Then you’d be surprised when you calculate the numbers!

A Falcon 9 delivers 13100kg to LEO and has 395,700kg propellant in 1st stage and 92,670kg in 2nd stage. Propellant in both is LOX/RP-1. RP-1 is basically long chains of CH2, so together they burn as:

3 O2 (3x32) + 2 CH2 (2x14) -> 2 CO2 (2x44) + 2 H2O (2x18)

Which is 2*44/(2*44+2*18) = 71% CO2. Meaning each launch makes (395700+92670)*.71 = 347 tons CO2 or 347/13.1 = 26.5 tons of CO2 per ton to orbit. A lot of it is burned in space, but I’m guessing the exhaust gases don’t reach escape velocity so they all end up in the atmosphere anyway.

As for how much a compute satellite weighs, there is a wider range of possibilities, since they don’t exist yet. This is China launching a test version of one, but it’s not yet an artifact optimized for compute per watt per kilogram that we’d imagine a supercomputer to be.

I like to imagine something like a gaming PC strapped to a portable solar panel, a true cubesat :). On online shopping I currently see a fancy gaming PC at 12.7kg with 650W, and a 600W solar panel at 12.5kg. Strap them together with duct tape, and it’s 1000/(12.7+12.5)*600 = 24kW of compute power per ton to orbit.

Something more real life is the ISS support truss. STS-119 delivered and installed S6 truss on the ISS. The 14,088kg payload included solar panels, batteries, and truss superstructure, supplying last 25% of station’s power, or 30kW. Say, double that to strap server-grade hardware and cooling on it. That’s 1000*30/(2*14088) = 1.1kW of compute per ton to orbit. A 500kg 1kW server is overkilling it, but we are being conservative here.

In my past post I’ve calculated that fossil fuel electricity on Earth makes 296g CO2 per 1 kilowatthour (using gas turbine at 60% efficiency burning 891kJ/mol methane into 1 mol CO2: 1kJ/s * 3600s / 0.6 eff / (891kJ/mol) * 44g/mol = 296g, as is the case where I live).

The CO2 payback time for a ton of duct taped gamer PC is 1000kg * 26.5kg CO2/kg / ( 24kW * 0.296kg/kW/hour) / (24*365) = 0.43 years. The CO2 payback time for a steel truss monstrosity is `1000kg * 26.5kg/kg / (1.1kW * 0.296kg/kW/hour) / (24*365) = 9.3 years.

Hey, I was pretty close!

A solar-powered computer in space could recoup the CO2 cost of its launch fuel over its lifecycle (say 10 years?) when compared to coal-fueled electricity on the ground. After that it’s free. Of course, you’d benefit more by filling up every available spot on the ground with solar arrays first! But you will eventually run out, or you might not want to do that.

If you have a megawatt solar array, you can also afford a megawatt cooling array. The size is comparable.

quantum computing is revolutionary because it allows instant transmission of information across unlimited space

False and common misconception! In quantum mechanics there is even a theorem called the no-communication theorem that mathematically proves that no information can ever be transmitted by quantum entanglement. Sorry!

Gravity—the curvature of space-time—can’t stop changes in the curvature of spacetime from propagating outward.

This is false. If it were true, you could build a device to communicate from inside a black hole event horizon. By waving around a heavy ball you would create gravitational waves that a sensitive enough LIGO outside the black hole could detect. But this is impossible. You would create gravitational waves, yes, but they would fall towards the center singularity same as you, and will never penetrate and escape the event horizon.

Use wireshark and listen on your ethernet interface. When you use tailscale, are the packets coming in/out from the tailscale server IP or the VPN ip? Check through the ip route routing table and figure out which pathway a packet will take in each use case. Might need to add a route exception specifically for the tailscale server IP to go out on the ethernet device.

PostUp = ip route add 100.64.0.0/10 dev tailscale0

Looks like you need to stick this line in the tailscale service file, since it’s the only time that the existence of the tailscale0 device is guaranteed. If you don’t want to modify the service file inside the package, could you write your own systemd service file and include the tailscale service as a prerequisite?

Also make sure that when you start the VPN first and then tailscale, you don’t get a double tunnel situation where tailscale goes out through the VPN (unless that’s what you wanted).

The exact script would depend on the use case; you’d use commands something like this:

mkdir -p /etc/netns/VPN
sh -c 'echo nameserver 1.1.1.1 > /etc/netns/VPN/resolv.conf'
ip netns add VPN
ip link add tun1 type wireguard
ip link set tun1 netns VPN

Because the wireguard device was created in the default namespace, it will “magically” remember its birthplace, even after you move its mouth (the tun1 device) to a separate namespace. The envelope VPN packets will keep going in/out in the default namespace.

ip netns exec VPN wg setconf tun1 /etc/wireguard/vpn.conf
ip netns exec VPN wg set tun1 private-key /etc/wireguard/vpn-key.private
ip -n VPN addr add 192.my.peer.ip/32 dev tun1

Get the wireguard config file from the VPN website, both mullvad and OVPN have a wizard to generate them. Your assigned private network ip is in the config file. Also get and save your device key.

ip -n VPN link set tun1 mtu 1420
ip -n VPN link set tun1 up
ip -n VPN route add default dev tun1
ip netns exec VPN su myuser -c 'firefox --no-remote'

Now all firefox (and only that firefox) traffic will go through the tunnel. Firefox has its own DNS, if you run another app it will use 1.1.1.1.

