sylver_dragon @ sylver_dragon @lemmy.world

Posts

4

Comments

951

Joined

2 yr. ago

You could create one with the normal shortcut editor, which is built right into Windows. As for considering Windows a risk, well yes it is.

Do note that I made a mistake in the original post, but the conclusion was still the same. I forgot to divide the Expected Value (EV) for all dice by 6 (the number of faces).

If you could design a die with average face value of 3, min face value of 0, max face value of 6, what would be the best die?

I'm not sure how to prove this empirically, but playing with it on my whiteboard I get a sense that the die 444222 is going to have the best EV, under the given constraints and my value assignments. The real kicker is "average face value of 3". Given that constraint, you will never be able to create a die with a positive or even zero EV using my values. Consider die 333333 and each face's value:

This die has an average face value of 3 ( (3 * 6) / 3) and we can consider changing any face up or down. But, in order to keep the average a 3, moving one face up one number requires we move a different face down one number and vice-versa. For example, if we push one face from a 3 to a 4, we must also pull one face from a 3 to a 2 to balance out the average. And because the value for positive value numbers (4, 5, 6) starts off one doubling behind the values for the negative value numbers (3, 2, 1, 0), going any further than 4 in the positive direction on a face means that another face will be pushed down far enough to cancel out the benefit of going to a 5 or beyond.

To look at it another way (the way I did on my whiteboard), let's just consider a two sided die (a coin flip). Using the same values for each number, we can consider a 33 coin. This has an EV of -1 ( (-1 * 2) / 2) and an average of 3 ( (3 * 2) / 2 ). Now, move the numbers, but keep the same average of 3. Moving to a 42 coin changes the EV to -1/2 ( (+1 + (-2)) / 2 ) and the average is still 3 ( (4 + 2) / 2 ). The EV got better. So, let's take another step in each direction. We get a 51 coin with an EV of -1 ( (+2 + (-4)) / 2) and the average is unchanged at 3 ( (5 + 1) / 2 ). And going to a 60 coin takes us to an EV of -2 ( (+4 + (-8)) /2 ) with a average of 3 ( (6 + 0) / 2 ). This means that the best coin for this scenario is a 42 coin. Taking that coin idea back to the die, you can think of the die as a bunch of linked coins. If you want one face to be a 5 the one face must be a 2, which would be worse than having the pair of faces be a 4 and a 2. So, to maximize the EV, you want to create a bunch of 42 pairs.

Of course, we could fiddle with multiple faces at once. What about a 622233 die. Well, it gets worse. EV is -2/3 ( +4 + (-2) + (-2) + (-2) + (-1) + (-1))/6).
Maybe a 522333, EV is -5/6 ( (+2 + (-2) + (-2) + (-1) + (-1) + (-1)) / 6). Again, since lower numbers get a more negative valuation faster than higher numbers get a positive valuation, you just really don't want to let numbers get any lower than necessary. The 42 paring just happens to hit a sweet spot where that effect isn't yet pronounced enough to cause the EV to drop off.

So ya, while I don't know the maths to prove it. I'm gonna say that the 444222 probably maximizes the EV under the given model.

This is going to be a teaching moment for cyber security.

This really is solvable with a KeePass setup, but it is harder. I use KeePass and host my own Nextcloud instance. One of the files I have up there is my KeePass database. If I need one of my passwords, I access it from my phone and type it in. If I really, really wanted to drop my password database on someone else's computer, I could login to my Nextcloud instance via a web browser, pull down the file and run KeePass as a portable executable (not installed). It'd be a PITA (and there are some caveats around this process), but it's certainly possible.

That said, online password managers make sense for a lot of use cases. I generally recommend BitWarden when people ask me for what to use. The whole "KeePass and manual sync" answer really only works for those folks who want to self host lots of things. And it brings its own set of risks with it. I'm the type of weirdo who is running splunk locally, feed all my logs into it and have dashboards setup (and looked at regularly) dealing with security. I have no expectation that my wife will do that and so she uses BitWarden.

I think the most important thing to convince people of is "use a password manager". The problem TommySoda brought up is very real:

While I understand that password reuse is a problem I also understand that remembering 50+ passwords, because literally everything requires you to make an account, is impossible.

The hard thing to teach people is that, you don't actually need to know those 50+ passwords, nor should you care what they are. With a password manager, they can be the crazy unique 20 character, random string of letters, numbers, symbols, upper and lower case characters. And you won't care. Open the website, and either copy/paste the password or (if you password manager supports it) use the auto-type feature. There are risks to each; but, nothing will ever be without risk. Just please folks, stop reusing passwords. That's bad, m'kay.

