-
liberza
1 month ago
|
link
| on:
Antergos: The first Linux distribution with ZFS support during installation [2016]
Antergos is nice for getting exposure to the Arch ecosystem. I used it for a while but ultimately got the itch to do a regular Arch install and haven’t looked back.
-
itistoday
2 months ago
|
link
| on:
Tips for surviving the Windows desktop if you hack UNIX all day?
For a variety of reasons, mostly around security
Could you elaborate on their rationale?
-
Well, I am not my company’s infosec department, but I think it comes down to not wanting me to connect with our corporate network using a machine they don’t 100% control.
Honestly I don’t blame them. I can connect with my corporate laptop just fine, but that’s a 13” and I’m partially blind. If I want to use my own machine with its glorious 27” screen, I can use an AWS Workspace to connect to our corporate network.
-
-
-
Another excellent Elixir article! Your Bitcoin network client posts have been very helpful to me in using Elixir practically as well.
-
-
pcaisse
4 months ago
|
link
| on:
What programming languages have been designed to reduce naming things?
Not a language, but a language feature: in Elixir, there’s a capture operator
&that will wrap functions in an anonymous function and also can be used to refer to the nth argument of a function. For example:add_one = fn x -> x + 1 endis replaced by
add_one = &(&1 + 1)This helps avoid naming arguments unnecessarily.
-
-
-
There’s also the pipe operator |> which passes the result of the expression on the left side as the first argument of the function on the right.
-
Scala also has
_, which in_ + 1is an alias forx => x + 1, or in the case off(_), is an alias forx => f(x). Oleg Kiselyov has an interesting take on it. -
-
-
slow clap
-
Working on an acoustic impact detector for industrial environments. Analyzes multiple mics at a time, and can configure particular audio signatures to violate on, based on various audio features.
-
Buzzfeed? Is this truly the path we want to follow?
-
-
Buzzfeed has some good writers with some well thought out pieces. It’s not all the stereotyped stuff.
They did an excellent recollection of the AUMF enactment after 9/11 that’s very much worth the read. “60 words and a war without end”.
-
What BuzzFeed does nowadays is that the clickbait “what Disney character are you” chaff revenue from ads and such funds serious ventures in journalism. It’s a good idea for a business model; keep the clickbait because it makes money, just keep it away from the actual content.
-
-
At one time you could
onlyread Fahrenheit 451 in Playboy. Look beyond the publisher.https://en.wikipedia.org/wiki/Fahrenheit_451#Publication_history
Edit: Got my facts slightly twisted and I’ve updated this comment for correctness, see https://lobste.rs/s/o5lldd/real_danger_civilization_isn_t_ai_it_s#c_fjiau2
-
Buzzfeed is no Playboy.
-
-
-
https://en.wikipedia.org/wiki/Fahrenheit_451#Publication_history
https://www.youtube.com/watch?v=oVzc67YuRQE
I did get my facts (slightly) twisted, but regardless: Playboy published Fahrenheit 451 shortly after it was available in book form which ultimately supports my original argument: Don’t judge content by its publisher.
-
-
-
“Judge the content, not the source.”
The opposite of ad hominem makes a good default. We might make exceptions for sources prone to bullshit or low-value material just to save time. Even so, we must keep in mind that rule for convenience might filter out something they publish that’s more interesting. Like this.
-
-
Ironic that none of the table examples render properly on my phone…
-
What phone/browser?
This does seem fairly cutting-edge since I cannot even find
font-variant-numericin caniuse search - there’s some discussion about it on github.It’s disappointing to have found this and thought “Cool! This will be useful!” and then discovering it’s poorly-supported.
-
-
-
Week two of time off in-between jobs. Last week:
- Open source maintenance on crochet, my make-Twisted-usable-everywhere library, and eliot, my causal logging library.
- Finished my book, “The Programmer’s Guide to a Sane Workweek”.
- Blogging.
This week:
- Figure out how to sell an ebook without having to worry about sales tax or VAT MOSS.
- Queue up Software Clown emails.
- Maybe something not involving computers? I have a cider-making kit that I haven’t gotten around to using yet.
-
Paper pdf: http://dnasec.cs.washington.edu/dnasec.pdf
Relevant part of their summary:
To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program that is similar to what we found in our earlier security analysis. We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.
The relevant part of the paper is:
The FASTQ compression utility, fqzcomp, is designed to compress DNA sequences. For experimental purposes, we inserted a vulnerability into this utility. To do so, we first copied fqzcomp from https://sourceforge. net/projects/fqzcomp/ and inserted a vulnerability into version 4.6 of its source code; a function that processes and compresses DNA reads individually, using a fixed-size buffer to store the compressed data. This modification lets us perform a buffer overflow with a longer than expected DNA read in order to hijack control flow. While the use of such a fixed-size buffer is an obvious vulnerability, we note that fqzcomp already contains over two dozen static buffers. Our modifications added 54 lines of C++ code and deleted 127 lines from fqzcomp.
Frankly speaking, this is academic click bait.
The technology of DNA editing is spectacular and holds a lot of promise, but we shouldn’t be handing out cookies just because people use them. In the infosec world is it news that I can add a vulnerability to a program?
This is a strategic juxtaposition of two hot topics (DNA editing and computer security) tortuously contrived to get a headline.
Frankly speaking the excel gene name scandal is a more worthy topic to be informed about.
-
Thanks for this. May help it cool some heads at my lab.
-
-
-
So… an FPGA?
