HackerTrans
TopNewTrendsCommentsPastAskShowJobs

szc

no profile record

comments

szc
·vorig jaar·discuss
I've co-authored a book that a lot of the models seem to know about. The models consistently get the names of the authors incorrect and quote the material with errors. If the canonical representation of our work is now embedded within AI models, don't we deserve to have it quoted and represented correctly and fairly? If you asked a human who had read the book, I think there is a fair chance they would likely give you the reference to the source material.

I do concede that the book does contain a distillation of material that is also available from other sources, but it also contained a lot of personal experience. That aspect does seem to be lost in this new representation.

I am not saying that letting AI models read the material is wrong, but the hubris in the way models answer questions is annoying.
szc
·4 jaar geleden·discuss
I've come to the realization that getting multiple external monitors and then more than one set of them to work right is not a "trivial" problem. Any decision is going to be wrong or might result in a compromise or bad outcome.

The CalDigit support response sort of suggests that some monitors (or interfaces that fake it) aren't providing unique EDID data.

EDID is supposed to contain a serial number. Connecting two monitors that claim to be the "same" device because the serial number is the same is going to be a problem - which one is on the left or right? How can you know / remember? Basing it on which "port" they are plugged into will also lead to frustration if they get swapped or a hub is used.

What if you have two sets of the same monitors at home (L and R), and two more of the same monitors at work (L and R). What do you want the experience to be? (mapping Apps to the correct displays when moving environments is also an issue that, ahem, hasn't always worked well!)

I'd want (and I've been TOLD) that plug and play experience needs to be the same at home and at work after the manual setup of the monitor placement. At home the built-in display is on the right, with built-in switched to the left at work. NB: I really cannot see how to do all of this unless the monitors can uniquely identify themselves.

Recording or noting these setups / placements also could be a technical challenge - plugging in external monitors in a different order, including timing, does that create a new monitor "environment"? Given what I've observed, I think it does.

My wife has a setup like the above with 2x LG 4K displays (two USB-C thunderbolt cables / connections) in two locations. It has been "mostly working, but slow" for her old Intel MacBook pro or "working well" for a newly acquired Apple Silicon MacBook Pro with the current macOS Monterey.

Doing the numbers, home has 7 configs. IR=Internal-right. (I), (IR, LH), (IR, RH), (IR, LH, RH), (LH), (LH, RH), (RH). Work also has 7 configs. IL=Internal-Left. (I), (IL, LW), (IL, RW), (IR, LW, RW), (LW), (LW, RW), (RW).

Ramble: For the (exaggerated) 400 open windows any display plug/unplug event this is going to cause a re-render storm for a new DPI, colour depth and location for every window for each plug / monitor transition. Ouch.

I am dinosaur and this is an X11 flashback. How can or does any of this even work for Linux? An X11 app opens a connection to a "Display" and the DPI (size), colour depth and other params used to be "fixed" at that point in time, the client does all of the rendering for the window, providing a bitmap to the X11 server. In the past it was not possible to move windows between incompatible display parameters - making dynamic changes not possible. How does moving windows between monitors of different DPI / colour depth now work in X11? I need to look into this. Prediction: I likely will be a casualty in the war of display rendering.

Final ramble. With some of these new "standards" (looking at you, USB-C), it seems the goal is to get the license payment but there is no requirement that your product passes a conformance test in order to ship it.
szc
·5 jaar geleden·discuss
I highly recommend using Dean Camera's LUFA stack if you are going to use the Atmel AVRs that have on-board USB hardware.

<https://fourwalledcubicle.com/LUFA.php>
szc
·5 jaar geleden·discuss
I appreciate your response. I retract everything I said. It was a very poorly thought out comment.
szc
·5 jaar geleden·discuss
I didn't see that. I retract everything I said. It was not a well thought out comment.
szc
·5 jaar geleden·discuss
I agree. What I wrote is incorrect.
szc
·5 jaar geleden·discuss
I appreciate your response and agree with what you have said.

I cannot undo what I've said - it is clearly very incorrect. I would like to retract it.

