Sure, great if you don't trust your government or whoever issues your local currency, but if you can, there are better alternatives. Trust is an asset, not just a liability.

People trusted institutions for thousands of years prior to the scientific revolution. Europe had plenty of trust in religious institutions between the collapse of the Roman empire and the scientific revolution, and you know what it got them? Superstition, witch hunts, barbarism in the name of proselytizing, failed pandemic responses, and a near complete stall in technological and scientific breakthroughs for a millennium.

What the scientific revolution brought us was the decision to not trust, but to reason, to measure, to hypothesize, to verify. Facts matter. Humans are stupid and it is human nature to place trust exactly where trust is least warranted.

Fossil fuels...most of the growth from 1800-1970 was due to fossil fuels. Not sure why this is such a mystery to so many. Makes sense when you think about it from a physics POV. You use energy to move things, to make things, to travel to buy things, etc. Heck, the middle class wasn't a concept until the industrial revolution which was caused by...say it with me...fossil fuels.

But yes, energy was absolutely one of those prerequisites. Fun fact (you're probably already aware, but for other readers): there is a strong positive correlation between national energy consumption and national economic output.

Is that bitcoin you're paying for your USD with on-chain, or is it just sparkling PayPal Account Balance?

There are much more people who are interested only in doing model inference, for which an open-weights model is sufficient to avoid the uncertainties and costs associated with a subscription, and for enabling them to make and use better model harnesses than those offered commercially (better by being more suitable for their specific needs), than people who also want to do model training, for which an open-source model would be needed.

Just know that Minimax M2.7 is offered with a noncommercial license. If you use it for commercial purposes, you may be on the hook, liability-wise.

GGUF is out actually I believe!

If they really were, they already be doing it, and it would be a solved issue. For many folks, it's a lot easier to say 'yes' to a survey about whether you would give your own money to the poor than it is to actually give your own money the poor.

There seems to be some kind of international target of 0.7% of GNI (~GDP) for developmental aid already, which governments often don't meet fully but come close to (e.g. https://commonslibrary.parliament.uk/research-briefings/sn03...), so the 0.5% would probably be viable in tax form.

Microsoft the corporation may only care about making money, but a lot of very high ranking folks within MS Security aren't just friendly to intelligence agencies, they take genuine pride in helping intelligence agencies. They're the kinds of people who saw nothing wrong or objectionable with PRISM whatsoever, they were just mad they got caught, and that the end user (who they believe had no right to even know about it) found out anyway. The kind of people who openly defend the legitimacy of the FISA court.

This aren't baseless accusations, this comes from first-hand experience interacting with and talking to several of them. Charlie Bell literally kept a CIA mug on a shelf behind him, prominently visible during Teams calls, as if to brag.

Remember - Microsoft was the very first company on the NSA's own internal slide deck depicting a timeline of PRISM collection capabilities by platform, started all the way back in 2007. All companies on that slide may have been compelled to assist with national security letters. Some were just more eager than others to betray the privacy and trust of their own customers and end-users.

I was always convinced that Skype was bought by microsoft so CIA/US intelligence agencies to have listening capabilities.

The first thing Microsoft did after the Skype purchase was making it easier to tap into the calls by removing p2p calling and routing calls using centralized servers.

The catch is, views like those must be kept to a fairly modest level by the people who hold them. Discussing them with ideologically aligned colleagues may be fine, but for example, when someone makes statements or asks questions with such pro-privacy framing on stage directly to security leadership at internal company conferences, that is a quick way to a severance package not only for the person on stage, but also for dozens of folks in the audience who clapped a little too enthusiastically at the onstage remarks.

Is it ethical to dox a pregnant woman seeking an abortion in a southern US state?

Is it ethical to dox a gay human rights defender in Russia?

Is it ethical to dox a woman seeking an education in Afghanistan?

Not all criminals have done something wrong.

The number on two paystubs can be the exact same while one person is being brutally overworked and the other given a leisurely, comfortable WLB, which effectively amounts to underpaying the foreign labor, per unit of output, devaluing each unit of labor of domestic output.

It’s not great. But this is similar to how health insurance is tied to employment, not to the employer. Both citizens and H1 employees experience the same abuse here

The reason I'm an IPv4 advocate in the IPv4/IPv6 war is that the problem was "we're out of address", not "your thermostat should be natively routable from every single smartphone on the planet by default and inbound firewalls should become everyone's responsibility to configure for every device they own".

CGNAT is a feature, not a bug. Blending in with the crowd with a dynamic WAN IP is a helpful boost to privacy, even if not a one-stop solution. IPv6 giving everyone a globally unique, stable address by default is a regression in everyone's default privacy, and effectively a death sentence for the privacy of non-technical users who aren't capable of configuring privacy extensions. It's a wet dream for shady data brokers, intelligence agencies, organized crime, and script kiddies alike - all adversaries / attackers in threat modelling scenarios.