Option C "222444".
I coded successes as positive values and failures as negative values. I arbitrarily used a doubling for each greater success/failure level and came up with the following value coding:

This results in the following expected values for the offered dice:

A: -2
B: -1
C: -1/2
D: -1

All dice are bad, option C is the least bad. And this kinda makes sense. For option A, you may have a fantastic success, but you are also just as likely to complete crash out. And a "crash out" should happen after very few rolls. Option B is a slightly less extreme version of this, but any gains from the 5 results should be more than wiped out by the 1 results. And those should be happening with similar frequency. Option C is again the same thing, but with a slower circling of the drain. 4 results let you recover some, but the 2 wipes out that 4's benefits and more resulting in a slow decline. And option D is just straight out bad, every result is a failure.

It seems that the only good choice is not to play. ;-)

EDIT: I realized, I made a mistake in my original numbers, I forgot to divide by 6. And this is why coffee should come before math. The conclusions are still the same, but the numbers are different. I've corrected those.

I'm going to go with option C with the following reasoning:
I'm going to assigned (somewhat arbitrarily) the following values to each outcome:

This codes failure outcomes as having a negative value and success outcomes as having a positive value, with the value doubling for each increase in success/failure. So, the expected value for the 4 options are:

A: -12 B: -6 C: -3 D: -6

Meaning all of the options are bad, but the least bad is option C. And this makes some intuitive sense. You have an equal chance of success or failure and while no success will be all that spectacular, you will also never suffer a spectacular failure. Die A seems like an interesting choice, but you would expect to suffer a catastrophic failure about half the time and that may end your ability to keep rolling. Die B is a slightly less bad version of die A, and may be an ok choice, if a 1 result doesn't result in you no longer being allowed to roll. Though, if you are not able to stop rolling whenever you want, a 5 outcome is likely to be wiped out fairly soon. Die D is just straight out bad. It always results in a failure; so, there is no point playing.

Thank you.

I was introduced to it when it was still Hero’s Quest (and EGA)

This is the version I always play. There's something just "right" about the EGA graphics and text parser. A clicky interface will never replicate:
Hut of brown, now sit down

There's probably a lot of nostalgia in the choice, but my all time favorite game is Quest for Glory: So You Want to be a Hero. The game was just the right mix of fantasy, adventure and humor for a young me, and I still go back an play it about once a year. A close second is Valheim. It's kinda my "cozy game". I find building and exploring relaxing, and there's enough fighting to keep the game from getting boring.

For indoor rock climbing (probably outdoor as well): you need, at least, two pairs of climbing shoes. One pair will be out for a re-sole and you can use the other. Though, don't buy your own shoes until you are sure you're going to stick with it for a while. No point ending up with used shoes you'll never use again, because you finally decided the sport isn't for you.

Sounds more like a feature than a bug.

I tried that, I ended up with this weird "Windows 11" adware installed and couldn't get rid of it. There was also a problem with odd programs and advertising showing up in my Start Menu, even after I removed them. Also, my settings would occasionally just change, without my knowledge or permission.

It depends on the environment. I've been in a couple of places which use Linux for various professional purposes. At one site, all systems with a network connection were required to have A/V, on-access scanning and regular system scans. So, even the Linux systems had a full A/V agent and we were in the process of rolling out EDR to all Linux based hosts when I left. That was a site where security tended to be prioritized, though much of it was also "checkbox security". At another site, A/V didn't really exist on Linux systems and they were basically black boxes on the network, with zero security oversight. Last I heard, that was finally starting to change and Linux hosts were getting the full A/V and EDR treatment. Though, that's always a long process. I also see a similar level of complacency in "the cloud". Devs spin random shit up, give it a public IP, set the VPS to a default allow and act like it's somehow secure because, "it's in the cloud". Some of that will be Linux based. And in six months to a year, it's woefully out of date, probably running software with known vulnerabilities, fully exposed to the internet and the dev who spun it up may or may not be with the company anymore. Also, since they were "agile", the documentation for the system is filed under "lol, wut?"

Overall, I think Linux systems are a mixed bag. For a long time, they just weren't targeted with normal malware. And this led to a lot of complacency. Most sites I have been at have had a few Linux systems kicking about; but, because they were "one off" systems and from a certain sense of invulnerability they were poorly updated and often lacked a secure baseline configuration. The whole "Linux doesn't get malware" mantra was used to avoid security scrutiny. At the same time, Linux system do tend to default to a more secure configuration. You're not going to get a BlueKeep type vulnerability from a default config. Still, it's not hard for someone who doesn't know any better to end up with a vulnerable system. And things like ransomware, password stealers, RATs or other basic attacks often run just fine in a user context. It's only when the attacker needs to get root that things get harder.

