Walter S. boosted

Last Saturday, I sat in a crowded ballroom at Caesar's Forum in Las Vegas and watched Sickcodes jailbreak a John Deere tractor's control unit live, before an audience of cheering Defcon 30 attendees (and, possibly, a few undercover Deere execs, who often attend Sickcodes's talks).

1/

Walter S. boosted

Ok, I now have permission to talk about this project in full and in public. I'm working with Alan Kay to build six replicas* of a Xerox PARC Alto display for use in a museum exhibit**. Visitors will see a real Alto and then walk over to one of the replicas to futz with Smalltalk '78***.
Here's a nice writeup of a different project that rejuvenated an actual Alto.
arstechnica.com/gadgets/2016/0

Walter S. boosted

Calculation of π, from rain falling on two wooden plate sensors, one circular and one square: the number of raindrops that landed on each plate during a storm was counted with an Arduino and π was calculated as the ratio [source & credits: buff.ly/2Dqy0gN]

Walter S. boosted

OK, this is hilarious (in German). Threema set up an ice cream stand with free ice cream, but the salesperson asks people intimate questions before they get the ice cream: your phone number, your best friend's name, your best friend's birth year, whether you're undergoing any medical treatments, who you chatted with last… I'm cringe-laughing-crying. Is there a word for this?
yewtu.be/watch?v=aoXRMEjOQcU
via @Seraina

Walter S. boosted

But despite its long tenure, Cosmicstrand was only just discovered. That's because of the fundamental flaw inherent in designing a computer that its owners can't fully inspect or alter: if you design a component that is supposed to be immune from owner override, then anyone who compromises that component *can't be detected or countered by the computer's owner*.

21/

Show thread
Walter S. boosted

its weird having hobbies where you have nothing to show for what you've done.
"what have you been up to?"
"I can give you the just of what I've been doing but its all very technical and would bore any reasonable person."

Walter S. boosted

Let me tell you, don't rely on flash for cold storage of important data. I learned it the hard way, despite knowing better.

A short thread. (1/n)

Walter S. boosted

@zens@merveilles.town Except that the true power of a CLI is in programmability. This means four things:

- parametrization
- control flow
- visual overview of what the program does
- editability

For a traditional GUI to provide this, it necessarily has to provide some kind of meta-UI, which could be a CLI or something like Scratch.

For a CLI this is not necessary as the work layer and the meta layer are the same. Because they are the same, further functionality can be added by using the meta layer on itself (in unix shell, that would be eval, or editing files by scripts then executing them).

Now can a GUI be built that also uses just one layer for both? I do not know, but never have seen one, and if it is possible, it would have to massively deviate from what we nowadays call a GUI.

Walter S. boosted

I'm a really big fan of how Norton has decided "political protests" and "private communication" belong on the same list as drug trafficking, crypto scams and "illegal activities".

Thanks for letting us know you've picked a side.

us.norton.com/internetsecurity

Walter S. boosted

@mhoye, thanks for sharing.

These vulnerabilities look like something that users should keep an eye out for.

I'm not sure what's exactly being mapped into that in-RAM virtual framebuffer driver, but this looks like a way to escape into DOM0 and wreak havoc on the system.

That GUI domain would have helped a lot in this situation. And also a way to "disable GUI" for particular VMs, like for the USB "firewall" domain.

qubes-os.org/news/2020/03/18/g

Walter S. boosted

Remember when I said update your windows machines today? Update your linux boxes tomorrow: lists.x.org/archives/xorg/2022

Walter S. boosted

Branch Predictor: The New Generation 

@devurandom, it seems that I'm late to the game, this was first proposed in 2001, and now: "The AMD Ryzen multi-core processor's Infinity Fabric and the Samsung Exynos processor include a perceptron-based neural branch predictor."

But we're still missing the software-defined silicone subscription and that distributed linked-list storage for improved performance after a cold boot.

Now, seriously, how can one trust those?

en.wikipedia.org/wiki/Branch_p

Walter S. boosted

Branch Predictor: The New Generation 

@devurandom, no stress, we'll add a new generation of BPs, powered by new on-chip statistics co-processors¹, backed by a linked list E2EE³ memory², with optional distribution, opt-out, of course.

--
¹) AI in Software-Defined Silicon As A Service, of course.

²) with PoS not that PoW 💩. And all this for better performance on cold boots and offsite backups, of course.

³) E2EE is army-grade, developed in-house, we can't tell you more, of course.

My PDF reader crashed while opening retbleed_sec22.pdf. I would have liked to say that I had l an eerie feeling, but I didn't.

Remember kids, qvm-convert-pdf is your friend, probably! But not with their paper. Also, it helps only if you don't forget about it.

(Ignore me, it was an experimental Okular build for some 64-bit ARM mobile device.)

Walter S. boosted

new moore's law: every CPU will become twice as slow every two years from all the predictive branching mitigations

Walter S. boosted

we have made machines with predictive branching, that peak beyond our reality into possible worlds to bend the present to our wills

and we have the hubris to think this wouldn't be a problem?

Walter S. boosted

@tindall i dont know why but the "microsoft ❤️ open source" thing has been scarily successful and a lot of people are actually convinced that microsoft is "good now and cares about users more than profit"

then every time microsoft does something like this they act surprised as if "how were we supposed to know?" when people have been warning them for years and they have been ignoring it

Researching ways to improve screen readers is fun, but now, besides helping existing projects, I'll need to create new code and stuff, and I REALLY need to find decent , but the internet is a mess, and I can't find anything helpful.

I also stumbled upon BusyBox (GPL-2.0-or-later) vs Toybox (0BSD). Toybox is everywhere in Android, BusyBox not so much, but it's in .

I don't speak legalese, is there something like: rxjs.dev/operator-decision-tre ?

vs vs ?

Walter S. boosted

These Space Shuttle launch control center consoles, used at Kennedy Space Center in the 1980s or 1990s, had a mix of digital computers and analog controls such as switches, buttons, dials, and indicator lights.

I took these photos at the American Space Museum in Titusville, FL.

#space #retrocomputing

Oh wow, maybe I need some sort of "thread composer". The character limit over here is not helping. Especially if you start a thread on a mobile device.

Also, didn't we get a new "I need to fix the spelling" feature on Mastodon? Where's that "Edit this Toot" button?

Show older
XXX

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!