booly @ booly @sh.itjust.works

Posts

2

Comments

492

Joined

2 yr. ago

It basically varies from chip to chip, and program to program.

Speculative execution is when a program hits some kind of branch (like an if-then statement) and the CPU just goes ahead and calculates as if it's true, and progresses down that line until it learns "oh wait it was false, just scrub all that work I did so far down this branch." So it really depends on what that specific chip was doing in that moment, for that specific program.

It's a very real performance boost for normal operations, but for cryptographic operations you want every function to perform in exactly the same amount of time, so that something outside that program can't see how long it took and infer secret information.

These timing/side channel attacks generally work like this: imagine you have a program that tests if variable X is a prime number, by testing if every number smaller than X can divide evenly, from 2 on to X. Well, the bigger X is, the longer that particular function will take. So if the function takes a really long time, you've got a pretty good idea of what X is. So if you have a separate program that isn't allowed to read the value of X, but can watch another program operate on X, you might be able to learn bits of information about X.

Patches for these vulnerabilities changes the software to make those programs/function in fixed time, but then you lose all the efficiency gains of being able to finish faster, when you slow the program down to the weakest link, so to speak.

This particular class of vulnerabilities, where modern processors try to predict what operations might come next and perform them before they're actually needed, has been found in basically all modern CPUs/GPUs. Spectre/Meldown, Downfall, Retbleed, etc., are all a class of hardware vulnerabilities that can leak crypographic secrets. Patching them generally slows down performance considerably, because the actual hardware vulnerability can't be fixed directly.

It's not even the first one for the Apple M-series chips. PACMAN was a vulnerability in M1 chips.

Researchers will almost certainly continue to find these, in all major vendors' CPUs.

Can't fix the vulnerability, but can mitigate by preventing other code from exploiting the vulnerability in a useful way.

these people actually exist

The way it's been explained to me is that so much of the negative interactions in life come from a tiny, tiny number of offenders who manage to be shitty to dozens and dozens of people. So anyone who has to interact with many different people will inevitably encounter that shitty interaction, while most of us normies would never actually behave in that way.

Of the literally thousands of times I've interacted with a server or cashier, I've never yelled at one. But talk to any server or cashier, and they'll all have stories of the customer who yelled at them. In other words, it can be simultaneously true that:

• Almost all servers and cashiers get yelled at by customers.
• Very, very, few customers actually yell at servers or cashiers.

In other words, our lived experiences are very different, depending on which side of that interaction we might possibly be on.

When I talk to women in male dominated fields, basically every single one of them has shitty stories about sexist mistreatment. It's basically inevitable, because they are a woman who interacts with literally hundreds or thousands in their field. And even if I interact with hundreds or thousands of women in that same field, just because I don't mistreat any of them doesn't mean that my experienced sample is representative.

The first Paw Patrol movie is about a corrupt and incompetent mayor who accumulates too much power, wrongfully imprisons dogs, and must be stopped, for the good of the public. At least, that's how it's presented at first glance.

But if you peel back the layers, it's really about the elected leader in a two-party system, from the cat party, being overthrown by the dog party (note that all first responders seem to be from the same political party), for daring to put the dogs in obedience school (that is, requiring first responders to actually abide by the rules of their society). Worst part is that the mayor isn't even mayor of the same town - the dogs go to the next city over to overthrow that political leader, akin to some kind of cold war era foreign-orchestrated coup.

It was also very much a specific moment in time, where it was possible to be optimistic that the Web 2.0 explosion of decentralized access to tools for users self-publishing and distributing content to millions of readers/consumers would democratize the exchange of ideas.

And then, over the decade and a half since, the old gatekeepers were replaced with new gatekeepers, where the wild west of the unrestricted web turned into a cesspool of spam/scams and clickbait, and people organized into walled gardens controlled by corporate interests. The internet as a whole is still somewhat decentralized, but it's getting harder and harder to meaningfully participate in public dialogue without first pledging fealty (that is, signing away rights in some Terms of Service) to some digital lord in this new feudal landscape.

That's also to say nothing of the power of corporate or governmental forces to influence the discussion on those platforms, through old and new propaganda techniques that leverage existing social and technical feedback loops.

Remind me of who won that war?

I'm pretty sure the Ukrainians won that one too.

If you're looking in the library for books that are at least 100 years old, you're generally only going to see the ones that people thought were worth preserving for 100 years.

If you're training your image generation model with stock photographs, you're generally only going to be giving it images of people who are literally models. Not all models are beautiful, but they're probably more beautiful on average than the general population.

