1. 1

    Earlier this week I received an alumni magazine in the mail from my university, and there was a great article in it about Chuck Peddle (he graduated back in ’59). https://www.umainealumni.com/magazine/he-changed-the-world/

    1. 3

      Collecting all those non-publicly-disclosed vulnerabilities up in one place does seem like a giant pile o’ booty. That’s a lot of breaches for the price of one…

      1. 2

        Since the article is a few years old, here’s the current level of browser support for SRI: https://caniuse.com/subresource-integrity

        1. 1

          3D ICs (“chip stacking”) are also promising for reducing memory power usage. Since the existing manufacturing processes for normal DRAM and logic are mostly not compatible (see Ryzen), making separate chips and stacking / interconnecting them is the approach some companies are taking.

          Maybe one day we will just have combined processor + RAM sockets on motherboards?

            1. 3

              Wow, this is really short!

              I’m not a go expert but wouldn’t storing all channels in a map prohibit them from being garbage-collected (as channels are strongly reachable) even when they have been used? (That is one can mount a DoS attack by enumerating a lot of URLs on this service).

              1. 1

                Why should they be garbage collected? If I create a queue with his service, I’d expect the queue not to be suddenly deleted.

                He could have some logic to delete unused queues after a while though, especially if his project becomes widely used (or abused).

                1. 2

                  Why should they be garbage collected?

                  You answered your own question in the next paragraph:

                  He could have some logic to delete unused queues after a while though, especially if his project becomes widely used (or abused).

                  As far as I can see the queues are never deleted so if I use a name it’s permanently bound so the memory consumption never decreases. The only way to prune unused channels is restarting the process.

                  At least that’s what I think, I’m no go programmer.

                  1. 3

                    Yes, I noticed that too (also not a go dev). I think that can be solved by just deleting the channel at the end of the handler. That also fixes PUT and DELETE requests filling up the map with channels that will never be handled.

                    1. 2

                      Good points!

              2. 2

                Since this isn’t distributed at all, I wonder how many concurrent pending requests this setup can handle. Both in regards to number of open connections, and less so in regards to memory usage on the server.

                1. 1

                  I guess http.ListenAndServe just fires off the passed in handler in a new goroutine for each connection. I could be wrong, haven’t written a single line of go before…

                  1. 2

                    you guessed correctly

                  2. 1

                    Benchmarking time! I imagine it’s a goroutine per thread in the handler, so RAM would be the upper limit… Throughput across a channel is almost definitely not the limiting factor, but I’d be curious to see the benchmarks, if we could generate them.

                1. 1

                  Parallel extension languages running on a shared runtime reminds me of Erlang / Elixir on the BEAM, or Java / Clojure on the JVM. That could be pretty interesting.

                  1. 11

                    Grin developer’s response: Factual inaccuracies of “Breaking Mimblewimble’s Privacy Model”, and reaction from Litecoin dev.

                    Does this mean all Grin transactions are de-anonymized? No… it depends on how it’s used. Similarly, even Bitcoin can be used in a near-anonymous fashion, it’s just harder for most users to do. By default, Grin gives more anonymity to more of its users than Bitcoin, while improving scalability, but having other tradeoffs.

                    1. 3

                      From reading about Grin, I can’t really find a reason why one would use it over Monero. Do you have any arguments for Grin vs Monero?

                      1. 2

                        I’m not sufficiently versed in the details of the tradeoffs to make a judgement one way or the other, especially since both cryptocurrencies change over time through network upgrades. It kinda depends on what you need it for. Monero seems better in terms of privacy, and Grin might scale better. I think they have different tradeoffs, and both are interesting in their own right, both paths worth exploring.

                        1. 2

                          One of the most interesting things about Grin is cut-through, which drastically reduces the size of the blockchain. BTC and XMR both can’t compete on that front, unless I missed some breakthrough in the past year or so.

                      1. 2

                        Shouldn’t the reaction to something like this be “don’t rely on cryptocurrencies for privacy” rather than “use Zcash/Monero instead of this one that’s even more broken than others”?