-
It’s more about how you do the hardware design than what it’s done on. Traditionally, people have to do a custom, HW design to solve a problem. That takes a lot of time and is very different from software apps. Then, people started accelerating specific functions on FPGA’s with regular stuff done in software. Then, to help avoid HW expertise on those the high-level synthesis tools were born that try to generate an entire piece of hardware from high-level code. The lack of flexibility or efficiencies of that led people to look for new compromises.
One was NISC. They start with some hardware blocks that perform useful functions that might also be connected to CPU’s. We’re actually seeing that in SoC’s today. The CPU’s usually have a fixed set of instructions that use the blocks in a specific way. The accelerators often similarly have fixed API if they don’t synthesize on demand to FPGA’s. So, NISC takes it further by eliminating those fixed functions, analyzing your algorithm to see its control/data needs, and generating hopefully-optimal control and data paths for it leveraging the blocks it has. You can also selectively do custom blocks if synthesis isn’t good enough on something. Your necessary HW expertise or labor is lowered in many cases since the synthesis might be enough of a boost. The result can go on a FPGA, S-ASIC, ASIC, whatever.
That’s at least what I got out of reading the original site before it disappeared.
-
Thanks for the response. I designed a MIPS processor (RISC) in Verilog last year, I’d never heard of NISC until now though. The part I’m stuck on is how one would write a program to run on a NISC-y processor. Does it truly have no instructions? How else would I tell it “add these two values together”? Maybe I’m being too literal here…
-
Instructions are just operations on controland data paths of the hardware. This is like a HLS tool for programming code that produces custom control/data for your algorithm. It customizes the instructions and their implementation to you algorithm’s requirements.
For something similar, look up Tensilica’s Extensa CPU’s. They make custom CPU’s plus toolchains to go with them.
-
-
-
-
liberza
edited
1 year ago
|
link
| on:
Raspberry Pi owners: Update your Pi to protect against this Linux trojan
The relatively low-power processor available on the Raspberry Pi, even in the highest specced Pi 3 Model B, makes it a poor machine for mining cryptocurrency according to those who’ve tried it, especially when compared to the effectiveness of using GPUs or ASICs (Application-Specific Integrated Circuits) tailored to the task.
The script mines Monero, not Bitcoin. No ASIC miners actually exist for Monero, and it can still be profitable to mine using only a CPU. Granted, the Pi 3 may not be very efficient at mining, but when you’re getting free electricity by pwning peoples Pi’s that probably doesn’t matter much.
-
liberza
edited
1 year ago
|
link
| on:
How to lose $8k worth of bitcoin in 15 minutes with Verizon and Coinbase.com
The author admits it, but it’s worth reiterating that if you don’t have the private key to the address with the BTC, you don’t actually own the BTC. At minimum, exchanges should implement multisig with the user holding part of the key.
-
An interesting read. I did notice that the modern ransomware screenshot’s caption is incorrect. They were demanding MoneyPak codes, not Bitcoin.
-
So… where do they get their humans?
-
If it were anyone else but Richard Stallman, the appearance of that website would not look favourably on its credibility. All it would need is a little bit of CSS work, and it could look decently professional.
Now beyond that, a lot of the content is basically an aggregation of sources that is probably a good one stop shop for those that want to find evidence of less than kosher things they do.
-
Neither of those things diminishes the immorality of Facebook’s practices.
-
It’s actually decent CSS, with media queries for small resolutions and everything. Just very minimalist.
-
-
TIL: apparently, OS X must be the only UNIX that supports hard links to directories…
How does it even work? I recall I even had an interview question at one point of why hard links are not possible with directories in UNIX.
-
This answer on StackExchange has some useful info in regard to that question: What is the Unix command to create a hardlink to a directory in OS X?
-
-
Where would the
..entry point?If you say “it should point to the original parent”, well, what happens when you remove the hard-linked directory from that parent? Normally, unlinking something is just decrementing the reference count; it doesn’t involve modifying the content. Even if you do modify the content, if you’ve hardlinked the directory into mulitple locations, which one becomes the new parent?
Also, how would you go about unlinking a directory?
unlink()is supposed to set EPERM if you call it on a directory… perhaps it should work as long as the refcount is > 1, so whether it works depends on other things happening elsewhere in the filesystem? Alternatively, you might leaveunlink()alone and modifyrmdir()… butrmdir()normally requires its target to be empty, and if you remove the contents of a hard-linked directory before unlinking it, well, now you’ve deleted data from two locations instead of just one. -
-
-
-
thoughtbot is hiring. We are a software consultancy, still small in the grand scheme of things (~90 folks) with offices in Boston, New York, London, San Francisco, Austin, and Raleigh. Lots of web based projects in Rails, Elm, React, etc. You can view our jobs here or reach out to me directly: edward (a) thoughtbot.com
I know that Thoughtbot is typically not open to remote workers - I live in Portland, ME, which is about 2 hours from Boston. I could come in to the office a couple of days per week if I could work remotely the remaining days. Do you know if the culture at Thoughtbot would support that sort of setup?
I realize you probably can’t speak for the entire company. :)
Hey @mosburger 🙂 I believe we’re not looking for remote workers at the moment, sorry. But if you are willing to make the commute I’d absolutely encourage you to apply. Sorry we can’t be more flexible.
Greetings from the 207!
I’ll vouch for Thoughtbot’s incredible friendliness. Everyone I’ve ever met from there has been a Gem.
I used to bump into a group of them in SF at a bar nearby there office after a training and I think they always said hi. Pleasant folks and they really care about software.