HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ahlCVA

1,366 karmajoined vor 5 Jahren

Submissions

Valve open-source the Steam Machine e-ink screen so you can make your own

gamingonlinux.com
610 points·by ahlCVA·vor 8 Tagen·114 comments

Black Box Probing: A Security Analysis of Xiaomi's MJA1 Secure Chip

blog.quarkslab.com
3 points·by ahlCVA·vor 19 Tagen·0 comments

German ruling declares Google liable for false answers in AI Overviews

the-decoder.com
1,021 points·by ahlCVA·letzten Monat·552 comments

Programming the Apollo Guidance Computer in Blockly

neil.fraser.name
3 points·by ahlCVA·letzten Monat·0 comments

The Empty Field That Wasn't: GPS, OTAD and Two Decades of Encrypted Broadcasts

lsc-pagepro.mydigitalpublication.com
3 points·by ahlCVA·letzten Monat·0 comments

Ugetty: A modern, lightweight, multi-protocol Getty

github.com
2 points·by ahlCVA·vor 2 Monaten·0 comments

You're probably taking the wrong painkiller

dynomight.net
4 points·by ahlCVA·vor 2 Monaten·0 comments

[untitled]

1 points·by ahlCVA·vor 3 Monaten·0 comments

Linux PTP mainline development war story and new features

bootlin.com
25 points·by ahlCVA·vor 3 Monaten·0 comments

A Server That Forgets: Exploring Stateless Relays

blog.torproject.org
1 points·by ahlCVA·vor 3 Monaten·0 comments

Conway's Game of Life, in real life

lcamtuf.coredump.cx
12 points·by ahlCVA·vor 4 Monaten·1 comments

Sashiko – an agentic system for Linux kernel changes

lore.kernel.org
4 points·by ahlCVA·vor 4 Monaten·1 comments

The Need for Understanding (2025)

blog.information-superhighway.net
2 points·by ahlCVA·vor 4 Monaten·0 comments

Ucode

ucode.mein.io
1 points·by ahlCVA·vor 4 Monaten·0 comments

Help us test WEBCAT alpha

securedrop.org
2 points·by ahlCVA·vor 4 Monaten·0 comments

AI controls is coming to Firefox

blog.mozilla.org
34 points·by ahlCVA·vor 5 Monaten·29 comments

Building cryptographically verifiable integrity into Linux systems

amutable.com
7 points·by ahlCVA·vor 6 Monaten·0 comments

Rust for C Programmers

rust-for-c-programmers.com
6 points·by ahlCVA·vor 6 Monaten·3 comments

SoundSlab: How It Started

craigjb.com
2 points·by ahlCVA·vor 6 Monaten·0 comments

ASCII diagrams extracted from open source code-bases

asciidiagrams.github.io
3 points·by ahlCVA·vor 6 Monaten·0 comments

comments

ahlCVA
·vor 15 Tagen·discuss
It seems like it doesn't do this for Code 128 (possibly because it is variable-width?). It definitely works with EAN13 though - I tried it locally using only the TTF file.
ahlCVA
·vor 15 Tagen·discuss
Barcode fonts have been around for ages. But what's cute about this one is that it can calculate the EAN13 checksum on its own.
ahlCVA
·vor 17 Tagen·discuss
This isn't without downsides though: As somebody with a niche technical hobby, it is hard for me to order from many suppliers because they understandably don't want to deal with consumer protection laws and thus exclude B2C transactions outright ("Verkauf nur an Gewerbetreibende").

I would be fine with waiving my right to returns but this is not possible on purpose, so my only options are to shop somewhere else (often not possible) or found a company (not possible because it would be Liebhaberei - "Running a company without intent to make profits").
ahlCVA
·vor 2 Monaten·discuss
Whenever one of these vulnerability apocalypse posts comes along I cannot help but think of the Litany of Gendlin:

  What is true is already so.
  Owning up to it doesn't make it worse.
  Not being open about it doesn't make it go away.
  And because it's true, it is what is there to be interacted with.
  Anything untrue isn't there to be lived.
  People can stand what is true,
  for they are already enduring it.
I cannot wrap my mind around why people think finding vulnerabilities is bad. The code already was broken before somebody published the vulnerability. The difference now only is that you know about this.

Imagine somebody finding a flaw in a mathematical proof and everybody being sad because a beautiful proof got invalidated rather than being glad future work won't build on flawed assumptions.

I get that the rate of vulnerability discovery can be a burden, especially for people doing FOSS in their spare time, but the sustainability problem with that has always existed and only gets exacerbated by the vulnerability stuff, but the latter isn't the cause you need to make go away.
ahlCVA
·vor 2 Monaten·discuss
Apple implements the USB-C/USB PD specs to a t and is unforgiving if you don't do either.

At work, our quick test for if a device implements USB PD correctly is to plug it into an Apple power supply (optionally with a PD protocol sniffer in line). If it doesn't work (either no/intermittent VBUS or the wrong VBUS), it's always been the case that the device is doing something wrong.

It can be annoying but strictly speaking their fault.
ahlCVA
·vor 6 Monaten·discuss
Obviously the two aren't the same (especially given the need to do routing), but I've always found it amusing that in the systems world, capability-based systems (i.e. making it impossible to address things you aren't allowed to access) are gaining traction while the philosophy in the networking world seems to be going in the opposite direction (make it possible to address everything, i.e. IPv6 vs. NATted IPv4, then add filtering).
ahlCVA
·vor 6 Monaten·discuss
Calling publishing API docs "open-sourcing" is a bit hyperbolic, but as token gestures go, it's at least worth a little bit.

I'm not familiar with those devices in particular, but I wish vendors would take steps to make life easier for after-markt firmware developers especially once devices go EOL by doing things like proactively dropping a GPL tarball and giving people a way to disable secure boot locks on devices that have them.
ahlCVA
·vor 6 Monaten·discuss
This is a per-credential setting, so you can have your SSH signing key be a no-touch key and still use touch confirmation for everything else.

(see "uv" option here https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-cl... - the -sk key types in SSH are just a clever way of abusing the FIDO protocol to create a signing primitive)
ahlCVA
·vor 7 Monaten·discuss
For what it's worth: You can set no-touch-required on a key (it's a generation-time option though).
ahlCVA
·vor 7 Monaten·discuss
There is also a relatively modern capability-based kernel in the L4 family of microkernels, called Fiasco.OC: https://os.inf.tu-dresden.de/fiasco/overview.html

There are also a bunch of components for building a functional userspace (such as L4Re or Genode).
ahlCVA
·vor 9 Monaten·discuss
SNI leakage is what encrypted client hello (ECH) tries to solve: https://blog.cloudflare.com/announcing-encrypted-client-hell...

It's still not perfect since you're still leaking information about the privacy set implied by the outer ClientHello, but this possibly isn't much worse than the destination IP address you're leaking anyway.
ahlCVA
·vor 9 Monaten·discuss
Relevant SSC blog post: https://slatestarcodex.com/2015/01/31/the-parable-of-the-tal...

Starting from very similar observations but drawing the causality arrow in the opposite direction (alignment follows from talent).
ahlCVA
·vor 10 Monaten·discuss
Previously: https://news.ycombinator.com/item?id=38664729
ahlCVA
·vor 10 Monaten·discuss
Whenever people complain about the energy usage of LLM training runs I wonder how this stacks up against the energy we waste by pointlessly redownloading/recompiling things (even large things) all the time in CI runs.