Do you have any recommendations for getting better at critical thinking? How can it be practiced in a way that doesn't get you banned when making mistakes?

I really would like to avoid making these sorts of mistakes in the future.
szc
·5 jaar geleden·discuss
I think this is a poorly sourced and not a reliably fact checked article.

This is at least the 2nd time on HN that a report has suggested Ashley Gjovik was complaining about "toxic chemicals at work". The previous article referred to something published at "The Verge" - "her office is in an Apple building located on a superfund site" <https://www.theverge.com/2021/9/9/22666049/apple-fires-senio...>

Other published articles (and I believe is likely the truth) indicate that the toxic chemical issues were related to her personal living space <https://sfbayview.com/2021/03/i-thought-i-was-dying-my-apart...>

The nytimes ought to be very embarrassed about this stupid error.

I note that the personal toxic superfund site issues were previously discussed on HN.

I am also somewhat confused about the persona of "Cher Scarlett". I do not think it is a real identity. I also have some serious doubts if they, or their alter ego, is actually employed at Apple. Reputable journalists could actually verify this with employment and tax records -- journalists would actually have to do the necessary due diligence.

Twitter suggests that "Cher Scarlett" is located in Seattle. (This would make them a remote worker for Apple). Also seemingly making quite a lot of tweets. When does this person do any work for Apple? Is this person the reason why Apple isn't responding to Security reports and the bug bounty program?

After reading many tweets I am failing to detect any comprehension of, or demonstration of, a computer security "mindset" -- something that, in my experience, does tend to manifest itself in the personality of security folks over extended periods of time.

I am unable to determine what sort of security role this person has.

I am not suggesting any malice or ill will towards "Cher Scarlett". I am trying to present this as a technical analysis.

In summary, I really question if "Cher Scarlett" is actually a real person in they way they are presenting themselves to be.
szc
·5 jaar geleden·discuss
I am neither. A similar exchange with sneak has happened previously.

It is a frustrating exchange.

The words that have been used attempt to tie two controversial topics together PRISM and FISA. The logic then seems to be that because companies can now report on FISA orders, this means they also willingly participated in PRISM.

What has been said seems to ignore that the FISA reporting by companies shows the number of identities that data has been provided for. PRISM on the other hand looks like a program to collect as much data as possible, regardless of identity.

At this point it is going to just be agree to disagree.
szc
·5 jaar geleden·discuss
Thanks.

This can be entirely explained if the NSA had already performed a "solar winds" supply chain attack on the vendor that supplied the TLS encrypt / decrypt endpoints. Is the vendor of that hardware known or discoverable?

Google would have no idea the traffic could be intercepted. The NSA could use the Smiley face, perhaps with a nudge, nudge, wink, they are now a "supplier of data" on slides.
szc
·5 jaar geleden·discuss
This thinking is based on trusting "encrypted" links. Did you build the hardware that drives these links? Did you audit the Verilog or code that operates this hardware?

I know of at least one way a to implement a "secure" TLS product that you could purchase and deploy in your datacenter that would leak all of the the keying material to compromise every data connection to the NSA. You would be 100% in compliance of all technical requirements, but your data would be utterly transparent. You would not be able to detect this using an internal or external audit.

Did you purchase your rack-to-rack equipment from the equivalently Trojaned "Solar Winds" vendor? The "Solar Winds" event was a "commercially" botched exploit.

Sorry, NSL(s) do not scale. It is an ever expanding "circle of trust".

Containing secrets is only effective if they are only shared within "your shared culture" and your culture is very stable -- nobody leaves because of a difference of opinion.

NSL can only be effective if nobody knows.
szc
·5 jaar geleden·discuss
FISA orders are written by a Judge. Only judges can write these, this is the literal definition of a warrant. Warrants require specifics - Person X, person Y. These are enumerable. There is paperwork.

PRISM, based on the data available, is all about consuming data WITHOUT a warrant -- vacuuming data associated with identities that are not associated with ANY identities subject to a court order. Violating laws and possibly (USA) constitutional rights in quite a few ways. PRISM likely exists.