                        1. 7

                          …no, that’s not really a valid conclusion to draw from this kind of research

                          1. 4

                            Since one implementation had its anonymity downgraded a bit, all other implementations are inherently flawed? I think that is the wrong conclusion to draw here.

                            1. 2

                              Is there a concern with zcash not being private? It seems that the protocol is quite secure (in terms of privacy) when used correctly.

                              1. 2

                                Zk-SNARKS setup could’ve been compromised; the dev tax is also an issue, though not a privacy concern

                            1. 4

                              So, in the next update, make peers broadcast their other peers to each other, and try to avoid all connecting to the same ones. Then the dandelion distribution works again, right? That may create another privacy issue though… perhaps hash them in some way before sharing.

                              1. 2

                                This should be interesting… combining the low-level performance of Rust and the bomb-proof nature of the BEAM sounds great on the surface.

                                1. 7

                                  Ah, brings me back to the days of MySpace, <marquee/>, <blink/>, and tiny pixel art gifs…

                                  1. 3

                                    I’ve been looking for an alternative to Orgzly and this looks awesome, especially with the agenda view.

                                    1. 2

                                      What do you dislike about Orgzly’s agenda view? Did you open issues?

                                      1. 4

                                        You know, when I wrote that I think I was mostly just excited to see more mobile org mode utilities. I took a look at Orgzly’s agenda features again today and the queries are pretty powerful.

                                    1. 3

                                      Good bug. :) just sad that every xml parser comes with a dangerous by default API.

                                      I mean, it’s safe to assume that xml comes from the internet and is inherently not trustworthy or am I mistaken?

                                      1. 1

                                        Yes, I wouldn’t parse anything DTD-related with untrusted XML. That might be overkill but it mitigates a few attack vectors and I typically don’t need it anyway…

                                      1. 1

                                        Pretty solid. I was recently tasked with reverse engineering some binary file format and if the creator had used half of these hints I’d been a happier person :P

                                        1. 1

                                          I’m in a similar boat, where the file uses exactly none of these aside from values being consistently little-endian. Of course the article was written a decade or so after this format was designed though…

                                        1. 1

                                          In some game tournaments they will use CRTs for their better response time. Super Smash Bros comes to mind but I’m sure they did (do?) it for other fighting games.

                                          1. 6

                                            It’s interesting that podcasts as a medium have been able to somewhat eschew this shitty new paradigm. I wonder why that is.

                                            1. 4

                                              The article talks about this.

                                              Madrigal suggested that the newest successful media bundle is the podcast. Perhaps that’s why podcasts have surged in popularity and why you find such a refreshing mixture of breadth and depth in that form: Individual episodes don’t matter; what matters is getting subscribers. You can occasionally whiff, or do something weird, and still be successful.

                                              Imagine if podcasts were Twitterized in the sense that people cut up and reacted to individual segments, say a few minutes long. The content marketplace might shift away from the bundle—shows that you subscribe to—and toward individual fragments. The incentives would evolve toward producing fragments that get Likes. If that model came to dominate, such that the default was no longer to subscribe to any podcast in particular, it seems obvious that long-running shows devoted to niches would starve.

                                              1. 1

                                                Yes, I was referring to that bit in the article. To clarify, I meant that I wonder why podcasts have been able to mostly avoid being “Twitterized”.

                                                1. 3

                                                  Seems like technical limitations make it difficult to share segments in isolation; it’s difficult and awkward to share a URL to a specific point of time in a recording.

                                                  1. 2

                                                    Podcasts have a different target market. Tweets / IG posts / outrage clickbait are targeted at “interstitial moments” - breaks, waiting for the bus, standing in the checkout line. Podcasts appeal to captive audiences - commuters, exercisers, people with jobs where they’re stuck in one place but have to use their hands to manipulate machinery.

                                                    I think you’re painting podcast quality in too bright a light though. There’s some very good, well researched and produced content, but most of it is “talk radio” - engaging personalities who riff off each other, snark, and appealing to a shared ideal or prejudice.

