If you look at the second animation closely you can see that there's a piece of spring steel one one side. In the animation it's only a 1-or-so pixel line. But that piece of spring steel open in one direction, but in the other direction it's stiff enough it will push the arm instead of bending.
What it does is that it highlights that text in the page, with a yellow background color. Making the rest of the text difficult to read (your eyes are drawn to the very yellow highlighted part).
I've lived in the inner city parts of Stockholm most of the time (Östermalm/Norrmalm, Södermalm, Kungsholmen).
I would definitely not wear 500-600 USD headphones in any of those areas.
But I think crime in Stockholm is a bit off topic. However I don't think the inherent risk of being robbed - wherever you are in the world - is off topic for the discussion.
People rob kids of Airpods all the time, because it's a status item. These new Airpods will be a status item too. This will increase the risk of robbery - be it in Europe or the US or elsewhere.
I'm sure there are larger cities in the world where the likelihood of getting robbed is low (Tokyo?), but that'd be the exception rather than the norm.
A bit off topic, but if you wear those around Stockholm, Sweden where I live, you will probably be robbed.
I never really understood the combination of noise cancellation and home use only. I think noise cancellation really shines when out and about in public, like the subway. But I can't imagine anyone using those things on the go, at least not where I live.
Finglass is a litte bit of a "celebrity" in 21st century classical studies: his works on for example Sophocles are very highly praised, and I have strong reasons to believe that his Sappho will be really good.
As a security professional I 100% agree with the author.
The comments here on Hacker News seem to have tripped on the examples given (keywords: politicians, journalists) and turned this into the more generic and politically loaded discussion whether it's desirable to "cryptographically verify" what politicians write.
But that's not the point! The point is that DKIM is technically not designed for this use case and the way people misuse DKIM for this unintended purpose is highly problematic from a cryptographic and engineering perspective.
I think the best way to think of DKIM is that it's a "cryptographic protocol" in the sense that git is a "cryptographic protocol" because it uses SHA1. If you think "PGP" (not the best example :-)) or "Telegram" you have the wrong idea: DKIM is a bunch of cryptographic primitives haphazardly bolted on email to solve a specific problem. It's not good cryptographic design because good cryptographic design anticipates unintended usecases and deal with them appropriately.
1) Read the DKIM RFC.
First of all the only field that it's required to sign is the From: header (see RFC, section 5.4). So you could still forge an email but have it pass a DKIM signature check.
If people believe that DKIM "cryptographically signs" e-mails in the sense of PGP, then that's a problem, because that's not true. A DKIM signed email doesn't actually say anything: you have to look at the signature which part of the message are signed, which is not standardized.
So you could have this situation when people, like journalists or even people on Hacker News, think a forged email is valid because it has a valid DKIM signature (but the signature is over the From: header only). E-mail is complicated as it is without having to explain to people who have binary classified an email as "forgery" or "not forgery" based on a specific combination of email-headers and DKIM signature specification. Let's not do that.
2) Look at what mail providers actually do with their DKIM keys.
For legacy reasons due to DNS providers and length of TXT records, many large internet providers use DKIM keys that are 1024 bit RSA.
Already 10 years ago, most standard bodies started to recommend against the use of 1024 bit RSA. It's deprecated. Like MD5-deprecated.
The fact that many service providers use the same key for all emails for all customers and reuse that key for years, increasing the likelihood of the key being leaked, is another case against trusting DKIM for this purpose.
Didn't expect to find one here at Hacker News. 698... so you must have started around the early 00:s or thereabouts?
Unfortunately I share your same statistics: I was very active in the early 2010:s and in that period I lost about 10 friends/acquaintances. Since then even more people I've hung out with are gone.
So yeah: wingsuiting is dangerous. But BASE itself can be done "reasonably" safely I think: personally I was always more fond of slider down (low) stuff, like buildings, and in my mind that's a safer sport than wingsuit BASE.
These kinds of issues are not unique to dark skin. Anecdote time: :-)
As a Swedish/Finnish man (and a somewhat stereotypical nerd at that), I'm paler than probably 95% of the world population.
