1. verandaguy Jan 1, 2026 parent

   It also does so in a medium where the main drag force is induced by air rather than water, which is probably a comparably significant factor
2. verandaguy Dec 10, 2025 parent

   The classic solution to this is to have an internal ID (UUIDv7 if you want to use UUID, nice for indexing in newer databases) and an external ID (UUIDv4 or similar) which doesn't leak information to the outside world (but which otherwise doesn't offer any benefits at the storage level).
3. verandaguy Dec 9, 2025 parent

   Funny enough my impression of JS (the kind you'd write in 2007 more than the type you see now, mind you) is that it's remarkably tolerant; many idioms and operations which would cause, in other languages, runtime errors or compile errors, would just get steamrolled over in JS because of just how much built-in flexibility the uber-weak type system (plus liberal use of the prototype pattern in the stdlib) allows for.

   - Wanna subtract a string from a number? That's not a type error, that's a `NaN` -- which is just a perfectly-valid IEEE 754 float, after all, and we all float down here.

     - Hell -- arithmetic between arbitrary data types? Chances are you get `[object Object]` (either as a string literal or an *actual* object), which you can still operate on.
   

   - Accessing an object field but you typoed the field name? No worries, that's just `undefined`, and you can always operate on `undefined` values.

   Frankly, while I haven't had a frontend focus in about 15 years, I struggle to think of any situation where calling a stdlib function or standard language feature would result in an actual exception rather than just an off behaviour that'll accumulate over time the more of them you stack on eachother. I guess calling an undefined variable is a ReferenceError, but beyond that...

   (This comment shouldn't be taken as an endorsement of this school of language design)

4. verandaguy Nov 8, 2025 parent

   I've had to learn about TPMs to figure out if they're the right technology with which to integrate a product I've worked on. I don't agree that they're a "neo-clipper-chip" in any real way based on my exposure to them.

   While I'm not a cryptographer... I never really understood the appeal of these things outside of one very well-defined threat model: namely, they're excellent if you're specifically trying to prevent someone from physically taking your hard drive, and only your hard drive, and walking out of a data centre, office, or home with it.

   It also provides measured boot, and I won't downplay it, it's useful in many situations to have boot-time integrity attestation.

   The technology's interesting, but as best as I can tell, it's limited through the problem of establishing a useful root-of-trust/root-of-crypt. In general:

   - If you have resident code on a machine with a TPM, you can access TPM secrets with very few protections. This is typically the case for FDE keys assuming you've set your machine up for unattended boot-time disk decryption.

   - You can protect the sealed data exported from a TPM, typically using a password (plus the PCR banks of a specific TPM), though the way that password is transmitted to the TPM is susceptible to bus sniffing for TPM variants which live outside the CPU. There's also the issue of securing that password, now, though. If you're in enterprise, maybe you have an HSM available to help you with that, in which case the root-of-crypt scheme you have is much more reasonable.

   - The TPM does provide some niceties like a hardware RNG. I can't speak to the quality of the randomness, but as I understand it, it must pass NIST's benchmarks to be compliant with the ISO TPM spec.

   What I really don't get is why this is useful for the average consumer. It doesn't meaningfully provide FDE in particular in a world where the TPM and storage may be soldered onto the same board (and thus impractical to steal as a standalone unit rather than with the TPM alongside it).

   I certainly don't understand what meaningful protections it can provide to game anti-cheats (which I bring up since apparently Battlefield 6 requires a TPM regardless of the underlying Windows version). That's just silly.

   Ultimately, I might be misunderstanding something about the TPM at a fundamental level. I'm not a layperson when it comes to computer security, but I'm certainly not a specialist when it comes to designing or working with TPMs, so maybe there's some glaring a-ha thing I've missed, but my takeaway is that it's a fine piece of hardware that does its job well, but its job seems too niche to be useful in many cases; its API isn't very clear (suffering, if anything, from over-documentation and over-specification), and it's less a silver bullet and more a footgun.

5. verandaguy Nov 8, 2025 parent

   While the economy's definitely in a shitty spot (and IMO heading towards shittier), I wouldn't necessarily take this specific line as a sign of the times. The author does outline reasons why demand for compiler engineers (and junior ones in particular) is likely low in her post.

