They invented a hybrid attention design that drastically reduces the amount of memory needed for the KV cache at inference time. Like, dividing it by 10. And memory is a large part of the cost of inference.

Thanks for the correction, I was indeed wrong about that. I updated my comment accordingly.

Thanks for the correction! I updated my comment to mention it.

I mean, the poll was like as not a publicity stunt, to draw attention to the fact DDG is not doing AI. All the same, the fact they are making “no AI” a selling point is noteworthy.

EDIT: I stand corrected – apparently DDG does do AI presently. Hopefully they’re serious about reconsidering that, then.

Ah, that Techlicious link is a great find, thanks. It does lay out clearly what the theoretical concern is. That’s still a far cry from the “Google will start fingerprintint you” scenario that seems to have people up in arms.

Thanks for digging out this link, I really appreciate it.

Thanks – that’s an announcement about policy updates. I already read it and it says nothing about fingerprinting. The only change to underlying technologies it mentions is the use of e.g. trusted execution environments (the doc for which, per a further link, is in fact on github). Those seem to claim that they let announcers run ad campaigns through Google ads while keeping their campaign data provably locked away from Google. So, basically, all these links are about purported “privacy-enhancing” techs, and you’d be forgiven for taking that with an enormous grain of salt, but either way, nothing in there about fingerprinting.

The Guardian article basically paraphrases the Tuta one – or it’s the other way around, maybe – but does also not provide actual sources.

I just want a source on what fingerprinting Tuta is claiming Google will start using. I feel like the details of the purported fingerprinting techniques should be front and center to this discussion and I’m frustrated that the article entirely fails to provide that info.

I’m aware of fingerprinting techniques, thank you. The article is claiming that Google will start using some of those and I’m looking for the source for that claim, hopefully with specifics about which techniques are involved. Confusingly, the article does not appear to provide such a source.

You’d THINK the article would link to a source about the fingerprinting in question instead of 90% filler slop and ads for their own service… Anyone got a link?

Or the Dodgy. I’m partial to that one.

That, now, is indeed a genuine issue. Trump has stated that his end game is annexation, and experience has shown that when he sounds like he’s got a bee in his bonnet about something, however bonkers, he’s actually serious about it. So I’m not seeing him stop the aggression on Canada.

which I’m sure we did somehow

Trudeau sold him measures that Canada had already voted on. See this post from the end of last year. https://www.canada.ca/en/public-safety-canada/news/2024/12/the-government-of-canadas-border-plan-significant-investments-to-strengthen-border-security-and-our-immigration-system.html

Trudeau “caved” by giving Trump essentially zilch, apparently assuming – perhaps not incorrectly – that Trump would be that easily swindled.

The default actually works pretty well these days.

Messing with the EFI partition, for instance by attempting to have two of those on separate disks, will probably cause you more pain than Windows will. As far as I understand, only one EFI partition can be configured in BIOS as the boot partition, so you will have to change the configuration in BIOS whenever you want to boot to the other OS.

Windows does have a history of changing the default EFI bootloader once in a while; however your chosen bootloader is still there, just not marked as the default anymore. A Windows app like EasyUEFI will let you change the default back.

Windows 98 really sucked and running Unix at home became an option.

Was this a mistake?

Clarifying: are you asking if downloading the Proton Mail app through the Google Play Store gives Google access to your Proton account? If so, the answer is no.

Firefox’s stance on privacy, like Apple’s, is to some extent branding. Arguably it always was. You should still use Firefox (or any other third party browser) if it works for you. Ecosystem diversity matters.

They didn’t drop the don’t be evil thing. It’s still right there in the code of conduct where it always was, they just moved it to the conclusion of the document so it’s the last thing that remains with you. See for yourself: https://abc.xyz/investor/google-code-of-conduct/

The supposed removal is a perfect example of the outrage-bait headlines I’m discussing in another comment.

It’s not the company it once was, but there are also a lot of outrage-bait headlines about it that don’t hold up well to scrutiny.

For instance, there have been a lot of Lemmy posts about Chrome supposedly removing the APIs used by adblockers. I figured I’d validate that on my own by switching to the version of uBlock that is based on the new API. Well… As it turns out, it works fine. It’s also faster.

