HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sodality2

no profile record

Submissions

Show HN: Automated license plate reader coverage in the USA

alpranalysis.com
239 points·by sodality2·7 mesi fa·146 comments

Building an occupancy sensor with a $5 ESP32 and a serverless DB

matthew.science
670 points·by sodality2·3 anni fa·214 comments

comments

sodality2
·3 mesi fa·discuss
Side channels that enable intended behavior, versus a flat-out bug like the above, though the line can often be muddied by perspective.

An example that comes to mind that I've seen is an anonymous app that allows for blocking users; you can programmatically block users, query all posts, and diff the sets to identify stable identities. However, the ability to block users is desired by the app developers; they just may not have intended this behavior, but there's no immediate solution to this. This is different than 'user_id' simply being returned in the API for no reason, which is a vulnerability. Then there's maybe a case of the user_id being returned in the API for some reason that MIGHT be important too, but that could be implemented another way more sensibly; this leans more towards vulnerability.

Ultimately most fingerprinting technologies use features that are intended behavior; Canvas/font rendering is useful for some web features (and the web target means you have to support a LOT of use cases), IP address/cookies/useragent obviously are useful, etc (though there's some case to be made about Google's pushing for these features as an advertising company!).
sodality2
·3 mesi fa·discuss
I'm not sure I'd use "compromise" at all - these (or the ones I have) are purposefully designed with zero authentication or pairing, the ones that use apps are already "compromised" in the sense that I can walk past any windowsill with one in it, open it, and it will immediately connect to it. I really don't mind if someone walking by were to change the LED color patterns
sodality2
·3 mesi fa·discuss
[dead]
sodality2
·3 mesi fa·discuss
Yep, here they admitted there were local revolutionary war re-enactors who were falsely flagged (although thankfully they didn't let it get past the first flag).
sodality2
·3 mesi fa·discuss
This is a very common pattern; my university pushed through a ZeroEyes AI camera/open carry weapon detection contract within 2 weeks of a shooting at a nearby school, even though it’s trivial to bypass by hiding it; it’s most probably just (gruesome as it is to think about) a bad press insurance so if anything happened, they can say they had “state of the art AI detection” and they did all they could. No one wants to be the one caught not doing “all they could” against the media cacophony in the immediate aftermath.
sodality2
·4 mesi fa·discuss
> That means the lock-in isn’t just product strategy. It’s also architecture.

> And that omission isn’t some harmless simplification. It’s the entire trick.

It isn't just once. It's—twice. ;)
sodality2
·4 mesi fa·discuss
I too am in this episode.
sodality2
·4 mesi fa·discuss
No conspiracy necessary. The CIA bought the rights to the 1954 film Animal Farm, modified the ending to fit propagandist ends, and it went undiscovered for four decades. The original Top Gun was intended to recover the image of the US Navy after the Vietnam War. Etc etc etc.

https://en.wikipedia.org/wiki/Military%E2%80%93entertainment...
sodality2
·4 mesi fa·discuss
Is there any evidence that going outside the scope of the agreement would amount to anything more than a contract violation? Are we really to expect that Anthropic general counsel sits at the API gates allowing or blocking requests?

More generally, are there any comparable contract requirements in the field of defense, for a company in the same position as Anthropic? I'm curious.
sodality2
·4 mesi fa·discuss
https://dontgetflocked.com/
sodality2
·4 mesi fa·discuss
Hm true, I wrote off Chrome OS altogether, does it provide enough customizability that MacOS/Linux does? You mention dev containers which is already way beyond my perception of its capabilities (and the general public, I think)
sodality2
·4 mesi fa·discuss
Yeah, the optimization is going to make or break it. I've heard people say that 8GB on their Air's with M chips are sufficient, but I do wonder if it will still be true now with MacOS - maybe we'll get a cleanup/performance release cycle?... With regards to AI I hope it's not a Gemini/Pixel situation where there's a lot of ram but 3.5GB are permanently reserved for the on-device model to be always-available.
sodality2
·4 mesi fa·discuss
I expect the customer of this product is not worried about repairability: to them, it's just an iPad with a keyboard. You're also citing 3x higher costs, so they're really not comparable.

The lack of upgradability is directly what provides a lot of benefits that I expect the average consumer vastly prefers: better performance with soldered memory and better battery life. It's not just to shaft you on prices (though that's definitely a big factor).
sodality2
·4 mesi fa·discuss
iPads are pretty common in education for the drawing capabilities. You can take notes by typing for most things, but when you get diagram/math heavy, you just cannot beat the pencil. I think it's probably pretty poor value of the small ability you gain to cost, relative to other things you could do (I like paper/pencil personally) but I see the use case, if limited.
sodality2
·4 mesi fa·discuss
Crazy good market segmentation by Apple here - it's pretty easy for college students to justify this plus an iPad, and still have to upgrade to a "real" laptop post-grad.

Personally this looks really compelling for students - I did something similar, dinky 4GB ram 2 core laptop with crazy good battery life - because I don't care about specs at all, LMS's and note-taking apps in school are not heavy. I just NEED to be able to work all day long, when lecture halls lack outlets. If I needed development weight I would just use an IDE plugin to remote to a desktop in my dorm.

Are there any similar laptops around this price range with comparable battery life? My impression is the market around ARM laptops is pretty small. If so this is a standout for this use case.
sodality2
·5 mesi fa·discuss
If only the average open source project got this level of scrutiny actually checking for vulnerabilities. I get that you don't want your private chats leaked by slopcode, but this was a few dozen lines of scaffolding in large software created before LLM coding; it would have been better to register your discontent without making demands, then continue to watch the repo for vulnerabilities. This feels like fervor without any work behind it
sodality2
·5 mesi fa·discuss
I have to warn you, it does get annoying when you plug in your power-only cable and it still nags you with the question. But it does work as intended!
sodality2
·5 mesi fa·discuss
Might as well give a recommendation then: I've been using hashcards [0] for a few weeks now and have enjoyed its simplicity and the fact that it all stays forever in raw markdown files and versioned git. A simple justfile has also been helpful.

[0]: https://news.ycombinator.com/item?id=46264492
sodality2
·5 mesi fa·discuss
How do you deal with the opposite, software that you forget to update but contains vulnerabilities discovered/exploited later?
sodality2
·5 mesi fa·discuss
I've brought my kindle to even the most strict of technology-banned lectures (with punishments like dropping a letter grade after one violation, and failing you after two), and never have they given me a problem when asked. They realize the issue isn't the silicon or lithium, it's the distractions it enables. I'm sure I could connect to some LLM on it, it's just that no one ever will.