I ask of "sneak" to confirm their assertion that "PRISM == FISA orders" is true. Please present this "evidence" and the evidence of connection. If you cannot you are, by default, distributing mis-information, bad logic or at worst tying to mislead.

(my naive searching suggests that "sneak" is definitely not in a position to make these claims)
szc
·5 jaar geleden·discuss
I do not. It would be helpful to enumerate the specifics of this rather than to play the role of a cheshire cat and say nothing.

(I am independently looking for this, but cannot currently confirm)
szc
·5 jaar geleden·discuss
Sorry, but I do not believe that is what the leak revealed.

There was a slide that indicated that data from Apple and other companies was now part of the PRISM program.

I am not trying to deny or refute Snowden's whistleblowing. I think it is highly likely that PRISM exists. What I dispute are the speculations that the companies listed are complicit.

The 2012 date is quite suspicious - it is precisely the same year that a new Apple datacenter in Prineville came online. Facebook also has a datacenter. Literally next door. Facebook also appears on those slides. I am not sure who else is also now in the area.

I wonder where all of the network cables go?

I personally think that PRISM works by externally intercepting data communication lines running to these facilities. Similar to the rumors that international comms links have been tapped. The companies themselves have not participated, but the data path has been compromised.

The NSA has previously tapped lines (AT&T), but they made the mistake of doing it inside the AT&T building. Google "Room 641A at 611 Folsom Street, SF". That is where "beam splitting" was done. This eventually leaked out. The NSA isn't stupid, I doubt they wanted to repeat that sort of discovery. The best way to keep something from being discovered is to not let people know. This is why I think it is believable and likely that the companies listed on the slides have no idea what has been done.

I will also note that PRISM and "beam splitting" are a rather cosy coincidence.

I think it is most likely that PRISM is implemented without the knowledge of anyone except the NSA and in Prineville there is some "diversion" of network cabling to a private facility that is tapping the lines.
szc
·5 jaar geleden·discuss
A 13 gallon "garbage" bag, commonly used to dispose of waste in the USA weighs 22grams. Each Airpod, according to Apple, weights 4grams. (yeah, I'm just talking about plastic, but plastic really is part of this). The actual material (resource) cost of an Airpod is utterly insignificant (over the 3 years you cite as the lifetime) to the daily and weekly waste caused by each person in a western culture. The average waste per human for western cultures seems to be about 500+Kg per year. Over that time, the equivalent of about 375,000 Airpods. This is for materials disposed of each week, without thought - the numbers I'm using do not include any materials that are recycled. What is the actual useful "lifetime" of this garbage or trash? Perhaps a week? Or if it was a Starbucks coffee cup lid, perhaps 30 minutes. Doubtful it was 3 years.

The outrage at not being able to repair a 4gm Airpod when compared to the complete disregard to wasting other resources, in my opinion, has a very dubious moral stance.

I get that the price paid is indicative of the engineering that went into the product and you feel it might be outrageous to pay that amount for 2x 4gm.

Any argument about repairability needs to be considered in the context of actual resources used to make the product, what the cost to humanity was when compared to what it will cost to repair the product, including the human cost.
szc
·5 jaar geleden·discuss
I remember capturing a copy of "snake" for analysis and figuring out the exploit.

It wasn't just world exposed NFS shares - it was any share that was exported to itself. You could use portmap as a proxy and get the root file handle.

If you weren't able to patch portmap, the only remedy was to never export a filesystem to yourself.
szc
·5 jaar geleden·discuss
This answer is both a great answer, but also a terrible one.

This answer implies all "python" binaries across all operating systems and distributions for all time, are backwards and forwards compatible, no work needed. Guaranteed 100% equivalent.

What about Python2 v.s. Python3?

This isn't true and cannot ever be. This happens for other scripting and interpreted languages.

This approach means that the burden of choice and setup is transferred 100% to the person running the script. If you have 2 scripts that require different dependencies, then you will encounter this problem. I think it is this that encourages folks to include hard coded paths to enumerate explicit dependencies.

Lots of the "package" managers for these scripting languages also don't deal with this very well. They advocate a "do it my way" or "do it yourself". Different languages do it different ways.

