HackerTrans
トップ新着トレンドコメント過去質問紹介求人

ahlCVA

1,366 カルマ登録 5 年前

投稿

Valve open-source the Steam Machine e-ink screen so you can make your own

gamingonlinux.com
610 ポイント·投稿者 ahlCVA·8 日前·114 コメント

Black Box Probing: A Security Analysis of Xiaomi's MJA1 Secure Chip

blog.quarkslab.com
3 ポイント·投稿者 ahlCVA·19 日前·0 コメント

German ruling declares Google liable for false answers in AI Overviews

the-decoder.com
1,021 ポイント·投稿者 ahlCVA·先月·552 コメント

Programming the Apollo Guidance Computer in Blockly

neil.fraser.name
3 ポイント·投稿者 ahlCVA·先月·0 コメント

The Empty Field That Wasn't: GPS, OTAD and Two Decades of Encrypted Broadcasts

lsc-pagepro.mydigitalpublication.com
3 ポイント·投稿者 ahlCVA·先月·0 コメント

Ugetty: A modern, lightweight, multi-protocol Getty

github.com
2 ポイント·投稿者 ahlCVA·2 か月前·0 コメント

You're probably taking the wrong painkiller

dynomight.net
4 ポイント·投稿者 ahlCVA·2 か月前·0 コメント

[untitled]

1 ポイント·投稿者 ahlCVA·3 か月前·0 コメント

Linux PTP mainline development war story and new features

bootlin.com
25 ポイント·投稿者 ahlCVA·3 か月前·0 コメント

A Server That Forgets: Exploring Stateless Relays

blog.torproject.org
1 ポイント·投稿者 ahlCVA·3 か月前·0 コメント

Conway's Game of Life, in real life

lcamtuf.coredump.cx
12 ポイント·投稿者 ahlCVA·4 か月前·1 コメント

Sashiko – an agentic system for Linux kernel changes

lore.kernel.org
4 ポイント·投稿者 ahlCVA·4 か月前·1 コメント

The Need for Understanding (2025)

blog.information-superhighway.net
2 ポイント·投稿者 ahlCVA·4 か月前·0 コメント

Ucode

ucode.mein.io
1 ポイント·投稿者 ahlCVA·4 か月前·0 コメント

Help us test WEBCAT alpha

securedrop.org
2 ポイント·投稿者 ahlCVA·4 か月前·0 コメント

AI controls is coming to Firefox

blog.mozilla.org
34 ポイント·投稿者 ahlCVA·5 か月前·29 コメント

Building cryptographically verifiable integrity into Linux systems

amutable.com
7 ポイント·投稿者 ahlCVA·6 か月前·0 コメント

Rust for C Programmers

rust-for-c-programmers.com
6 ポイント·投稿者 ahlCVA·6 か月前·3 コメント

SoundSlab: How It Started

craigjb.com
2 ポイント·投稿者 ahlCVA·6 か月前·0 コメント

ASCII diagrams extracted from open source code-bases

asciidiagrams.github.io
3 ポイント·投稿者 ahlCVA·6 か月前·0 コメント

コメント

ahlCVA
·15 日前·議論
It seems like it doesn't do this for Code 128 (possibly because it is variable-width?). It definitely works with EAN13 though - I tried it locally using only the TTF file.
ahlCVA
·15 日前·議論
Barcode fonts have been around for ages. But what's cute about this one is that it can calculate the EAN13 checksum on its own.
ahlCVA
·17 日前·議論
This isn't without downsides though: As somebody with a niche technical hobby, it is hard for me to order from many suppliers because they understandably don't want to deal with consumer protection laws and thus exclude B2C transactions outright ("Verkauf nur an Gewerbetreibende").

I would be fine with waiving my right to returns but this is not possible on purpose, so my only options are to shop somewhere else (often not possible) or found a company (not possible because it would be Liebhaberei - "Running a company without intent to make profits").
ahlCVA
·2 か月前·議論
Whenever one of these vulnerability apocalypse posts comes along I cannot help but think of the Litany of Gendlin:

  What is true is already so.
  Owning up to it doesn't make it worse.
  Not being open about it doesn't make it go away.
  And because it's true, it is what is there to be interacted with.
  Anything untrue isn't there to be lived.
  People can stand what is true,
  for they are already enduring it.
I cannot wrap my mind around why people think finding vulnerabilities is bad. The code already was broken before somebody published the vulnerability. The difference now only is that you know about this.

Imagine somebody finding a flaw in a mathematical proof and everybody being sad because a beautiful proof got invalidated rather than being glad future work won't build on flawed assumptions.

I get that the rate of vulnerability discovery can be a burden, especially for people doing FOSS in their spare time, but the sustainability problem with that has always existed and only gets exacerbated by the vulnerability stuff, but the latter isn't the cause you need to make go away.
ahlCVA
·2 か月前·議論
Apple implements the USB-C/USB PD specs to a t and is unforgiving if you don't do either.

At work, our quick test for if a device implements USB PD correctly is to plug it into an Apple power supply (optionally with a PD protocol sniffer in line). If it doesn't work (either no/intermittent VBUS or the wrong VBUS), it's always been the case that the device is doing something wrong.

It can be annoying but strictly speaking their fault.
ahlCVA
·6 か月前·議論
Obviously the two aren't the same (especially given the need to do routing), but I've always found it amusing that in the systems world, capability-based systems (i.e. making it impossible to address things you aren't allowed to access) are gaining traction while the philosophy in the networking world seems to be going in the opposite direction (make it possible to address everything, i.e. IPv6 vs. NATted IPv4, then add filtering).
ahlCVA
·6 か月前·議論
Calling publishing API docs "open-sourcing" is a bit hyperbolic, but as token gestures go, it's at least worth a little bit.

I'm not familiar with those devices in particular, but I wish vendors would take steps to make life easier for after-markt firmware developers especially once devices go EOL by doing things like proactively dropping a GPL tarball and giving people a way to disable secure boot locks on devices that have them.
ahlCVA
·6 か月前·議論
This is a per-credential setting, so you can have your SSH signing key be a no-touch key and still use touch confirmation for everything else.

(see "uv" option here https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-cl... - the -sk key types in SSH are just a clever way of abusing the FIDO protocol to create a signing primitive)
ahlCVA
·7 か月前·議論
For what it's worth: You can set no-touch-required on a key (it's a generation-time option though).
ahlCVA
·7 か月前·議論
There is also a relatively modern capability-based kernel in the L4 family of microkernels, called Fiasco.OC: https://os.inf.tu-dresden.de/fiasco/overview.html

There are also a bunch of components for building a functional userspace (such as L4Re or Genode).
ahlCVA
·9 か月前·議論
SNI leakage is what encrypted client hello (ECH) tries to solve: https://blog.cloudflare.com/announcing-encrypted-client-hell...

It's still not perfect since you're still leaking information about the privacy set implied by the outer ClientHello, but this possibly isn't much worse than the destination IP address you're leaking anyway.
ahlCVA
·9 か月前·議論
Relevant SSC blog post: https://slatestarcodex.com/2015/01/31/the-parable-of-the-tal...

Starting from very similar observations but drawing the causality arrow in the opposite direction (alignment follows from talent).
ahlCVA
·10 か月前·議論
Previously: https://news.ycombinator.com/item?id=38664729
ahlCVA
·10 か月前·議論
Whenever people complain about the energy usage of LLM training runs I wonder how this stacks up against the energy we waste by pointlessly redownloading/recompiling things (even large things) all the time in CI runs.