Qwen Code CLI sandbox bug

If you are running `qwen -s` or `qwen --sandbox` and everytime you need to reauthenticate, There is a bug in qwen-code:0.10.1 docker image.

The CLI tool mount host `~/.qwen` directory to the container /home/node/.qwen directory: See https://github.com/QwenLM/qwen-code/blob/9adad2f369bbeea7e7295614f3e3e5342d20ce5a/packages/cli/src/utils/sandbox.ts#L433

But there is a recent commit which removed `User node` from the docker image. See: https://github.com/QwenLM/qwen-code/commit/5c949136432e91a90d2b565116d73fe498fcc262#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557L40

Work around 1 - Rebuild Docker and get it back to run with user node

check out the qwen-code project, update the Dockerfile, revert some of the change of the commit back and then `npm run build:sandbox`.

Work around 2 - Hack installed qwen-code script in node_modules

Find the `cli.js` in the node_modules installation. Find the line `/home/node/${SETTINGS_DIRECTORY_NAME}` and change it to `/root/${SETTINGS_DIRECTORY_NAME}`. 

Work around 3 - Rebuild Docker and symlink /root/.qwen with /home/node/.qwen

checkout out the qwen-code project, update the Dockerfile to symlink /root/.qwen to /home/node/.qwen like this

Both workaround 2 & 3 worked for me. 

Workaround 1 is "better", as it adheres to the rule of giving least/minimum access to the execution user, but it is slightly more complicated to get right and I couldn't quite get it to work yet.

Analysis: Websites Using Prebid.js Without Google Publisher Tag

Executive Summary

Our investigation into websites using Prebid.js without Google Publisher Tag revealed a surprising trend: despite extensive testing across multiple categories of websites, we found no major publishers that exclusively use Prebid.js without Google Publisher Tag. This finding is particularly relevant in light of recent anti-trust litigation against Google in the digital advertising space.

Key Findings

Testing Results

• Tested over 60 websites across multiple categories (news, tech, entertainment, gaming, newspapers)
• Found that nearly all websites using Prebid.js also use Google Publisher Tag
• No websites found using Prebid.js without Google Publisher Tag
• Some websites use neither technology

Industry Context: Google's Anti-Trust Issues

Recent developments in the ad tech industry provide important context for these findings:

1. Department of Justice Lawsuit (2023-2024): The U.S. Department of Justice filed an anti-trust lawsuit against Google, specifically targeting its dominance in the digital advertising ecosystem. The lawsuit alleges that Google has monopolized ad tech markets through anti-competitive practices. [^1]

2. European Union Actions: The EU has also taken regulatory action against Google regarding its advertising practices, including concerns about preferential treatment of Google's own ad tech products. [^2]

3. Publisher Dependency: The lawsuit has highlighted how publishers have become heavily dependent on Google's suite of advertising tools, creating barriers to adopting alternative solutions. [^3]

Analysis of Findings

Why Publishers Continue Using Both Technologies

1. Market Dominance: Google's dominance in the ad tech ecosystem means publishers often feel compelled to use Google Publisher Tag to maintain access to Google's demand sources and ad exchange.

2. Revenue Optimization: Publishers may use Prebid.js for header bidding to increase competition among demand sources while still relying on Google's ad server for guaranteed deals and direct-sold inventory.

3. Technical Integration: Many publishers have legacy systems built around Google's ad tech stack, making it difficult to transition to alternative solutions.

4. Demand Access: Google's ad exchange provides access to significant demand that publishers may be reluctant to forgo.

The Paradox of Independence

Despite the anti-trust concerns and the availability of alternative ad servers, our findings suggest that publishers are not moving away from Google's ad tech stack. This could be attributed to:

1. Switching Costs: The technical and operational costs of migrating to alternative ad servers may outweigh the benefits for many publishers.

2. Revenue Risk: Publishers may fear revenue loss if they abandon Google's demand sources.

3. Technical Complexity: Managing multiple ad server technologies can be complex and resource-intensive.

Implications for the Ad Tech Industry

Impact of Anti-Trust Litigation

The ongoing anti-trust litigation against Google has brought increased attention to the concentration of power in the ad tech industry. However, our findings suggest that:

1. Behavior Change Slow: Despite legal challenges, publisher behavior has not significantly shifted toward abandoning Google's ad tech stack.

2. Market Inertia: The complexity and risk associated with changing ad tech infrastructure creates significant market inertia.

3. Alternative Solutions: While alternatives like Amazon Publisher Services, Index Exchange, and other non-Google ad servers exist, adoption appears limited among major publishers.

Future Outlook

The relationship between anti-trust pressure and publisher behavior remains complex:

1. Potential Regulatory Changes: If the anti-trust lawsuit results in regulatory changes that limit Google's ability to favor its own ad tech products, we may see more publishers exploring alternatives.

