In other news today...
-
If you're wondering why the power is going out in California even before the full wildfires season:
Relatives must have wondered where he was hanging out.
-
If you're going to buy scratch lottery tickets, at least check them properly...
-
Elsewhere, I heard 12 dead.
-
@HardwareGeek said in In other news today...:
Elsewhere, I heard 12 dead.
In a couple weeks, we'll have that down to zero.
-
A flaw in the design of the Apple Silicon ‘M1’ chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. […] The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.
-
@TimeBandit
also:He also noted that this was the result of an intentional decision on Apple’s part. “Basically, Apple decided to break the ARM spec by removing a mandatory feature, because they figured they'd never need to use that feature for macOS,” he explained. “And then it turned out that removing that feature made it much harder for existing OSes to mitigate this vulnerability.” The company would have to make a change on the silicon level with its followup to the M1 to mitigate this flaw.
Guess we will hear of more M1 features in the comming months...
-
@TimeBandit's M1RACLE said:
If you've read all the way to here, congratulations! You're one of the rare people who doesn't just
retweetupboat based on thepageonebox title
-
-
-
@JBert said in In other news today...:
@JBert said in In other news today...:
There are no seasons anymore...
It seems to be spreading:
Da plane! Da plane! (tho usually they like to drop blue ice - yuck!)
-
Abstract reads:
Let F be a totally real field of degree n and p an odd prime. We prove the p-part of the integral Gross-Stark conjecture for the Brumer-Stark p-units living in CM abelian extensions of F. In previous work, the first author showed that such a result implies an exact p-adic analytic formula for these Brumer-Stark units up to a bounded root of unity error, including a "real multiplication" analogue of Shimura's celebrated reciprocity law in the theory of Complex Multiplication. In this paper we show that the Brumer-Stark units, along with n−1 other easily described elements (these are simply square roots of certain elements of F) generate the maximal abelian extension of F. We therefore obtain an unconditional solution to Hilbert's 12th problem for totally real fields, albeit one that involves p-adic integration, for infinitely many primes p.
Our method of proof of the integral Gross-Stark conjecture is a generalization of our previous work on the Brumer-Stark conjecture. We apply Ribet's method in the context of group ring valued Hilbert modular forms. A key new construction here is the definition of a Galois module ∇ℒ that incorporates an integral version of the Greenberg-Stevens ℒ-invariant into the theory of Ritter-Weiss modules. This allows for the reinterpretation of Gross's conjecture as the vanishing of the Fitting ideal of ∇ℒ. This vanishing is obtained by constructing a quotient of ∇ℒ whose Fitting ideal vanishes using the Galois representations associated to cuspidal Hilbert modular forms.
-
-
@HardwareGeek said in In other news today...:
But not many.
I got as far as where they reverse the polarity of the deflector field, but they lost me afterwards.
-
@cvi said in In other news today...:
@HardwareGeek said in In other news today...:
But not many.
I got as far as where they reverse the polarity of the deflector field, but they lost me afterwards.
You need a fractal encryption algorithm for that, obviously.
-
I'm dubious about this. Google's ads throw me something relevant every now and then but Amazon only recommends me shit I just bought. I'm not sure either is a good investment to be honest.
-
@DogsB said in In other news today...:
I'm not sure either is a good investment to be honest.
That doesn’t matter as long as they can convince you it is.
-
-
@DogsB said in In other news today...:
I'm dubious about this. Google's ads throw me something relevant every now and then but Amazon only recommends me shit I just bought.
Twitch must make a fortune in ad revenue.
-
@DogsB said in In other news today...:
I'm dubious about this. Google's ads throw me something relevant every now and then but Amazon only recommends me shit I just bought. I'm not sure either is a good investment to be honest.
Amazon just copied Google's ads. They keep recommending me shit I just bought too. And telling me saying Slavic women is great and I should do it.
-
@DogsB said in In other news today...:
Google's ads throw me something relevant every now and then but Amazon only recommends me shit I just bought.
They also recommend things related to stuff on my wish lists.
-
@DogsB said in In other news today...:
Amazon only recommends me shit I just bought
They have good suggestions of things often bought together. Like when I bought something that needed AAA batteries, they suggested I buy AA batteries with it
-
@topspin said in In other news today...:
@cvi said in In other news today...:
@HardwareGeek said in In other news today...:
But not many.
I got as far as where they reverse the polarity of the deflector field, but they lost me afterwards.
You need a fractal encryption algorithm for that, obviously.
I'm at a "possible cryptographic applications " level of understanding so far.
-
@TimeBandit said in In other news today...:
@DogsB said in In other news today...:
Amazon only recommends me shit I just bought
They have good suggestions of things often bought together. Like when I bought something that needed AAA batteries, they suggested I buy AA batteries with it
The thing I notice is that when I buy or just search for a CD to complete a series, they recommend the volumes I already had.
(Wrote my first product review two days ago. It was the 1928-29 volume of a series that I've been buying a disc at a time for years, starting with and working my way up through the 1930s, '40s and '50s, then back to 1920. The original record company went out of business after the 1924 set and I thought I was going to be stuck with this hole forever, then some other company picked it up, reissued all the previous volumes under their own label and added 1925, '26 and '27 before they went under as well, and about a year ago finally put out the last two years as a 3-disc set.)
-
@da-Doctah customers like you also purchased. Working as designed.
-
@TimeBandit said in In other news today...:
They have good suggestions of things often bought together. Like when I bought something that needed AAA batteries, they suggested I buy AA batteries with it
Customers like you also purchased. Working as designed.
