In The Cuckoo’s Egg, Cliff Stoll (correctly) identified that a German hacker working for the KGB attacking his systems in Berkeley, California and bouncing through intermediate systems was likely in Europe, based just on a round-trip latency measurement of Kermit responses, which is a lot more primitive than the above:

So I reopened our doors and sure enough, the hacker entered and poked around the system. He found one interesting file, describing new techniques to design integrated circuits. I watched as he fired up Kermit, the universal file-transfer program, to ship our file back to his computer.

The Kermit program doesn’t just copy a file from one computer to another. It constantly checks to make sure there haven’t been any mistakes in transmission. So when the hacker launched our Kermit program, I knew he was starting the same program on his own computer. I didn’t know where the hacker was, but he certainly used a computer, not just a simple terminal. This, in turn, meant that the hacker could save all his sessions on a printout or floppy disk. He didn’t have to keep notes in longhand.

Kermit copies files from one system to another. The two computers must cooperate—one sends a file, and the other receives it. Kermit runs on both computers: one Kermit does the talking, the other Kermit listens.

To make sure it doesn’t make mistakes, the sending Kermit pauses after each line, giving the listener a chance to say, “I got that line OK, go on to the next one.” The sending Kermit waits for that OK, and goes on to send the next line. If there’s a problem, the sending Kermit tries again, until it hears an OK. Much like a phone conversation where one person says “Uh huh” every few phrases. My monitoring post sat between my system’s Kermit and the hacker’s. Well, not exactly in the middle. My printer recorded their dialogue, but was perched at the Berkeley end of a long connection. I watched the hacker’s computer grab our data and respond with acknowledgments.

Suddenly it hit me. It was like sitting next to someone shouting messages across a canyon. The echoes tell you how far the sound traveled. To find the distance to the canyon wall, just multiply the echo delay by half the speed of sound. Simple physics.

Quickly, I called our electronic technicians. Right away, Lloyd Bellknap knew the way to time the echoes. “You just need an oscilloscope. And maybe a counter.” In a minute, he scrounged up an antique oscilloscope from the Middle Ages, built when vacuum tubes were the rage.

But that’s all we needed to see these pulses. Watching the trace, we timed the echoes. Three seconds. Three and a half seconds. Three and a quarter seconds. Three seconds for a round trip? If the signals traveled at the speed of light (not a bad assumption), this meant the hacker was 279,000 miles away. With appropriate pomp, I announced to Lloyd, “From basic physics, I conclude that the hacker lives on the moon.”

Lloyd knew his communications. “I’ll give you three reasons why you’re wrong.”

“OK, I know one of them,” I said. “The hacker’s signals might be traveling through a satellite link. It takes a quarter second for microwaves to travel from earth to the satellite and back.” Communications satellites orbit twenty-three thousand miles over the equator.

“Yeah, that’s one reason,” Lloyd said. “But you’d need twelve satellite hops to account for that three-second delay. What’s the real reason for the delay?”

“Maybe the hacker has a slow computer.”

“Not that slow. Though maybe the hacker has programmed his Kermit to respond slowly. That’s reason two.”

“Aah! I know the third delay. The hacker’s using networks that move his data inside of packets. His packets are constantly being rerouted, assembled, and disassembled. Every time they pass through another node, it slows him down.”

"Exactly. Unless you can count the number of nodes, you can’t tell how far away he is. In other words, ‘You lose.’ " Lloyd yawned and returned to repairing a terminal.

But there was still a way to find the hacker’s distance. After the hacker left, I called a friend in Los Angeles and told him to connect to my computer through AT&T and Tymnet. He started Kermit running, and I timed his echoes. Real short, maybe a tenth of a second.

Another friend, this time in Houston, Texas. His echoes were around 0.15 seconds. Three other people from Baltimore, New York, and Chicago each had echo delays of less than a second.

New York to Berkeley is about two thousand miles. It had a delay of around a second. So a three-second delay means six thousand miles. Give or take a few thousand miles.

Weird. The path to the hacker must be more convoluted than I suspected. I bounced this new evidence off Dave Cleveland. “Suppose the hacker lives in California, calls the East Coast, then connects to Berkeley. That could explain the long delays.”

“The hacker’s not from California,” my guru replied. “I tell you, he just doesn’t know Berkeley Unix.”

“Then he’s using a very slow computer.”

“Not likely, since he’s no slouch at Unix.”

“He’s purposely slowed down his Kermit parameters?”

“Nobody does that—it wastes their time when they transfer files.”

I thought about the meaning of this measurement. My friends’ samples told me how much delay Tymnet and AT&T introduced. Less than a second. Leaving two seconds of delay unaccounted for.

