I’ll be honest I just asked the question to an LLM and just wanted to hint at what was potentially dangerous about new carpets.

So all I can offer is to share the conversation in question with the LLM and advise caution on the reliability of the informations.

I checked some of the references but not all of them so as any LLM response, you should probably verify it.

Deepseek’s response :

https://chat.deepseek.com/share/k4o5j2jxvbwx9rt2n2

Excerpt :

⚗️ Chemicals of Concern in New Carpet

The “new carpet smell” comes from a mix of volatile organic compounds (VOCs) released from materials like synthetic fibers, latex backing, and adhesives. Key chemicals include:

· 4-Phenylcyclohexene (4-PC): The primary source of the “new carpet” odor, linked to eye and respiratory tract irritation.

· Styrene and Formaldehyde: Used in carpet backing and binders, known to be irritants and potential carcinogens.

· Benzene and Toluene: Often found in adhesives, these are among the most harmful VOCs.

· Polybrominated Diphenyl Ethers (PBDEs): Flame retardants added to many household materials. Cats with hyperthyroidism have shown PBDE levels three times higher than healthy cats.

· Perfluorochemicals (PFCs): Used in stain-resistant treatments. A study found dogs and cats had significantly higher levels than humans.

Not OP but it appears to be a warning about the off-gassing of brand new carpets that can be dangerous to cats.

I’ll be honest that’s a bit of a red flag to me. Anyone can get hacked, sure, but we don’t know what malware was shipped with the builds, we don’t know what vector the hackers used to infect the builds.

So I’m not sure I would be willing to give my YT credentials in this context.

Anyway, since I have a WebOS TV :( I guess I will have to endure the official WebOS app for now…

Interesting ! Thanks for the suggestion.

Although I usually have issues with third party clients all the time.

On Android for example I used the following clients so far :

• Vanced YT
• Revanced YT
• Freetube
• Newpipe
• Morphe
• Grayjay

All of them eventually failed or were down for extended durations. Point is, these third party apps are always vulnerable to YT purposefully sabotaging them.

But I will try it out anyway I don’t have much to lose.

PS : Hmmm, on Smart Tube’s Github :

My development environment was infected by unknown malicious software, as a result of which a few builds may have been affected. Once the issue was detected, I secured everything with a full disk wipe, restored a clean setup, and now all builds are scanned with VirusTotal. The F-Droid version will also be verified before release.

PS2 : My SmartTV is on WebOS, LG’s proprietary OS…

They also said they play a lot of games so might as well have everything included. Especially when “onboarding” a former Windows user…

Most of the time I dont see any ads on YT and I watch a lot of content there. It’s getting harder to not get ads there on all my devices but it’s doable.

But when I go see my parents, I use their smartTV to watch YT. And I realize how horrible the experience is with all the interruptions and the impossibility to just focus on what you are watching.

And yesterday I got multiple time ads for a crypto scam called Ryxero or something. The scam was using AI clones of Bernard Arnault, a french billionaire, pretending you could win 1000€ a day…

The scam also had deepfakes of news outlets pretending that people in France were “queuing to ATM” to get their money…

I think it’s absolutely unacceptable that YT let them serve crypto scams to millions in complete impunity.

I will try to report the scam to authorities. I also reported it to YT but I dont expect them to act. The 3mn long ad was paid by an american business called “EX” which I think serves their scam abroad through YT in complete impunity.

For me the scam and AI clones is obvious but how many got scammed with the complicity of YouTube ? Hundreds ?

C’est la guerre. La haine de l’autre camp est présente des deux côtés. Et il y a probablement des idiots qui veulent s’attaquer aussi aux civils des deux côtés.

Apres qu’un soldat d’un camp souhaite tuer le plus de soldats de l’autre camp c’est pour moi la simple réalité d’une guerre.

Euh c’est vraiment un problème si des nazis meurent sur le front en combattant contre la Russie ?

Disons que si le commandement ukrainien les envoyait sur des missions à haut risque sur le front :

Ils ne pourraient que difficilement refuser au risque de passer pour des lâches et puis ils ne reviendraient peut être pas ?

You should recommend Nobara then.

Here would be my list of games that I think are either enriching or artistically so noteworthy they have to be shared as much as possible, and also that would run on fairly basic hardware :

• Factorio (with the space age DLC) : This is a game about logistic and automation. It teaches a lot and could even open new paths for younger players. It teaches you to itterate, to optimize and to scale things up. I think it’s very much educational. It’s not for everyone but for some it might be a great opportunity to learn.

• Hades : Great game to discover the Greek mythology. Beautiful artistic direction and outstanding music.

• Ball X Pit : Less educational or artistic but a great game for all to have some Arcady fun. I think it would fit well for a game to be borrowed for a few hours of fun.

• Hifi Rush : Am amazing rhythm game that should run on modest hardware.

