Microsoft is demanding US taxpayer provide loans to bring this plant online. It has been sitting there for 50 years…

… You understand so little.

Here you go.

https://www.technologyreview.com/2024/09/26/1104516/three-mile-island-microsoft/

In March, the Palisades Nuclear Plant in Michigan got a loan guarantee from the US Department of Energy’s Loan Programs Office to the tune of over $1.5 billion to help restart.

https://www.constellationenergy.com/newsroom/2024/Constellation-to-Launch-Crane-Clean-Energy-Center-Restoring-Jobs-and-Carbon-Free-Power-to-The-Grid.html

Constellation signs its largest-ever power purchase agreement with Microsoft, a deal that will restore TMI Unit 1 to service and keep it online for decades; add approximately 835 megawatts of carbon-free energy to the grid; create 3,400 direct and indirect jobs and deliver more than $3 billion in state and federal taxes

Nowhere is it Microsoft demanding anything. It’s the owners of the power plant itself that got the LOAN (loans get repayed btw… in case you’ve forgotten what the word means). And it’s easily identified that the workforce increase in skilled labor means more taxpayers paying more money to taxes. And look at that! the added state and federal revenue will 2x the loan amount YEARLY.

So can you answer the fucking question now?

Oh, and you continue to ignore my point as well, so I’ll ask it again… If there are more nuclear plants… thus more production for things used to create and maintain nuclear plants. Will the cost to produce MORE nuclear energy go down?

Edit: to drill the point home though… let’s say government bad, lets spend little as possible (which I’m generally whole-heartedly for)… 1.5 billion to make 3,400 high paying jobs for 30+ years… That’s a fucking no brainer spend. You should WANT this spending. There’s lots of shit to complain about with the government. Providing a loan that will be paid back that will make THOUSANDS of highly skilled jobs… This ain’t it chief.

Yes, cost is going up because people expect mega corps to pay for their infrastructure investment lol

So you think that companies don’t pay for electricity? That they’re not part of the “profits” the electrical company has on the books?

Man… I wish I could just get free electricity for my company. Oh… and I pay higher rates at my commercial space for less usage than I do residentially.

But right! That’s companies somehow getting some freebie from “the people”.

Oh, and you continue to ignore my point as well, so I’ll ask it again… If there are more nuclear plants… thus more production for things used to create and maintain nuclear plants. Will the cost to produce MORE nuclear energy go down?

show me when was last time that price of electric went down for the end consumer?

I didn’t say price of electricity would go down. I was talking about the price to produce and maintain nuclear plants would go down.

Considering that electricity usage overall is on an upward trend, especially with things like electric cars becoming more and more mainstream. Also with things like inflation being a thing… It would be stupid to think that prices would ever straight up come down. However the cost to maintain more production could stifle/stunt how fast the prices increase.

Also… At my last house. Our electrical company rebated a not insignificant amount of money to each house based on usage for the year due to costs coming down for some stuff. So… about a year and a half or maybe 2 years ago for me personally?

Not sure why you’d expect prices to go down at all though when society/government is also pressuring the electrical companies to install “renewables” by the boatloads as well. There’s costs associated with all that. The money has to come from somewhere.

I had this argument on nextdoor a few weeks back. Our local electric utility made some 500million in “profit”. But have a mandate to be 60% renewable by 2028, and something like 80% by 2030, which 100% some time after that. If you do the math on how much the coal/nat oil plants produce, and estimate a cost for a solar farm… You realize that while it’s a profit this year… it won’t be a profit over time, virtually all (the math came out to like 93% of it) needs to get earmarked and put towards solar to get to those renewable mandate numbers. So yes. costs are going to keep going up if people like you act like nuclear getting spun up is a sin.

Edit: clarity

Edit: what is with this trend on lemmy the past few months of picking one specific sentence and ignoring the context of the rest of the fucking post? I even talk about “at scale”. It’s not hard to look at my post and think of supply/demand economics. Demand being super low because we only have handful of nuclear plants mean that a lot of suppliers just aren’t around anymore. As demand goes up, in the short term market will demand price to go up. But eventually demand will continue to increase where there is a supply void and new production will come as long as other factors don’t kill it. And Production at larger scales is ALWAYS more economical. This is literally econ 101 type shit.

sure nuclear would be great… but this aint for us ;)

Yes it is. Every plant that’s live, means that things can be done more and more at scale, which drives down the price overall. In this narrow specific case, Microsoft will drive down the price which will make the already appealing nuclear (aside from NIMBY folk who will never give in because of their ignorance) even MORE appealing for baseload handling. Every plant, private or public will increase engineer knowledge and production of parts (increasing scale) which is better overall for nuclear.

