The time I spent three months investigating a 7-year old bug and fixed it in 1 line of code
litchralee @ litchralee @sh.itjust.works Posts 1Comments 380Joined 2 yr. ago
litchralee @ litchralee @sh.itjust.works
Posts
1
Comments
380
Joined
2 yr. ago
This sort-of happened in the USA, in a small way, during the fallout of the 2016 Wells Fargo scandal. Public sentiment of the big-name, national retail banks was awful and credit unions capitalized on the moment with advertisements contrasting profit-centric national banks with local, cooperatively-owned credit unions.
In this article where consultants to credit unions were queried a year later, there's still some questions as to the long-term effects that may have benefited the credit unions.
I once came across a comment somewhere online that suggested -- sadly without hard evidence -- that the scandal may have been a win-win, since the sort of customers willing to uproot themselves from Wells Fargo tended to have smaller balances while still incurring the bookkeeping costs. And that credit unions were able to scale up to take in new customers while saving on advertising dollars.
It's a plausible idea, that a new equilibrium would be found in the banking market. Logically extending the idea further, though, would lay bare how much additional integration credit unions would have to do with each other to achieve a truly seamless customer experience. Of course, with more young people mostly sticking to online and mobile banking, this might come in the form of backroom operational improvements, rather than a revamped brick-and-mortar experience.
Most commercial publications in the USA and UK -- UPC/ISBN or not, regular or not -- will often send copies of their work to the national library (ie Library of Congress). That said, those copies might not be prioritized for digital viewing. So seeing them in-person might be the only way to access them.
As for whether the publishing houses keep them, it's probably very individualized, so who can say.
If you have a particular job focus for after you've graduated with your CS degree, would an internship with a related company be an option? Experience with web will be of limited use for an embedded job, and embedded experience is of limited use at a quantitative analysis company.
That's not to say the experience is entirely pointless, since many skills across the various disciplines of CS are transferable.
The other answers have touched upon the relative efficiencies between a phone charger and a desktop computer's PSU. But I want to also mention that the comparison may be apples-to-oranges if we're considering modern smartphones that are capable of USB Power Delivery (USB PD).
Without any version of USB PD -- or its competitors like Quick Charge -- the original USB specification only guaranteed 5 V and up to 500 mA. That's 2.5 W, which was enough for USB keyboards and mice, but is pretty awful to charge a phone with. But even an early 2000s motherboard would provide this amount, required by the spec.
The USB Battery Charging (USB BC) spec brought the limit up to 1500 mA, but that's still only 7.5 W. And even in 2024, there are still (exceedingly) cheap battery banks that don't even support USB BC rates. Motherboards are also a mixed bag, unless they specifically say what they support.
So if you're comparing, for example, the included phone charger with a Samsung S20 (last smartphone era that shipped a charger with the phone) is capable of 25 W charging, and so is the phone. Unless you bought the S20 Ultra, which has the same charger but the phone can support 45 W charging.
Charging the S20 Ultra on a 2004-era computer will definitely be slower than the stock charger. But charging with a 2024-era phone charger would be faster than the included charger. And then your latest-gen laptop might support 60 W charging, but because the phone maxes out at 45 W, it makes no difference.
You might think that faster and faster charging should always be less and less efficient, but it's more complex since all charging beyond ~15 Watts will use higher voltages on the USB cable. This is allowable because even the thinnest wire insulation in a USB cable can still tolerate 9 volts or even 20 volts just fine. Higher voltage reduces current, which reduces resistive losses.
The gist is: charging is a patchwork of compatibility, so blanket statements on efficiency are few and far between.
I've previously spoken with PSU engineers for enterprise power supplies -- specifically for 48-54v PoE equipment -- who described to me that today's switch mode power supplies (SMPS) tend to get more efficient with increasing load. The exception would be when the efficiency gains from higher loading start to become offset by the heating losses from higher input currents.