2. Industry Evolution: The ad tech industry continues to evolve, with privacy regulations and changes in browser behavior driving innovation in alternative solutions.

3. Publisher Empowerment: Initiatives to promote publisher independence and competition in ad tech may gain momentum as regulatory pressure increases.

Conclusion

Our investigation reveals that despite anti-trust concerns and legal challenges facing Google in the ad tech space, major publishers continue to use both Prebid.js and Google Publisher Tag. This suggests that while publishers may embrace header bidding solutions like Prebid.js to increase competition among demand sources, they remain reliant on Google's ad serving infrastructure.

The lack of publishers using Prebid.js without Google Publisher Tag highlights the entrenched position of Google in the ad tech ecosystem and the challenges facing alternative ad servers in gaining broader adoption. As regulatory scrutiny continues and the industry evolves, it will be important to monitor whether publisher behavior shifts toward greater independence from Google's ad tech stack.

This finding underscores the importance of continued regulatory oversight and industry initiatives aimed at promoting competition and publisher independence in digital advertising.

Code

Github repository: https://github.com/lsiu/sites-with-prebid-without-gpt

References

[^1]: U.S. Department of Justice. (2023). "Justice Department Sues Google for Monopolizing Digital Advertising Technologies." https://www.justice.gov/archives/opa/pr/justice-department-sues-google-monopolizing-digital-advertising-technologies

[^2]: European Commission. (2019). "Antitrust: Commission fines Google €1.49 billion for abusive practices in the area of online advertising." https://ec.europa.eu/commission/presscorner/detail/en/ip_19_1770

[^3]: Miles Kruppa, Dave Michaels (2023). "DOJ Sues Google, Seeking to Break Up Online Advertising Business" The Wall Street Journal. https://www.wsj.com/us-news/law/u-s-sues-google-for-alleged-antitrust-violations-in-its-ad-tech-business-11674582792

Tools to help understand ads on websites

• Professor Prebid - https://chromewebstore.google.com/detail/kdnllijdimhbledmfdbljampcdphcbdc?utm_source=item-share-cb
• Add `google_console=1` as a URL query parameter to the URL to load the Google Ad Manager | Publisher Console

Try out Qwen CLI in a docker container sandbox

Overview

This run Qwen in a docker container and mount your current working directory into the docker container which qwen runs on. 

Why? This limit the damage it can do if these things get out of control. E.g. it tries to run rm -rf / , it on effects your current directory and kills the docker container. 

Preqrequisites

1. Docker Desktop

2. Qwen account -> Register on https://chat.qwen.ai/, it is free.

Command Line

Run Qwen CLI in *nix

docker run --rm -it -v .:/src ghcr.io/qwenlm/qwen-code:latest sh -c "cd /src && qwen"

Run Qwen CLI in Windows

docker run --rm -it --mount type=bind,source=.,target=/src ghcr.io/qwenlm/qwen-code:latest sh -c "cd /src && qwen

RAG with local quantized LLM model

While there are many Retrieval Augmented Generation (RAG) post out there, many of them rely on external LLM APIs such as OpenAI or Amazon Bedrock, etc. 

How well do they work with quantized LLM models that can run locally? I got one here, and it works quite well for me.

How I chose Generali home insurance in 2023?

I read through multiple home insurance comparison sites such as MoneySmart and MoneyHero, and articles/sites such as those from 10life, spacious.hk, and even this old article in 2012 from Consumer Council, and still have no clue which insurance to get. There are too many "features'' offered by these insurance companies, and it just muddles the water. What it comes down to is really knowing what I want want out of the home insurance, and it comes down to 2 things:

1. Third-party legal liability protection
2. Insurance for my home content

I went through all the insurance company that offers home insurance: Zurich, FWD, Generali, Blue Cross, Dah Sing, QBE, AIG, Allied World, Prudential, HSBC/AXA, AXA, MSIG, AIA, Pingan, One Degree, Bank of China Group (BOCG), Sompo, Hong Leong and  Allianz, and got their annual premium, third party legal liability protection amount and home content insurance amount and calculated the Legal Liability Insured per $ and Home content insured per dollar. I rank them all in this spreadsheet.

