", "on": { "schedule": [ { "cron": "48 3 * * 1" } ], "workflow_dispatch": null }, "permissions": { "pull-requests": "write", "contents": "write" }, "jobs": { "update-pre-commit-config": { "runs-on": "ubuntu-latest", "steps": [ { "uses": "actions/checkout@v3" }, { "uses": "actions/setup-python@v4", "with": { "python-version": "3.x" } }, { "name": "Install dependencies", "run": "python3 -m pip install pre-commit" }, { "name": "Hash existing config file", "run": "sha256sum .pre-commit-config.yaml > ${{ runner.temp }}/config_file_hashes" }, { "name": "Update pre-commit config", "run": "git config --local user.name \"$GITHUB_ACTOR\"\ngit config --local user.email \"$GITHUB_ACTOR@users.noreply.github.com\"\ngit switch -c \"pre-commit-$(sha256sum ${{ runner.temp }}/config_file_hashes | head -c 8)\"\npre-commit autoupdate --freeze\n" }, { "name": "Create pull requests", "env": { "GH_TOKEN": "${{ github.token }}" }, "run": "... Snipped for discord ..." } ] } } } ```

I was wondering how people were doing that

I had a dream that there was a page describing previous features in Internet Explorer and ActiveX, and that one of them was that IE allowed `<embed src="foo.exe">` with executables that use DirectX

it was able to redirect the DirectX calls so that the program would draw on the page

does that count as a nightmare?

I wouldn't put it past IE6

yeah I totally wouldn't be surprised if there actually at some point was a way to do something like that

> The ActiveX security model relied almost entirely on identifying trusted component developers using a code signing technology called Authenticode. Developers had to register with Verisign (US$20 per year for individuals, $400 for corporations) and sign a contract, promising not to develop malware. Identified code would then run inside the web browser with full permissions, meaning that any bug in the code was a potential security issue; this contrasts with the sandboxing already used in Java at the time.[11] okay, I was vaguely aware that there were security concerns with ActiveX but I didn’t realise it worked like that

real math done by a real professional math person:

reminds me of that shelach paper

What paper is that?

Shaharon Shelah, 2002:

https://arxiv.org/pdf/math/0102056.pdf

Lol

it was about this theorem

The one I posted is a slight restatement of a derivation done by John Conway in *On Numbers and Games*

The infinity sign is the gap between the reals and the positive infinite numbers

wdym by the "gap"?

also how does one take the big-omega'th root of what I presume is a surreal number

and not an ordinal

(what even is big-omega here?)

omega is just omega

Little omega is both a surreal number and an ordinal

Gap is like the gaps or holes in the rational numbers. The surreals are not Dedekind complete

oh by a divide you mean where you can do a clopen set

gotcha

a disconnection

i.e. R in the surreal numbers is like x^2 < 2 in the rationals

And a process similar to Dedekind cuts can produce objects outside the surreals that lie in these surreal gaps

but yea in this context I assume little-omega is being interpreted as a surreal number as one cannot take roots of ordinals

but what is big-omega

Big omega is the gap corresponding to the cut where the left side is the class of all surreals and the right is the empty class.

The Surreal ordinals do correspond to Cantor's ordinals, I'm pretty sure, just with some extra fun stuff

I'm pretty sure that big omega here is the same as the combinatorial game **On**

oh yea, but it's like trying to divide an odd integer by 2

you can't do it unless you interpret it as a rational

Mm

how do you do arithmetic on the gap, do you complete it with equivalence classes of cauchy sequences, assign arithmetic operations as sequence-wise, and then it Just Works™️?

If so, the gap between the finite and infinite is defined by which cauchy sequence?

(I figure the metric is just `|a - b|`)

I don't think Cauchy sequences can handle surreal gaps

that's what I thought, so how do you complete the surreals to add the gaps in a way that preserves the arithmetic structure?

dedekind cuts work on rationals if you add sets

but not for multiplication

so you need some kind of cleverness

I know some Games are in those cuts and some Games are very poorly behaved with regards to arithmetic.

