- purplehat_That's really funny. Yes, in case it wasn't clear for others reading this and thinking about installing these, it's almost certain that uBlock Origin and Brave browser will not cause you any problems and if you're using stock Chrome I really encourage you improve your situation dramatically for ~5 minutes worth of effort.
- I often see things like this and get a little bit of FOMO because I'd love to see what I can get out of this but I'm just not willing to upload all these private documents of mine to other people's computers where they're likely to be stored for training or advertising purposes.
How are you guys dealing with this risk? I'm sure on this site nobody is naive to the potential harms of tech, but if you're able to articulate how you've figured out that the risk is worth the benefits to you I'd love to hear it. I don't think I'm being to cynical to wait for either local LLMs to get good or for me to be able to afford expensive GPUs for current local LLMs, but maybe I should be time-discounting a bit harder?
I'm happy to elaborate on why I find it dangerous, too, if this is too vague. Just really would like to have a more nuanced opinion here.
- I've tried a few times to convince people in my life who would self describe as "bad with computers" to download an adblocker, but they usually find the friction too high. Adding extensions is unfamiliar for most, and even if it seems very basic for us, the non-tech people I know don't really want to deal with the risk of unknown unknowns from that, let alone switching to a healthier browser. (Perhaps reasonable since it feels like these days half the extensions on the Chrome Web Store are spyware or adware behind the scenes.)
I also suspect that those who lived through the days of frequent Windows errors and Chrome running out of memory all the time often expect software to fail in weird and unexpected ways, and a lot of people adopt a "don't fix it if it isn't broken" mindset.
Still, uBlock Lite and Brave browser are definitely easy wins and I'm glad to see more random people in my life using them than I would have expected. :)
- Thanks for sharing this!!
I like using silly fonts, e.g. Comic Sans Mono has been my daily driver for the past year or so, and it's really fun to see the Minecraft fonts and old DOS and VT323 fonts. If anyone's into retro computing, it's worth checking those out, particularly the website link for the IBM VGA 9x16, which has loads and loads more old fonts.
I think I'll try using Monocraft in the shell for a while and see if it works well for me, though I might stick to Comic Sans for actual coding :)
- Hey - I wonder if you might be able to elaborate on this? I'm on gnome and have had by and large a pleasant experience, and now I'm curious what I might be missing out on. What made it feel like a horrible OOBE for you?
- Not exactly what you're asking, but multiple CVEs have been found in Intel's Management Engine (ME) which have been used in spyware.
It might not be an intentional backdoor, but it very much seems designed with out-of-band access in mind, with the AMT remote management features and the fact that the network controller has DMA (this enables packet interception).
- Bit of an aside, but I'm wondering in what city this was in.
I'm going to be job hunting soon and I was planning to prioritize the Bay Area because that's the only place I've encountered a decent density of people like this, but maybe I'm setting my sights too short.
- If people want to read all six, here they are! https://mickens.seas.harvard.edu/wisdom-james-mickens
My favorite is The Night Watch.
- I’ve been afraid to switch from GNOME to KDE because of what I’ve heard about instability on Wayland as well as Qt being more unstable than GTK. Are these concerns overstated? Should I bite the bullet and switch? I’m on Debian but considering switching to Fedora.
- Could someone explain just what's so bad about this?
My best guess is that it adds complexity and makes code harder to read in a goto-style way where you can't reason locally about local things, but it feels like the author has a much more negative view ("crimes", "god no", "dark beating heart", the elmo gif).
- Interesting, where I’m from in southern california, “try and” doesn’t entail completion. (The article only mentions this for “go and”, which here does indeed entail expected completion.)
- Cool article! L4 stuff is always fun to read about :)
Since TCP-in-UDP seems to be involve implementing end-to-end features over UDP, I feel like a comparison to multipath QUIC might be helpful so that we can understand it better.
My impression from reading about HTTP/3 is that QUIC is just kind of better than TCP in performing a lot of end-to-end functions, like recovery, encryption, error correction, duplicate suppression, congestion control, and delivery acknowledgement, and of course multiplexing the connection. (The advantage of TCP seems like its simpler and more mature, but it's honestly not clear to me where TCP wins and I'd be interested in hearing about the situations in which TCP is better than QUIC.)
So if we're addressing middleboxes screwing with MPTCP by tunneling TCP over UDP, isn't this very similar to what multipath QUIC does? The article seems to argue this is a simpler, lower-overhead solution than VPN tunnels, which I agree, that would seem like the wrong tool for the job, but I can't really tell which of multipath QUIC and MPTCP-over-UDP is simpler; they seem really similar to me and I'd appreciate help differentiating them.
When would one prefer MPTCP-over-UDP over multipath QUIC, and vice versa? How do the two differ in functionality, stability, and ease-of-use?
- Here's an equivalent little script for Debian Linux (but should work on most distros), based on classhasclass's comment:
You should replace `wlan0` with whatever you see in `ip link show` for your wireless interface, for me it is `wlp0s20f3`. I replaced the `openssl rand` command because it was generating some invalid MACs; this is hopefully only valid ones.NEW_MAC=$(printf '02:%02x:%02x:%02x:%02x:%02x\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))) sudo ip link set wlan0 down sudo ip link set wlan0 address "$NEW_MAC" sudo ip link set wlan0 up - Remarkably, there isn’t a way to solve most integrals symbolically. We say that the set of “elementary functions”, i.e. ordinary looking symbolic functions, is not closed under integration. Even if you try to add special functions in you cannot feasibly make it closed under integration. I’ll try to write something more detailed later but in the meantime you should look up Liouville’s theorem and non-elementary antiderivatives.
- This is a great writeup, thanks for posting it. The post mentions Early Bird APC is a fairly recent development, around 2018, but process injection has been around for a long time. Is there any theoretical work being done towards locking down processes against injection in more robust ways than simply making sure there is no temporal chance to inject a malicious code? I’m thinking something along the lines of CFI, but for processes instead of subroutines, would be useful if it could be made to work.