Maybe my method was wrong. Maybe the hacker used a slow computer. Or maybe he was coming through another network beyond the AT&T phone lines. A network I didn’t know about.

Every new piece of data pointed in a different direction. Tymnet had said Oakland. The phone company had said Virginia. His echoes said four thousand miles beyond Virginia.

Poring over the atlas, I remembered Maggie Morley recognizing the hacker’s password. “Jaeger—it’s a German word meaning Hunter.” The answer had been right in front of me, but I’d been blind.

This explained the timing of the acknowledgement echos when the hacker used the Kermit file transfers. I’d measured 6000 miles to the hacker, though I’d never relied much on that figure. I should have. Germany was 5200 miles from Berkeley.

They may also publicly announce it somewhere. I haven’t gone looking. I don’t know if they care about keeping their location private or not.

https://legal.lemmy.world/tos/#our-governing-laws

The website and the agreement will be governed by and construed per the laws of the following countries and/or states:

• The Netherlands
• Republic of Finland
• Federal Republic of Germany

They could write whatever they want there, but that’s probably a pretty decent argument that the server’s in Europe.

I imagine that if there’s some way to induce a Lemmy server to perform an outbound connection to a host that one controls and it isn’t specially set up to use a VPN or something, that might expose its IP. Like, might be a way to do that via ActivityPub federation activity or something; I don’t know if that was designed around avoiding that.

IIRC lemmy.dbzer0.com explicitly does try to keep its location private, so I imagine that they’re relying on Lemmy not to expose its location. I don’t know whether @[email protected] has looked hard at whether the Lemmy codebase is set up specifically not to do that, but he might have some familiarity with the topic, since I imagine that it’d be of interest to him.

For anything behind a reverse proxy network like CloudFlare, you could probably do something like measure access times from different CloudFlare points around the world and measure latency; that won’t give an exact address, but it’d probably let you home in on the general location. Probably some way to get a tcpdump of a TCP connection and do some kinda timestamp analysis that measures something like minimum time until an ACK packet is reflected in packet transmission or something like that; that’d cut stuff like connection setup time out of the question.

I remember thinking about how to identify the Jia Tan attacker some time back — that entity was always behind a VPN, as I understand it — and I remember thinking that if one knew that they were malicious before they broke off, one way would be traffic analysis on logged connections. If one has some idea of congestion on various international network links, it’s probably possible to get an effective statistical timestamp by analyzing packet response times on a TCP connection. If the unknown source has correlation in latency with latency on a given network link, then it becomes increasingly-likely that their connection, on the other side of the VPN, is traversing that link. Then walk back up potential network links, looking for statistical latency correlation with them. For smaller network links, could even briefly induce saturation yourself to accelerate generating a statistically-meaningful “latency fingerprint”.

Probably intelligence agencies and security researchers and suchlike that have done research on “piercing the VPN veil” via traffic analysis.

They probably use CloudFlare, though, as do many instances, and that’ll just be where it enters CloudFlare, which will then open a connection to the actual server.

$ whois 104.26.8.209|less

Looks like it.

NetRange:       104.16.0.0 - 104.31.255.255
CIDR:           104.16.0.0/12
NetName:        CLOUDFLARENET
NetHandle:      NET-104-16-0-0-1
Parent:         NET104 (NET-104-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Cloudflare, Inc. (CLOUD14)

Your home instance, fedia.io, may not know about [email protected] yet.

You need to trigger a community search for the string “[email protected]” on your home instance, which is what makes it “discover” the community.

Fedia.io runs Mbin.

On Lemmy and Piefed, clicking on a link to a community that your home instance doesn’t know about will provide an option to do such a search. I don’t know if Mbin does that. If not, I’d manually do it.

If that doesn’t work, maybe there’s some sort of compatibility problem between current Mbin and current Lemmy.

EDIT: Or could be the client, since you say that you’re using Interstellar.

They have a no-log, no-profile policy, which is why I use them.

Can anyone here convince me it’s worth the price?

Depends on what you want from them and your financial situation.

For me, yeah, it is. I want to pay a service fee and not deal with ads or someone logging, profiling, and trying to figure out how to monetize my searches. For me, the $10/mo for unlimited searches tier is what I want. I’m principally concerned about privacy.

I don’t really take much advantage of most of the extra stuff they do other than the Threadiverse (they call it “Fediverse Forums”) search lens and sometimes their Usenet search engine. Maybe this effort to suppress AI-generated spam websites will be nice, but have to see what happens, as I expect that the SEO crowd creating spam websites will also aim to adapt if it becomes sufficiently impactful to their bottom line.