Ah I see you've seen me watch professional sports

I agree. The visuals and the story itself are a fun love letter to analog film photography, right at that moment in history when digital replaced analog as the default form of artistic photography.

I agree that the "love" argument was poorly stated, and framed in a stupid way (as a force, really?).

But I think it ultimately makes sense, in a Richard Dawkins' Selfish Gene kind of way. Our species has strong pro-social tendencies, where we are willing to put in huge amounts of labor, resources, and sacrifice for loved ones. In the aggregate, across large populations, that can add up to some pretty powerful emergent group behavior that adds up to something that is difficult to model through its individual components. Our species has done some amazing things, and will probably continue to do amazing things, motivated by a bunch of emotions that include what we call "love."

True friends will still want you to come but understand if you bail out.

True friendship is a two-way give and take. For some things, friendship means giving up some level of autonomy and self interest to provide something that your friend wants. In some contexts, showing up is important to the friend and a few repeated snubs/cancellations ends up communicating to the friend that they're not important to you. At that point they can start revisiting whether this is a "true friendship" or not and protect themselves by pushing away.

And it's not just not coming out. It's also the implied precursor here, that two people have made plans together. There's some level of reliance on the other, and bailing at the last minute is often seen as much ruder than just not agreeing to hang out in the first place.

Or, alternatively, the other person starts to understand that you have a preference against hanging out, like it's a chore or a favor. They're your friend, and they want to do right by you, so they just stop inviting you out and asking that favor of you, and then you drift apart and wonder why.

Friendship is about understanding other people, and empathizing even when their personalities and thought process are different. Friendships are hard enough to maintain past 30, and keeping them requires some level of conscious effort, especially for introverts.

The subscription fee was for a gamepass-like access to a catalog of free games, so they didn't refund that. The subscription fee also wasn't required for playing purchased games (although it was required for 4K quality).

especially with a controller

I mostly used keyboard and mouse with the service, since the games I like to play tend to work better with keyboard and mouse. I had a dinky underpowered laptop but was playing AAA PC-oriented games through the browser interface. It was great.

I'm on GeForce Now these days but I find that it doesn't work quite as seamlessly as Stadia did.

All GPUs perform equally well the same at ray tracing when there are no rays to trace

A million f[beep]ing diamonds!

I've seen it for keypads that have to send a signal to an actuator located elsewhere, but I think the typical in-door deadbolt (where the keypad is mere millimeters from the motor itself) wouldn't have the form factor leaving the connection as exposed to a magnet inducing a current that would actually actuate the motor.

Most of LPL's videos on smart locks just defeat the mechanical backup cylinder, anyway. I'd love to see him take on the specific Yale x Nest model I have, though.

Yup. The backup for battery failure on this model is that the bottom of the plate can accept power from the pins of a 9V battery, held there just long enough to punch in the code.

Things might be different by now, but when I was researching this I decided on the Yale x Nest.

It's more secure than a keyed lock in the following ways:

• Can't be picked (no physical keyhole).
• Codes can be revoked or time-gated (for example, you can set the dog walker's code to work only at the time of day they're expected to come by).
• Guest codes can be set to provide real-time notifications when used.
• The lock keeps a detailed log of every time it's used.
• The lock can be set to automatically lock the door after a certain amount of time.

It's less secure than a physical traditional lock in the following ways:

• Compromise of a keycode isn't as obvious as losing a key, so you might not change a compromised keycode the same way you might change a lost key.
• People can theoretically see a code being punched in, or intercept compromised communications to use it.
• Compromised app or login could be used to assign new codes or remotely unlock

It's basically the same level of security in the following ways:

• The deadbolt can still be defeated with the same physical weaknesses that a typical deadbolt has: blunt force, cutting with a saw, etc.
• The windows and doors are probably just generally weak around your house, to where a determined burglar can get in no matter what lock you use.
• Works like normal without power or network connection (just can't be remotely unlocked or reprogrammed to add/revoke codes if not online)

Overall, I'd say it's more secure against real-world risk, where the weakest link tends to be the people you share your keys with.

In comparison, the Geneva Convention literally forbids doing this to enemy POWs.

The instance I'm logged into doesn't forward my user agent, IP address, or CSS/script support (or other fingerprinting techniques) to the other instance. Everything I do in a community hosted on another instance is forwarded through my instance server as a middleman, and I never directly connect to the other instance server.

The admins of an instance (or reddit) might be able to analyze server logs of different users on their own instance to be able to determine those things, but can't apply that analysis to accounts from other instances, whose interaction with the server doesn't actually include a login or any direct connections to the server they administer. All they have to go on is the ActivityPub logs, which won't include that fingerprinting information.