So I don't think you can get something nice that just works?

I saw someone mention a paper that had something about a Dedekind completion of the Surreals, I'll find it again when I get home.

I thought surreal numbers were by definition games that were not fuzzy

so how would you have a game in one of those cuts that isn't a number

Up is a game that is bigger than 0 and smaller than all positive surreals, so it's in that gap.

What is Up? remind me

Tbh I forgot the definition of it

is that `{0|*}`?

no that's fuzzy

hm

actually no, it's positive

yea, that's Up

why is Up itself not a positive surreal?

Hm, I checked, and apparently surreal numbers are defined as ordered pairs of sets of surreal numbers, such that each element in L is strictly less than each element in R (when interpreted as games)

which is not the same thing as "all non-fuzzy games"

Yeah

Sorry I got distracted trying to refind a handy list of games

not much, you?

(couldn’t help it)

> Some gaps are important enough to deserve names. We use > "**On**" for the gap (**No**, {}) at the end of the number line, > "1/**On**" for the gap between 0 and all positive numbers, > "∞" for the gap between reals and positive infinite numbers, and > "1/∞" for that between infinitesimals and positive reals. > > For these gaps, we have > **On** = ω^**On**, > 1/**On** = ω^(-**On**), > ∞ = ω^(1/**On**), > 1/∞ = ω^(-1/**On**),

||OωO||

trying to figure out what the definition of **On** is here

does that mean everything on the left and nothing on the right?

Yeah

**No** is the class of all surreals.

https://cdn.discordapp.com/attachments/259470543160344586/1146547302006272181/Everything_is_chrome_in_the_future.mp4

😄 remains safari, firefox and Lynx !

iirc gaps have to create open sets right

so how is positive numbers and zero a gap?

I'd imagine the left set is not open

I don't understand what you mean

dedekind cuts rely on both intervals being open

the left and right side of the cut

That is not true

hm?

if you perform a dedekind cut on the rationals and it's not both open then you just get a rational at the endpoint

and the "value" of the cut is that endpoint, right?

so if you take all positive numbers and then all nonpositive, would wouldn't that cut be equivalent to zero?

sorry im very tired today so I'm having trouble getting anything sensible written

no rush

I should dig up that paper that apparently contained something about the Dedekind completion of the surreals I mentioned before

technically speaking Dedekind cuts aren't ever used in the surreals

the basic {L|R} construction is usually not named, but some literature calls it a "Conway cut"

Ok now I'm confused because I could've sworn I read about something about Cuesta Dutari cuts being a special case of Conway cuts but now I'm reading a description of surreal construction which just calls them all Cuesta Dutari cuts

and the notion of "Cuesta Dutari cuts" was also invented specifically to describe surreal numbers

I hate when sci-hub doesn't have something

and of course everything is complicated by the fact that the gaps in the surreal numbers *aren't* numbers

the gaps in the rationals are numbers (the reals), which makes for things being intuitive

meanwhile the non-numbers in the gaps of the surreal are only partially ordered, don't work well with multiplication

tbh I should read ONAG from the start instead of looking at the section about gaps

anyway, an important property of these cuts is that if all elements in L are smaller than the elements in R, then the resulting object is between the members of L and R. So if L is the class of all surreals <=0, and R those >0, then {L,R} denotes an object between 0 and >0. Finding the properties of these objects is left as an exercise to the reader (or you can read hundreds of pages of fun math)

Bonus points if the paper you're looking for does not have a doi for some reason

(~~If anyone has access to the Audio Engineering Society E-Library and could send me a pdf of 1 specific paper hmu~~)

if that's how numbers are defined, why is that a gap at all?

or is it because L and R aren't sets

yeah, I think so

If you have a set of surreal numbers, you can always define another surreal number that is unequal to any of those numbers. So the collection of all surreal numbers cannot be a set.

I do not understand the section on gaps in ONAG, so really, I cannot be one to explain this properly.