This graph for a TDK PSU shows that North American 120 VAC nominal (see here for the small difference between nominal and utilization voltages) will cause a small efficiency hit above 75% or so. And this is exactly why data centers -- even in North America -- will run with "high line" voltage, which is 200 VAC or higher (eg North American 208VAC delta supplies, British 240/415 wye, European 230/400 wye).
If using asyncio is too impenetrable, try using Trio instead. It's a sensibly-designed asynchronous library, to the point that you'll find it's easier to write non-trivial Python programs in Trio from the start, rather than bolting-on async support later.
Asyncio is just plain weird, IMO, exposing more low-level concerns than is customary for Python. Whereas Trio lets you get things done intuitively.
I will admit I had to look up what Pluton is, but I think Microsoft did a decent job of explaining it by themselves:
Microsoft Pluton is a secure crypto-processor built into the CPU for security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update
Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) and deliver other security functionality beyond what is possible with the TPM 2.0 specification
In other words, Pluton is an enhanced TPM that's baked directly into newer CPUs, for code integrity of Microsoft's software. Here, integrity means the software was not tampered with, and will do exactly what Microsoft wanted it to do. That no guarantee that their software won't spy on you or expose your data (see Microsoft Recall controversy), though.
Now, Microsoft can extend that integrity guarantee by blessing other software makers's code. That is one of many avenues to use Pluton as DRM and/or anti-cheat, if game makers obtain the necessary blessing.
But this is still years away from fully rolling out, and it necessitates that everyone buys a CPU which has Pluton enabled. I personally wouldn't want to pay money for something that historically would have given me full control. Game consoles have always been locked down, but I draw a line at PCs. Everyone will have to decide what they're comfortable with, as we enter this brave new world.
Perhaps this is a matter of nomenclature, but I wouldn't have thought that enforcing a ban is part of what anti-cheat software is meant to do. Sure, the anti-cheat is what alerts the game server, and then the server bans either the account or the actual machine. But the OP's question was about anti-cheat and DRM software that impacts system performance. Someone that's been banned from a game will not have in-game performance issues, because they're not able to play the game at all.
I don't think my omission of a TPM-based ban makes my answer "not entirely true". I stand by my statement that TPMs are not suitable for the anti-cheat or DRM functionality when a game is running, and would not solve any performance issues if they were.
With that out of the way, yes you're right that the TPM can be used for other, ancillary purposes. The typical use is to securely store certificates uniquely issued to a machine, such that the bearer of the certificate must be the certificate's rightful owner. This is sometimes used to authenticate to corporate VPNs or Windows AD domains. But these certificates can be replaced, which makes them useless for enforcing a ban on a particular machine.
But TPMs also have a built-in, static certificate from when they were manufactured, which can only be challenged/responded using tokens from that manufacturer. If a game maker wants to coordinate with various TPM or mobo manufacturers to achieve that level of security, they're certainly welcome to do so. But it also alienates users who don't have or refuse to own such hardware, exactly as you've described. It's a business decision, what they choose to do. Expedited manual review for broken TPM users is still fraught with issues, since there's now an incentive to brick your own TPM and get a second chance at cheating.
There's no free lunch in building secure systems, and that's why anti-cheat makers will always face the uphill battle.
In a nutshell, the TPM works great as a trust anchor if it's only needed once during boot-up. But anti-cheat and DRM software run concurrently with the software payload, so it's not a one-time deal but a continual process to reverify. More so, the TPM is not self-enforcing so there would have to be software which issues a challenge to the TPM, and then interprets the response. This uses CPU power, at a minimum.
The crucial challenge -- likely unsolvable in the general case -- is that anti-cheat software has to try to monopolize some portion of the machine, to prevent running other software like hacks or keygens. But this is diametrically opposed to the goal for the past 60 years of multitasking operating systems and context-switching CPUs, which try to divy out the machine so different software appear to run almost simultaneously and independently.
As a result, some anti-cheat software is truly horrible, because they have to employ very strange tricks to coerce the system to either prevent something undesirable from happening, or to act as a canary when something undesirable has happened. The definition of "undesirable" is left to the software package makers to define.
