HackerTrans
TopNewTrendsCommentsPastAskShowJobs

DexesTTP

no profile record

comments

DexesTTP
·28 ngày trước·discuss
It would result in fewer online games that stop working altogether when the publisher wants to stop it.

All the publisher would have to do is to create a "mini self-hosted server" application and provide it and they would follow the law on this.

It's really not that complicated. Not "free", of course, but it's not exactly expensive either if you plan to do that from the moment you write your first line of code.
DexesTTP
·tháng trước·discuss
The latter.

It's a tool, if using data is necessary to make the tool work, then its output derives from the data.

If the LLM generation is not derivative of its training data, then why would it need the training data in the first place?
DexesTTP
·6 tháng trước·discuss
It's because circles allow for a stagger and overlap as shown later on. It's not really possible to get the same effect from squares.
DexesTTP
·7 tháng trước·discuss
Basically, for this specific structure, they had to develop their own "sub structures" on the 1d line. These sub structures are known to create one little thing going diagonally (and then leave a bunch of debris behind, but that doesn't matter too much for that first step, they called this custom part "the fuse"). Then, there is a known technique where taking "diagonal moving objects" created on the same y-coordinate and placing them at the "right x position" makes the collide in a way where you can "program" where to create diagonal moving objects but at arbitrary positions on the screen (this is called a "binary construction arm"). And then, once you can create these anywhere on the screen, then you've basically won ; there's another technique to turn arbitrary positions into arbitrary shapes ("extreme compression construction arm", or ECCA), and it's "just" a matter of making the ECCA clean up all of the debris and build a new fuse but moved over.

Of course, the "just" here does the heavy lifting and represents over two years of exploration, writing algorithms for how to clean up everything, and so on.
DexesTTP
·2 năm trước·discuss
Do look into jsdoc typing and "//@ts-check".

I do agree with you on the compilation, and this is the reason I'm still writing the occasional .js or .mjs file. However, the js I write starts with enabling ts-check and has all of its type information encoded as comment. This way, I'm getting the benefits of typescript while writing the code without needing the whole compilation step.
DexesTTP
·2 năm trước·discuss
Context: This is for a 2019 data breach on a system that was created in 2012. The GDPR was instated in 2018 (has it really been that long? Wow feels like yesterday) and Meta failed to disclose the 2019 data breach properly under GDPR, hence the fine.
DexesTTP
·2 năm trước·discuss
None of these are true for the MitM threat model that caused this whole investigation:

- If someone manages to MitM the communication between e.g. Digicert and the .com WHOIS server, then they can get a signed certificate from Digicert for the domain they want

- Whether you yourself used LE, Digicert or another provider doesn't have an impact, the attacker can still create such a certificate.

This is pretty worrying since as an end user you control none of these things.
DexesTTP
·2 năm trước·discuss
The requirement to ID yourself online was already a thing in China, and using government-provided unique IDs for that isn't the worst way to go about it. The main issue would be mandatory reporting (i.e. if the companies have to constantly send data about what every given ID is doing on their website), but that's a different issue - and I don't feel like it's harder to do this using the phone numbers they already use compared to using a government GUID.

The main issue is that this would make obtaining access to Chinese websites even more difficult for people outside of China. It was kind of possible to go around the phone number restriction by obtaining a phone number, but going around the government ID is going to be significantly more difficult.
DexesTTP
·2 năm trước·discuss
TS allows you to pass a read-only object to a method taking a read-write value:

    type A = { value: number; }
    function test(a: A) { a.value = 3; }
    function main() {
      const a: Readonly<A> = { value: 1 };
      // a.value = 2; <= this errors out
      test(a); // this doesn't error out
      console.log(a); // shows 3
    }
DexesTTP
·2 năm trước·discuss
I really don't agree with that. Git is a powerful tool with very few actual downsides, and the unwillingness of some developers to spend an hour learning how it works hurts them in the long-term.

It's like sticking to the text editing feature of your IDE because you can't be bothered to learn how it works. Sure, you _technically_ can do that, but you're losing on everything that makes an IDE useful and probably losing actual days or weeks worth of work because of that.
DexesTTP
·2 năm trước·discuss
Not quite that, we've known about galaxies outside our own (like the Magellanic clouds or the Andromeda galaxy) for a few millenia, and the main reason black holes haven't been discovered for a while because they're black and we needed a theory to know where to look. The current theory of cosmology has overall been pretty stable for a while.

