yeah, about twice a year I use the CLI to backup my vault, and I’ve never felt comfortable installing an npm package to handle my vault. Now I’m definitely sandboxing it in a rootless container without internet next time. And installing a week old version, or older.

reposting the tl;dr I wrote from another community…

Yesterday, for about 1h30min (starting at 5:57pm ET / 21:57 UTC) anyone installing the latest version of the command line interface of bitwarden was installing malware.

The malware steals GitHub/npm tokens, .ssh, .env, shell history, GitHub Actions and cloud secrets, then exfiltrates the data to private domains and as GitHub commits and doesn’t seem to be targeting Bitwarden specifically, or user vaults.

There’s no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised, according to their official statement.

It seems there were 334 bitwarden CLI downloads in this time period, some or many of which might have been from bots, so this is a higher bound to the number of affected users.

yeah, I think the whole “water” argument really dilutes the case against data centers.

On a serious note, the argument works for areas that already struggle to supply enough water for consumers. Otherwise, we should be focusing more on the power stress to the grid, and the domino effect on supply chain of hardware cost increases that it’s happening across many industries. It started with GPUs, now it’s CPU, storage, networking equipment, and other components.

If these prices are too high for a couple of years, we’ll start seeing generalized price increases as companies need to pass along the costs to consumers.

It’s not, I read the code. It’s not merely asking the LLM for recommendations, it’s using embeddings to compute scores based on similarities.

It’s a lot closer to a more traditional natural language processing than to how my dad would use GPT to discuss philosophy.

No, it also doesn’t do that. It gets embeddings from an LLM and uses that to rank candidates.

no one is saying everyone has to ask an LLM for movie recommendations

chill, this is extracting text embeddings from a local model, not generating feature-length films

that’s like saying “no jet use is benign” meant for comparing a private jet to a jet-ski

the generative aspect is not even used here

There’s no training, the LLM embeddings are used to compare the plots via a cosine similarity, then a simple weighted score with other data sources is used to rank the candidates. There’s no training, evaluation, or ground-truth, it’s just a simple tool to start using.

that’s pretty cool, this is just the wrong crowd, don’t worry about the downvotes

“Jonathan”

until you need to update them, or when you need recovery when travelling

Aegis + syncthing for remote backups

idk what to tell you, because I just tried it and it works

ah, this puts it together and it’s exactly what I was looking for, thanks

ah yes, I stopped watching the guy because of that and the clickbait, but he does make some interesting content sometimes.

so you haven’t tried it recently

maybe last you tried it was over 6 months ago, maybe you’re using the old google assistant, or idk, but it definitely works for me

yeah, that’s what I’m looking for. Do you know of a way to integrate ollama with HA?

1. They can and do; 2. LLMs can do tool calling just fine, even self-hosted ones.

I don’t quite get what this is supposed to do. Is it basically a software to allow jellyfin/plex users to request media without needing a radarr/sonarr account?