The only plausible way I could see the situation improving is if OS makers integrated anti-cheat and DRM into the scheduler (the very core of an OS) in a uniform manner. But this is: 1) really complicated, and 2) a security nightmare if malware could exploit it. And that's ignoring whether the Unix/Linux/BSD world would ever tolerate such a kernel feature.
The following will be a massive oversimplification of the complex laws and court cases over the 20th century trying to grapple with what, quite frankly, is a fairly modern issue. Not the AI aspect, but that of CSAM and how it intersects with American civil liberties (ie the First Amendment).
In the USA, the freedom of speech is very broad, save for very specific, already-established exceptions. These include "imminent threats/fighting words", obscenity (not the same as the dictionary definition), defamation (false statements that tarnish someone's character), and the cause or result of crimes. Whole courses could be taught on just the exceptions to the First Amendment and their contours.
Actual CSAM is exempt from freedom of speech because -- among other reasons articulated by courts -- it can only be produced through abuse of a child, which is a crime. Simulated CSAM, however, has to meet the obscenity standard in order to be exempt, which the Supreme Court articulated as:
The basic guidelines for the trier of fact must be: (a) whether the average person, applying contemporary community standards, would find that the work, taken as a whole, appeals to the prurient interest, (b) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state law; and (c) whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value.
Every word of those guidelines has been deeply analyzed for the 50 years of its existence, and until a better set of guidelines are issued, that's the best guidestar we have. Which is to say, if a lawyer can craft an argument within those parameters, the scenario you've described could indeed be recognized as a crime.
But a small caution: please be very careful when asking to carve exceptions into free speech. As a civil right, it's something which must be jealously guarded, by citizens, lawmakers, and courts. These things are complex precisely because they're trying to avoid criminalizing thoughts and ideas, while also enabling a society to function.
In American English, "corrupt" can refer to both the crime of corruption (eg quid pro quo deals with public officials) as well as seemingly abuses of discretion. For example, a city engineer has some amount of discretion when designing a new street, whether to dedicate more public space to automobiles or to restrict the space to become more like a public plaza, ie a living street with places to sit, eat, shop, and take in the air.
By objective professional standards, either approach could be appropriate if properly justified. But public sentiment could result in that engineer being called "corrupt" because they're giving less favor toward automobiles, for example. That is, "corrupt" is an epithet to voice one's displeasure at a discretionary decision. Also see sports umpires, who face similar (or worse) vitriol.
My limited experience with provider bills is that even two months "late", none have ever referred the bill to collections. Nor did they ever charge the "late" fees that their bills had threatened. I've never come across a provider that demanded a credit card on file -- and chargebacks would ensue if they did run the card without notifying me -- but my experience certainly won't be a consistent across the country.
I'm not sure what you mean about the part involving tax evasion, but broadly speaking: if a card is going to be held on file -- whether for a rental car or something else -- debit cards are not advisable. Also, my cursory understanding is that HSA cards should only be used for point of sale transactions, since apparently it could sometimes be declined for card-number-entered transactions.
As an aside, regarding USA health care public policy, I think provider-issued bills need to be abolished, where the only bill that insured patients receive is a single, consolidated bill that comes from the insurance company, at the same time the EOB is sent, with plentiful payment and financing options.
Not only does this reduce patient confusion, it saves money for providers (who don't need to follow-up on late payments), it reduces the need for providers to issue refunds, and patients benefit because it's a single bill at the end. The only downside -- maybe -- is that forgiveness of a medical expense must file paperwork with the insurance company, to be reflected on the consolidated bill. But this would still be a massive improvement.
Or, instead, maybe just go the full shilling and have a national, single-payer, universal health care system. Baby steps or big leaps; take your pick.
