HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jagrsw

no profile record

comments

jagrsw
·4 miesiące temu·discuss
https://en.wikipedia.org/wiki/Olo_(color)
jagrsw
·6 miesięcy temu·discuss
I don't know much about corporations, but why business plans are needed at all? I mean, for EU citizens.

bank (loans), immigration and investors can be interested, but their interests are not covering every corporation out there.
jagrsw
·6 miesięcy temu·discuss
To be fair, the existence of Surströmming [https://en.wikipedia.org/wiki/Surstr%C3%B6mming] is a valid casus belli. We aren't talking about food here - it's "haloanaerobic bacteria producing hydrogen sulfide in a pressurized vessel". An unregulated bio-weapons program hiding in plain sight.
jagrsw
·7 miesięcy temu·discuss
> To stop me you'd have to compel me.

  Cow A: "That building smells like blood and steel. I don't think we come back out of there"
  Cow B: "Maybe. But the corn is right there and I’m hungry. To stop me, you'd have to compel me"
Past safety is not a perfect predictor of future safety.
jagrsw
·7 miesięcy temu·discuss
To clarify the position, my concern isn't that the project is bad - it's that security engineering is a two-front war. You have to add new protections (memory safety) without breaking existing contracts (like ld.so behavior).

When a project makes 'big claims' about safety, less technical users might interpret that as 'production ready'. My caution is caused by the fact that modifying the runtime is high-risk territory where regressions can introduce vulns that are distinct from the memory safety issues you are solving.

The goal is to prevent the regression in the first place. I'm looking forward to seeing how the verification matures and rooting for it.
jagrsw
·7 miesięcy temu·discuss
You're right, my tone was off.
jagrsw
·7 miesięcy temu·discuss
I understand your point, and I have the utmost respect for the author who initiated, implemented, and published this project. It's a fantastic piece of work (I reviewed some part of it) that will very likely play an important role in the future - it's simply too good not to.

At the same time, however, the author seems to be operating on the principle: "If I don't make big claims, no one will notice." The statements about the actual security benefits should be independently verified -this hasn't happened yet, but it probably will, as the project is gaining increasing attention.
jagrsw
·7 miesięcy temu·discuss
I checked the the code, reported a bug, and Filip fixed it. Therefore, as I said, I was a little concerned.
jagrsw
·7 miesięcy temu·discuss
The author has a knack for generating buzz (and making technically interesting inventions) :)

I'm a little concerned that no one (besides the author?) has checked the implementation to see if reducing the attack surface in one area (memory security) might cause problems in other layers.

For example, Filip mentioned that some setuid programs can be compiled with it, but it also makes changes to ld.so. I pointed this out to the author on Twitter, as it could be problematic. Setuid applications need to be written super-defensively because they can be affected by envars, file descriptors (e.g. there could be funny logical bugs if fd=1/2 is closed for a set-uid app, and then it opens something, and starts using printf(), think about it:), rlimits, and signals. The custom modifications to ld.so likely don't account for this yet?

In other words, these are still teething problems with Fil-C, which will be reviewed and fixed over time. I just want to point out that using it for real-world "infrastructures" might be somewhat risky at this point. We need unix nerds to experiment with.

OTOH, it's probably a good idea to test your codebase with it (provided it compiles, of course) - this phase could uncover some interesting problems (assuming there aren't too many false positives).
jagrsw
·8 miesięcy temu·discuss
It's not possible even in 10 years (.. but maybe in 11).

What a shift in the last 5 years (never -> 100 years -> 11)
jagrsw
·9 miesięcy temu·discuss
The simple additive scoring here is sus here. It means a model that's perfect on 9/10 axes but scores 0% on Speed (i.e., takes effectively infinite time to produce a result) would be considered "90% AGI".

By this logic, a vast parallel search running on Commodore 64s that produces an answer after BeaverNumber(100) years would be almost AGI, which doesn't pass the sniff test.

A more meaningful metric would be more multiplicative in nature.
jagrsw
·9 miesięcy temu·discuss
> baby doesn't know anything about the world

That's wrong. It knows how to process and signal low carbohydrate levels in the blood, and it knows how to react to a perceived threat (the Moro reflex).

It knows how to follow solid objects with its eyes (when its visual system adapts) - it knows that certain visual stimuli correspond to physical systems.