I actually do the reverse of this - I create a namespace ETH and move my eth0 device in there and attach dhcpcd to it. Then I create the wireguard tun1 device inside ETH namespace, and move tun1 to the default namespace. Then any software I run can only use the tunnel, because the ethernet device doesn’t even exist there. This keeps the routing table simple and avoids a whole class of issues and potential deanonymization exploits with the split routing table used in traditional single-namespace VPN configurations.

You can set up split tunneling yourself if you run the wireguard/OpenVPN daemon manually and move the “mouth” of the tunnel to a separate Linux network namespace.

OVPN is a 1-to-1 feature clone of mullvad (wireguard, multiple device keys, crypto payments/cash in the mail, no usernames/emails, etc.) AND has port forwarding. Switched to them when mullvad sadly closed their ports, no problems since. Can’t live without port forwarding.

That allows sending packets inside the VPN tunnel, but the outer envelope packets still need to be able to reach the VPN server.

sudo ufw default deny outgoing

I’m guessing this would block the VPN packets themselves as well.

For something like a browser, you don’t even need to “install” at all. You only need to acquire the standalone/portable executable from the browser developer’s official website. For example you get Waterfox from https://www.waterfox.net/download/. If you read the PKGBUILD, even if you can’t see through all the potential malicious tricks you’ll at least find that that’s basically all it claims to do: download a binary from official website and put it somewhere. In this case “installing” means using root permissions to stick it in /usr/bin, so all users on the computer can run it. But since almost all home computers only have a single user, you can skip having to give it (temporary) root access by saving it in your home directory instead. I also run the binary inside its own Firejail so it doesn’t even have access to my personal files. You are always trusting someone, be it the Arch maintainers, the AUR contributors, or the independent browser developers, but this way the least number of parties get the least number of permissions.

windy.com with a VPN in a private browser window. They can’t track you if they don’t know where you are!

Physical players disconnected from the internet can still receive offline firmware updates included on the discs themselves. The moment you insert a new disc, it automatically executes BD+ code that in theory could patch the firmware to blacklist an arbitrary old disc that you own. This has never yet happened with a previously-legal disc, but then again for example Amazon has never deleted purchased copies of the 1984 book from customers’ kindles, until one day when it did.

a standalone drive

Another cool/scary feature of the BluRay spec is offline firmware updates (called BD+). Any disc can contain code that runs automatically and can patch the player firmware or execute arbitrary functions. So if you have an older hacked player and you insert a newer disc into it, the AACS Consortium has the ability to brick it. Or if you “own” an older disc but the Consortium starts to dislike it for some reason (maybe they discovered that the disc was printed by a pirate publisher, or maybe there was a retroactive licensing dispute), they can include code on every newly published disc that blacklists the old disc. Even with a standalone player that you never connect to the internet, the moment you insert any new disc into it, your old “problematic” disc will be unplayable. This has never yet happened with a previously-legal disc AFAIK, but it is possible within the spec. Every player manufacturer must obey the spec and implement the BD+ virtual machine in order to be allowed to read AACS content. And if you hack your player to ignore BD+ code, then the newer disc will not play because its content may be scrambled in a way that only the custom BD+ code included with it can unscramble.

FYI, the magic about:config key that you need to set to false is “keyword.enabled”. After that Firefox will finally stop using any non-url string as a search query and will instead say say “Hmm. That address doesn’t look right. Please check that the URL is correct and try again.”

I am still sad Hitachi was too embarrassed to carry on the legacy of its name and sold off the Magic Wand brand to its subsidiary manufacturer. Hitachi, the brand name was a compliment to you, not a liability! You lost out.

Thank you for your detailed input!

It’s not even a platonic ideal - it’s drawing a supply/demand curve and thinking you understand how prices work in a market economy.

You got me 😁. I love drawing supply-and-demand curves. Seems pretty hopeless then if to even begin to understand how to vote “correctly” you need 5 years of game theory PhD. Hearing someone say “just trust me bro, the optimal strategy is that one” is not good enough. Voting was supposed to be for the masses…

drop everything to just start suing states and protesting for voting rights

I could get onboard with ranked-choice voting. My city used IRV for our latest mayoral primary election, and even though none of my ranked candidates won, I felt extremely satisfied that at least my voice was finally being heard. When a literal police-mayor got elected (winning primary by only 7000 votes), I had the comfort of full knowledge that this was not due to any spoiler effect on my part, but solely simply due to more people voting for him. If we’d campaign for ranked-choice voting in federal elections - presidential primaries and general - we can eliminate all the above hand-wringing. The Democratic party should be totally on board with this since they could finally get the Green protest vote.

So I am proposing that the Democratic party is acting irrationally and suboptimally, but you claim that the Democrats are acting most optimally, and it is the fringe left that is acting irrationally instead by refusing to accept a unfair split against all game theory guidance, causing all of us to eat shit (despite them making up only low single digits). Yet if the Democrats are so rational, how come they keep losing? Shouldn’t they have found an optimal strategy to get around the irrational ultimatum of the left? Yet here we are.