What's interesting there isn't that much the object themselves which are bog-standard as far as celestial objects go, but how red-shifted (and therefore how far away/long ago) they are, which is something the model doesn't quite exclude but does warrant some tweakings of the "initial parameters" of the universe to make it work this way compared to what we expect.
DexesTTP
·2 năm trước·discuss
Weird choice to talk about the placebo effect in this context. The placebo effect is definitely used in combination with chemical and biological effects when administering drugs (or, more accurately, it always automatically happens). It's just when trying to test the efficacy of drugs that you need to control for the placebo effect, otherwise the noise of the results would drown the signal of the biological/chemical impact.
DexesTTP
·2 năm trước·discuss
Captura is a great piece of software - I've used it for years, and I still use the latest release today.

It is a complete, all-in-one tool - very straightforward UI, lots of formats supported (especially through ffmpeg integration) and very easy to use in terms of window or screen area selection for recording - and more importantly for my use-cases, it's portable (no install, no admin rights needed). Really a great example of what's possible in that space.

I didn't participate in the project, but I've checked out the PRs and issues list every now and then and it's been frustrating seeing the author struggle against the store republishing issues for literal years. The issue tracking that (#405[1]) is not a happy read for sure.

The fact that Captura's MIT licensing gave effectively a "license to steal" to people and that it's so easy to publish something and sell it on the Microsoft store didn't mesh well.

I've however been really disappointed by Microsoft's non-response through all of that republishing debacle. Republishing free software is a difficult topic to get right for edge-cases, sure, but the Captura case was obvious to rule on and Microsoft did nothing for years - it was clear that there was no process for this kind of scenario, and that the solution was to do nothing. It took the author taking down the project for them to react, and even then I'm convinced that's only because whoever handled that case assumed that the republisher was the one taking it down, not the project author.

[1] https://github.com/MathewSachin/Captura/issues/405
DexesTTP
·2 năm trước·discuss
I don't think it's likely. The real migration has been and will continue to be towards Discord servers and similar "smallish" live chat-based communities on centralized services.

The age of small self-hosted forums is unfortunately behind us, and I don't see them reviving any time soon.
DexesTTP
·2 năm trước·discuss
To simplify equations that create ratios between distance, time and energy. That's literally it. Using Planck units is a math trick to remove a bunch of constants from a bunch of equations.

The Planck length doesn't really have any known physical importance, at least no more than a meter does. There's some things that happens around a planck length (for example, the current theories predict that black holes need to be at least bigger than a planck length to exist, or alternatively the Planck length is the point where the quantum uncertainty completely overtakes any other classical theory) but particles can "move" distances less than a planck length (with lots of caveats, mainly because quantum uncertainty makes the notion of "moving" in the classical sense kinda weird and barely applicable, but still, they _can_).

A common belief is that the Planck length is kind of the "minimal distance" and start thinking that it's the "pixel of the universe" but there's no actual theoretical framework saying that. It's just a common misconception.
DexesTTP
·2 năm trước·discuss
There's a good chunk of the article about that. "Constant-tile" is a bit of a misnomer, "secret-independent resource consumption" is a better way to say it. If you just add a "sleep(rand)" or equivalent then you can still break the secret using statistics or sidechannel attacks.
DexesTTP
·2 năm trước·discuss
I don't think that's a healthy mindset to have.

Just because something is widely used doesn't mean it's more secure (example: libwebp). The security issues tend to happen mostly when creating optimizations that bypass the "obviously secure" way to do things, but rely on an internal state that gets broken by another optimization down the line. This is way less frequent in "smaller" projects, just because they didn't need to go through that round of optimizations yet.

For this question specifically, tho, I think Ladybird is extremely interesting in terms of creating a security-focuses C++ project. Between the constant fuzzing that each part of Ladybird already goes under (courtesy of the OSS-Fuzz initiative), the first-class citizenship of process separation for the different features of the browser, the modern C++ used in Ladybird (that prevents a lot of the issues cropping up in commonly used media decoding libraries), the overall focus on accuracy over performance in library implementations, and the compiler-level sanitatization utils (UBSAN, ASAN) that are enabled-by-default, I think it's less likely that an critical security-impacting bug would exists in Ladybird's .ico support than in Webkit's for example.