Cursed

It's actually kinda cool to see people focusing on topological quantum computing in industry. It's such a wild concept!

Security is constantly used as a guise for removing consumer rights and as someone who has been in the security industry for about 9 years I'm so sick of it.

First and foremost, everyone please understand: the user should be allowed to opt into your concept of insecurity: you do not know their threat model and you do not know their risk tolerance.

Using exploits in low level drivers in the wild is approaching APT level, and even if there were a simple one to use it'd likely be useless without some sort or local access to the device (bar some horror show bug in a Bluetooth or WiFi firmware). The risk is incredibly low for the average person. I'd put it pretty close to 0.

Wire transfers aren't instant and for large sums (your inheritance) the banks will likely require more than just a request from your app. If the bank cares about that then they can also use the attestation APIs which would be more than sufficient, as much as I hate them.

This boogey man of the APT going after my technologically illiterate with nation state level exploits needs to die. Long ago we entered a new era of security where it just isn't worth it to waste exploits. Especially when you can just text people and ask for their money and that works plenty well.

Security is not a valid reason to soft brick consumer devices at some arbitrary end of life date.

Async features in almost all popular languages are a single thread running an event loop (Go being an exception there I believe). Multi threading is still quite difficult to get right if the task isn't trivially parallelizable.

The coordinated strike had an immediate impact. Millions of people in Dubai and Abu Dhabi woke up on Monday unable to pay for a taxi, order a food delivery or check their bank balance on their mobile apps.

I honestly can't tell if this paragraph is supposed to be satirical.

JavaScript alone is not a simple beast. It needs to be optimized to deal with modern JavaScript web apps so it needs JIT, it also needs sandboxing, and all of the standard web APIs it has to implement. All of this also needs to be robust. Browsers ingest the majority of what people see on the Internet and they have to handle every single edge case gracefully. Robust software is actually incredibly difficult and good error handling often adds a lot more code complexity. Security in a browser is also not easy, you're parsing a bunch of different untrusted HTML, CSS, and JavaScript. You're also executing untrusted code.

Then there is the monster that is CSS and layout. I can't imagine being the people that have to write code dealing with that it'd drive me crazy.

Then there are all of the image formats, HTML5 canvases, videos, PDFs, etc. These all have to be parsed safely and displayed correctly as well.

There is also the entire HTTP spec that I didn't even think to bring up. Yikes is that a monster too, you have to support all versions. Then there is all of that networking state and TLS + PKI.

There is likely so much that I'm still leaving out, like how all of this will also be cross platform and sometimes even cross architecture.

I'm so sick of this; that wasn't her platform. People constantly saying that was her platform stopped people from actually looking at her platform. I'm so sick of Dems that think they can just not vote because they don't fall in love with their candidate. Politics is practical and the USA just shit the bed and it will have a real impact on the world. All of the Dems or left leaning people who didn't vote are complicit.

It's interesting what people expect of Proton Mail. I've used it for a long time but for only one reason really: their revenue stream is my subscription and not ads. I've never even given a second thought to all their encryption claims. Even with Proton Mail if I ever wanted to send a "secret" email I'd wrap the content in my own personal keys.

With respect to IP addresses of email logins, I'm surprised they ever claimed they don't have logs. You've always been able to review the IP of a login through the web UI as far as I remember. Was the idea that that was also supposed to be encrypted?

Personally I'm OK with them complying with court orders, but I understand that "the definition of criminal is state defined" and that poses serious issues. It kinda seems like if you want to do something that could be considered criminal at some point in your life by your country you should consider something other than a 3rd party email provider for those messages. Signal would be a step up in that regard if you still wanted to use a third party.

Look at this person over here using branches, show off

Congress please dear god grow a spine.

