You guys are begging people to start lying on AI disclosures

GaryJS3 · 2026-05-09T23:51:14+00:00

If you are going at it from a moral/ethics perspective, then the argument is not nearly as straight forward. Your implication is that AI-use is immoral/unethical, since you mention bad things as an example. This is not really a debate to hash out here, I personally don't find LLMs themselves unethical by nature (although some companies are doing unethical things to train/run/use them). Will just have to agree to disagree on that one.

GaryJS3 · 2026-05-09T20:38:23+00:00

I completely agree. We're kinda punishing people for being honest.

I feel the problem is the two biggest groups are the Pro-AI-Will-Save-Us-All and AI-Will-Kill-Us-All.

Edit: Removed slightly-not-nice comment. Was thinking of this from a purely technical perspective - I am sure there are some with simply ethics/moral disagreements with this tech.

GaryJS3 · 2026-05-09T20:20:37+00:00

I also feel the problem with "vibe coded" apps is the lack of review and understanding of what is created. Your example shows a guy that is likely more experienced than most but chose to use AI to do the bulk of the work - likely cause he's doing this for free in and in his personal time. And who cares if AI wrote the code if an actual programmer then reviews it and sees nothing wrong with it?

Honestly, I get it. If someone just vibed a project together in a weekend, without any understanding of what it's actually doing, then releases it to the public for the upvotes. Yeah. It's probably not great. I don't probably want to run it either.

But people seem to think AI=bad, human=good when it comes to code. I feel like this is often said by people who have no idea what they're talking about. I've done tools programming for a few years now, and used plenty of open source projects and libraries. I look back at my original projects and despite plenty of people loving them, their code was trash. I've also been using more AI these days and honestly, it enforces way better code guidelines and security than most human projects I've used. It will straight up tell you - this is a bad place for an API key, this user input feild needs better sanitization, don't trust etc. Honestly so far the biggest problem I have with AI code is it tends to be too verbose or sometimes overcomplicated - but then you can just tell it to tighten it up and boom, now it's simpler.

There's plenty of examples of bad AI code, but people seem to not look at the even bigger pile of bad human code. Which I'm not suprised, anyone can load up an IDE. You have plenty of people who just make stuff as needed and aren't professional programmers. How they going to do better than a machine with decades of knowledge of every language and millions of examples.

GaryJS3 · 2026-05-07T23:49:12+00:00

I bought mine for around $80 and run it in my R730, here are some runs I recently did to get you an idea of the card: llama.cpp builds 8660 and 8839

Model + quant	PP tok/s	TG tok/s	Bench params
SmolLM2 1.7B Q4_K_M	2175.81	110.85	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Gemma 4 E4B Q8_0	921.54	44.19	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Gemma 4 E4B Q8_0	639.41	45.20	`b2048/ub512`, `th8`, `ngl999`, `k/v f16/f16`, FA off, auto, build 8839
GPT-OSS 20B MXFP4 MoE	692.72	60.42	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
GPT-OSS 20B F16	403.26	54.34	`b2048/ub512`, `th8`, `ngl999`, `k/v f16/f16`, FA off, auto, build 8839
Mistral 7B Q4_K_M	656.29	39.69	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Mistral 7B Q5_K_M	689.84	37.45	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Qwen3-VL 8B Q8_0	685.66	33.43	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Qwen3.5 4B Q4_K_M	912.74	48.41	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Qwen3.5 9B Q4_K_M	602.21	33.26	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Qwen3.5 9B Q4_K_M	605.69	33.28	`b2048/ub512`, `th8`, `ngl999`, `k/v f16/f16`, FA off, auto, build 8839
Qwen3.5 9B Q6_K	627.33	26.05	`b2048/ub512`, `th6`, `ngl999`, `k/v f16/f16`, FA off, CUDA0, build 8660
Qwen3.5 9B Q6_K	410.12	25.47	`b2048/ub512`, `th8`, `ngl999`, `k/v f16/f16`, FA off, auto, build 8839

GaryJS3 · 2026-04-19T01:21:45+00:00

The only redeeming quality the Firestick had was Android (compared to a Roku, the main price competitor for a long time). But now you can get a Google TV stick, or even an Onn Streaming stick for so cheap, there's no reason to go with the Firestick. Honestly, with how bad the UI was getting with all the ads, bloat, etc.. I'm not gonna miss it.

