@HighResolutionSleep's banner p

HighResolutionSleep


				

				

				

					0 followers  

					follows 0 users  

					

					
joined 2022 September 04 21:39:04 UTC
				

				

				

				

				

				

					
				

				

				
				
				

				
User ID: 172


				
				
				

			

		

	














	


		


			



	

		

			

			

				

					

						

							
						

						

							
							

								
HighResolutionSleep


								

								

								
								
								

								
							
					
 
				


				

				
				
				

				

					0 followers  

					follows 0 users  

					joined 2022 September 04 21:39:04 UTC
				


				
					

					
No bio...

				

				

				

				

				

					

					

					
					
					

					
User ID: 172


					
					
					
				

			


					

						
					



		

	

 











			
			

			
			

			




	


		

			

			

				
				

					Hour
					Day
					Week
					
					Year
					All
				

			


			

			

	
	

	 Hot Bump Top Bottom Old Controversial Comments
	



		

	






	

		
		

		
		
	

	

  







		

			
			
				Culture War Roundup for the week of April 29, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					
I think roughly 0% of respondents would actually pick the bear. They are, to borrow a phrase from yesteryear, virtue signalling.


The more notable revelation is how cleanly this whole ordeal demonstrates that hating men is very much considered a virtue in some spaces.


				

				

						

							

								
							

						


						
					

				
			


			

	


			
			
				

			
		

	






		

			
			
				Culture War Roundup for the week of April 29, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					
Irrespective of who is receiving them, what's the number of visas that could be issued within the foreseeable future for which shaking your fist at couldn't necessarily be considered evidence of xenophobia? Would a billion do it?


				

				

						

							

								
							

						


						
					

				
			


			

	


			
			
				

			
		

	






		

			
			
				Culture War Roundup for the week of April 29, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					
Is the only principled position either zero immigrants or infinity immigrants?


				

				

						

							

								
							

						


						
					

				
			


			

	


			
			
				

			
		

	






		

			
			
				Wellness Wednesday for April 17, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					


My parents forbade me from reading fanfiction.




That's strange. How did that happen?


				

				

						

							

								
							

						


						
					

				
			


			

	


			
			
				

			
		

	






		

			
			
				Culture War Roundup for the week of April 8, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					


It's not hard to make reactors, the US has the technical chops to fit a 300 MW PWR reactor on a submarine along with sonar, torpedoes, stealth all for a total cost of $2 Billion.




Maybe the solution is the for US to commission giant submarines with gigawatt reactors on them, where they can tap into underwater transmission cables that just barely reach out into international waters.


Wouldn't be the dumbest thing we've ever done to get around crippling regulations. Maybe.


				

				

						

							

								
							

						


						
					

				
			


			

	


			
			
				

			
		

	






		

			
			
				Culture War Roundup for the week of April 1, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					


Witnessed is a little important, here




I think the glass half full perspective is more accurate here. Sure, it wasn't detected at the earliest possible time—the second it was committed—but it was only in the most bleeding edge releases of a select few base distributions for a few weeks before it got sniffed out. For such a sophisticated attack, that's lightning fast. Stuxnet took about five years and infected around a hundred thousand machines before it was uncovered. Sure, it's possible that this sample size of one is unrepresentative of the whole distribution of this event repeated a thousand times, but that's less likely and strikes me as somewhat catastrophizing. As someone noted below, we don't know that this wasn't an attack from an AGI sitting in OpenAI's basement plotting to kill us all as we speak.




Visible-source seems to have helped track down the whole story




How would he have tracked down the backdoor without the repo? It seems to me that without it all he would have is some CPU benchmarks and some valgrind errors. What would he have done with that other than submit a bug report to the company that actually had sources, which could be ignored or "fixed" at their discretion?


				

				

						

							

								
							

						


						
					

				
			


			

	


			
			
				

			
		

	






		

			
			
				Culture War Roundup for the week of April 1, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					


Security is hard.




I like to think that this will get better as time goes on. If you think about it, humans have only really been writing software at an industrial scale for two, maybe three decades now. We're not good at it yet.


Every single one of us is running a kernel that was written in the 90s using paradigms formed in the 80s with a computer language that was invented in the 70s.


So little about how we do computing has even caught up to modern thinking. I don't know if Rust specifically is the future, but something like it is.


				

				

						

							

								
							

						


						
					

				
			


			

	


			
			
				

			
		

	






		

			
			
				Culture War Roundup for the week of April 1, 2024
			
		

	

	

	

		
			

			

				

			

		

			


				

					


The Many Eyes theory of software development worked. This was an incredibly subtle attack that few developers would have been able to catch, by an adversary willing to put years into developing trust and sneaking exploit in piecemeal.




I've watched a lot of doomerist takes on this one claiming that this proves many-eyes doesn't work, but I think it proves just the opposite. This was perhaps the most sophisticated attack on an open source repo ever witnessed, waged against an extremely vulnerable target, and even then it didn't come even close to broad penetration before it was stopped. Despite being obvious it bears laboring that it wouldn't have been possible for our Hero Without a Cape to uncover it if he wasn't able to access the sources.


If I had to guess, I would suppose that glowing agencies the world round are taking note of what's happened here and lowering their expectations of what's possible to accomplish within the open source world. Introducing subtle bugs and hoping they don't get fixed may be as ambitious as one can get.


That being said, I'm not sure that the doomerism is bad. The tendency to overreact may very well serve to make open source more anti-fragile. Absolutely everyone in this space is now thinking about how to make attacks like this more difficult at every step.