HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kchr

no profile record

comments

kchr
·8 ay önce·discuss
> Above a certain complexity, there is basically no 100% open-source hardware out there. > > Like none of the Pinephone, Librem, Framework laptops are "open-source" to the bone.

As an aside, GNU Librephone aims to rectify that by reverse-engineering those blobs and develop their own firmware for baseband chips etc. But I am carefully optimistic about the success since it is a relatively new project and quite a moonshot, even though I would personally stand first in line to buy one if it would materialize.
kchr
·8 ay önce·discuss
One of the points made in that paper is that you can't even trust the compiler, even if you write the code yourself. I think this is one of the stronger points as it shows you it is unfeasible to require everybody to audit all source code before running it. Be pragmatic, know your threat model, decide who you trust and move on with more important things in your life.

Full disclosure: am free software advocate.
kchr
·2 yıl önce·discuss
Additionally, a lot of jungle music were produced on Amiga using the same tracker software as many demosceners (OctaMED, ProTracker, etc). Makes me curious of how many junglists were also active sceners :-)

For example Pete Cannon: https://www.youtube.com/watch?v=p1eA-FGJ8B0

More recent livesets using dual Amigas, from the Amiga Junglism channel:

https://www.youtube.com/watch?v=VHPIxrcjKW4 https://www.youtube.com/watch?v=1P6VxIWFl7g

Some mixtapes:

https://www.youtube.com/watch?v=-NjqNwHidpk https://www.youtube.com/watch?v=Oe3jEA7710s
kchr
·2 yıl önce·discuss
From the TIOBE site[0]:

> Since there are many questions about the way the TIOBE index is assembled, a special page is devoted to its definition. Basically the calculation comes down to counting hits for the search query > > +"<language> programming"

I don't think the popularity of a programming language could be measured by how many hits it has on search engines. For example, it may well be that 50% of those hits are forum posts from people being frustrated because the language sucks. In addition, the fact that a language is in use in a lot of existing systems says little about when that code were written, and which options were available at that time.

[0] https://www.tiobe.com/tiobe-index/programminglanguages_defin...
kchr
·2 yıl önce·discuss
While I appreciate the flashbacks you just gave me, I don't think the enshittifaction of GUI:s is orthogonal to the evolution in not having to deal with hardware issues any more.
kchr
·2 yıl önce·discuss
You linked the same file twice, was that intentional?
kchr
·2 yıl önce·discuss
Even approved and trusted admins can be a liability (disgruntled employee, social engineering). Like OP said, mandatory access control (MAC) implementations like SELinux can be used to even further restrict what an administrator (or process running with admin privileges) is allowed to do.
kchr
·2 yıl önce·discuss
> Interesting, I might need to do some reading, > Does macOS have any form of MAC yet, or do they just rely on sandboxing?

Kind of. There is a set of permissions an application can request in order to access protected services and areas of the filesystem, but maybe that's what you meant with sandboxing?

https://support.apple.com/en-gb/guide/mac-help/mchl211c911f/...
kchr
·2 yıl önce·discuss
> No, you create one account. The root account doesn't have to be created. It's automatically there, built into the system. On Windows, you have to explicitly create two separate accounts, one with Administrator privileges and one without.

Correct, but you're missing the point. There's practically no difference between Linux and Windows when you need to escalate privileges, except having to enter credentials for another (privileged) user than your current (unprivileged) user. The security boundary is there and the user experience is basically the same. Everything else is just nitpicking.
kchr
·2 yıl önce·discuss
I need a rundown of your clients.
kchr
·2 yıl önce·discuss
It's AI agents all the way down
kchr
·2 yıl önce·discuss
They seem happy to host media for other conferences as well! <3
kchr
·2 yıl önce·discuss
Agreed, but they're not being tossed out into nature the same way these disposable vapes are.
kchr
·2 yıl önce·discuss
Can you elaborate on how this affects the security model?
kchr
·2 yıl önce·discuss
Speaking of music apps for game consoles, there is also the Korg DS-10 for Nintendo DS:

https://en.m.wikipedia.org/wiki/KORG_DS-10
kchr
·2 yıl önce·discuss
This could probably be fixed by tracking whether the mousedown event was started inside or outside the dialog, and only close the dialog if the mousedown started outside it.
kchr
·2 yıl önce·discuss
For native documentation, why not just search the official docs at https://docs.python.org/ ?

I find it to be very discoverable if you are looking for docs about a specific function or module.
kchr
·2 yıl önce·discuss
Actually, it looks like the feds have sided with the 3rd parties?

https://www.theverge.com/2024/3/14/24101023/ftc-doj-comment-...
kchr
·2 yıl önce·discuss
I believe adding extra components (i.e. custom software) would classify as the "mangling" GP wanted to avoid.
kchr
·2 yıl önce·discuss
SQL in itself is not the weak point in this case (or any of the other cases of a successful SQLi attack). The problem is the treatment of user-controllable input data and using that data as part of a SQL query without properly sanitising/escaping special characters first.