HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mkipper

no profile record

comments

mkipper
·vor 4 Monaten·discuss
I'm not at all familiar with the Xbox One, but this is a feature that's generally available if you're designing "closed" hardware like a console. Most SoC these days have some sort of security processor that runs in its own little sandbox and can monitor different things that suggest tampering (e.g. temperatures, rail voltages, discrete tamper I/O) and take a corrective action. That might be as simple as resetting the chip, but often you can do more dramatic things like wiping security keys.

But this exploit shows that it's still almost impossible to protect yourself from motivated attackers with local access. All of that security stuff needs to get initialized by code that the SoC vendor puts in ROM, and if there's an exploit in that, you're hooped.
mkipper
·vor 4 Monaten·discuss
Your chances of running into trouble are pretty close to zero unless you're wearing a 51st State t-shirt or something.

I work with a a decent number of Americans who either moved here or are here temporarily, and I can't say there has been any tension. I think most Canadians who are staunchly anti-US are also aware that plenty of Americans aren't happy with their government. I can't say I've seen any vitriol towards the average American person.
mkipper
·vor 5 Monaten·discuss
There's a pretty stark contrast between an MLB player making $50M per year and a bobsledder who's promised $100K 20 years after reaching the pinnacle of their sport. Given the total amount of training that an Olympian puts in over their life, even if that $100K is adjusted for inflation it probably works out to less than minimum wage in many states. That's a pretty bad profession IMO.
mkipper
·vor 6 Monaten·discuss
I'm not an expert here, but I this is pretty unlikely at this point.

Google has been working on Fuschia for a decade, and far as I can tell, the only place it was ever deployed was to a Google smart home hub 5 years ago. The only Fuschia news I've heard since then was about layoffs and killing projects related to it (e.g. Chrome on Fuschia).

If Google isn't moving any of their own phones over to Fuschia after a decade of work, it's hard to imagine them unilaterally flipping Android to it and forcing the hand of every Android OEM to follow suit.
mkipper
·vor 6 Monaten·discuss
Yeah, this immediately made me think of DAF.

My wife is a speech pathologist and hooked me up to a DAF machine for some research, and the effect was totally shocking to me as a layperson. I think I did worse than average, but I was basically unable to speak with delayed sidetone.
mkipper
·vor 7 Monaten·discuss
I think you're misunderstanding their point.

Your API is constrained by the actual TCP protocol. Even if the sender uses this message-oriented TCP API, the receiver can't make any guarantees that a packet they receive lines up with a message boundary, contains N messages, etc etc, due to how TCP actually works in the event of dropped packets and retransmissions. The receiver literally doesn't have the information needed to do that, and it's impossible for the receiver to reconstruct the original message sequence from the sender. You could probably re-implement TCP with retransmission behaviour that gives you what you're looking for, but that's not really TCP anymore.

This is part of the motivation for protocols like QUIC. Most people agree that some hybrid of TCP and UDP with stateful connections, guaranteed delivery and discrete messages is very useful. But no matter how much you fiddle with your code, neither TCP or UDP are going to give you this, which is why we end up with new protocols that add TCP-ish behaviour on top of UDP.
mkipper
·vor 8 Monaten·discuss
> but with the expectation that only openai has access to it

You can argue about "the expectation" of privacy all you want, but this is completely detached from reality. My assumption is that almost no third parties I share information with have magic immunity that prevents the information from being used in a legal action involving them.

Maybe my doctor? Maybe my lawyer? IANAL but I'm not even confident in those. If I text my friend saying their party last night was great and they're in court later and need to prove their whereabouts that night, I understand that my text is going to be used as evidence. That might be a private conversation, but it's not my data when I send it to someone else and give them permission to store it forever.
mkipper
·vor 8 Monaten·discuss
I haven't used it in a few years, but I always found it to be very flexible and useful for non-Qt projects.

I last used it for an embedded project, which are sometimes a pain to set up in an IDE (cross-compiler, sysroot, debug server, etc.), and I was shocked by how easy it was to get going and how smooth it felt compared to most IDEs.
mkipper
·vor 9 Monaten·discuss
This also stuck out to me, but in defense of Amazon (yuck), I don't see that language directly from anyone at Amazon. They use the regular "reduction in corporate workforce" BS that every big company on earth uses. It just seems like an editorial choice unless I'm missing something.
mkipper
·vor 9 Monaten·discuss
I work in software now, but I have an electrical engineering degree and started my career on a project developing a radio. Our project probably had ten or more electrical engineers on it, and only one or two of them really understood the RF side of it. It's a very specialized skill -- even EEs with >20 years of experience would describe things as black magic.