Although facial recognition features (in the sense of trained AI models) often work fine on me given a good quality underlying photo, what often fails instead are preprocessing steps or color correction, especially in real-time systems. This can be the camera itself or software handling the image later.
For example if I'm in a Google Hangout in a normally lit room and then I move into slight sunlight or a lamp, my face will overexpose into a blob that looks like a low quality photo of the sun. It renders white, like #ffffff proper white. It's not actually overexposed at the hardware/camera level, but the software "corrects" it that way.
Relevant quote from the Ed25519 paper [1] under the heading "Signature System": "This section specifies the signature system used in this paper, and a generalized
signature system EdDSA that can be used with other choices of elliptic curves":
> Malleability. We also see no relevance of “malleability” to the standard definition of signature security. For example, if we slightly modified the system then replacing S by −S and replacing A by −A (a slight variant of the “attack” of [75]) would convert one valid signature into another valid signature of the same message under a new public key; but it would still not accomplish the attacker’s goal, namely to forge a signature on a new message under a target public key. One such modification would be to omit A from the hashing; another such modification would be to have A encode only |A|, rather than A.
They key here is the second half of the paragraph: "it would still not accomplish the attacker’s goal, namely to forge a signature on a new message under a target public key".
Similarly how the design doesn't see a problem with malleability in the sense of converting one valid signature into another valid signature, It seems to me it was never a design goal of Ed25519 to begin with to strictly define the set of valid (and invalid) signatures.
This is why cryptography is difficult, because it's easy to use a primitive in a complex system and assume things about the primitives that possibly make them unsuited for the system developed.
I think this article is a good example of conflating cause and effect. But not in a fallacious way or value-negative way: it more highlights well, I think, that there is a difficult gray area where "cause" and "effect" both are related and separated from each other, but not in an obviously clear cut way.
So he died from hypokalemia and other reasons, but the main (or only) reason for his hypokalemia was the licorice habit. I think this is a good example when it's both correct and not correct to say that the licorice "caused" the death.
Contrast with two examples on the two extremes:
Consider a situation when he had instead of licorice had ingested some obviously known poison: then I think it's a much more valid statement to say that "man dies from eating poison", because the idea of the poison and the idea of death are very close together.
Consider a different situation where the man was smoking one pack of cigarettes _per month_ or _per year_. Then it's not as obvious to say "man dies from smoking". The smoking probably contributed to the death in various complex ways.
So you could say that "man dies due from hypokalemia due to excessive licorice consumption not counterbalanced by having an otherwise healthy diet" which is possibly more nuanced, and possibly more (or less) helpful depending on what your purpose is to clarify or simplify things.
Thanks for sharing this article, I find this a good and fairly apolitical educational example that I can use when talking about complex causal relations in the future: how cause and effect can be conflated in both positive and negative ways depending on who you are talking to, what you are talking about, and what the purpose of the discussion is.
You win the internet today, that's a fantastic solution.
I think the only gotcha is to handle the last block read in step 1 in case it's not evenly 1 kiB. Otherwise the first read in step 3 will overlap the blocks.
Just to offer a different perspective: An employer having too clear of an idea of a role can also be a red flag.
The past 10 years I've often been the first employee - or one of the first - joining or building up the company's security organization. The combination of (1) having a specialist skill and (2) being around very few other people with the same skill, naturally leads to a situation where too much clarity can be a bad thing. If a non-specialist define a security role, they will probably screw it up. And that's okay.
If you've worked in startups long enough you eventually get a lot of experience in how to hire people whose expertise you do not understand. As an employer and employee I enjoy the collaborative process of defining the role around the candidates strengths and weaknesses.
Can you people please stop with this unhealthy attention.
You need to understand that Swedish culture is really unhealthy right now and I ask all of you - I plead to you - as a Swede, to please stop giving Swedish policy attention so we can, on our own, solve our problems and get back to some kind of normalcy and humbleness.
