|
11 posts total
 This morning for no obvious reason, I remembered the Fuel Rats. Elite:Dangerous is an MMO space sim game, with a big galaxy in which you fly a spaceship doing stuff. Spaceships need fuel, which you buy at stations, or if you have a fuel scoop you can skim the surface of certain stars to get usable fuel. Space is big though, and it's quite possible to run yourself low on fuel in a way that you can no longer warp to any inhabited system to refuel. At which point you're screwed. Relearning modern HTML, and amazed to find that <a> tags have a "ping" attribute that just fire off an async POST to whereever you like when someone follows the link. Explicitly designed for tracking user activity, and has been in browsers since 2011. According to MDN, Firefox is the only browser that doesn't send them by default. Not for any particularly noble reason, there's just an 11 year old open bug to finish shipping it and it's not done yet.
Show previous comments
 @danderson So … if a careless web designer were to enter the wrong URL to ping, the pingee would get incorrect info? Let’s hope nobody makes that mistake 😇   "Electronics isn't magic" "Also, here is the protective sigil to cast when working with DRAM"
Show previous comments
 @danderson Electro-magic-netics is my name for eletromagnetics because it fricking is. Digital electronics are just captured and channeled magic. Abstracted magic if you will. Or magitech if you want to sound cool. Happy chanting!  Welcome to Having a Normal One, I'm your host and today we're reading the ANSI specification for rectangular holes in standard IBM punched cards. Not much of a read if I'm honest, once you get past the foreword, the list of agencies that signed off, the list of contributors and the index, it fits on a single two-sided sheet of paper: the punch holes must be 0.125" by 0.055", ±0.001". The centers of the holes are laid out on a grid. Twelve lines 0.250" apart on the short axis, N lines spaced 0.087" on the long axis. Each intersection is the center point of a hole. ±0.010" center position error allowed when punching, ±0.018" when reading. Speaking of language, sometimes I remember how incredibly weird it is that a software feature designed to help you achieve something is canonically called a "wizard". Oh I need help configuring this, lemme light the beacon and call for the aid of Digital Gandalf Also implies that the default state of software is, I dunno, an orc or a barbarian or something. Something that you need a wizard to help you with, certainly. How to tell your OSS is ridiculously popular: people aren't 100% sure they _didn't_ embed it, and tack on the software equivalent of "packaged in a facility where peanuts were also present" to the license list. This watch contains software, so statistically probably contains at least traces of curl.
Show previous comments
 @danderson (to the tune of Sex Bomb) SBOM, SBOM, where's that SBOM ... You can give it to me so I know what's going on. "I just want an apolitical project where each can contribute according to their ability, to a common purpose to be enjoyed by each according to their need. Why do all these commies keep showing up, it is truly a mystery" Yesterday I ended up taking a random walk through "the rust memory model is more what you'd call "guidelines" than actual rules". Today I took a wrong turn and ended up on the LKML, in which I learned that the kernel has its own unique memory model, but also now contains rust code which follows the rust memory model (whatever that turns out to be), and also it's necessary to be able to exchange data back and forth between memory models. Some days, I'm just amazed that computers sometimes work. No diss on anyone involved, to be clear. The kernel has reasons for its own memory model, Rust obviously has _some_ memory model even with edge cases (and in some places delegates to c++20, which I'm assuming is partly a consequence of going through LLVM and inheriting a lot of stuff from C++). People are doing hard and productive work to get all these things nailed down and be confident in how computers work. It's just... could computers work by themselves every now and then please As the xz thinkpieces start showing up about What Should Be Done, a couple of questions I'd encourage you to keep in mind while reading them: I suppose this post also counts as a thinkpiece about the incident, arguably. Feel free to derive your own critical thinking rule of thumb from it, I guess :) @danderson arguably the badness was stopped because professionals noticed something fishy and found the root cause. If anything, to my mind, the system (if it can be called one) is actually working quite well given the fallibility of humans and the systems we create. @danderson It seems to me that dismissing all technical solutions because the problem is social is itself a form of giving up because stopping 100% of badness is impossible. If the option of hijacking crypto code in the sshd process through an obscure dynamic linking feature and an underfunded library hadn't been an option, for example, would the attacker have gotten nearly as far as they did? The poor original maintainer of xz is on it now, and has already found another "fun" thing: https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f9cf4c05edd14dedfe63833f8ccbe41b55823b00 . The configure check for enabling the Landlock sandboxing facility was subtly broken, so that Landlock support would never get enabled. The original malicious commit landed around the same timeframe as the main backdoor, also at an abnormal time of day compared to the new maintainer's historical activity pattern. @danderson that one is deliciously clever. I didn't see it when I looked at the diff despite having been primed to look for something evil. @danderson That one is tricky! I'm so sorry for Lasse, who now has double the amount of work, to review again every line of code added by the malicious actor. @danderson I want to support the original maintainer or show my appreciation if I can. But I feel like sending an email just to say thanks or ask how to help would just add to the stress; there must be a ton of emails coming in already. |
Gregory's Server
@danderson What a fun memory to surface ☺️
Being a Fuel Rat was the most fun thing I ever did in E:D and kept me in the game much longer than I would have otherwise. After classes were done for the day I would just pop up some Netflix, poke around aimlessly in Fuelum, and hang out in the IRC channel until it was time to roll out. The only thing I ever fired at a player ship was a limpet!
@danderson Valheim has a similar thing. If you accidentally wander into a biome you can't handle and get killed, and can't get your stuff back, there's a loot retrieval squad you can get in touch with. You give them your game details and they'll hop in and grab your stuff back for you.
The game has random events and some of the late game ones are triggered when certain items are present in game, so they figured out what gear and items they can bring in for recovery without screwing up the game.
@danderson I was completely ignorant of all of this. Thank you for sharing it, it's beautiful.