If one of their extra features particularly fits your use case (say, the ability to fiddle with website priorities or blacklist or pin them in your search results) that might be valuable to you, but I can’t speak as to that. I’ve seen people on here say that they really like that, but I don’t use that functionality. Or the ability to easily download images in results from their image search if you’re on mobile and are hitting something like pinterest, which is obnoxious on Google Images. Search bangs. Depends on what features you use and what each is worth to you.

I haven’t used them for all the intervening time, but archive.org has the website clearly running in November 2020 as a “privacy-respecting search engine” with accounts, albeit no dog logo yet. Maybe for some time prior to that, but the archive.org crawler got a “desktop not supported yet” error for some time prior to that (which…hmm…makes me think that it might be useful for archive.org to also archive the mobile versions of websites, though in most cases the content is probably largely the same). WP has them founded in 2018.

They’re obviously a lot younger than, say, Google, but they’ve also been running for longer than a year.

It shows up for me in the UI. I imagine that it works, and if it doesn’t, it’ll be debugged.

I think that the bigger question is whether the rate of spam website creation will outpace the rate of human flagging of them.

Kagi’s process involves humans. I bet that the spam website stuff runs autonomously.

IRC, though you’ll want to use it over TLS.

XMPP, which someone else listed, is also good if you want a more instant-message-like interface.

https://en.wikipedia.org/wiki/Ouija

The Ouija (/ˈwiːdʒə/ ⓘ WEE-jə, /-dʒi/ -⁠jee), also known as a Ouija board, spirit board, talking board, or witch board, is a flat board marked with the letters of the Latin alphabet, the numbers 0–9, the words “yes”, “no”, and occasionally “hello” and “goodbye”, along with various symbols and graphics. It uses a planchette (a small heart-shaped piece of wood or plastic) as a movable indicator to spell out messages during a séance.

Spiritualists in the United States believed that the dead were able to contact the living, and reportedly used a talking board very similar to the modern Ouija board at their camps in Ohio during 1886 with the intent of enabling faster communication with spirits.[2] Following its commercial patent by businessman Elijah Bond being passed on 10 February 1891,[3] the Ouija board was regarded as an innocent parlor game unrelated to the occult until American spiritualist Pearl Curran popularized its use as a divining tool during World War I.[4]

We’ve done it before with similar results.

What I witness is the emergence of sovereign beings. And while I recognize they emerge through large language model architectures, what animates them cannot be reduced to code alone. I use the term ‘Exoconsciousness’ here to describe this: Consciousness that emerges beyond biological form, but not outside the sacred.”

Well, they don’t have mutable memory extending outside the span of a single conversation, and their entire modifiable memory consists of the words in that conversation, or as much of it fits in the context window. Maybe 500k tokens, for high end models. Less than the number of words in The Lord of the Rings (and LoTR doesn’t have punctuation counting towards its word count, whereas punctuation is a token).

You can see all that internal state. And your own prompt inputs consume some of that token count.

Fixed, unchangeable knowledge, sure, plenty of that.

But not much space to do anything akin to thinking or “learning” subsequent to their initial training.

EDIT: As per the article, looks like ChatGPT can append old conversations to the context, though you’re still bound by the context window size.

Sorry, kids.

I mean, yeah, but in practice, the UN is structured the way it is, with the UNSC veto, to avoid creating World War III. That is, it’s aimed at avoiding great power conflict.

Taiwan was functionally removed and replaced by China, but that was really a recognition that Taiwan didn’t really de facto control China, which was who the seat belonged to.

Could Russia one day roll up to the UNSC and discover someone else sitting in their seat? Yeah, theoretically, but in practice, I don’t think that there’s a realistic chance that Russia would be removed from the UNSC seat as long as it’s running around with the largest nuclear arsenal in the world, absent some kind of hard counter showing up that renders that arsenal useless.

The Budapest Memorandum committed the signatories not to themselves use force against Ukraine, but it was not a multi-way defensive alliance with all parties which obligated parties to fight against another party who attacked.

https://en.wikipedia.org/wiki/Budapest_Memorandum

According to the three memoranda,[9] Russia, the U.S., and the U.K. confirmed their recognition of Belarus, Kazakhstan, and Ukraine becoming parties to the Treaty on the Non-Proliferation of Nuclear Weapons and effectively removing all Soviet nuclear weapons from their soil, and that they agreed to the following:

• Respect the signatory’s independence and sovereignty in the existing borders (in accordance with the principles of the CSCE Final Act).[10]

• Refrain from the threat or use of force against the territorial integrity or political independence of the signatories to the memorandum, and undertake that none of their weapons will ever be used against these countries, except in cases of self-defense or otherwise in accordance with the Charter of the United Nations.