What has happened the past 30+ years and has become really problematic the past 10 years is that Sweden has this extremely unhealthy culture of believing in Swedish exceptionalism while at the same time craving attention from other nations, and promoting this belief socially. While the Swedish Corona strategy is not explicitly designed to be contrarian at the world stage (and therefor get a lot of attention), the way Swedish mono-culture works is that the people who implement policy (as well as many citizens) chauvinistically and subconsciously believe that Sweden is somehow superior to other nations and at the same time believe that Sweden (as an exceptional country) has something to teach inferior countries (i.e all other countries).
So where we are right now is that we have this unhealthy feedback loop where Sweden initially did it's own thing, and as it turned out to be different that has been a signal to policy makers that Sweden is right. Because Sweden is exceptional, so if the policy is different from inferior countries (i.e all other countries), it must be right.
I wish, probably more than anything else, that other countries would just stop giving Swedish policy makers this attention because then maybe, hopefully, our politicians can start to do what's right for our citizens instead of what gets attention and talking points at the world stage.
This is far broader than Corona: Sweden gets way too much attention overall, because Swedish politicians and government communication employees have nailed "marketing" more than anything else. They crave this attention and they manufacture policy to get attention, at the expense of the people who live in the country. Often under the guise of marketing Sweden as a "moral super power", superior to other nations.
So please, if you are for example a left leaning American, please don't use Sweden as a political piece. Don't give our politicians this attention. There are many other countries that deserve attention but they deserve attention because they do The Right Thing. Like Denmark. Not like Sweden that fucks things up but enjoy the attention it gets when doing so, citizens be damned.
This is a good thread to ask: Who reads Homer in your country, and why?
I'm currently learning ancient Greek as my "Corona project": purely for fun, and mainly because I'm interested in Greek philosophy and culture.
That said, I feel a bit lonely in my country in pursuing this. Sweden has no strong history of classical studies. Some high schools may offer a course in latin, but it's getting more and more rare, and as far as I know there are not even courses in university because the interest is too low. I don't know anyone and I don't know _of_ anyone in Sweden who actually reads/knows the language.
When I talk to friends in the US, the UK and the Netherlands on the other hand, Greek and the classical Greek works (including Homer, of course) seems to be much more popular and also part of normal young adult education. One of my friends, an American in his late 20:s, had to read the Odessey in high school. My fiance from the Netherlands was offered either latin or greek in high school as well. Most of my textbooks in greek are written by American, English and Dutch authors. So these nations seem to have a stronger tradition in classics.
Can anyone care to elaborate the situation where you live? I'm very curious what motivates people to learn dead languages and read books thousands years old.
After reading this I decided to downgrade my Ubuntu machine for now until it's figured out. There are instructions here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2Secu... under the heading "DOWNGRADE `GRUB2`/`GRUB2-SIGNED` TO THE PREVIOUS VERSION FOR RECOVERY"
Under the heading is a small shell script that will download the old debs for you. Note that for it to work and not have wget spam 404:s, you have to update the entire GRUB2_LP_URL and GRUB2_SIGNED_LP_URL to the links in the little table. At first glance it looks like you only have to change GRUB2_VERSION and GRUB2_SIGNED_VERSION.
This is the most well-intended (I hope, assuming no ill intent on your part) but dangerous message I've read today.
What you are really saying here that public officials should only be allowed to publish on approved enterprise communications systems that has the budget to pay for compliance certifications.
I think Facebook and Twitter would love this kind of regulatory capture because it would cement their position, hindering startups from taking over in their space (which, we know, is prone to being out-innovated every 5 years or so).
Having worked professionally in information security for a while now, let me tell you these kinds of certificates mean very little for actual security.
I've been there once, but had some language barrier issues (I visited at a weird time of day and as far as I know I was the only guest). Maybe you know: what's going on upstairs? Is that also part of the cafe or a private area?
I think this is a good example of confusing "popular" with "best".
Having read over half of those books, the only one I would ever come back to and read again and again with a smile on my face and a feeling of childlike wonder and intellectual curiosity is SICP (number 18).
What is Apple trying to gain by publishing this article? The tone is accusatory and defensive in a combination that does not make me sympathetic towards Apple.
When Google posted the Project Zero articles, that did not impact my view of Apple in any way. However this press piece affects my view of Apple negatively, so from my perspective this press article has turned a more or less neutral event into one that is negative.