   Compiler development is (for better or worse) a niche that favours people who've got real-world experience doing this. The traditional ways to get in have either been through high-quality, high-profile open-source contribs, or because your existing non-compiler-dev job let you inch closer to compiler development up until the point you could make the jump.

   As the author noted, a lot of modern-day compiler work involves late-life maintenance of huge, nigh-enterprise-type code bases with thousands of files, millions of LOC, and no one person who has a full, detailed view of the entire project. This just isn't experience you get right out of school, or even a year or two on.

   Honestly, I'd say that as a 2023 grad with no mentors in the compiler dev space, she's incredibly lucky to have gotten this job at all (and to be clear, I hope she makes the most of it, compiler dev can be a lot of fun).

6. verandaguy Oct 10, 2025 parent

   Well done
7. verandaguy Oct 2, 2025 parent

   I dunno, SPQR is fairly obvious for anyone who covered Rome in elementary or middle school history.

   Beyond that, if you’re from the part of the world where asterix comics were popular (mostly thr francosphere, but also europe more broadly), it really stands out.

   That’s all to say nothing of people who’ve got formal higher education in history or even the classics.

8. verandaguy Sep 27, 2025 parent

   It’s a running joke in the field to have exotic pluralizations. Mutex->mutices is one, box->boxen (by analogy to oxen) is also pretty common.

   We need more casual light-heartedness in this line of work considering how much casual bullshit there is.

9. verandaguy Sep 24, 2025 parent

   I don't want to be one of those unbearable apologists in forum threads... but BG3's legitimately my favourite game, and IMO Larian have been excellent stewards, so I'll go up to bat for them here; have you played the newer patches?

   For the first few months, act 3 (in the city) was legitimately hard to play. Performance, stability, visual glitches, all pervasive. But later patches did do a better job of improving those points.

   Act 3's still the most intensive part of the game by far so on many setups it's still wise to at least crank down the crowd density, but it's come a long way since the launch version of the game.

10. verandaguy Sep 22, 2025 parent

    Frankly, at this point, I’m here for an AI feedback loop leading into model collapse.

    Let it burn.

11. verandaguy Sep 17, 2025 parent

    Two counterpoints to this.

    - A good designer will be able to produce a page whose looks are appropriately engaging, complementary to the content, unique, and easy on the eyes. For every abrasive CSS (or lack thereof) justfuckingusehtml.com, there's a masterpiece like acko.net, many of which just aren't in the mainstream.

    - If everything ends up looking the same wouldn't that get... boring? I get the desire to avoid obnoxious design choices, but those obnoxious design choices are part of the web, and they should be embraced as part of the decision-making process about if and how you want to keep reading a site. A bit of friction is, IMO, a good thing when browsing the web. It's the minimum level of keeping the web an interactive medium rather than just a content pipe.

    That said, you do you. You're well within your rights to browse the web how you want, up to and including using automation to re-style sites with extreme prejudice.

12. verandaguy Aug 29, 2025 parent

    Nit: you likely mean steganography, stenography is what court reporters do :)

    I encourage you and anyone else here to read into the GFW if you're interested. It's more like the Great Firewalls -- there's regional fragmentation with different vendors, operators, implementations and rules between different parts of the country.

    Predictably this means there's no one-size-fits-all solution to circumventing censorship on the Chinese internet, and research into this area's difficult since China has both the technical means to identify violations very efficiently as well as the bureaucratic infrastructure to carry out enforcement actions against a considerable portion of those people who violate the GFW rules (with enforcement action being anything from a "cooldown period" on your internet connection where you can't make any connections for some amount of time between minutes and days, fines, or imprisonment depending on the type of content you were trying to access).

    So, the ethics of digging into this get very muddy, very fast.

13. verandaguy Aug 29, 2025 parent

    Hi, posting from my main account (I'm also the poster of the GP comment).

    "Nothing special" in this case was meant to describe the fact that it's random data with no identifiable patterns inherent to the data; you're absolutely right that that's what obfs4 does. I understand the confusion though, this phrasing could be better.