                                                2. 2

                                                  Partly it could be is that RSS (what podcasts are made on) doesn’t have a standard for comments or likes.

                                                1. 3

                                                  End-Of-Life: 31 May 2029

                                                  1. 3

                                                    What ever happened to 10 year support!

                                                    1. 2

                                                      I’d guess that’s the EOL of RHEL 8. 9.5 year support will have to do I suppose…

                                                  1. 3

                                                    Most headsets aren’t really ready for interacting with small text for extended periods yet. The Rift S is usable for in-game interfaces, and the screen-door effect isn’t very noticable, but there’s always a “sweet spot” you need to find with headset adjustment to make text legible, and it’s not really as comfortable as just looking at a regular monitor.

                                                    Maybe the HP Reverb is approaching usable, but I haven’t tried it. I’m excited at the possibilities but still skeptical short-term.

                                                    1. 1

                                                      Yeah, something that makes me less sanguine than I was previously is a comment by Carmack in last year’s Oculus keynote where he says that previously phones were driving small displays to be better and better, but now they’ve reached a point where quality improvements go unnoticed by consumers, so “VR companies will have to foot the bill” for higher PPI screens.

                                                    1. 2

                                                      Good idea to get people to break it. I heard about Sneklang a little while ago and thought it sounded quite useful.

                                                      Are there any APIs to execute Sneklang from other languages yet? Like if I have a C# program that allows users to enter input in Sneklang, then executes it and uses the results within the program.

                                                      1. 1

                                                        I think I’ll make a CLI for it at some point, maybe let it read to stdin and print to stdout…

                                                      1. 6

                                                        I use an 8 year old Thinkpad X220 every day and the only upgrades are a solid state drive, linux and some extra RAM (which I need because some of my datasets are obnoxiously large and I keep too many tabs open).

                                                        It would be real nice to have a better screen, though.

                                                        1. 4

                                                          If you are comfortable with soldering, I highly recommend this mod to add support for a 1080p display. I did this mod about 9 months ago to my X230 and I’m so glad I did.

                                                          1. 1

                                                            I’ve let my X220 get so bashed up that I should probably buy a new one to do the mod in.

                                                            I suppose I could put the mod in this and then take it out again later if this laptop ever dies, but I’m kinda bad at soldering, so I’m not sure that’s likely ;)

                                                            1. 2

                                                              The last time I looked (~1 year ago) there were still a surprising number of X220 and X230 laptops for sale on ebay some as cheap as $100. I picked up an X230 to use for spare parts.

                                                              The mod was a little tricky to solder, especially getting the solder to sink down the through-holes to hit the pins sticking out of the motherboard. I ended up re-applying solder 3 times to finally get good connections there. The previous attempts seemed to work but then the display would cut out after using it for a few hours, or moving it, etc. Other than that, it has been solid ever since (I run Linux on it, not windows, so I cannot speak to the windows experience..)

                                                              1. 2

                                                                As if I use Windows ;)

                                                                Know about the ebay sales. Thanks for the insight on the soldering experience, though. Might come in handy.

                                                                1. 2

                                                                  Heh, I didn’t check your profile before replying. Sorry for insinuating you might use windows :P

                                                            2. 1

                                                              Thank you for posting this. A while back I had only seen the mod for the X220 and there was uncertainty about whether something similar would emerge for the X230. Finally I might be free of the only part of this laptop that I don’t care for…

                                                            3. 3

                                                              Thinkpad w530 here, great machine. Similar, SSD, add ram, linux. The Thinkpad driver for linux situation has alway been great.

                                                              1. 2

                                                                Adding an SSD makes a lot of sense, since the bottleneck for performance is rarely the CPU & usually the disk.

                                                              2. 3

                                                                Pretty much the same. 6 year old X230, no SSD, Linux, and extra RAM. The only thing I miss is a better screen. And I frequently use a much less powerful laptop than this one when I want to save some weight (an ASUS eeePC 1015).

                                                                1. 2

                                                                  My T420 has been great so far. They’re about $230-250 on eBay. Supports most OS’s.