Mind you, figuring out the actual facts behind each post gets exhausting, and people just shutting down and avoiding the problem space entirely makes some sort of sense. That, and it is healthy for an ecosystem to have alternatives, so I’d keep encouraging usage of Firefox and such if only on that basis alone.

This is actually an excellent question.

And for all the discussions on the topic in the last 24h, the answer is: until a postmortem is published, we don’t actually know.

There are a lot of possible explanations for the observed events. Of course, one simple and very easy to believe explanation would be that the software quality processes and reliability engineering at CrowdStrike are simply below industry standards – if we’re going to be speculating for entertainment purposes, you can in fact imagine them to be as comically bad as you please, no one can stop you.

But as a general rule of thumb, I’d be leery of simple and easy to believe explanations. Of all the (non-CrowdStrike!) headline-making Internet infrastructure outages I’ve been personally privy to, and that were speculated about on such places as Reddit or Lemmy, not one of the commenter speculations came close to the actual, and often fantastically complex chain of events involved in the outage. (Which, for mysterious reasons, did not seem to keep the commenters from speaking with unwavering confidence.)

Regarding testing: testing buys you a certain necessary degree of confidence in the robustness of the software. But this degree of confidence will never be 100%, because in all sufficiently complex systems there will be unknown unknowns. Even if your test coverage is 100% – every single instruction of the code is exercised by at least one test – you can’t be certain that every test accurately models the production environments that the software will be encountering. Furthermore, even exercising every single instruction is not sufficient protection on its own: the code might for instance fail in rare circumstances not covered by the test’s inputs.

For these reasons, one common best practice is to assume that the software will sooner or later ship with an undetected fault, and to therefore only deploy updates – both of software and of configuration data – in a staggered manner. The process looks something like this: a small subset of endpoints are selected for the update, the update is left to run in these endpoints for a certain amount of time, and the selected endpoints’ metrics are then assessed for unexpected behavior. Then you repeat this process for a larger subset of endpoints, and so on until the update has been deployed globally. The early subsets are sometimes called “canary”, as in the expression “canary in a coal mine”.

Why such a staggered deployment did not appear to occur in the CrowdStrike outage is the unanswered question I’m most curious about. But, to give you an idea of the sort of stuff that may happen in general, here is a selection of plausible scenarios, some of which have been known to occur in the wild in some shape or form:

• The update is considered low-risk (for instance, it’s a minor configuration change without any code change) and there’s an imperious reason to expedite the deployment, for instance if it addresses a zero-day vulnerability under active exploitation by adversaries.
• The update activates a feature that an important customer wants now, the customer phoned a VP to express such, and the VP then asks the engineers, arbitrarily loudly, to expedite the deployment.
• The staggered deployment did in fact occur, but the issue takes the form of what is colloquially called a time bomb, where it is only triggered later on by a change in the state of production environments, such as, typically, the passage of time. Time bomb issues are the nightmare of reliability engineers, and difficult to defend against. They are also, thankfully, fairly rare.
• A chain of events resulting in a misconfiguration where all the endpoints, instead of only those selected as canaries, pull the update.
• Reliabilty engineering not being up to industry standards.

Of course, not all of the above fit the currently known (or, really, believed-known) details of the CrowdStrike outage. It is, in fact, unlikely that the chain of events that resulted in the CrowdStrike outage will be found in a random comment on Reddit or Lemmy. But hopefully this sheds a small amount of light on your excellent question.

One funny thing about humans is that they aren’t just gloriously fallible: they also get quite upset when that’s pointed out. :)

Unfortunately, that’s also how you end up with blameful company cultures that actively make reliability worse, because then your humans make just the same amounts of mistakes, but they hide them – and you never get a chance to evolve your systems with the safeguards that would have prevented these.

You won’t find the incompetence in the software no matter what.

If you fail to assume that the software contains issues – if you fail to understand that your software is made by humans and humans make mistakes, not because they’re bad but because they’re human – and if you fail to implement mechanisms to feel gracefully with inevitable failures, THAT is the incompetence.

Failures are systemic.