• Dredge : A beautiful game about fishing. Great story and art.

• Stray : 🐱

• Outer wilds : Do I really need to explain why ?

• Dispatch : A story game that would fit very well to be borrowed in a digital library.

So a bit of an eclectic list with some games that requires to have at least an old gaming setup or at least slightly modern integrated graphics but I believe many people would at least like one of these game and grow from it.

I suppose they use JavaScript to hash your password locally so all haveibeenpwned has is your hash.

It’s certainly not full proof but it means a simple MITM attack wouldn’t be that bad.

The risk would be that the JavaScript in question would be compromised for the whole service. Also if the machine of the user is already compromised well I would argue that password is already useless anyway. If someone has a keylogger on your system, ihavebeenpwnd would be the least of your concern.

So it’s never foolproof but some risk can be mitigated.

Hashes are a powerful tool enabling easy check of leaks without exposing directly any user password.

Edit: Hmm there is much better explanations than mine on hashes on here, probably disregard the above comment.

I agree completely that it is scary we use extensively something that we truly dont understand. But even with the cleanest and most open source and open weights model ever, this statement would be just as true.

With parameters in the billions all interacting with each others it’s extremely hard to analyse. LLM are inherently hard to understand fully not really because of the opaqueness of the training data but rather the raw number of parameters involved in inference.

I would certainly be more appreciative of an open weights model were we destroy the environment (I have no choice in that) but at least we get the resulting matrix of parameters rather than OpenAI shit were we have absolutely nothing.

IMO a model like Deepseek is most certainly a clone of someone else model that published their open weights. An open weights model enabled someone else to build on top of whatever controversial base was used. So at least it can be used by a wider audience and the original trainers don’t have their say in what you do as long as you respect the licence.

I think the above process has pretty much nothing to do about the struggle of some linux dev losing hair trying to make sense of a Microsoft obfuscated binary…

I guess many will not share that “lesser evil” point of view on open weights model but it’s not like anybody is gonna stop the AI conglomerate to do their shit in the complete dark and under no regulation whatsoever.

But a model isn’t “compiled”.

The weights are fully readable. Every single one of them.

In a binary you have to use special software to get to the source code. The weights are the source and can be freely used to create a model with. The weights are used “as is” no transformation has to be done like when reversing a closed source binary that could also use obfuscation to make it more difficult.

That’s why I would like to insist that open weights are not like a binary as they are usable as is essentially. When I use a model like that my computer is no executing the weights like instructions. They are aptly named “weights” for a reason and are a mere reflection of what the model learned through training.

Disclaimer, below this is the explanation between a closed source binary and open weights by an LLM :

A closed-source binary is like getting a sealed, opaque machine. You push a button, it gives an output. You have no idea how it works inside.

Open weights are like getting the complete, labeled blueprints (architecture) and the exact, measured specifications for every single component—every gear, wire, and circuit (weights). You don’t have the designer’s engineering notebooks (training data/recipe) or the factory that built it (training compute), but you can absolutely build the machine yourself, measure every part, swap out components, and try to improve it.

My understanding was that the weights were the “essence” of the training.

I think it’s a bit misleading to present them as “executables”.

I agree that open weights is a bit of marketing mumbo jumbo but I wouldn’t say they are akin to a closed source binary.

That being said I was just reading an article about LLM sleeper agents and their trigger words… So you can hide stuff on training and it’s fairly hard to spot with just the weights.

But again it’s not really like a black box executable. And I’ve seen many great models that successfully builds on top of an open weights model.

In the end I much prefer open weights to the very popular “‘’'openAI”“” that have opaque training and weights…

There is also the whole “Bad USB” type of vulns that is pretty scary…

What about the mention of the Apache 2 licence?

Closed source model? What do you mean?

Isn’t this open weights?

I think Bazzite is the “easiest”. But I think it would be very difficult to tinker for someone not used to Linux. It’s the plug and play option. For me the fact that bazzite tries to be immutable is a very good plus for stability on the long run. And somehow fits well for gaming on Linux. The drawback is that these immutable distro are hard to tinker with if you dont have experience with immutable package managers and so on.

CachyOS has maybe a more traditional structure but should offer good performance too.

There is also Nobara and Pop OS.

I’m on PoPOS but it’s too recent for me to give feedback for gaming. But it should work well too.

Yeah I would bet the people hosting the StopICE website knew very well they would be the target of all kinds of attacks.

That doesn’t make them cybersecurity experts but I wouldn’t be surprised they would have put multiple layers of protection on the site.

Especially when tracking ICE agents you wouldn’t want the people reporting their position to also be trackable…

I suppose to some extent that it depends on how aggressive you clean up after system updates.

It seems like on both Silverblue and NixOS there is stuff you can do to prune and cleanup unnecessary stuff.