        > your government can decide to block unknown protocols
    

    This does happen, though when I worked in the industry it wasn't common. Blocking of specific protocols was much more of an obstacle.

        > you should trick DPI into thinking it sees HTTPS. Unless your government decides to block HTTPS
    

    HTTPS blocking (typically based on either the presence of a specific SNI field value, or based on the use of the ESNI/ECH TLS extension) was prolific. I won't comment on whether this was effective or not in impeding efforts to get people in these places connected.

    I will say though, Operator's Replicant does something similar to what you're describing in that it can mimic unrelated protocols. It's a clever approach, unfortunately it was a bit immature when I was working in that area so the team didn't adopt it while I was around.

14. verandaguy Aug 28, 2025 parent

    Don't worry, the hard lessons are already being set up as we speak!
15. verandaguy Aug 20, 2025 parent

    I've heard of it by name, but not much beyond that.
16. verandaguy Aug 20, 2025 parent

    I'm very sceptical of using shadow prompts (or prompts of any kind) as an actual security/compliance control or enforcement mechanism. These things should be done using a deterministic system.
17. verandaguy Aug 16, 2025 parent

    I'm not a KDE user, but reading the article, it looks like theme-specific colourful icons for third-party apps will just be falling back to whatever icons originally shipped with the app.

    You'll still have colourful icons, and hopefully, in most cases, they'll still be easily recognizable.

18. verandaguy Aug 13, 2025 parent

    Yeah, if anything the governance model is questionable.

    The browser itself is technically competitive with anything else out there.

19. verandaguy Aug 9, 2025 parent

    There's two main reasons for this:

    - First and most impactful: as the earth curves down and away from the observer's horizon, your line of sight goes through a thicker slice of the atmosphere.

    Looking straight up you might have 100km of atmosphere until space (the distance is made up here, but I'm using the Kármán line as an arbitrary ruler), but looking out towards the horizon (assuming a perfectly spherical Earth), it's much, much more than that 100km, so the light will scatter off of (and/or be filtered by, depending on angle and time of day) more particles in the atmosphere, affecting the colour of the sky.

    - The compounding factor here is if there are environmental factors that boost the particle count in the air, and especially particles that'd stay in lower layers of the atmosphere. Where I am, we've been dealing with wildfire smoke of varying strengths for a few weeks. Today's gentle enough, but it's bad enough that my gradient goes from rgb(115, 160, 207) at the top of the sky to rgb(227, 230, 227) at the horizon (which is shockingly accurate).

20. verandaguy Aug 1, 2025 parent

    My criticism was mainly of the original article for failing to link to a primary source beyond hotlinking some dmgs.

    I appreciate you linking these, though, as well as the extra context.

21. verandaguy Aug 1, 2025 parent

    My issue with this comment is my issue with the original article -- what's the actual source for this information?

    As far as I can tell, this article has no actual link back to any Unifi press release, git repo, or other project page about this, the closest the author does is link the downloads from Ubiquiti's site (as in, literally, links to the files, and nothing else).

    This is janky, yes, and I'm not gonna shill for Ubiquiti, but for lack of a legitimate source, I don't think this is a fair representation of the actual install steps.

22. verandaguy Jul 23, 2025 parent

    How do you recover colour from a mono astro camera? Just run it for 3 exposures behind a gel of each of the R/G/B colours, then comp?
23. verandaguy Jul 23, 2025 parent

    It's not about copyright _maximalism,_ it's about having _literally any regard for copyright_ and enforcing the law in a proportionate way regardless of who's breaking the laws.

    Everyone I know has stories about their ISP sending nastygrams threatening legal action over torrenting, but now that corporations (whose US legal personhood appears to matter only when it benefits them) are doing it as part of the development of a commercial product that they expect to charge people for, that's fine?

    And in any case, my argument had nothing to do with copyright (though I do hate the hypocrisy of the situation), and whether or not it's "nothing to worry about" in the long run, it seems like it'll cause a lot of harm before the benefits are felt in society at large. Whatever purported benefits actually come of this, we'll have to deal with:

    - Even more mass layoffs that use LLMs as justification (not just in software, either). These are people's livelihoods; we're coming off of several nearly-consecutive "once-in-a-generation" financial crises, a growing affordability crisis in much of the developed world, and stagnating wages. Many people will be hit very hard by layoffs.

