HackerLangs
TopNewTrendsCommentsPastAskShowJobs

cesarb

no profile record

comments

cesarb
·vor 11 Tagen·discuss
I saw plenty of mechanical typewriters by the 80s/90s, when I learned typing at school. A relative of mine also taught a typewriter course, with several different mechanical typewriter models. Everyone I know who had a typewriter had a mechanical one. I don't think I've ever seen an electric typewriter in person; I've only read about them in the Internet. They don't seem to have been that widespread to me.
cesarb
·vor 12 Tagen·discuss
> Fill the room with typewriters.

Playing devil's advocate: one reason I'm good at typing on computers is that I learned on typewriters, which need much more force for each key press, especially the little fingers. Someone who learned on computer keyboards won't have trained the muscles on their fingers as much, and will have a hard time pressing the outer keys strongly enough (and if you press the keys too lightly, the mechanism won't hit the ink ribbon with enough force to transfer the ink to the paper).
cesarb
·vor 15 Tagen·discuss
> Realtek makes some pretty affordable networking chips but their Linux drivers can be a real gamble. Either it works out of the box or you're in for years of messing around.

And that's when it's a legitimate Realtek chip. Many years ago, I bought a 100M Realtek Ethernet card, expecting it to work out of the box on Linux; but it was actually a counterfeit, using a Silan chip instead of a Realtek chip, and the out-of-tree Linux driver (for Linux 2.4) that came with it on the CD was actually a driver for the Silan chip with the numbers filed off. I ended up writing and submitting a Linux 2.6 driver for it, just to make people stop blaming the Realtek driver for not working with the unrelated Silan chip.
cesarb
·vor 18 Tagen·discuss
> nobody else should ever be using my machines in the first place, and if they are, I'm going to have larger issues than what OS they decide to try to boot.

The threat model secure boot was actually designed to protect against is not someone else booting a different OS in your hardware; the real threat model it protects against is malware loading before the OS can start the antivirus. With UEFI, malware could in theory run even when you boot from your OS install media, making it much harder to detect and remove. That's the reason installing your own secure boot key requires a one-time confirmation through a physical input device (which malware can't fake).

Unfortunately, protecting against that threat model (persistent malware loading before the OS) created another threat model, which IMO is a bigger worry: that you could one day be forbidden from running your own OS in your own devices. AFAIK, there have already been a few devices where secure boot cannot be disabled, your own secure boot keys cannot be enrolled, and the "third party" (aka "non-Microsoft") key is not available.
cesarb
·vor 22 Tagen·discuss
> You could've changed the setting that puts the button back on the lower left corner and saved your relative the trouble.

Nice, I didn't know that was possible; I expected it to be unchangeable, since I heard that the whole taskbar is no longer customizable in newer Windows releases.
cesarb
·vor 23 Tagen·discuss
> There is an assumption that by now everyone knows what the menu in the bottom left corner does

Except that... it's no longer in the bottom left corner! Recently, I had to help a relative with a Windows system, and what passes for the "Start" button has now moved to somewhere more in the center (and, of course, this completely confused my relative, who was used to the old place). I also had to rant about Fitt's law (without mentioning its name) and how things were better the way they were before. And I also had to find out and show them where the shutdown button ended up this time, so they could power off the computer normally (as they were used to) instead of having to use the power strip switch.

And the issue I had to help with? Windows was too slow (to the point of nearly unusable). They don't use the computer often (and obviously always power it down after each use), so it's always running some heavy background update (on a mechanical hard drive) whenever it boots up. My advice was to power it up and let it sit for about an hour before using, then it would be back to normal speed.
cesarb
·vor 25 Tagen·discuss
> their proposal usually begins by proposing that it "should" be possible to just compile Linux as C++ software

That has already been done in the past. Quoting the FAQ:

"[...] the kernel was once modified to be compiled under g++. That lasted for a few revisions. People complained about the performance drop. It turned out that compiling a piece of C code with g++ would give you worse code. It shouldn't have made a difference, but it did. Been there, done that."
cesarb
·vor 26 Tagen·discuss
> It’s fairly easy to build your own kernel packages from vanilla sources in Debian.

IIRC, Debian has a command called "make-kpkg" which does nearly all the work for you, ending up with a installable package which works identically to the standard Debian kernel packages.
cesarb
·vor 28 Tagen·discuss
> You have to run coal feeders, blowers, and water pumps for an hour before you can spin the generator.

That's probably the reason most grid black start facilities in my country (Brazil) are hydroelectric dams, which need none of these.
cesarb
·letzten Monat·discuss
> Magnifica Humanitas is that rarest of treats, a 40,000-odd word AI policy document written in Latin.

I stopped reading at this sentence. If you go to the source (https://www.vatican.va/content/leo-xiv/en/encyclicals/docume...), you can see it's available in eight languages, none of them being Latin. In fact, I read elsewhere a few days ago that one of the novelties of this one is that, unlike all the preceding ones, it's not written in Latin; the Wikipedia article (https://en.wikipedia.org/wiki/Magnifica_Humanitas) also says that ("The encyclical was the first to be published without an official Latin version. This followed a recent change to Vatican regulations permitting such documents to be drafted in other languages.[4]").

