HackerTrans
TopNewTrendsCommentsPastAskShowJobs

arrakeenrevived

no profile record

comments

arrakeenrevived
·il y a 2 ans·discuss
If you have an Android phone (even if just an old one you don't use anymore, or a cheap one you're willing to buy) and you're willing to root it and wipe all data on it, you can:

1. Unlock the bootloader (if not already done) (this will wipe your device)

2. Install Authy on it and log into your Authy account

3. Root your device (I used Magisk https://github.com/topjohnwu/Magisk)

4. Once rooted, you can access the Authy app data and extract the TOTP secrets, then import them into a different app (there's a script to make this easier here https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d..., but you can also just go exploring manually in the root file system and find the Authy storage file)

It was somewhat of a pain in the ass to do this, but Authy really annoyed me with how difficult they make it to migrate off of their bullshit, so it was worth it to me to finally be able to delete their app after extracting the secrets this way.
arrakeenrevived
·il y a 2 ans·discuss
Decrypting the OTPs on another device has required a password for a long time now (maybe always, I can't actually remember if it was always there or just added years ago). It isn't only bound to your phone number.
arrakeenrevived
·il y a 2 ans·discuss
The cited "40% of college age women report being choked during sex" article is an NYT opinion piece where some of the respondents actually say they _wanted_ to be choked during sex, but the author of the opinion piece thinks they're wrong and choking (even if you want to be choked) is bad.

This isn't about protecting children, it's about prudes who don't like the way that other people enjoy sex.
arrakeenrevived
·il y a 2 ans·discuss
Note they said Lufthansa freight fleet, which is why it's only 11 planes. Lufthansa (the passenger airline) is indeed still a very large airline.
arrakeenrevived
·il y a 2 ans·discuss
This is pedantism, and is also just wrong. "if you have the right key" IS authentication. Encryption keys are used as a form as authentication all the time, it's one of the main use cases of public/private key encryption. I challenge you to explain how OpenSSH does non-password authentication without referring to encryption.

Authentication just means proving who or what you are. Secret keys, whether they be passwords or encryption keys, are one of the primary ways to do this. Just because the key is also used for something else in addition to, or as part of, that process doesn't change it from being authentication.
arrakeenrevived
·il y a 2 ans·discuss
I'm not going to claim that it's much better these days, but it's worth noting that the launch center in the link is quite old. The launch center have had multiple upgrades since then; the link here [0] shows some videos from inside a newer configuration, which does look a little bit more comfortable, and even that video is from the early 2000s. I would have to guess that more upgrades have been made since then.

0: https://news.ycombinator.com/item?id=40289005
arrakeenrevived
·il y a 2 ans·discuss
Yes, that video looks to be the "REACT" [0] upgrade that was done in the 1990s. It specifically says it changed it to make the operators sit side-by-side.

0: https://en.wikipedia.org/wiki/Rapid_Execution_and_Combat_Tar...
arrakeenrevived
·il y a 2 ans·discuss
His spiel starting at 14 minutes in about how seemingly every tech product these days is a partially-baked, unfinished, barely even usable, yet full-priced product with a vague promise of "it'll receive updates and be better" rings very true, and is frustrating as hell.

Marques specifically mentions it happening in video games, cars (Tesla self-driving), smartphones, and these AI things as particular offenders. I've also seen it with SaaS. Even a lot of the things being released by the big cloud providers at their yearly conferences are mostly in some half-baked state.

We've taken the concept of a "minimum viable product" and turned it into "minimum hype-able product". It sucks.
arrakeenrevived
·il y a 2 ans·discuss
The article directly says the opposite, and reinforces what GP comment was saying about the union not being helpful:

> Although Dugan, Shaffer, and other members say their union stewards on site helped press their concerns to management, they say that local and international IBEW officers who visited the facility scoffed at their concerns. Dugan says a local officer refused to file a grievance on his behalf about the mold in January. One worker requested to stay anonymous out of concern that union officials might withhold his future job placements if he spoke out.
arrakeenrevived
·il y a 2 ans·discuss
I've literally never heard "socked by a hurricane" despite living in an area where hurricanes hit the coast every year. I just did a google search for "socked by a hurricane" and there were a mere 8 results. Seems like a stretch to say this is used "all the time".

I know I'm being pedantic and it doesn't really matter that much, but I stand by my original comment that the headline phrasing was offputting to me.
arrakeenrevived
·il y a 2 ans·discuss
I think my original comment about "flagship" was worded poorly, and has led this thread down a path I didn't intend.

I know what "flagship" means, and I did correctly assume that the article was trying to convey importance of _something_ related to Ford (my first thought was a flagship car model, but after reading the article I can infer it's about some sort of factory). My gripe with the title is that the article doesn't actually explain why or how it is important, and just assumes you will take the "Ford's Flagship..." description at face value and trust the author that it's important. It's unsurprising to me that an LLM would interpret it this way, because you asked it to just interpret the headline, which it did.