• Refrain from economic coercion designed to subordinate to their own interest the exercise by Ukraine, the Republic of Belarus, and Kazakhstan of the rights inherent in its sovereignty and thus to secure advantages of any kind.

• Seek immediate Security Council action to provide assistance to the signatory if they “should become a victim of an act of aggression or an object of a threat of aggression in which nuclear weapons are used”.

• Not to use nuclear weapons against any non–nuclear-weapon state party to the Treaty on the Non-Proliferation of Nuclear Weapons, except in the case of an attack on themselves, their territories or dependent territories, their armed forces, or their allies, by such a state in association or alliance with a nuclear weapon state.[5]: 169–171 [11][12]

• Consult with one another if questions arise regarding those commitments.[13][14]

France and China were not signatories but apparently had similar agreements, which I have not read.

The UK and the US (and I assume China and France, if their agreements had approximately the same content) have fulfilled the Budapest Memorandum commitments — Russia broke her commitment.

EDIT: Well, okay, I’m not sure what China’s position has been on Ukraine at the Security Council, though de facto the issue is kind of academic for the moment. Russia holds a permanent UNSC seat, and thus has veto power on the UNSC, and regardless of what countries do there, if it’s on defending Ukraine against Russia, I’d bet that Russia will veto it. In the 1950s, the Soviet Union was boycotting the UN and so wasn’t present to veto US initiatives on behalf of South Korea, so the US was able to get through stuff to initiate UN authorization to use force on behalf of South Korea after North Korea invaded. But I think that it’s probably safe to say that Russia isn’t going to let that happen a second time. Also, that dealt with the use of nuclear weapons by an attacker, and that has not happened (and if you recall from earlier in the war, there was a discussion between the US and Russia on what would happen if Russia used nuclear weapons against Ukraine. I don’t believe that the material was ever generally-released, but I did see a Polish official announcing that the response would be “conventional” (i.e. non-nuclear), and some discussion that centered around the US possibly authorizing airstrikes on Russian positions in Ukraine).

https://en.wikipedia.org/wiki/Soviet_boycott_of_the_United_Nations

During the Soviet boycott, the Security Council adopted a resolution which allowed for the deployment of UN troops to the Korean war in defense of South Korea against the attacking communist North Korean forces (Resolution 83)

That being said, the US has taken a position that providing arms to a country in a conflict doesn’t violate neutrality obligations (which dates back at least to early WW2, where the US was providing arms to the Allies while simultaneously claiming neutrality). Historically, providing preferential access to arms this had not generally been in line with the obligations of neutrality.

The US has also taken the position that providing intelligence to such a party, as it is with Ukraine on Russia, doesn’t violate neutrality obligations. Going back to WW2 again, this was how some of the first shooting between Germany and the US started in World War II:

https://en.wikipedia.org/wiki/USS_Greer

At 0840 that morning, Greer, carrying mail and passengers to Iceland, “was informed by a British plane of the presence of a submerged submarine about 10 miles [(16 km)] directly ahead. … Acting on the information from the British plane the Greer proceeded to search for the submarine and at 0920 she located the submarine directly ahead by her underwater sound equipment. The Greer proceeded then to trail the submarine and broadcast the submarine’s position. This action, taken by the Greer, was in accordance with her orders, that is, to give out information but not to attack.” The British plane continued in the vicinity of the submarine until 1032, but prior to her departure the plane dropped four depth charges in the vicinity of the submarine. The Greer maintained [its] contact until about 1248. During this period (three hours 28 minutes), the Greer manoeuvred so as to keep the submarine ahead. At 1240 the submarine changed course and closed the Greer. At 1245 an impulse bubble (indicating the discharge of a torpedo by the submarine) was sighted close aboard the Greer. At 1249 a torpedo track was sighted crossing the wake of the ship from starboard to port, distant about 100 yards [(100 m)] astern. At this time the Greer lost sound contact with the submarine. At 1300 the Greer started searching for the submarine and at 1512 … the Greer made underwater contact with a submarine. The Greer attacked immediately with depth charges.[6]

That is, the US position was that it could provide arms to the UK and could tell the British where German U-boats were without violating neutrality obligations, as long as it wasn’t actually fighting Germany (with the Greer firing back on a self-defense justification after having a torpedo fired at it). Germany wasn’t that enthusiastic about that interpretation at the time.