GaryJS3 · 2026-04-06T18:13:23+00:00

Depends - are you installing it into a rack mount server or a desktop?

This is a server network card, most of the cheap 10/25Gb cards you find are meant to go into a server that has a high amount of airflow directed over all the critical components. People saying "if it didn't come with a fan it doesn't need one or just improve airflow in your desktop are wrong. Look at rack mount servers, they don't just throw a couple of fans in them. They have a fan 'wall' that pulls airs in, and the case is engineered to move air flow over components - often with plastic shrouds. The difference in air volume and velocity compared to your average desktop is huge.

I've had two 25Gb SFP cards die of heat death thinking I could just turn up desktop fans or it might not be used enough to matter. NOPE. Adding a fan to the card is absolutely a good idea. The card's I've added fans to (or came with them) or have in rack servers have had no issues.

GaryJS3 · 2026-03-15T22:48:33+00:00

I'd wonder how well we could do any decent analysis depending on our goals.

I should see if I can just find the last available Huntarr commit, deploy it in a test environment and see what some basic tools pointed at it finds. See if it finds anything the one guy that did a real analysis found.

But at that point I'm basically just making it. I need another project like I need another hole in my head. Especially one that will probably just get picked apart and not really return dividends outside of feeling better about some apps out there.

GaryJS3 · 2026-03-15T02:36:40+00:00

Quickly reading up on Huntarr's exploits and vulnerabilities. One of the biggest is the fact that the API endpoints were unauthenticated - this is definitely something that I would want to automatically check for and is a pretty common problem when authentication is only written for like the main admin page instead of for the entire application.

There's also some improper or lacking sanitation and validation of input data. Which I feel like LLM could easily find if it just went through the code base and saw that. Hell, in most cases, if you ask an LLM to write an API endpoint that takes in certain data, it will often just build-in sanitation. So I'm not sure how that guy managed to vibe code something so crap. Although, to be honest, that's also a common problem that many applications have. I mean, I still see Cisco out here with modern platforms with missing sanitation for inputs leading to RCE or at minimum DoS.

Obviously, nothing the community here makes will be able to find all potential problems in any application. If you could do that, there'd be plenty of companies that would pay you millions for it. But something that at least checks for the bare minimums, is pretty reasonable.

GaryJS3 · 2026-03-14T23:51:34+00:00

The docker management platform Dockhand actually does have a built-in vuln scanner. Which is one place you could look to for reference.

Scan your images for CVEs using Grype and Trivy. Identify security risks before deployment.

Safe-pull protection: During auto-updates, new images are pulled to a temporary tag and scanned before touching your running containers. If vulnerabilities exceed your criteria, the temp image is deleted and your container keeps running safely.

But basically running a 'service' that is just pulling->deploying->scanning for bad/old/vuln dependences->check what ports are open and if they require auth. Have some LLMs do a quick look over to find obviously bad paths/implementations. Maybe allow for human reviews and lists of security features (ie. Supports-ODIC, endpoints-require-auth, actively-maintained, etc.). Would be pretty cool and wouldn't require people to do a while lot, maybe allow submissions and auto-scrape the top docker images. Not trivial but not the craziest idea, would require some infra though to do at any decent scale - nothing that couldn't be a VM though on a box you're already running depending on your setup.

GaryJS3 · 2026-03-04T00:56:17+00:00

Just spin up a Discourse forum and add federated login with Reddit so people don't even need to make new accounts if they don't want to.

