HackerTrans
TopNewTrendsCommentsPastAskShowJobs

emidln

no profile record

comments

emidln
·vor 27 Tagen·discuss
It's common to write the thrush combinator as a lisp macro. Clojure ships ->, ->>, as->, some->, some->>, cond->, and cond->> out of the box. You can find similar macros for CL[0], Racket[1], and a scheme SRFI[2]. Writing them is a fun exercise in your lisp of choice if you don't have a library available.

[0] https://github.com/dtenny/clj-arrows

[1] https://docs.racket-lang.org/threading/index.html

[2] https://srfi.schemers.org/srfi-197/srfi-197.html
emidln
·letzten Monat·discuss
If an airline pilot is so bereft of fortitude that they perceive a political wifi network name as a threat, they should be disallowed command of the aircraft. They need therapy. Mental weakness like this should not be tolerated in those responsible for the safe operation of human lives.
emidln
·vor 3 Monaten·discuss
At least on a personal max account, I can't max every window. There is also weekly limit. If I max every window, I run out of tokens halfway through the week.
emidln
·vor 6 Monaten·discuss
I probably enjoy ELF hacking more than most, but patching an ELF binary via LD_PRELOAD, linker hacks, or even manual or assisted relinking tricks are just tools in the bag of performant C/C++ (and probably Rust too, but I don't get paid to make that fast). If you care about perf and for whatever reason are using someone else's code, you should be intimately familiar with your linker, binary format, ABI, and OS in addition to your hardware. It's all bytes in the end, and these abstractions are pliable with standard tooling.

I'd usually rather have a nice language-level interface for customizing implementation, but ELF and Linux scripting is typically good enough. Binary patching is in a much easier to use place these days with good free tooling and plenty of (admittedly exploit-oriented) tutorials to extrapolate from as examples.
emidln
·vor 7 Monaten·discuss
I wish env -S was more portable. It's a newer feature of the coreutils env implementation and isn't supported elsewhere afaik.
emidln
·vor 7 Monaten·discuss
How: You've ran the test on a bunch of hosts and create a spec from ranges.

Why: you might be concerned with network connectivity (you don't get to choose which data center you launch in and it might not be exactly equal), noisy neighbors on shared hosts, etc. if you're measuring for networking, you probably are spinning ups separate accounts/using a bank of accounts and something in every az until you find what you're looking for.
emidln
·vor 7 Monaten·discuss
I'm not a CISO just a random dog on the internet, but this open letter seems to assume that privacy is not a part of your security posture and that spear phishing isn't common these days. (Is 'spear phishing' still the term for targeted electronic scams to steal credentials/access?)

I realize not everyone is using a physically stripped burner, a graphene os install, etc and not everyone works at a high value financial, govt, or infra target but for those of us who need to deal with opsec or are commonly targeted by spear phishing this advice seems abysmal.

In the current political climate of the US, if you are living or traveling here and the current party isn't cheering for you personally, you really should be considering both state-sponsored attacks and no longer have the luxury of assuming good faith by the state. Telling people to enable cheap drive by attacks that are in active use by certain government agencies is irresponsible malpractice at best and actively evil at worst.

Source: I've worked at analytics companies that actively deanonymized users using cookies when available. We used wifi and Bluetooth details when available. We built "multi channel marketing" which was just taking any information we could scrape from the user to fingerprint them and cross reference and deanonymize them so we could sell interactions to businesses like geofenced price discrimination, value of users, and could offer cross website information on shopping habits/financial profile. The shit I did 15 years ago didn't go away and no matter how much I wish I didn't write that, it was the tip of the iceberg and relatively benign.
emidln
·vor 7 Monaten·discuss
> Forward collision warning has misfired on 2 occasions on me in the last 3 years