And overall, these companies are going to increase their power load regardless. I’d rather new power production go to the better technology that won’t actively poison the environment. Driving down the % of power generated by coal/oil should be universally applauded. Even if it’s just new implementation of a large workload.

Does no one care about power consumption?

It takes several SSDs to make up the capacity difference between an HDD.

I run 62 16TB HDDs. To make up the same capacity in SSDs I need 2-4x the bays. I don’t know of any cheap systems that can hold ~250 bays of ssds.

So an SSD that may only take 1-3w all day… 2-4x that is already equal to the HDD regardless. You’re not going to make any ROI metric here.

My guess is that it’s the easiest and cheapest way to set up “MFA”.

TOTP is cheaper.

SMS is actually expensive at scale. An example would be Signal, the messenger app that doesn’t use SMS. They have overhead for sending backup codes/new account creation/Verification/etc… https://www.wired.com/story/signal-operating-costs/ 6 million a year. API integrations for SMS messages/codes are still like 1-5 cents per message.

TOTP’s requirements? A reasonably accurate clock on the server, and storing the shared secret in a database.

Stopping processes is actually a user space action.

Now you backpedal and say

Pretty much all code is making requests to the kernel.

But I don’t know what I’m talking about? Sure. We’ll go with that if it makes you feel good. I only literally taught it at a post-grad level at an R1 institution, but what do I know.

It’s side stepping the kernel. That’s the whole point.

You’re getting it! Kind of at least. The anti-cheat actually modifies the kernel (in an extension kind of way, like drivers do). That’s the point though. Which seems to have repeatedly whooshed over your head. But I can only say it in so many ways and be ignored. Good luck. Hope I don’t run into your code.

Stopping processes is actually a user space action. You can do it without admin rights btw. Even if it popped the admin screen that’s still not a kernel level action.

Absolutely not. Task management is the job of the operating system/kernel. You can request to end a job/task. The kernel will do it on it’s own time. UAP prompts are attempts to elevate permissions so that you can access higher kernel calls.

https://linux-kernel-labs.github.io/refs/heads/master/lectures/syscalls.html#linux-system-calls-implementation

https://unix.stackexchange.com/questions/111625/how-does-linux-kill-a-process

You can make requests the to the kernel. If you have permission/ownership to the process the kernel will work through the sigterm/sigkill to meet your request. It is not a user space action at all to kill a process, you make requests to the kernel to do it. Hell in linux it’s even more obvious as you can instruct the kernel on HOW you would like to kill the task and even then it may not follow your direction. https://www.man7.org/linux/man-pages/man1/kill.1.html with kill being a kernel tool. If you spawned the process, then you have permission/ownership to the process. But my point in the previous post was that anti-cheats can reach into the system, reading dlls and such that are absolutely NOT user space to begin with, require elevation beyond user space to install.

Yeah that it’s considered malware. I did Google it and there’s nothing saying that.

Seriously? You can’t find anything? You sure about that? Cause I can literally pull up thousands of articles and forum threads by literally typing “is vanguard anti-cheat malware?” or “is easy anti-cheat malware?”

https://forums.malwarebytes.com/topic/288793-easy-anti-cheat-launcher-detection/

Heuristics detect these things for what they are. Anti-virus software have to whitelist them because people choose to play the games anyway.

https://www.techguy.org/threads/is-valorant-vanguard-a-malicious-rootkit-or-not.1267682/

https://www.pcgamer.com/the-controversy-over-riots-vanguard-anti-cheat-software-explained/

The name is appropriate, because Vanguard doesn’t just sniff around for cheats when Valorant is running: It starts up with Windows and keeps an eye on other processes whether or not you’re playing Valorant at the time. […] Vanguard detects software with vulnerabilities which could be exploited by cheat makers, and blocks some of it.

https://www.sp-cy.com/article/is-valorants-anticheat-spyware/

Vanguard cannot be easily fully disabled since after manually quitting the process, a system reboot will be required to be able to open Valorant again.
The EULA prevents any legal recourse against Riot Games.
Valorant/Vanguard sends encrypted data to Riot. Which is Chinese owned by a giant corporation called Tencent.

Let’s attack this question from another perspective. Do you trust a games developer to properly develop kernel code? Most people BARELY trust Microsoft to do it these days. And you can’t review/evaluate it yourself at all. You have no fucking clue what they’re doing and never will. We’ve seen what happens when random companies inject shit into the kernel like crowdstrike did. You think that these anti-cheat softwares are acting in your interest when they’re being implemented and paid by a corporation? How can you look at these anti-cheats that have made backdoors on systems, cause people everywhere unstable kernels/BSODs, send data about your system without permission, interacts with software on your system that isn’t their code, etc… and say they’re not malicious?

but so far at least I’m happy with the bandwidth.