Though, doesn't help that Conway was rather handwavey and the only formal treatments appear to be hard to find papers >.>

Conway also says that each and every gap is a proper class.

So talking about many gaps at the same time is hard in any typical set theory.

ugh, arch messed up libtiff

if you are having issues with symbols not found, downgrade libtiff to 4.5.1-1

4.5.1-2 has linker issues and will cause your gdk pixbuffs to fail to load and your x server to fail to start

> downgrade libtiff to 4.5.1-1 your system is now unsupported!

I am slowly switching to NixOS

I am not sure if I will regret this

Everyone I know who uses NixOS love it

On the other hand, almost everyone I know who has tried to switch to NixOS, failed.

the idea behind nixos is quite nice, it's like using a modern package manager to build a root filesystem

I found it difficult to learn how to write configuration in nix language though

and config evaluation feels way too slow

sure but it works in the short term until they can published a fixed libtiff

https://bugs.archlinux.org/task/79579

So it's an issue with mozjpeg.

it appears that way

I installed libjpeg-turbo and the issue went away

And mozjpeg is also in AUR, so definitely not a Arch problem.

yea they closed it as not a bug for that reason

this is the reason why i prefer alt jpeg encoders not overriding my main libjpeg.so

thanks LinkedIn very helpful

maybe they really are looking for a software engineer

to write software to receive and manage all the chicken orders

I checked and it's not that

https://youtu.be/8UHbL0da9c4

… ok

Lol what is that? Lobster diagrams?

apparently

I love the lemon slices for the “C1q”

Hello, I am just wondering how to make my jpg files smaller before I try to put thousands of 5GB+ of them into word to create a PDF Photo Report out of them. Or how to make the old gaming laptop with only 16GB ram handle the task faster.

...and I prefer not to loose image quality or as little as possible. Any good ideas to help my use case?

or should I go some other channel for my question? I am new to here, so I have no clue

<@529048521714958388> this tool allows you to reduce the size of pre-existing JPEG files without quality loss https://github.com/tjko/jpegoptim/

it's a command line tool with no GUI although there may be some other program which has a GUI if using the command line is an issue

also using `--all-progressive` will help with file size when using that tool

is that software going to be easy for me to install and use? And do I have to bring up the command line in Windows ( how to do this?) or is there better way?

it requires command line however I'm pretty sure there are other tools that internally do the same task but with a GUI

Ill try to look for one with a GUI

command line like type cmd into the search bar and bring up the command prompt?

yes

if you are talking about reducing the size, do you mean the amount of pixels? because I want to try and keep the full resolution.

no the tool I have sent works directly on JPEG files to reduce their **file size** but not their quality or resolution so the before and after results are pixel Identical without visual loss of any kind

I would love to try it out, just not feeling so confident doing it on the company machine

It's the same as jpegtran -optimize, no?

Or jpegli, as an alternative to jpegtran. Similar command line stuff. To be tested for correct display of the colors in the pdf beforehand

However, jpegli isn't lossless

Discord somewhat recently added the ability to add custom domain connections to your profile.

<@794205442175402004> you and any other core devs could probably add "https://jpegxl.info" as a connection in Discord (maybe even non core devs? unsure if allowing non core devs would be wanted or a good idea although jpegxl.info is considered a community website of sorts but it's fine whatever you decide). Also keep in mind it does require some setup on the side of the website/domain for verification, I don't know the specifics but iirc discord provides the steps needed to set that up when you try to add a custom domain as a connection.

I assume more then one person can have a connection to the same domain although it's really hard to find any info about custom domain connections in Discord at all.

it's also useful to make a nicer and easier to remember redirect to invite link, for example like **discord.jpegxl.info**, as many communities do

You need to add a DNS record to the site per user trying to use it as a connection

Not sure if it works with more than 1

There's also an https method, but not sure as well if it works for more than one

linux kernel source tar.xz 132 MB

https://mastodon.social/@geerlingguy/111141304157539494

When you get into arguments and get angry with people you care about or don't care about, over completely contrived controversies, that you never would have known about without being exposed to it online or on TV... well then, politics has accomplished its goal of stealing your mental energy

posting this here for context: https://discord.com/channels/794206087879852103/794206170445119489/1156873267248889916

And preventing you from using that energy on building productive relationships with the people you interact with instead of arguing about whatever this month's assigned topic is.