Could it be that your concept of "know" is defined as common sense "produces output in English/German/etc"?
jagrsw
·9 miesięcy temu·discuss
That "blank slate" idea doesn't really apply to humans, either.

We are born with inherited "data" - innate behaviors, basic pattern recognition, etc. Some even claim that we're born with basic physics toolkit (things are generally solid, they move). We then build on that by being imitators, amassing new skills and methods simply by observation and performing search.
jagrsw
·9 miesięcy temu·discuss
Reminds me of the Orange Alternative movement in communist-era Poland. A group would wear t-shirts, each with a letter, spelling an innocent phrase.

When one turned away, the message would instantly become different, like changing "Down with the heat" to "Down with the cops" - https://sztukapubliczna.pl/pl/precz-z-u-palami-pomaranczowa-...

https://en.wikipedia.org/wiki/Orange_Alternative

the whole world is a work of art, so even a single policeman standing in the street is a work of art
jagrsw
·9 miesięcy temu·discuss
Skilled essay, but not an argument. Opens with "As Jung notes" as an appeal to authority, then more name-drops.

Misses clear definitions (what counts as "friendship with self"?) and the mechanism (how X->Y). Anecdotes/quotes != proofs.

IOW, prestige != proof. Two quick checks 1) strip the names - does the reasoning still stand? 2) Flip to counterexamples - does the thesis survive? We all know people who are hard on themselves but deeply loving to others.

Nice essay but treat it as a opinion to test, not a truth to inherit. The thread reads as if the case were already proven.
jagrsw
·9 miesięcy temu·discuss
> that not everybody writes in English.

I don't know... I understand the history and reasons for this capitalization behavior in Turkish, and my native language isn't English, which had to use a lot of strange encodings before the introduction of UTF-8.

But messing around with the capitalization of ASCII <= codepoint(127) is a risky business, in my opinion. These codepoints are explicitly named:

"LATIN CAPITAL LETTER I" "LATIN SMALL LETTER I"

and requiring them to not match exactly during capitalization/diminuitization sounds very risky.
jagrsw
·9 miesięcy temu·discuss
Short answer - treat it as Class I (it has a PE terminal)

Longer: A Class I inverter/appliance relies on PE. A single insulation fault (live -> chassis) will put the chassis at line potential if PE isn’t connected.

If you run other Class-I loads (eg. fridges) downstream of a GFCI but don’t carry PE, a hot-to-chassis fault on the load won’t reliably trip anything until there’s a return path (often a person).
jagrsw
·9 miesięcy temu·discuss
Then again, I'm not certified for solar installations - but standard <1kV home installations and measurements. (As an anecdote, there's a specialty called 'electrical installations for hydrolysis of water' - I shall get certified in that one day just for fun.)

Buy a customer-oriented device instead, if you can. I vaguely remember there are plenty of them on the market with built-in batteries. They should have RCD/GFCI and overcurrent protection (and thermal, and BMS included) per outlet (or per bus).

If you want to stick with your current inverter, here are some thoughts from first principles:

- ground it while using, but this might be hard at a remote camping site (maybe use a grounding rod?). If it's a similar model to the one in the article, it must be grounded.

- a GFCI/RCD rated for 30mA or less with 15-20A circuit breaker (I'd suggest type-A if in EU) that matches your wiring and outlets.

There should be ready-to-go boxes that provide RCD+OC, and maybe you're already using one.
jagrsw
·9 miesięcy temu·discuss
> as long as it's not intentional

I think this could be considered intentional, because in most countries, connecting this inverter to anything (source, sink) would require certification (+tests), as it doesn't have standard electrical outlets (it varies from country to country, but in the countries I've seen, either certification is required or connecting wall/ceiling lamps is exempted from this, but verification must be done afterward).
jagrsw
·9 miesięcy temu·discuss
> This can be done safely if you know how to compute the correct wire gauge for the distance, and don't overload the circuit.

Agreed, a long run adds so much impedance that during a short circuit, the breaker won't trip instantly. It will just sit there and let the fault current cook the wires.

Various jurisdictions require a fault loop impedance test for installations (and discussed one looks "fixed"). This cannot be eyeballed from a wire diameter table, must be measured.