If the article gets it this wrong already in the third paragraph, it's not worth reading any further.
cesarb
·letzten Monat·discuss
> Rust does not bring more performance. Just more safety.

Though more safety can in some cases bring a bit more performance. For instance, with Rust you can often avoid "defensive copies" of objects.
cesarb
·vor 2 Monaten·discuss
> That's unfortunate, because it's precisely why things like this will keep happening.

I have the opposite opinion. Its use being rare means CPU designers have less need to optimize for that rare case, and hardware optimizations are precisely where these kinds of issues tend to pop up.

And high 8-bit registers are a x86-specific feature, other CPU families don't have it. So that special case being less optimized (or even pessimized) is not much of a loss.
cesarb
·vor 2 Monaten·discuss
> I wouldn't have problems with AI-generated code, but LLMs are not AIs, they are random sentence generators.

AI includes a lot of technologies, LLMs being just one of them. Several of these technologies use probabilistic algorithms, so having randomness does not disqualify something from being classified as AI.
cesarb
·vor 2 Monaten·discuss
> people who grew up in developing countries or even in extremely rural areas of Western countries who grew up with water unsafe to drink before boiling it off will be even more skeptical.

I'm Brazilian. We learn early in school that water must always be boiled or filtered before drinking. I'd feel very uncomfortable drinking water directly from plumbing, no matter how much some people say it's safe.

Every place here (and I don't say that lightly, I don't think I've ever seen an exception) has either a water filter connected to the plumbing (for unlimited on-demand filtered water), or at least a separate standalone filter, or sometimes a drinking fountain which gets its water from large mineral water containers (and it's normally real mineral water bottled from real mineral springs, not that nonsense that is adding minerals to tap water and saying it's mineral water).

Edit: and IIRC, there's a law that bars and restaurants must provide filtered tap water to their clients without extra cost when requested. Even the law requires filtering.
cesarb
·vor 2 Monaten·discuss
No, Web 3.0 was the Semantic Web: https://en.wikipedia.org/wiki/Semantic_Web
cesarb
·vor 2 Monaten·discuss
That's the promise of self-driving cars.

Every time an issue is found, no matter how minor, it's fixed and updated everywhere. From now on, every car of that model (and future models, and related models) will no longer have that problem. Several passes of that improvement cycle, and self-driving cars become safer (and more efficient/comfortable/etc) than human drivers. At least, that's how it's supposed to work.
cesarb
·vor 2 Monaten·discuss
> Doing terrible work every 2 years is better than doing it every day?

And by skipping some releases, you will have less of that work. When something is changed in one release, then changed again on the next one, by waiting you only have to do the change once, instead of twice. And sometimes you don't even have to do anything, when something is introduced in one release and reverted in the next one.
cesarb
·vor 2 Monaten·discuss
> It's important to look at the actual vulnerability at the context, and not just list any CVE which matches by version.

Unfortunately, that's not enough. Even if the vulnerable parts of the code are not being built, heck even if they have been completely erased from the source code, the auditors will still insist that you're vulnerable and must immediately upgrade, or else they will give your software a failing grade.
cesarb
·vor 2 Monaten·discuss
What you're missing is that, to create a signature, you need to know the private key corresponding to the public key; it's an asymmetric algorithm.

> Client takes its own public key and the server's public key and creates this signature.

According to https://www.rfc-editor.org/rfc/rfc4252#section-7 client takes its own public key, the "session identifier", and a few other things, and creates this signature (using the private key corresponding to that public key). According to https://www.rfc-editor.org/rfc/rfc4253#section-7.2 that "session identifier" is a byproduct of the key exchange.

> MITM can take its public key and the client's public key and send the resulting signature to the server instead of forwarding what it received from the client.

That's not possible, since the MITM doesn't know the client's private key (and using a different public key will be rejected by the server).

> Do pretty much the same exact thing: MITM PK + Server's PK -> Client. Now client has a signature as well. The signatures that client and server have are different but that is OK as long as MITM can see and change all communication.

You're confusing the Diffie-Hellman Key Exchange with the Public Key Authentication Method. When you MITM the key exchange, the shared secrets the client and server have are different (one side has a secret derived from the client and MITM keys, the other side has a secret derived from the MITM and server keys), but that works as long as the MITM can see and change all communication (basically, decrypting it and encrypting it again).

But since the secrets are different, the session identifier is also different. The MITM can't forward the signature from the client since the server will fail to verify it due to the mismatch in the session identifier; the MiTM can't create a new signature with the client public key since it doesn't have the corresponding private key; and the MITM can't create a valid signature with its own public key (and the corresponding private key) since that key won't be in the authorized keys list for that user account in the server.
cesarb
·vor 2 Monaten·discuss
> Other comments say that this mitm stops working when you use public key authentication.

It doesn't completely stop working; a MITM can still pretend to be the server, it just can't authenticate to the real server on your behalf. You could be doing all your work in a fake server controlled by the attacker, while the real server sits there untouched.