Oh for sure, it’s boatloads and I love it… but I’m in the market for a /28. I want to hand them like $40 extra a month. LET ME PAY YOU QUANTUM/LUMEN/CENTURYLINK/LEVEL3. It’s effectively free money as once it’s setup there’s nothing that changes or goes down. There’s so little maintenance/upkeep cost to it that I just don’t understand why they don’t want to print free money.

This is already a risk whether via the existing thumbnail storage

Not anymore. You can opt out of it for the most part.

# Leave images unchanged, don’t generate any local thumbnails for post urls. Instead the the
# Opengraph image is directly returned as thumbnail
“None”

Yeah that was 19.4. It’s doesn’t proxy everything unless explicitly set to. Just thumbnails I believe. But I could be wrong. And many instance owners would be allergic to that as it leaves them on the hook for storing content. For example… someone posts CSAM… a copy of that is now on your server. You get police raided and you’re fucked.

https://github.com/LemmyNet/lemmy/blob/705e86eb4c0079d0775f0c1490968f1183095fcc/config/defaults.hjson#L51

Actually going over it briefly looks like it has a few available options for what it will cache…

I refuse to enable it myself for the above reason. I would venture 99% of instances out there would also refuse for liability and bandwidth costs.

Can you see which communities I follow?

Wouldn’t need to see it directly. If someone was to tag enough posts they could deduce it over time. Eg, I could post on every community on every lemmy in the fediverse and over time I can be reasonably sure which communities you follow as you’d see these post in your feed and tracking images would populate your view of them as you scrolled. Would take very little automation to do it.

Which feeds I watch (and when I do that)?

Yes… because it’s possible to use “normal” images to track who’s downloading those images, what addresses/user agent/referrers over time is powerful. After enough time, it’s entirely possible to deduce which feeds/communities you’re watching. Eg, if I post 10 different items, and 3 of them come back to your specific IP address, I would have a really good estimate on which feeds you’re likely on. Do this at scale and I bet you could deduce it completely and probably with much less time and hassle than you’re thinking. Hell because of my reverse proxy I can see EVERYONE who loads my profile picture. I see ALL the users to run into my posts on complete fucking accident. Lemmy loads /inbox to pull that data.

Hell this is the core reason why everyone pushes back on 3rd party cookies these days. It made this tracking trivial. Tagging every page with some image or asset that forces a connection is effectively the same thing.

Who I interact with through DMs?

I’ve already stated clearly that this would be the hardest thing. Just because there’s one or 2 things that would be hard or impossible to obtain (even over time) passively or as a complete outsider doesn’t make the rest of the argument wrong. All it would take is either site operator to leak the data, any type of MITM, etc… to leak the plaintext content of your DMs. Hell federation leaks where it sends data outside of the expected subscribers has happened. Then you have to also realize that many instances use services like Cloudflare or other WAF solutions to stop DDOS’s and such… Those nodes can read the plaintext DMs and all federation data. Any malicious actor that manages to break any single part of the chain has access to it all… and it can be quite trivial in many instances to do so.

The Lemmy system is not “secure”. It’s not meant to be. Everything on the fediverse is public and all of your actions here are trackable by many parties in many ways even outside of the operators of both ends of the federation action itself. Including how you’re connecting and using the system.

DMs alone, and actual hashed passwords are not really needed for a third party threat to act malicious and get all of the aggregated data they’d ever want. You pointed out specifics, I answered those specifics. Then you pivoted to other shit that I ALREADY outlined. This argument is super disingenuous.

Source for what in specific?

That stopping processes is a kernel action? Go ahead. Open powershell and ask it to close some other system process… The UAP prompt (if you’re on windows, linux will just fail silently most of the time unless you sudo or are root) that shows up is the kernel validating that you even have permissions to do that. The kernel handles ALL task scheduling/management. When you close something you’re asking the kernel to do it. The kernel also handles ALL file management and driver management (drivers being extensions of the kernel). So the fact that it can read other active DLLs and such hooked into other processes (say your graphics drivers) is literally proof.

That industry agrees that it’s malware? Depends on which part of industry I suppose. But if it’s able to do all these actions at the kernel level, and attached itself it to other software to install, often doesn’t uninstall when you remove the game it was attached to, AND gets flagged by anti-viruses that don’t have it whitelisted yet… It’s definitionally malware. Go search for “Is <insert anticheat> malware”. Very few people will argue that they’re not.

Hell it’s possible for anti-cheats to write to UEFI if they really wanted to. There’s no legitimate reason for that level of access, 0, none.

I’ve addressed the points you’ve brought up. I run my own instance. I can collect just about everything in the DB tables I’ve seen without being logged into the instance with some external work.

Are you trying to get my point? If you have a specific item that you believe is stored on a lemmy server that you think isn’t possible to obtain. I’m all ears. otherwise I think this conversation is done. This kind of response is pointless and I’m not interested in continuing if you’re going to act like that.