In a way, I'd actually appreciate a wide scale, well publicized ransomware attack on Linux systems. First off, it would show that Linux is finally big enough for attackers to care about. Second, it would provide concrete proof as to why Linux systems should be given as much attention and centrally managed/secured in the Enterprise. I know everyone hates dealing with IT for provisioning systems, and the security software sucks balls; but, given the constant barrage of attacks, those sorts of things really are needed.

It's a good thing we have a stable government, which isn't about to suffer a shutdown or has some self-important asshole who might get the NTSB shutdown before they can investigate what happened.

Ah, shit.

It was kinda thought of in the '50s. Ford's concept the Nucleon was to use a fission reaction to heat water, which was used in a steam turbine engine. One of the issues folks worried about was, what happens in a crash? No, no one with a clue worried about a nuclear explosion, but the release of radioactive material would have been a real concern.

Some of this might change with the use of fusion. But, it's going to be a long time before a fusion reactor would be small/light enough to slap in a car. At the moment, we haven't really demonstrated a reactor which can commercially produce a net output of power. There has been some small scale experiments which technically produce more power than is used to initiate the fusion; but, that also relied a bit on an accounting trick (they only counted the energy of the lasers themselves, not the total energy used).

Also, when you get down to it, this is the ultimate goal of electric vehicles. Maybe someday, most of our electricity will come from grid scale fusion reactors. Those will charge the batteries which drive EVs. Moving the reactor into the car itself could happen some day. On the other hand, considering how poorly some folks maintain their cars now, would your really trust them to maintain a reactor? Again, not worried about explosions or anything silly. But, the release of radioactive material might still be a concern. It's probably safe to just use batteries and keep the reactors locked up in large facilities.

This is exactly the problem, they have no accountability for bad updates causing hardware to become unusable. So, Q&A just becomes a needless expense and untested firmware is dropped on users. Sure, you could try and sue, or more likely get fucked by a binding arbitration clause. But, the cost would be far beyond what the device costs. So, it never makes sense. There need to be fines when this shit happens, which are significant percentages of worldwide revenue, to scare companies into actually testing updates before they are released.

In the end, all we can do is shake our heads and remind folks to never buy HP. They put out great products 30 years ago, but those days are long gone. Now, they just put out crap.

Why do you expect to receive someone else's work for free? Part of the reason the web has become so enshitified is that no one is willing to pay for anything anymore. We all expect everything to be "ad supported", and then we act shocked when everything is covered in ads.

That said, there are usually open source alternatives for most software packages out there. They may not have complete feature parity or have quite the same slick UI as the commercial products. But, they do tend to be both free in terms of cost and ads. E.g for image editing, there is Gimp. It's not going to replace Adobe Photoshop in professional spaces anytime soon. But, for a home user who isn't willing to shell out the Adobe Tax, it's a reasonable choice.

But, the reason so much is paywalled is because everything takes time and money to create. Someone has to pay that cost. Maybe it's advertisers, maybe it's a dedicated team of volunteers. But increasingly, creators are asking users to pay directly.

Decades ago, my father would have some fun with the receipt checkers at Costco. After a shopping trip, we'd commonly have lunch at the cafe in Costco. When leaving the store, he'd hand the receipt checker the receipt for lunch rather than the receipt for the items bought. More than half the time, the checker would just swipe the receipt with a highlighter (their way of marking it "checked") without noticing that it was the wrong receipt. So ya, it's complete security theater. Anyone with a modicum of thought can figure ways around it, and it only accomplishes inconveniencing the people who aren't trying to get away with anything.

Wall Street questioned how much pain President Donald Trump will let the economy endure through tariffs and other policies in order to get what he wants.

Trump wants to celebrate the 100th anniversary of the Great Depression with an even bigger one. It'll be the Greatest Depression. With bigly unemployment! More economic pain than you can imagine. And Canada will pay for it!

I think the most surprising thing here is that 60% of networks don't allow any/any. I swear, the number of devs I've had to convince that they don't actually need to plop their MySQL backend on the open web, to allow their web front end to reach it, is way higher than it should be. Folks moved their workloads to "the cloud" and decided that we needed to internet like it was 1999.