What is everyone supposed to be angry about this month anyways? I don't know because I stopped reading the news.

Nevermind, I don't actually want to know what the assigned topic of this month is anyways...

I would rather talk about what's actually on my mind without the influence of the media.

you can't not be influenced from the media

What do people think about, before they get their head bogged down with worthless trivia they read online?

they think about nothing

because that's not how it works

I think what people think about and consider important beforehand is more important than whatever information gets amplified by the TV and social media

I think that the whole purpose of most of this worthless information and artificial debates is to distract people and waste their energy

And especially to waste energy fighting with each other about controversies that didn't exist until they read about them

To get people to hate each other and feel like their lives are under attack or at stake

When it wasn't before

It is a very good distraction.

A very very effective energy vampire

The whole purpose of its existence is to be important and be something to argue about

Just like politicians themselves.

The more it ruins your life the more successful it is

Anyways that's my hot take for tonight...

Hope everyone thinks about what really matters to them and practices forgiveness and patience with others. :)

While at the same time protecting their own sacred mental energy

the problem is that what matters to you is different from someone else

so when two ideas are against each other, that's when you need politics

you can choose to live in a bubble, then you shouldn't be against anything that people decide for you

Or just agree to disagree and not go on a holy war.

And try to give people space to be themselves.

Rather than telling everyone how things need to be

that's still politics

The whole idea of politics is wrong fundsmentally

no?

politics exists to compromise on the needs of everyone

It's literally designed to waste our time and prevent us from having a productive frienfship

my mere existence is because of politics

and so is yours

and i'm thankful that there are rules in place that allow me to be alive

I exist regardless of anyone's beliefs.

Rules only exist if people believe in them.

i get it youre a liberal

Unless it's a rule like... gravity...

Sorry, I just am myself and I only know how to be myself.

But you can call me whatever you think makes it easier to figure me out

People do that anyways

that is the definition of libertarianism

i assume youre also economic right

I wouldn't know. I just worry about being true to myself.

that kind of thinking is toxic you may aswell stop existing

You can be yourself too, even if it's different than me.

if all you care about is yourself.

since in your bubble, you don't want to affect anybody and you don't want to be affected by anybody

Well I worry about being true to my heart more than being true to someone else's ideology so if that makes me toxic in your eyes, that's an interesting perspective.

but do you agree that others should be able to be true to their heart?

or is it only you

in your world view

I think people should be true to their heart and not live someone else's life.

now how do we do that...

It's not easy :) everyone wants to tell us how to live and think

And define us and put us into a neat box

Classify everything into neatly defined groups

And then make them at war with each other for fun

so how would you do it?

Use gratitude to help you stay in the present? That would be a good start.

unfortunately not everyone has the luxury to be dealing with that

Think of all the things you're thankful for in order to ground you in the present and think of what's actually here rather than what isn't here

😔

People like to talk about freedom but freedom is a state of mind. What I want is a form of awakening. The freedom I want can't exist if everyone still thinks inside the same box.

That isn't what most people want to hear and it isn't what most people are even ready to hear and understand but that's the truth. Nothing will ever change until the way we think changes

People have confined themselves in a box they have to break out of first.

politics can’t not exist https://en.wikipedia.org/wiki/Politics > Politics (from Ancient Greek πολιτικά (politiká) 'affairs of the cities') is the set of activities that are associated with making decisions in groups, or other forms of power relations among individuals, such as the distribution of resources or status. The branch of social science that studies politics and government is referred to as political science.

at most, you could say that the current way that we approach politics is wrong

but it would be useful to be more specific than that

i'm on the side of economic freedom but I can at least acknowledge poor people exist

Government and religion are two names for the same thing