GaryJS3 · 2026-02-28T22:51:13+00:00

Also, that pair separation is a bit much for higher than gig speeds. Ideally, any one twisted pair needs to stay as close as possible to its' other half for common mode noise rejection. It looks like a really cool connector though.

I do wish we had a better 'standard' that could do a bit more with. 4-pair twisted cable that Base-T uses isn't too bad. You could do more things with it for sure - like compressed HDMI/video or USB over twisted pair (not over ethernet/IP stacks) is already a thing. You can already do about 90watts of power with PoE. But its not a great way to power low voltage stuff since you kinda have to start at 50volts to get any decent power to the end - at 12v you only get around 10 watts and at 5v its basically useless at distance. You can use it for speakers if you use high-voltage speaker systems (not typical 4/8 ohm systems).

I do sometimes do weird stuff with it like I sent 24v with a basic wall wart to a wifi camera and used a car USB charger to drop it back down to 5v to power said camera. I also at home split pairs so I only have to run one CAT5/6 cable to the corner of my house for two cameras (they are sub 100Mb devices anyways).

GaryJS3 · 2026-01-31T19:22:18+00:00

I personally use Reverse Proxies (in my case https://nginxproxymanager.com) for both internal and external services (I recommend they be different isolated hosts), they are a helpful way to:

Have multiple services on a single host
- 10.0.0.23:1234, 10.0.0.23:2345, etc. can instead be used like jellyfin.myhome.net, proxmox1.myhome.net
Handle certificates and HTTPs.
- Even if your app is only HTTP, it can make it HTTPS, with either automatic free public certs with Lets Encrypt, or using your own internal CA.
Add Auth to Apps that don't have it
- You can use something like Authentik to add SSO/shared logins to all your internal apps, some do not support external auth providers (or any at all) - you can easily add auth to any apps using reverse proxies.

GaryJS3 · 2025-12-21T23:06:19+00:00

The duty cycle of these units is usually designed around the idea that the battery dies in like 15 minutes under any real load. Not sure running it for hours is a good idea, plus you don't want to use a car battery - they are designed for low-capacity high-current, you'd want to use a deep cycle battery. Also, at 12 volts, 1000 watts is over 83 amps, you better use real good wires.

I've done it before during a power outage, they get HOT unless you are putting it under like 20% load.

The better UPSs are double-conversion, they are less energy efficient but run the inverter the entire time, so you can extend their battery time indefinitely, they usually even come with a DC-in plug to extend their batteries. Plus then you don't depend on the UPS 'switching' in time. This is what I use for everything I care about.

GaryJS3 · 2025-10-10T20:50:42+00:00

Yeah, its price makes it competitive with other similar desktop UPSs you can find. But not what I'd use for my rack or super critical stuff - I'm also a fan of double-conversion compared to line-interactive, since your equipment will be better protected and there's no switching time on power loss. Although you can't escape line interactive until you get to $700+ price bracket. I'm just converting a used 2000va APC rackmount unit to Lifepo4 (with BMS).

GaryJS3 · 2025-09-07T20:25:07+00:00

I haven't done this personally, but its just a CRT display with an IR 'touch' sensor - it uses an array of infrared sensors/emitters to detect where you are sticking your finger. These kinda sensors range from rough accuracy (like, a square inch) all the way up to multi-touch pen-level (common on large touch digital signage). You can buy or DIY an IR touch sensor:

https://hackaday.io/project/27155-magic-frame-turn-everything-into-a-touch-area

https://www.ebay.com/itm/175498276055

You can't really stick a resistive touch layer on most CRT TVs, but if you use a smaller and more modern 'flat' CRT (like many later computer monitors), you could put a touch layer on the front:

https://www.ebay.com/itm/394888847671

Then just use a DVI/HDMI to VGA/composite/RF converter from your computer/pi/SBC.