However, in _my_ reading of the article, I'm skeptical of the "Flagship" claim in the article because 1) it is never really explained and 2) the article seems to be going extra hard (too hard) to imply this is a big deal by attaching a bunch of other names (Joe Biden, Department of Energy, Inflation Reduction Act, multiple contracting companies, a SK investment company, state of Kentucky) to the project, but again never really explains why or how. It's almost like the journalistic equivalent of an appeal to authority, I guess.
arrakeenrevived
·il y a 2 ans·discuss
Yes I'm aware that "flagship" indicates importance, but I stand by my comment that the article does a poor job of explaining it. It only says "flagship" in the title, and also the title is the only place where it really even links the factory to Ford to explain why it's important to Ford. Also from reading other sources, the factory mentioned in this article is only 1 of 3 factories that are being built as part of the project.

Other than that, the article calls the factory a "banner project for Joe Biden", as well as saying it's an "unprecedented" project for Kentucky", mentions investment by the Department of Energy, and also that it is being built for "SK On, a South Korean company". The article seems to be going out of its way to try and imply that this factory is some huge deal by name-dropping a bunch of people and attaching grand sounding adjectives, but doesn't actually explain why. It is, as the GP comment said, "all over the place".

It seems there's a story here about mold that needs to be told, but in the best case this article is just bad writing, and in the worst case it seems like it's actively being clickbaity/deceitful.
arrakeenrevived
·il y a 2 ans·discuss
FWIW I agree with you. The title hardly makes sense to me as well.

"Ford's Battery Flagship" - even after reading the article I'm still not sure what this is. "flagship" is used only in the title and nowhere else. Based on my knowledge of Ford, I would assume their "flagship" would be the F150, but this article seems to be talking about some sort of battery factory that a South Korean company is building?

Similarly, "socked by mold sickness" is a weird phrase. Feels like an inappropriate use of "socked" here. If the project is delayed because workers are getting sick, just say that.

The title strikes me as a failed attempt at clickbait, and immediately makes me distrustful of the rest of the article, which is confirmed by the "all over the place"ness that you mentioned as well.
arrakeenrevived
·il y a 2 ans·discuss
> security needs to be the easiest path. If it is not, then that is the fault of the Security folks; not the end user.

There's truth to what you say, but you're blaming the wrong crowd. Security people are rarely (if ever) the same people that are creating the tools and the security features of the tools you're using. In most cases, I'm powerless as a security engineer to "make security easy to use", the only thing I could do in that regard would be to loosen our security requirements and make our systems less secure, which isn't what you want either.

IMO the problem is more that when developing products, security (and ease of security) is still not seen as that important of a feature (if its even seen as a feature at all and not an annoying cost that the product managers have to deal with). In our application security group, we actually do have requirements that any new product being built must have certain security features that make it easier to secure things, but those requirements are often some of the very first things that the product development teams try to justify delaying or ignoring.
arrakeenrevived
·il y a 2 ans·discuss
S3 buckets have never been public by default. They were, however, very easy to make public before things like Block Public Access existed, so lazy devs would just click that button rather than doing proper access control.
arrakeenrevived
·il y a 2 ans·discuss
>so you’re not gaining anything and losing some functionality by doing this instead of running an API GW

You're gaining the fact that Function URLs are free while APIGW can be pretty costly, as well as the fact that Function URLs are fantastically less complex than APIGW if your use cases fit it.
arrakeenrevived
·il y a 2 ans·discuss
My understanding is that cold starts on containerized Lambdas is actually better than non-containerized for some workloads, because using containers allows Lambda to do better caching of the code, as well as lazy-loading. YMMV of course based on exactly what image you use (eg if you're not using a common base, like Ubuntu or Amazon Linux, you won't get as much benefit from the caching) and how much custom code you have (like hundreds of MBs worth).

There's a very interesting blog post about it here, as well an an accompanying whitepaper: https://brooker.co.za/blog/2023/05/23/snapshot-loading.html
arrakeenrevived
·il y a 2 ans·discuss
You're correct, it is 2 MB/s. The actual bandwidth from the AWS Lambda docs is:

>Uncapped for the first 6 MB of your function's response. For responses larger than 6 MB, 2MBps for the remainder of the response

Some of the other numbers in the article are also incorrect. Lambda functions using containers can use a 10 GB container image (the article claims 50 MB), and container images are actually the faster/preferred way to do it these days.
arrakeenrevived
·il y a 2 ans·discuss
Clouds (like, the big fluffy things in the sky) are made up of many droplets of liquid. Using "droplet" to refer to the things that make up cloud computing is a pretty natural nickname for any cloud provider, not just DO. I do imagine that DO uses "droplet" as a public product branding because it works well with their "Ocean" brand, though.

...now I'm actually interested in knowing if "droplet" is derived from "ocean", or if "Digital Ocean" was derived from having many droplets (which was derived from cloud). Maybe neither.
arrakeenrevived
·il y a 2 ans·discuss
There's a lot of advertising activity that ublock doesn't catch, but Pi-Hole does. Usually it's tracking APIs rather than ads themselves.

It's also useful for clients where I can't install client-side adblocking, ie smart TVs (which try to phone home a _ton_ of advertising/analytics information). I also don't use client-side adblock on my work laptop (can't install unapproved extensions) nor my iPhone, so Pi-Hole still lets me browse ad-free on those.