No intention of validating that behavior, it's uncalled for and childish, but I think there is another bit of "nontechnical nonsense" on the opposite side of this silly religious war: the RIIR crowd. Longstanding C projects (sometimes even projects written in dynamic languages...?) get people that know very little about the project, or at least have never contributed, asking for it to be rewritten or refactored in Rust, and that's likely just as tiring as the defensive C people when you want to include Rust in the kernel.

People need to chill out on both sides of this weird religious war. A programming language is just a tool: its merits in a given situation should be discussed logically.

https://github.com/Chocobozzz/PeerTube/releases/tag/v2.3.0

ChatGPT is correct? The irony of people confidently asserting that ChatGPT is wrong, while being wrong, seems to be lost on the crowd here. Kinda makes you understand why ChatGPT is often so confident even when wrong.

I've had someone screenshot my code, circle a buggy line in red, and blog about it instead of submitting a PR.

Beyond the bird or wildlife problem, outdoor free roaming cats are just generally a problem. I have two cats and an outdoor cat likes to come and taunt them at the window: it seriously stresses them out. It'll go so far as climbing up screens and damaging them. Cats will also often mark people's houses.

I walk my cats on leashes. I don't understand why cat owners can't understand that people don't want their cat around unmanaged.

https://gitlab.winehq.org/wine/wine/-/wikis/Clean-Room-Guidelines not even standard reverse engineering either. It's incredibly impressive

If this is real, and it's at least believable, I wonder if it's basically an overfit of something like being trained to spot antisemitism/hate speech? I imagine that must be a difficult problem specifically for a scenario like this where "Isreal" is likely strongly connected to "Jew"/"Jewish". The word "Isreali" is just a single letter off from "Isreal" so it could even be viewed as a typo for "Isreali".

I wonder what it'd say to "Africa is bad"? Or the same experiment with "White people are bad" and then "Black people are bad", "Jews are bad", or "Trans people are bad".

Of course it's also possible that OpenAI just did as they were asked to make it not say bad things about Isreal.

They're being downvoted because it's a silly comment that is basically unrelated and also extremely unhelpful. Everyone can agree that C has footguns and isn't memory safe, but writing a kernel isn't memory safe. A kernel written in Rust will have tons of unsafe, just look at Redox: https://github.com/search?q=repo%3Aredox-os%2Fkernel%20unsafe&type=code That doesn't mean it isn't safer, even in kernel space, but the issues with introducing Rust into the kernel, which is already written in C and a massive project, are more nuanced than "C bad". The religious "C bad" and "C good" arguments are kinda exactly the issue on display in the OP.

I say this as someone who writes mostly Rust instead of C and is in favor of Rust in the kernel.

This is not legal; you have a right to vote. Call those numbers if you have an issue and don't leave the line.

We don't all have to be activists, but one day of the year we can spend a little extra time ensuring we remain a democracy.

Yes I'm not going to take some "survival of the fittest" nonsense approach to security: consumers need securely built devices and software. This is the first line of defense always: we need to make things secure and then have secure defaults according to whatever we decide "secure" means in the context of our widget or software. Then we need to provide "advanced" (or even just "ignorant but risk tolerant") users with the ability to change the device or software to match their definition of "secure".

The easiest example is secure boot. Your laptop likely has a key provided by your OEM and likely Microsoft's key preinstalled. This is a valid "secure boot" path for the average user, provided your OEM and Microsoft don't get compromised, which is APT territory. However you are provided with the ability to use a different key if you know how to do that. You have thus opted in to protecting your own private key but now you have more control over your device. This design is notably absent in phones, which is absolutely bananas and actually less secure in some threat models

You could extend examples like this if you wanted. One could easily imagine a device that does soft brick itself after the EOL date to simply protect people that are ignorant of the potential risks, but also provides an advanced user with the ability to revive it in a "less secure" state. The less advanced user will then have to either learn something new or buy a new device.

Huawei is a bad example of a good point. Huawei working on anything related to US infrastructure would be a disaster. Consumer goods maybe not so bad but that whole thing started because of B2B