HackerTrans
TopNewTrendsCommentsPastAskShowJobs

emarsden

no profile record

Submissions

Securely sending DHT22 sensor data from an ESP32 board to PostgreSQL

c410-f3r.github.io
6 points·by emarsden·il y a 2 ans·0 comments

comments

emarsden
·il y a 10 mois·discuss
You may be interested in PGmacs, a viewing/editing interface for PostgreSQL.

https://github.com/emarsden/pgmacs

(self-plug)
emarsden
·il y a 10 mois·discuss
They have an open issue concerning a SIGILL when loading the pgvector extension that hasn't been fixed or seen any activity in a month.

   https://github.com/pgEdge/pgedge-docker/issues/20
emarsden
·il y a 2 ans·discuss
This is debatable. Perhaps the poor quality management issues and lack of rigour that have been seen in various Boeing production facilities are a case of normalization of deviance. However, the original problem with the 737 MAX was the top management decision not to invest in a new airframe design for cost/strategic reasons, to oblige designers to implement various unsafe workarounds to accommodate larger and more fuel-efficient engines that made the plane unstable, and to ruthlessly silence engineers who argued that this was unsafe. This problem was compounded by the FAA's move to increased delegation of safety oversight to designer-manufacturers, which left it with insufficient ability independently to assess the new design. These are both big, important decisions made by top leaders of the two organizations, rather than the slow progressive evolution driven by people's efforts to optimize their bit of the workplace which characterizes drift to danger.
emarsden
·il y a 2 ans·discuss
I did not have BDSM rope bondage in mind when I wrote that article, but nice to know that these concepts can be roped in more widely than anticipated!
emarsden
·il y a 2 ans·discuss
"Being cheap" is a pressure from management to increase production in order to avoid economic failure. "Being lazy" is an effort from frontline workers to improve efficiency and avoid being swamped by production demand. One of the points of the diagram is that these partially cancel each other out, but the net effect of the addition of these two "vectors" is to push the system towards the failure boundary.
emarsden
·il y a 2 ans·discuss
I have a smartphone app that scrapes replay TV listings for a few shows that I like to watch at the gym and allows me to download the low-quality media stream to the phone to view offline ad-free.

I released the Rust library that downloads and reassembles media segments from a DASH stream (https://github.com/emarsden/dash-mpd-rs). Won't release the web scraping bits because they are against website terms and conditions, and because annoying countermeasures will be implemented if too many people use them.
emarsden
·il y a 2 ans·discuss
It seems that there is some missing tooling to make this convenient.

You can run a local bundle of HTML/JS/WASM in a web browser instance that you isolate (for example with firejail) to prevent network access. You distribute as a zip/tgz, but it's not obvious how to handle updates without a full redownload. Distributing with a full Electron-like interface is obviously overkill.

If you're running a web app that's hosted elsewhere (which will be much more convenient for most people), your web browser or the software isolation functionality (or firewall/proxy) needs to distinguish between the initial resource loads (approve) and later sneaky logging requests (ban).

There are Android applications such as TrackerControl that have related functionality (operates as a local VPN to filter all network requests and block tracking) but I don't know of convenient tools for the desktop (Linux, in particular).
emarsden
·il y a 2 ans·discuss
Sure, but these types of applications are running in a web browser sandbox, which benefits from enormous engineering resources to protect the host computer from malicious actions by the remote code. I'm wondering whether this execution environment (augmented with some policy mechanism to allow apps to declare their URL access needs, a little like an AppArmor or network firewal policy) could also provide some guarantees concerning privacy or information security.
emarsden
·il y a 2 ans·discuss
From the README: “Stirling PDF does not initiate any outbound calls for record-keeping or tracking purposes”. Beyond auditing the code, how could a potential user verify this claim in advance, and how can a web-based app help support such a claim (in particular when the app does need to make some web requests to operate, but only to a restricted list of URLs that might be listed in a manifest along the lines of a Content-Security-Policy for instance)?

This is a concrete problem when deploying apps that need the user to “upload” some sensitive content.