    - A seniority crisis as companies increasingly try to replace entry-level jobs with LLMs, meaning that people in a crucial learning stage of their jobs will have to either replace much of the learning curve for their domain with the learning curve of using LLMs (which is dubiously a good thing), or face unemployment, and leaving industries to deal with the aging-out of their talent pools

    - We've already been heading towards something of an information apocalypse, but now it seems more real than ever, and the industry's response seems to broadly be "let's make the lying machines lie even more convincingly"

    - The financial viability of these products seems... questionable right now, at best, and given that the people running the show are opening up data centres in some of the most expensive energy markets around (and in the US's case, one that uniquely disincentivizes the development of affordable clean energy), I'm not sure that anyone's really interested in a path to financial sustainability for this tech

    - The environmental impact of these projects is getting to be significant. It's not as bad as Bitcoin mining yet, AFAIK, but if we keep on, it'll get there.

    - Recent reports show that the LLM industry is starting to take up a significant slice of the US economy, and that's never a good sign for an industry that seems to be backed by so much speculation rather than real-world profitability. This is how market crashes happen.

24. verandaguy Jul 23, 2025 parent

        > astrophotographers do not use cameras with UV-IR cut filters at all
    

    I'll be pedantic here and say that the author's probably talking to people who use DSLRs with adapter rings for telescopes. I've been interested in doing this for a while (just unable to financially justify it), and I think this is actually something people in this niche do.

    Then there are things like the Nikon D810A, which remove the UV-IR filter from the factory (but IIRC retain the Bayer filter).

25. verandaguy Jul 22, 2025 parent

    Except that the jury’s (at best) still out on whether the influence of LLMs and similarly tech on knowledge workers is actually a net good, since it might stunt our ability to critically think and problem solve while confidently spewing hallucinations at random while model alignment is unregulated, haphazard, and (again at best) more of an art than a science.
26. verandaguy Jul 16, 2025 parent

        > by masochists
    

    Hey! The masochism pays dividends. I can't do anything with duck typing that I can't also do with `dyn Trait` abuse :)
27. verandaguy Jul 10, 2025 parent

    Quanta is a pretty popular, popular science outlet. It tends to be closer to the theory than (capital P, S) Popular Science magazine, but ultimately much of what they publish is digested to a degree for lay consumption.

    They had an article just the other day about a more optimal sphere packing that was up my alley as a technical (programmer) person with a casual interest in broader pure math.

    They do sensationalize a bit as a side effect of their process though, no argument there.

28. verandaguy Jul 7, 2025 parent

    This is coming on the heels of David Suzuki stating in an interview that he no longer believes we can beat the momentum of climate change (adding that the best we can do right now is likely just hunker down), all while politicians in the US blame floods on anthropogenic climate change in the stupidest way possible -- by trying to pass legislation to ban chemtrails and weather control machines.

    All three of these things, in the span of just a few days.

    This is a grim, but just as importantly deeply stupid time to be paying attention to the climate. I'm having a hard time finding an optimistic angle about all of this right now.

29. verandaguy Jun 29, 2025 parent

    "Sit tight and assess" as used above is probably a reference to the movie "Don't Look Up" from a few years ago, which (heavy-handedly) parodied administrations like Trump I (and which unortunately seem much less like parody in the Trump II era).
30. verandaguy Jun 12, 2025 parent

    This seems like a laughably scant CVE, even for a cloud-based product. No steps to reproduce outside of this writeup by the original researcher team (which should IMO always be present in one of the major CVE databases for posterity), no explanation of how the remediation was implemented or tested... Cloud-native products have never been great across the board for CVEs, but this really feels like a slap in the face.

    Is this going to be the future of CVEs with LLMs taking over? "Hey, we had a CVSS 9.3, all your data could be exfiled for a while, but we patched it out, Trust Us®?"

This user hasn’t submitted anything.