My Lexus is afraid of a bush behind my garage in the alley. It's on a neighbors property and not really overgrown, but my car refuses to get within about 5 ft of it. Makes backing out a nightmare. I haven't figured out a way to disable it, and have considered just selling this 2025 NX.
emidln
·vor 7 Monaten·discuss
If you can be prosecuted for guessing urls you can be prosecuted for sending garbage data in a way you know will be uploaded to a remote system.
emidln
·vor 7 Monaten·discuss
I suspect this data is made "anonymous" and sold to insurance companies and misc data brokers. If it's linked to my insurance company, I don't want to jack my rates. Further, I've thus far avoided a CFAA conviction and I'd like to keep it that way.
emidln
·vor 7 Monaten·discuss
My 2025 Mazda Miata has a CAN connected Telematics Control Unit that sends a bunch of data to Mazda on ignition off. Among this data is acceleration and velocity data along with coordinates sampled for where you were. It is also used as a gateway for the Mazda app to start your car, query your vehicle's tire pressure, etc. It is claimed that you can opt out of this by calling Mazda and being persistent.

The CAN traffic is unencrypted. It was pretty easy to MITM this module with a cheap arm Linux board and a can transceiver to enable writing a two way filter capable of blocking the traffic that didn't raise any DTCs (that I observed) and could be turned on/off by the user. I preferred this approach to complete disconnection of the module (which is noticeable via errors at the diagnostic port) or trying to faraday cage or disable the antennae on the TCU so it can't remotely send/receive. I can also turn off my module or completely remove it before I sell it.

I fear the next version of Miata will be an encrypted CAN like most other cars have moved to and even with my expertise I won't be able to access the latest safety features from new cars without surrendering what little privacy I've been able to claw back.
emidln
·vor 9 Monaten·discuss
.interp to a glibc/libc you ship or static linking. These days it’s probably faster (in dev time) to just run a container than setting up a bespoke interp and a parallel set of libraries (and the associated toolchain changes or binary patching needed to support it).
emidln
·vor 5 Jahren·discuss
I've done various rust and clojure projects by downloading a lot of git repos ahead of time for reference while on a long-haul flight. This works pretty well, but you need to do a bit of research ahead of time on which libraries you might want access to. This is probably slower, as you have to read source code and think more about the type signatures (rather than looking at some misc example), but if you have 15 hours, what else are you going to do?
emidln
·vor 6 Jahren·discuss
I use the `lv`, `pv`, and `e2fsprogs` families of commands pretty routinely in my day job (we minimally logical volume filesystems on hosts and leave it up to application/deployment/user what to do with the bulk of the storage) and haven't found this to be a real issue. After a couple minutes thinking about what you're doing, you never really need to revisit this. You should probably spend a few minutes thinking about what you're going to be doing when dealing with your filesystems anyway.
emidln
·vor 8 Jahren·discuss
I don't think I would not extend a job offer for lack of a docstring, especially given how trivial most of these functions are paired with their self-explanatory names. I'd actually rather a namespace docstring explaining intended scope and api than function docstring for trivial functions. I've found that function schemas/specs and reasonable names eliminate 90% of docstring material. Whether the remaining 10% is worth the string above and beyond the fn name is a case by case deal.

Comments are fine when the code is doing something unexpected or that is very terse. In other scenarios, comments are just a land mine to be armed when the code changes and the comment isn't perfectly updated. Bugs largely come from developer expectations being broken (mostly by one of: misunderstanding data shape, some API detail, some language feature, or miscommunication on the feature with the owner) and stale comments are a contributor to this which can be avoided in many cases.
emidln
·vor 8 Jahren·discuss
I've implemented the Map interface maybe a half a dozen times in my career in Java and many more in Clojure (using reify and friends). It's often very convient to offer a map interface to some remote service or data store as well as situations where I needed very custom caching or a specialized algorithm. The harder the thing I'm working on, the more motivated I am to present its API as something standardized if possible. This lets my users spend their complexity budget on what feature I'm offering and not on some random API I threw together.