They might have purchased it because it was suggested to them. But hey, it's their fault for not paying attention.
-
-
Article linked by @TimeBandit said:
extensions that start web servers. Typically, these servers are meant to be accessible locally via a browser or used for IPC purposes.
Using IP (does not matter whether TCP, UDP, SCTP etc) for IPC has always been wrong, because you can't apply access controls to a port on localhost beyond not binding it to any external IP address, so all users on the machine have access to it, and you can't tell which user is accessing it (for unix-domain sockets you can). There are unfortunately two problems:
- Windows don't (at least as far as I know) have anything similar to unix-domain sockets.
- Browsers don't support connecting to http servers running on unix-domain sockets.
Now that Linux has network namespaces, it would be possible to prevent other users from accessing it by giving each user a network namespace, but that would not help the other platforms again. But more importantly, it wouldn't prevent the actual attack vector which instead relies on the user unknowingly making a request to the local webserver in their browser.
That is actually just a standard CSRF. So standard mitigations should apply, but many developers simply don't realize CSRF against localhost is possible (and very valuable in fact as demonstrated). I am thinking that:
- Web servers (and express in particular) should default to rejecting requests with
host: locahost
andreferer
ororigin
anything else. - The browser could do the same. That wouldn't even need the browser vendors to do that, there could be a plugin that would do it and software using browser to show things could recommend installing it.
- This could also be applied to private IP ranges. Request to
host
in one of the private IP ranges (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) andreferer
ororigin
not in the same range orlocalhost
could also be blocked by default to protect various internal test installations.
-
@dcon said in In other news today...:
@JBert said in In other news today...:
@JBert said in In other news today...:
There are no seasons anymore...
It seems to be spreading:
Da plane! Da plane! (tho usually they like to drop blue ice - yuck!)
Just a bit more accuracy in the location and time, and you could figure out which plane it is from the flight records.
Of course, this is assuming that there is only one plane flying around with a leaky tank.
-
@TimeBandit said in In other news today...:
Some of the extensions in question are "LaTeX Workshop," "Rainbow Fart," "Open in Default Browser," and "Instant Markdown,"
VSCode Rainbow Fart is an extension that keeps giving you compliment while you are coding, it will checks the keywords of code to play suitable sounds.
-
@loopback0 I just wanted to post more info in WTF bites, because there's a video of it in action on the developer's website:
-
@JBert said in In other news today...:
@loopback0 I just wanted to post more info in WTF bites, because there's a video of it in action on the developer's website:
“Excellent!”
-
@JBert said in In other news today...:
@loopback0 I just wanted to post more info in WTF bites, because there's a video of it in action on the developer's website:
-
@dkf said in In other news today...:
“Excellent!”
-
@TimeBandit said in In other news today...:
@DogsB said in In other news today...:
Amazon only recommends me shit I just bought
They have good suggestions of things often bought together. Like when I bought something that needed AAA batteries, they suggested I buy AA batteries with it
Because they know that the AAA batterries have only little charge, not enough to use the device for a useful amount of time. With AA batterries, you can use it more than twice that long.
At least, from an arithmetic point of view.
-
@loopback0 There should be a Drill Sergeant ( Texas customs) extension.
SQUIRRELNUTS
CHOW CHOW SHIT SHIT IS ALL YOU'RE GOOD FOR
EVERY TIME YOU WRITE THIS FUNCTION, STUPID FALLS OUT
-
@dkf The only slightly redeeming feature would be if it says "I love it when you talk dirty" each time you open an inline assembly block.
-
@cvi said in In other news today...:
@dkf The only slightly redeeming feature would be if it says "I love it when you talk dirty" each time you open an inline assembly block.
I was tempted by qooc thread but this is far more depraved in context.
-
@cvi said in In other news today...:
@dkf The only slightly redeeming feature would be if it says "I love it when you talk dirty" each time you open an inline assembly block.
If it screams in pain when it sees a
goto
, it's good…
-
Ya think you would have learned that from Lost before fucking up two beloved franchises.
-
I have no idea why they're looking at mice. Its not like there would be a shortage of willing percipients.
-
@DogsB said in In other news today...:
I have no idea why they're looking at mice. Its not like there would be a shortage of willing percipients.
Yes, but it's easier to find laboratory mice that are sane before the experiment.
-
@dkf said in In other news today...:
@cvi said in In other news today...:
@dkf The only slightly redeeming feature would be if it says "I love it when you talk dirty" each time you open an inline assembly block.
If it screams in pain when it sees a
goto
, it's good…Yeah seriously how hard is it to use a labeled break instead.
-
@Gribnit Very hard when you are programming in a language that does not have it.
-
@Bulb said in In other news today...:
@Gribnit Very hard when you are programming in a language that does not have it.
They all have everything if you abuse them hard enough.
-
Yes.
-
@DogsB said in In other news today...:
Yes.
Next: complete Witcher 3 main quest and get a good ending to prove you are not a robot.
-
@MrL said in In other news today...:
@DogsB said in In other news today...:
Yes.
Next: complete Witcher 3 main quest and get a good ending to prove you are in fact a robot.
Ftfy
-
@dkf said in In other news today...:
@cvi said in In other news today...:
@dkf The only slightly redeeming feature would be if it says "I love it when you talk dirty" each time you open an inline assembly block.
If it screams in pain when it sees a
goto
, it's good…It stabs you if you use
longjmp
.
-
@topspin said in In other news today...:
It stabs you if you use
longjmp
.Saves everyone else the trouble.
-
All this hate for
longjmp
.