The hardest thing to collect would be private messages, and login information (which is hashed btw, so even your server operator doesn’t really know it). But messages are plaintext and openly federated. All the other information is really really easy to collect through other means.

They have kernel access… They can control anything since they’re in the kernel. And yes, I’ve seen it.

If you remember back in the late 2000’s early 2010’s there were a boatload of apps that would hook into games to do things like display overlays for chats (Teamspeak for example, overwolf as another.) some kernel anti-cheats would stop those processes from starting up.

But don’t take my word for it.

https://www.pcgamer.com/according-to-experts-on-kernel-level-anticheat-two-things-are-abundantly-clear-1-its-not-perfect-and-2-its-not-going-anywhere/

I’m less worried about developers abusing kernel access, and more concerned with potential vulnerabilities introduced for third-party actors to exploit. Rigney cited two examples: the infamous Extended Copy Protection (XCP) from Sony, which bad actors used to compromise affected systems, as well as a backdoor vulnerability introduced by Street Fighter 5’s kernel level anticheat. In 2022, a ransomware developer also took advantage of Genshin Impact’s kernel level anticheat to disable antivirus processes.

Introduces backdoors to be used by malicious actors.

https://www.pcgamer.com/the-controversy-over-riots-vanguard-anti-cheat-software-explained/

Vanguard detects software with vulnerabilities which could be exploited by cheat makers, and blocks some of it.

Blocks external softwares that it deems “vulnerable”

https://old.reddit.com/r/gaming/comments/xf1cwr/the_insanity_of_eas_anticheat_system_by_a_kernel/

This is far from the first time that boot level firmware or kernel mode code inserted via patches or drivers have been used to install spyware, but every time I see it happen I want to warn users about the consequences, and provide some information about the danger.

Kernel devs beg users to not allow this shit.

Just look it up. All sorts of articles and experts have spoken on it.

Taking kernel level actions to stop processes on YOUR machine is absolutely taking control of the system.

Kernel level anti-cheats meet every requirement. Just because you think there’s gymnastics going on doesn’t make it so. It’s actually well established in the security field that they count.

I’m not sure that Nintendo has any pull in any Middle Eastern country or China.

But all of this is moot as the lawsuit is in the US… And Nintendo would just tell the streaming services to ban them over and over again.

that kind of threat doesn’t work when they can just tell your country to arrest you for breaking the law.

That assumes the country gives a shit. Many countries simply do not care about what Intellectual Property you “own” or created in some other country.

but that instance owners have even more, probably more valuable info, like IP addresses from which not just geolocation but also wake times, device usage patterns and other gnarly stuff could be extracted, that could - together with other personalized surveillance info (like the usual adware stuff) - be aggregated to give a bigger picture.

I have IP behind the geolocation. How do you think that I know the geolocation? It’s an IP lookup. My interface that I shown in the image just doesn’t publish it because I don’t care personally. What I use that service for is simply to track where sensitive emails/documents go. Not to track lemmy. I don’t need specific resolutions. Just to know if they leak outside of what I expected.

Device patterns? The app you use is the app you use. That would be given away via your browser header. I also collect that with the tracking image. Just once again. Not shown in the graph cause I don’t care to track it personally (I’m only doing this as an example, not to actually aggregate data).

If you use lemmy over the web browser, browsers don’t really give up that much information unless you’re google themselves. In which case apparently chrome gives up a boatload of information to google’s domains.

not-so-public information

You’d have to give me an example of any of what you’re referencing. I can collect IP, web headers, access times, and if I tag enough pages or mark the image as non-cacheable could even see multiple views/accesses (you see views higher than actual visitors) I can track your movement across all of the fediverse.

that one can get some info about me through my (public) actions

Simply “viewing” the page (which pulls the image and is not necessarily “public”) is a direct rebuttal to obtaining data that isn’t “public”.

Malware isn’t defined by its privileges but what it does.

Correct… and anything that intercepts all system calls and forces closed applications that it deems “not safe” even if I the user specifically run it is malware. You bet your ass they feed back information to the mothership too.

And btw, if you’re accepting the “Spyware” moniker from the other comment chain. Spyware is a form/category of malware.

Definition from Malwarebytes:

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations.

Hostile - it’s not meant to help you at all. If you’re doing something deemed “unsafe” in their eyes. They will take action up to and including stealing your money that you paid for the game. intrusive - embeds itself in the kernel Intentionally nasty - Well it’s not accidentally nasty.

invade - attached to games with little to no input on what you’re installing. disable computer systems - specifically the software you paid for Taking partial control over a device’s operations - the whole fucking kernel.

I’d say meeting the VAST majority of the definition and at least one portion of each category is sufficient to call them all malware.