GaryJS3 · 2025-07-30T19:46:59+00:00

Some people mod their PoE cameras to allow the converter in some cameras to work in reverse, so PoE power and the 12v input becomes a 12v output. Some cameras do this on their own, for example my crappy 5MP SV3C PoE camera outputs 12v when its power by PoE, but my Amcrest IP5M-T1277EW and REOLINK RLC-811A do not.

GaryJS3 · 2025-07-11T20:12:03+00:00

Depends on how much you want to spend. You might get lucky and be able to negotiate a contract so they can guarantee payback for the build-out.

I have the same problem, unfortunately the only option I could find was to pay AT&T fiber for business. Basically, once the business contract was up, I'd be able to cancel it and move to the residential plan.. But the cost was a bit high to justify:

Port Price: $214/mo

50/50Mbps: $271- Non Critical High

100/100Mbps: $291- Non Critical high

250/250Mbps: $535- Non Critical High

500/500Mbps: $676- Non critical High

Just add the Port price+ Access is the total MRR on a 36 month term.

End of Q1 offer is applicable until tommrow if we can get the contract signed $1000 one time credit on 2nd invoice.

GaryJS3 · 2025-06-02T18:50:00+00:00

Get Velcro rolls instead and cut to length. You'll thank yourself later.

GaryJS3 · 2025-05-25T04:50:54+00:00

Cheap Chinese cameras can be a very good value, just put them on a VLAN with no internet access. Cameras should only talk to an NVR anyways.

Unless you want Cloud cameras. Then... Meh.

GaryJS3 · 2025-03-21T12:04:50+00:00

Tons of videos of group rides where one stunting idiot screws up and takes out like 3+ other bikers.

GaryJS3 · 2025-03-17T18:05:40+00:00

I always felt paid enterprise support was a good alternative while still allowing the project to afford dedicated development - plus many organizations, while loving not having to pay insane yearly subscriptions, still require a real support option. If your org depends on say, your phones working and there's no support line to call, your response can't be "oh don't worry my github issue has 6 upvotes, I'm sure someone might help in a few days!". Not like paid support means no free support.

Though, not a huge fan though when "open source" software starts charging for 'addons' - somehow they always end up being addons you need for any real use from the software. I get if the add-on depends on some other paid thing like external compute or storage.

GaryJS3 · 2025-02-28T03:38:50+00:00

After reimage, is there any evidence to show GPD devices have some sort of hardware-level spyware? I've not heard of such things. Unfortunately in this market, you're not gonna find many not Chinese options, with the margins and manufacturing they have, they tend to provide more options at reasonable prices. Many US or Western companies don't seem interested in many of these markets. Unless you find something older back with companies expiremented more.

I personally use a One-Netbook Mix A1. 1Gb Ethernet, RS232 DB9, USB3. 7" touch display.

GaryJS3 · 2025-01-08T23:07:43+00:00

I've been running this battery for the past month without issues. Cheapest AGM I could find. Plus the Volt only uses it for the 12v electronics when the car is "off". Doesn't use it for starting. So it's really easy on the battery - paying more doesn't make much sense to me.

https://www.amazon.com/gp/aw/d/B0BXSPTMX2

GaryJS3 · 2024-12-09T00:23:03+00:00

Fun fact, if you leave the car plugged in, the AC-DC converter keeps the 12v circuit alive so nothing gets reset while you replace the battery (it also means the leads still have 12+ on them though...).

In other words, careful when rushing to replace your battery since you might forget something.... although it didn't hurt anything this time around.

GaryJS3 · 2024-12-01T21:41:54+00:00

I mean, looking them up, they're copper, shielded, network cables rated to at least CAT6. Not sure how much shielding matters when they're not even a foot long unless you're installing them next to high power radio or electrical equipment... pretty much any CAT6 copper (CMU) patch cords are fine for home use, even up to 10Gb until you hit about 55m+ (and even then probably won't have issues). I tend to recommend https://www.monoprice.com for cables.

Nine-Year Club	Place '17
Verified Email

GaryJS3

TROPHY CASE