I completely understand why measuring the length of coastlines is not possible but surely measuring a trail should be doable quite easily, you could simply use a gps tracker and it would be precise enough.

I think the idea is to show we don't know the exact lengths of any paths that aren't constructed from our handful of mathematically known curves and must approximate using them instead.

If you measure with GPS coordinates, you still run into the same problem. The number of points plotted onto a curve affects the result, and then you are possibly also adding more error than you'd have compared to tracing from aerial photos.

Beginning of the 3rd paragraph agrees with you:

> But while the length of the newly designed path is easily measurable, the coastline that it follows is not.

I love tmux but one thing which really annoys me is the fact that I cannot use the mouse wheel or the scroll back to see the previous content. I know there are shortcuts to go forward and back but I always forget them and they are not easily accessible on my keyboard and cumbersome.

I think the mouse wheel is mapped by default if you `set mouse on`? I also additionally map Shift-PageUp/Down in my config. And recently they added a `pane-scrollbars` option for a clickable ASCII scrollbar.

you can see them in the report at the bottom, but I counted four. See my post above.

No matter how compromised a server gets, ideally the client should never be able to provide it unencrypted data, or data is encrypted in a way such that the server can decrypt it. It is unclear if Bitwarden has fixed this core issue or not.

That's much better, thanks. According to the Bitwarden blog post: https://bitwarden.com/blog/security-through-transparency-eth... which contains its full cryptography report at the end, all the issues have been fixed except a few which are considered part of the design (see below), so if I understand correctly you have nothing to worry about if you don't use organizations and use a strong password.

Issue 5: Organisation Key Injection (Medium)

When users interact with organizations, a trust relationship is established through the exchange of cryptographic keys. A malicious server could add users to arbitrary organizations by encrypting an organization symmetric key under the user's public key and including it in sync responses. The client would silently accept the new organization membership. Alternatively, when a user creates an organization, the malicious server could substitute the newly created organization's keys with attacker-controlled keys during the post-creation sync.

Issue 7: Disable KDF Bruteforce Protection (Low)

Bitwarden uses Password-Based Key Derivation Functions (PBKDF2 or Argon2id) to derive the master key from the user's master password. The iteration count – currently defaulting to 600,000 for PBKDF2 – provides brute-force resistance. The researchers identified that KDF settings are stored on the server without authentication, allowing a malicious server to reduce the iteration count and receive a master key hash that is faster to brute-force.

Issue 9: Malleable Vault Format and Unencrypted Metadata (Low)

The researchers identified that while individual fields are encrypted, metadata about field positions and item structure is not integrity-protected, potentially allowing field reordering or item manipulation

Issue 10: Access Violation in Organisation Collections (Low)

Organization collections enable shared access to vault items among organization members. By design, the organization symmetric key is shared with all organization members, allowing them to access collection contents to which they have specifically been granted access

> KDF settings are stored on the server without authentication, allowing a malicious server to reduce the iteration count

How though, that would also require the client to re-generate the key based on the server setting without te user choosing to do so, does it do that?

Why not allow the user to provide the seed used for the generation. That way at least we can detect if the model has changed if the same prompt with the same seed suddenly gives a new answer (assuming they don't cache answers), you could compare different providers which supposedly use the same model, and if the model is open-weight you could even compare yourself on your own hardware or on rented gpus.

AFAIK seed determinism can't really be relied upon between two machines, maybe not even between two different gpus.

That doesn't seem correct. It's just matrix multiplications at the end. Doesn't matter if it's a different computer, GPU or even math on a napkin. Same seed, input and weights should give the same output. Please correct me if I'm wrong.

https://thinkingmachines.ai/blog/defeating-nondeterminism-in... A nice write up explaining how it’s not as simple as it sounds

There are many ways to compute the same matrix multiplication that apply the sum reduction in different orders, which can produce different answers when using floating point values. This is because floating point addition is not truly associative because of rounding.

Is that really going to matter in FP32, FP16 or BF16? I would think models would be written so they'd be at least somewhat numerically stable.

Also if the inference provider guarantees specific hardware this shouldn't happen.

Wait, wouldn't it be more significant in low bit numbers, which is the whole reason they're avoided in maths applications? In any work I've ever done, low bit numbers were entirely the reason exact order was important, where float64 or float128makes it mostly negligible.

You're assuming consistent hardware & software profiles. The way these things work at scale is essentially a compiler/instruction scheduling problem where you can think of different CPU/GPU combinations as the pipelines for what is basically a data center scale computer. The function graph is broken up into parts, compiled for different hardware profiles w/ different kernels, & then deployed & stitched together to maximize hardware utilization while minimizing cost. Service providers are not doing this b/c they want to but b/c they want to be profitable so every hardware cycle that is not used for querying or optimization is basically wasted money.

You'll never get agreement from any major companies on your proposal b/c that would mean they'd have to provide a real SLA for all of their customers & they'll never agree to that.

thats not true in practice

It is definitely true across different chips. The best kernel to use will vary with what chip it is running on, which often implies that the underlying operations will be executed in a different order. For example, with floating point addition, adding up the same values in a different order can return a different result because floating point addition is not associative due to rounding.

Something like a perplexity/log-likelihood measurement across a large enough number of prompts/tokens might get you the same in a statistical sense though. I expect those comparison percentages at the top are something like that.

That has always been a thing since the invention of computers. The great thing about computers is that they do exactly what you ask them to do. The problem with computers is that they do exactly what you ask them to do.

from 1864:

> On two occasions I have been asked, — "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" In one case a member of the Upper, and in the other a member of the Lower, House put this question. I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.

https://en.wikiquote.org/wiki/Charles_Babbage#:~:text=226-,P...

The first Dune game (https://en.wikipedia.org/wiki/Dune_(video_game)) was the first video game I played as a child, it was amazing and it aged a bit better than Dune II in my opinion.

Why would they do that? When I started learning VIM more than 20 years ago, one of the main reason was that it (or vi) was already present and installed in every possible Linux system.