Legal Liability Insured per $

Rank	Company	Rate	Coverage	Insured per dollar
1	AXA/HSBC 2	1680	20,000,000.00	11,904.76
2	Prudential Premier	1360	15,000,000.00	11,029.41
3	Prudential Harmony	990	10,000,000.00	10,101.01
4	One Degree Standard	1025	10,000,000.00	9,756.10
5	Pingan	1066	10,000,000.00	9,380.86
6	Dah Sing Plan C	1280	12,000,000.00	9,375.00
7	Blue Cross Plan B	980	9,000,000.00	9,183.67
8	One Degree Plus	1342	12,000,000.00	8,941.88
9	One Degree Prestige	1690	15,000,000.00	8,875.74
10	Generali	888.89	7,500,000.00	8,437.49

Home Content Insured per $

Rank	Company	Rate	Coverage	Insured per dollar
1	Generali	888.89	1,000,000.00	1,125.00
2	Sompo 2	900	1,000,000.00	1,111.11
3	Prudential Premier	1360	1,500,000.00	1,102.94
4	Sompo 1	1000	1,000,000.00	1,000.00
5	Pingan	1066	1,000,000.00	938.09
6	Dah Sing Plan C	1280	1,200,000.00	937.50
7	AIG Standard	1280	1,000,000.00	781.25
8	One Degree Standard	1025	800,000.00	780.49
9	Blue Cross Plan B	980	750,000.00	765.31
10	Blue Cross Plan A	1580	1,200,000.00	759.49

The AXA/HSBC Plan 2 offer was quite tempting, given its high legal liability total coverage and insured per dollar. This is especially true after reading unverified information from forums such as this one from baby-kingdom where the poster claimed “someone forgot to turn off the water, flood the elevators and have to pay 15 million Hong Kong dollars for damage”. However, the home content coverage is a little low at only HK$600,000, which doesn’t even make it to the top 10 for home content insured per $.

Did someone really pay HK$15 million for damage to the building’s elevator? Hard to say. Doing my own research, I found a couple of news articles that put claims of flood damage to elevator(s) at up to K$1 million for this case (2022) and HK$3.5 million for another case (2019). It is a good idea to take even news articles with a grain of salt these days, so if anyone in the elevator repair industry or home insurance industry knows what a “sensible” amount to insure for, please do share!

At the end of the day, I chose Generali, with annual premium at only HK$888.89, with the HK$7.5 million legal liability coverage (rank #10) and HK$1 million dollar home content coverage (rank #1).

For less than HK$200 extra, Pingan also seems like a decent choice for my situation, with annual premium at HK$1,066, you can HK$10 million legal liability (rank #5) and HK10 million home content (rank $5) insurance coverage.

For an extra few hundred dollars per year, Prudential Premier with annual premium at HK$1,360, with HK$15 million and HK$15 million is also a good choice if I move into a more upscale condo and I own more expensive stuff in my home.

Proluxury PDE001060 dehumidifier will not turn on!

This is the second dehumidifier that won't turn on for me. The first one was a busted tactile switch. I am prettier sure of that because I opened up the dehumidifier to access the circuit board. I was able to short circuit across the switch and the dehumidifier will turn on. First time round, as a spoiled developed-world brat, I just bought another dehumidifier, a Proluxury pde001060 dehumidifier.

This time I also opened up the dehumidifier. Long and behold, another busted tactile switch. I short circuit across the switch pins, and the device turn on.

Took out the circuit board of the dehumidifier.

It actually locked burnt out!

"Not again!?", as my daughter will put it. And as an engineer, this is totally not acceptable, so I go about my journey to fix it. Time for some Googling.

First off, Google Lens. Yup, found images of the switch, but none of the linked sites tell me the model or where to buy it.

Good thing my google-fu is up to snuff. Measure the size of the switch, let's try "6mm tactile switch". 

Is that 5 or 6mm? as I squint to try and red the tape measurer. Good thing digital zoom on phone camera are awesome these days.

Mouser did some excellent SEO, and they are one of the first site to show up. 4 pages worth of 6mm switches. After looking through a few switches, I narrowed it down to the FSM12JH model and it is only HK$1.28! Great! Add to cart, checkout.

Wait a minute, HK$125 for shipping!?

Wait a minute, HK$125 for shipping? Err... That is why Taobao is your friend. CNY 0.5 per switch HK$ 12.31 shipped to Hong Kong. In fact, it was so cheap I am worried that they won't bother with my order, or have some hidden MOQ. I double check with the seller to see whether they are okay to just ship 4 pcs to Hong Kong, and they are okay with that. I end up buy 10pcs, don't know why....

Buy and shipping from Taobao to Hong Kong is so affordable!

Ordered on Sunday 12/12, goods arrived on Friday 12/15. I ordered way more than just the switches, from shops across China, so the shipping took a little longer than if I just ordered the switches. This is expected.

Hohoho! I went a little nuts with the 12/12 discounts.

Busted out by soldering and de-soldering skills.

Fixed!

   

It will be a lot easier to just by a new dehumidifier, but what a waste for just a busted switch. I am glad I gave it a try and managed to fix it.