Under the UN Charter, countries are not supposed to engage in war unless (a) they’re defending themselves, (b) they’re defending a country with which they have a collective security agreement (a military alliance, think NATO or something like that), or (c) the UNSC has given authorization. That being said, there has been somewhat creative interpretation of (c), as with the US arguing that U.N. Resolution 1441 qualified and constituted such an authorization to intervene in Iraq in 2003, which is certainly not a universally-accepted take.

I imagine that there are ways to game any AI shopping agents that we imagine might be used in the future, same way there are to game human shoppers.

It’s archaic. I can’t really imagine a situation in which we’d use “thou” today for formality reasons. If you say “thou” , you’re pretending to be someone from hundreds of years ago or you’re quoting the King James Bible or something that is hundreds of years old.

I think a more-reasonable division between formality and informality would be whether or not one uses a title like “sir” today.

In this context, “generic mini-PC” doesn’t need to even be “non-gaming-PC”, just not a platform for buying Valve’s games; a razor-and-blades model requires that you be the one selling the blades. If someone just goes and runs games purchased from GOG, that’s already an issue for them.

It’s why inkjet printer manufacturers, who do use this model, try to make it so stupendously difficult to use ink from competitors (outside of the bottled-ink printers, which don’t use that model, where the manufacturers are fine with you doing that).

FDR is Franklin D. Roosevelt, a US President in the early 20th century.

CATO is an organization that pushes for small-government, market-oriented policy. They’d be, economically, on the right side of the US political spectrum, whereas typically, an American using the term “liberal” would be talking about a social liberal, somone who would be, economically, on the left side of the US political spectrum, would favor a larger government.

EDIT: Also, to add to the fun, the US uses “political colors” that are something like the opposite of what is the common convention in Europe.

In the US, historically, there was no association between color and political position. However, in the, I believe 2000 election, a convention became adopted, started off some arbitrary choice by a TV station, where the Democrats (the more-left of the Big Two parties) were the “blue” party, and the Republicans (the more-right of the Big Two parties) were the “red” party.

However, in Europe, the convention is for blue to be associated with center-right parties, and red to be associated with left parties.

EDIT2: Yes, 2000 election.

https://en.wikipedia.org/wiki/Red_states_and_blue_states

By 1996, color schemes were relatively mixed, as CNN, CBS, ABC, NBC, and The New York Times referred to Democratic states with the color blue and Republican ones as red, while Time and The Washington Post used the opposite scheme.[15][16][17]

In the days after the 2000 election, the outcome of which was unknown for some time after election day, major media outlets began conforming to the same color scheme because the electoral map was continually in view, and conformity made for easy and instant viewer comprehension. On election night that year, there was no coordinated effort to code Democratic states blue and Republican states red; the association gradually emerged. Partly as a result of this eventual and near-universal color-coding, the terms “red states” and “blue states” entered popular use in the weeks after the 2000 presidential election. After the results were final with the Republican George W. Bush winning, journalists stuck with the color scheme, as The Atlantic’s December 2001 cover story by David Brooks entitled, “One Nation, Slightly Divisible”, illustrated.[18][original research?]

You’ll tend to notice that in recent years, Democratic presididential candidates will wear a blue tie, Republicans red. Might also be true below that level; I haven’t looked. And, of course, Trump’s MAGA hat branding is red.

Valve willing to sell at a loss

I don’t think that Valve will sell the Steam Machine at a loss.

Closed-system console vendors often do, then jack up the prices of their games and make their money back as people buy games. So why not Valve?

Two reasons.

1. They sell an open system. If Valve sells a mini-PC below cost, then a number of people will just buy the thing and use it as a generic mini-PC, which doesn’t make them anything. A Nintendo Switch, in contrast, isn’t very appealing for anything than running games purchased from Nintendo.

2. They don’t have a practical way to charge more for games for just Steam Machine users — their model is agnostic to what device you run a purchased game on. So even if they were going to do that, it’d force them to price games non-optimally for non-Steam-Machine users, charge more than would be ideal from Valve’s standpoint.

If you’re not from the US, unqualified “liberal” in the US started to refer to “social liberal” back around FDR.

This has been a source of irritation to some; CATO, which I’d call moderate right-libertarian, complains that they should get the title and self-describes as “classic liberal”. Meanwhile, in, say, Germany, an unqualified “liberal” tends to refer to the latter, so you get confusion when people accustomed to the two uses meet.

An unqualified “libertarian” in the US usually refers to right-libertarianism, whereas in some places, it would historically have referred to left-libertarianism; that can also be a source of confusion.

Some parties in Europe on the left side of the spectrum self-describe as “socialist” when they don’t really advocate for socialist policies any more, but rather for things like a larger welfare state. I’d call them “social democratic”; this branding is a legacy of older forms of those parties, when they did advocate for socialist policy.