So I don't think you're alone feeling this way. Even with a good foundation in the theory and math, I think most people hit a wall with radios at some point. All the people I worked with who intuitively "got" RF stuff had been doing nothing else professionally for over a decade.
mkipper
·vor 9 Monaten·discuss
This is veering into pedantry, but from what I can understand of that setting (I'm not a sysadmin guy but have used MACsec on embedded stuff), that's just as much of an 802.1X feature as a MACsec feature.

Sure the switch will only accept encrypted L2 traffic...but that encrypted link is set up via MKA, which is a part of the 802.1X standard. If you don't have 802.1X authenticating the endpoint, you don't have MKA setting up the encrypted link between that endpoint and the switch and you don't have MACsec.

So if you're trying to prevent a bad guy from getting on your LAN, you need 802.1X, whereas MACsec is an optional extra (a very useful extra if you're worried about MITM attacks). But 802.1X is still doing the heavy lifting w.r.t access control.
mkipper
·vor 9 Monaten·discuss
Even if it's not some staggering triumph of human achievement, I'd argue that Ozempic (etc.) is similar. A magic weight loss drug has always captured the public's imagination, and it feels like I've been hearing about new weight loss drug studies in the news for my entire life that never went anywhere.
mkipper
·vor 9 Monaten·discuss
I think this is more relevant. Like everything, most games today are optimized to maximize engagement and keep people with low attention spans hooked. There are plenty of intelligent people who could invest a bunch of time into solving a puzzle but just don't care to.

I remember playing Myst as a not-particularly-bright grade schooler and banging my head against puzzles for weeks without making any progress. It wasn't some great intellectual challenge -- I was just bored and didn't have any other games to play. I can't imagine I would have stuck with it if I could have watched YouTube or played Fortnite instead.
mkipper
·vor 10 Monaten·discuss
I never looked into the guts of how this was implemented, but I worked on a product which had an SNMPv3 agent that was only restricted by a username and password. I could flash a PC with a fresh Ubuntu image, apt install Net-SNMP and start sending SNMPv3 requests without every futzing with any keys.

If I remember right, handling SNMPv3 traps required some messy key stuff so the agent still sent SNMPv2 traps, but there was no requirement for keys for GET/SET.
mkipper
·vor 10 Monaten·discuss
This isn't totally dead. I missed a flight last year and got bumped to a flight the next morning on some weird ticket class where I didn't get a seat assignment until the gate. The gate agent was able to give me a bulkhead seat with extra legroom at no cost. And this was with United, not some airline with a shining reputation for customer service.

So you can roll the dice and try to get a premium seat at the gate, but that's not a risk I'm usually willing to take.
mkipper
·vor 10 Monaten·discuss
I'm 6'6" and I basically treat an exit row upgrade as non-negotiable. It's just a fundamental cost of long haul travel for me if I can't swing premium economy or business class.

To get some extra legroom, I paid (round trip, in CAD) $250 for a trip to Dublin this year and $320 for a trip to Hong Kong in 2023. That's a lot of money, but it was <50% of the cost to upgrade to premium economy and <20% of the cost to upgrade to business class.

This used to be much cheaper. I remember paying ~$100 for similar upgrades a decade ago, but airlines got wise to this at some point and jacked the prices way up.
mkipper
·vor 10 Monaten·discuss
I don’t have any data to back this up, but I think window and aisle seats being more valuable doesn’t necessarily mean they can be sold for more.

I am very tall and I always pay for a seat with extra legroom in economy. Whenever I’m picking my seat early, almost every seat in economy is available. People could pay to reserve a window or aisle seat, but anecdotally it seems like almost no one does this. Everyone I know just tries to check in as early as possible so they can grab a good seat before they’re all taken.

I don’t think airlines are actually losing any money by seating families together. It’s not like all those window and aisle seats would have been paid for otherwise.
mkipper
·vor 10 Monaten·discuss
I applied for a management-consulting-ish job a decade ago (I was desperate!) at a big firm and had to take what was basically an IQ test. I have no idea if the test literally calculated my IQ, but the questions were exactly the questions you'd see in an IQ test (e.g. next item in some geometric sequence) so it may as well have.

This was in a group interview for recent university graduates at a very big company. I assume their hiring process was pretty standardized, so there were probably thousands of people taking this test every year in North America.
mkipper
·vor 10 Monaten·discuss
Was this professionally or in school? I still did this in an EE program 15 years ago and I can't imagine things have changed since then. I think kids still have to do lots of ugly math in EE classes.