Most (all?) health insurance companies in USA have clauses in their agreements with in-network providers (ie doctors, hospitals, pharmacists) to permit a covered patient to first receive the Explanation Of Benefits (EOB) document from the insurance company first, before having to pay a provider. In fact, waiting for the EOB is highly advisable, because paying a provider's bill in-full and then later having to obtain a refund because the insurer paid out is akin to pulling teeth (that is, painful and difficult).
The EOB also shows which claims the provider actually filed with the insurance company, which if full-and-complete means you should not expect to make any further payments for services received.
To be clear, the EOB also includes any amount which the covered patient is known to have paid at the time of service. For example, most in-network doctor's offices will charge the insurance policy's copay on-the-spot before seeing the doctor, since this is a known, fixed amount and insurance will pay the doctor some sort of negotiated remainder.
You should verify the EOB reflects any copays you've already paid, and that the costs have accrued toward whichever deductible applies to you -- more than one deductible can be at play.
To answer your question directly, I would not start any negotiation until you have the EOB in hand, because otherwise you are negotiating blind: you won't know which claims have been filed, and you won't know how much insurance has agreed to already pay.
Ah, now I understand what you mean. Yes, the stock C80 would indeed legally be a Class 2 ebike in California, by virtue of its operable pedals, whether or not it's actually practical to use the pedals. That the marketing material suggests the C80 is used primarily with its throttle is no different than other Class 2 ebikes which are often ridden throttle-only, as many city dwellers have come to fear.
As for the unlock to Class 3, I wonder how they do that: California's Class 3 does not allow throttle-only operation, requiring some degree of pedal input.
The spectrum of two-wheelers in California include: bicycles, ebikes (class 1, 2, 3), scooters, mopeds (CVC 406), motor-driven cycles, and motorcycles (aka motorbikes; CVC 400)
The "moped" category, one which has almost been forgotten to the 1970s, has seen a resurgence: the now-updated law recognizes 30 mph, electric, 4 HP (3 kW) max two- or three-wheelers. These mopeds are street legal, bike lane legal, don't have annual registration, no insurance requirement, but do need an M1/M2 license. These CVC 406 mopeds are not freeway legal, but darn if they're not incredibly useful for in-town riding.
I could get myself an electric dirt bike and plates for it, 100% legally.
Do you have a reference for "class 3 e-scooters"? My understanding of the California Vehicle Code is that the class system only applies to bicycles with pedals, per CVC 312.5.
Whereas e-scooters -- the things that Bird and Lime rent through their app -- exist under CVC 407.5, which previously covered the older, gasoline-powered 50 cc types of scooters. But apparently the law has now completed written out the gas-powered ones, only mentioning electric-powered "motorized scooters".
Strictly speaking, there isn't a requirement in the law for e-scooters to have a speed governor, whereas ebikes must have one, either 20 mph (32 kph) or 28 mph (45 kph). Instead, riders of e-scooters are subject to a speed limit of 15 mph (25 kph), a stalwart from the days of the gas-powered scooters.
The key distinction here is that an ebike over-speeding beyond its class rating is an equipment violation, akin to an automobile without operational brake lights. But an e-scooter over-speeding beyond 15 mph is a moving violation, potentially incurring points on the rider's driving license -- if they have one -- and can impact auto insurance rates, somewhat bizarrely.
I'm not saying CA law is fair to e-scooters -- it's not -- but I can't see a legal scenario where an e-scooter can overtake an ebike rider if both are operating at full legal limits.
At last, the justification I needed for wearing a chainmail undergarment!
At least on my machine, that link doesn't work unless I explicitly change it to HTTP (no S).
I'm going to leave this here, supposedly the precursor to the BDSM thing. It's about horses. It's not nice to the horses. https://en.wikipedia.org/wiki/Gingering
This checks out lol
I often wonder if this deep level understanding of embedded software/firmware design is still the norm in university instruction. My suspicion has been that focus moved to making use of ever-increasing SoC performance and capabilities, in the pursuit of making it Just Work(tm) but also proving Wirth's Law in the process via badly optimized code.
This was an excellent read, btw.