IPv6 adds configuration surface I don't want. Privacy extensions, temporary addresses, RA flags, NDP, DHCPv6 vs SLAAC — these are problems I don't have with IPv4. More features means more opportunities to footgun with misconfigurations, being forced to waste my time learning and understanding the nuances of each (in again, what amounts to system I want nothing to do with).

"Reaching your own stuff" is already a solved problem, too. Tailscale/Headscale gives you authenticated, encrypted, NAT-traversing connectivity. It's better than being globally routable. It's also opt-in for anyone who wants it, and not forced on anyone, unlike the IPv6 transition.

I don't have to rely on extra commercial entities to be able to reach my network.

I did have a problem with hosting my own shit because my ISP by default does cgnat. That cost me an hour of my life to convince a party to give what used to be normal, end to end connectivity.

Highly disagree. Middleboxes are a huge problem on global scale and have frozen any innovation below application layer. TCP and UDP even that they are on software not hardware layer cannot be updated or changed, see MPTCP efforts or QUIC giving up and building on top of UDP.

If this is so much privacy problem, IPv6 is there for many years reaching 50%+ deployments in some countries, I bet there should be concrete examples of such breaches and papers written.

> Reaching your own stuff is already a solved problem, too. Tailscale/Headscale

No address to receive communication - no problem install an app that would proxy it through someone who has the address. Tailscale/Headscale is great, using it daily, but they are not solution to the huge already build global network created to connect devices not connecting devices because lack of digits. Global is key here.

It's much more private and secure to run that Minecraft or Mumble server on an encrypted overlay network like via headscale + tailscale rather than exposing both services directly to the entire planet.

But again, the primary concern was only ever address space.

The additional security gained by getting everyone involved to set up and configure separate VPNs for different community utilities is not worth it.

Port forwarding has massive problems if you're running applications expecting certain ports and need multiple hosts to have public access to those ports.

Public servers would use a firewall, a load balancer, possibly a reverse proxy that does TLS too, between the internet and real app servers anyway. If anyone needs to host multiple servers from their home net, I would expect them to know this.

I've had game consoles with matchmaking issues with multiple consoles fighting over the same collection of ports

About the other stuff... well... maybe I'm too old, but I think you're doing it wrong.

1) Those aren't public services and they are NOT expecting certain ports. Public means that a random guy on the internet is able to connect to your service without any prior knowledge about it. HTTP(S) for web pages is one of those services. Owncloud is not, even if it uses HTTPS.

2) Since they're not public, each of those services can have its own port.

3) You shouldn't expose that stuff on the internet, even with a firewall. Use a VPN if you want access when you're away. Or a SSH tunnel. Or at least port knocking.

They're services I wish to consume outside my home

> they are NOT expecting certain ports

Damn near everything expects to be HTTPS/443

> Public means that a random guy on the internet is able to connect to your service without any prior knowledge about it

Public just means I have the option to allowing that traffic or not. I can choose to filter it through a lot of different means. IP filtering, authentication, etc.

> each of those services can have its own port

So I change having easy to remember names for weird odd ports and hope all the other applications handle these changes fine and deal with odd port forwarding issues.

> You shouldn't expose that stuff on the internet, even with a firewall. Use a VPN if you want access when you're away. Or a SSH tunnel. Or at least port knocking.

Wouldn't it be nice to have the option to not have to rely on such things and just be able to connect to things directly? And to have that identity stay consistent both in and out if the "local" network?

ipv6 is awesome.

Like I said, not public.

> Damn near everything expects to be HTTPS/443

So let it. Forward your own chosen port to 443 of the machine with the service.

> Public just means I have the option to allowing that traffic or not.

Nope. That's not what it means.

> So I change having easy to remember names for weird odd ports [...]

Easy to remember names comes from some DNS service, which can't work unless your public IP address stays the same and you can run your own public NS and can receive recursion from your main NS provider. In most parts of the world, I think, IP changes every time you restart the router, even IPv6. So what you have there isn't exactly typical for home users. That one extra service and complication that you don't actually need.

I don't have to remember anything HTTP(S). No ports, no IPs, no names, nothing. I use bookmarks.

> Wouldn't it be nice to have the option to not have to rely on such things and just be able to connect to things directly?

Wouldn't it be nice if there were no bad guys on the internet, no bots, and no zero days?

> ipv6 is awesome.

For Google and for you, maybe. But let me know how much you like it after your first cryptolocker. I suppose your backup storage is also public on the internet?

Outside the home, in other words in networks other than at home. Potentially without VPNs. Accessible from other public IP addresses, potentially limited scopes of those.

It seems you're thinking that allowing the traffic from other public networks is an all or nothing thing. That either you allow all public network traffic or none of it. That's just not true. If I know my office network is one prefix, and I know my friend's house is another prefix, and I know my cellular carrier in my city is usually this prefix, I can greatly limit the scope of access. It doesn't have to be an all or nothing, either its open to every single other device or only local devices, I can define exactly which networks or devices I want to allow the traffic from or not.