Ultimately, the person wanting to run the script, just wants to make it run -- they will follow the instructions to make it work and along the way will make "global" changes -- which will impact what will happen for any other script in the future. This will likely be diverged from anyone else who has a "base install".

The above is mostly about my observations with using Ruby, not Python. However, few attempts in using pre-packaged complex python "recipes" has always resulted in similar conflicts.
szc
·5 jaar geleden·discuss
It isn't an allergy.

At the time the GPLv3 was written, the GPLv3 was deliberately crafted to put commercial companies into a conflict situation.

(A) Give up selling audio with DRM (DRM did go away) (A) Give up selling video with DRM (A) Give up using HDMI as an output port (A) Give up using digital signatures to secure the integrity of software

-OR-

(B) Give up using GPL v3 software, GCC, Bash

Pretty sure most customers actually want many of the things in (A) and a minority actually care about (B). The items in (B) can be post-installed by those that really want it. Sure those in (B) have a loud voice, but, HN, are they really representative (democratically a majority)?

How would you make the choice between (A) or (B)?

I would bet that if a subeoena for FSF/GNU email was issued there would be a lot of messages related to manipulation and coercion for licensing and re-licensing. The sort of stuff, when associated with companies turns into scandal, lawsuits and monopoly investigations. (GCC almost got to be what could be considered a monopoly compiler)

I do believe that open software has a place and is a really good choice. My opinion is that the GPLv3 is completely toxic, spawned from negativity and is ultimately anti-open source. I will never release any software under the GPLv3.
szc
·5 jaar geleden·discuss
#!/usr/bin/python

How exactly is the above supposed to work when /usr/bin/python doesn't exist. If Apple chose to break the #! contract by doing something else, how would you feel about that?
szc
·5 jaar geleden·discuss
In a 100% honest world I agree with everything you say. But, the world isn't 100% honest.

Let's say company A asks manufacturer F to make 100,000,000 units of a product. One element of this product costs $10. An enterprising person suggests that if 1% of the material submitted to the mfg line was counterfeit, but could be made to pass "inspection" they could make at least $10,000,000. They could resell the "genuine parts" on the grey market at a 50% markdown, but only pay 1% of the cost for the counterfeits. The product would ship. Company A would ultimately be left to deal with the 1% (but not trivial number) of unhappy customers and perhaps a class action lawsuit due to "not meeting specs".

In the post I am responding to, there is no requirement by anyone to validate that a part is within spec. Current contract manufacturing for a lot of products does not involve the originating company being able to independently validate the product before it is shipped to the end user. All validation needs to occur during manufacturing, on-site at the manufacturer. If you aren't validating what goes into manufacturing, how can you make any promises as to what comes out?

If company A decides to implement serialization of parts to combat manufacturing "problems". Those advocating "right to repair" are going to be upset because they are now 100% collateral damage. There are other aspects of this, where chip vendors attempt to lock-in customers with the promise of using "custom part numbers" (HP has a fabulous history for this, extending back to the 1980's) or for "custom" programming during fabrication. Many, many. many parts now contain programmable elements and silicon vendors have capitalized on this to gain a business advantage and lock in.

In a world of fraud, especially in the "repair" market, how can and do you establish trust when purchasing parts?

Let's also look at something entirely different. The "Blue Pill" is a development board, originally based on an ST microelectronics STM32 part. If you wanted to purchase a "Blue Pill" board, you will now >90% of the time (based on price) receive a counterfeit product - the microcontroller will not be an STM32 part and it will not exactly meet the specifications (especially in low power situations). Who is to blame? Who pays for this fraud? Should this be "fixed"? How? By who?

Pivoting again. This news "report" is a product, delivered to customers. Are journalists prepared to document the thought processes that went into their product. Will they commit to documenting any changes to the product, including why the changes were made and for what reasons? This is what many of these articles are implicitly asking of hardware manufacturers!

I am generally in favor of being able to repair, but it isn't as simple as toilet roll unroll forward or backwards? (a deliberately chosen metaphor as the majority of the worlds population does not use).