If I wanted to just let my friend's network audio receiver to connect to my music server, I can add it's public ip address and allow that traffic. No VPNs, no tunnels, no proxies, no non-standard port assignments, just directly allowing it to talk to the music server. All through the public internet, but still locking down my music server to just local traffic and his remote network audio receiver.

That's all still "public" networking.

> In most parts of the world, I think, IP changes every time you restart the router, even IPv6.

Often not with IPv6, prefixes stay pretty consistent usually. Not always true, but often true. I've had the same prefix for many, many years at multiple locations and multiple providers without having any kind of payment for static IP addresses.

> So let it. Forward your own chosen port to 443 of the machine with the service.

So now I have to remember the port for local and the port for remote along with different IP addresses for both, or I can just use the normal service port and the same IP address either way, and have one DNS entry for that IP address and it works anywhere I want it to.

> But let me know how much you like it after your first cryptolocker.

Entirely a tangential, unrelated point once you understand how things like "firewalls" actually work.

> I suppose your backup storage is also public on the internet

My most important backups are offline and offsite. But for other stuff, yes, it has a publicly routable IP address. Its not generally accessible publicly though. There are these things called "firewalls", they're really quite neat. One should also think about authn/authz as well next time you're working on your storage solutions as well, it'll do a lot to prevent cryptolocker issues you're so worried about.

For instance, AWS S3 is all technically accessible publicly. Its locked down by policies, not by NAT limitations. And yet its generally seen as a very secure place to store things, assuming one has the right policies in place. It doesn't take it being behind a NAT to be secure, because if that's the major part of your security posture preventing your stuff from getting cryptolocker'd you're doing things very, very wrong.

> I use bookmarks

Ok, and you hop on someone else's computer and...where are my bookmarks? Oops! Or I want to connect back to my media server from a friend's streaming device...where are my bookmarks? Oops!

And once again I bring up things like game consoles and other P2P applications which just work far better with actual publicly routable IP addresses directly. Strict NAT configurations will often cripple these services and good luck trying to have multiple consoles operating at once. CGNAT makes online gaming for some of these consoles just completely unusable, but if we just supported IPv6 it would have no problems.

But it's still private use, not a public service. The fact that you access it from the internet side doesn't make it public.

What you are describing here is in stark contradiction with your claimed easy to use IPv6. Why go through all this trouble if you wanted something easy to use as you describe IPv6?

> So now I have to remember the port for local and the port for remote along with different IP addresses for both, or I can just use the normal service port and the same IP address either way, and have one DNS entry for that IP address and it works anywhere I want it to.

No, you remember just your global DNS name which would be independent of ISP, geo location or router used, and work with dynamic allocated IPs too, and remember or bookmark a port number for each service. Reflection in the router would make that combination (name+port) work from inside the LAN too.

>> But let me know how much you like it after your first cryptolocker.

> Entirely a tangential, unrelated point once you understand how things like "firewalls" actually work.

Oh, I know how they work, at least in Linux, I do. It's a 1 (one!) wrong setting away from exposing everything using IPv6 inside the LAN.

> For instance, AWS S3 [...] And yet its generally seen as a very secure place to store things

Do you really belive that? Really?

> Or I want to connect back to my media server from a friend's streaming device...where are my bookmarks?

OMG! And let his favorite cloud providers index my music collection?? No thank you! I ask for the 3.5 jack cable and connect my phone. Or BT pairing code.

A service I'm using its public IP for, routing through public network connections over the public internet, but somehow its not public networking its private networking despite private networks not really being involved. Got it. Having firewall rules suddenly makes it private networking, somehow.

> remember or bookmark a port number for each service

Or just don't, because I've got quintillions of public IP addresses just lying around. I can even have multiple instances of the same service running on the same box all running the same standard port numbers because I can just grab yet another IP address all day long. Why limit myself to having to memorize weird ports when I can just use the standard ones?

It's a private service exposed to public networks when it shouldn't be. That's not how it's done. You are taking risks. I'm sure others would agree with me if this article wasn't this old.

> Why limit myself to having to memorize weird ports when I can just use the standard ones?

For the reasons I explained before, mainly LAN security and DNS not working with dynamic IP allocations. But, go ahead, have it your way. Each of us have our own priorities in life. Convenience is a valid choice. Keep those offline backups updated.

Its not how it was done because of NAT. You just couldn't have done it that way for a long time. We don't need NAT anymore.

> For the reasons I explained before, mainly LAN security and DNS not working with dynamic IP allocations

But once again, its not actually changing the security characteristics at all compared to choosing weird ports and having to deal with reflection issues. The service is still opened either way, just one requires you to choose other ports.

IPv6 predates those by decades.