Quantum mechanics is not magic. Magic specifies the outcome, but not how a system evolves to reach that outcome. Quantum mechanics has precise equations describing how a system will evolve over time, but is famously bad at describing the outcome.

By the same token, we can see that thermodynamics and conservation laws, while widely accepted, are magic. I have heard legend of a deeper magic known as “Lagragians”, although knowledge of that lost art remains confines to the warlocks’ ivory tower.

https://xkcd.com/2904/

The AI developers understand how AI works, but that does not mean that they understand the thing that the AI is trained to detect.

For instance, the cutting edge in protein folding (at least as of a few years ago) is Google’s AlphaFold. I’m sure the AI researchers behind AlphaFold understand AI and how it works. And I am sure that they have an above average understanding of molecular biology. However, they do not understand protein folding better than the physisits and chemists who have spent their lives studying the field. The core of their understanding is “the answer is somewhere in this dataset. All we need to do is figure out how to through ungoddly amounts of compute at it, and we can make predictions”. Working out how to productivly throw that much compute power at a problem is not easy either, and that is what ML researchers understand and are experts in.

In the same way, the researchers here understand how to go from a large dataset of breast images to cancer predictions, but that does not mean they have any understanding of cancer. And certainly not a better understanding than the researchers who have spent their lives studying it.

An open problem in ML research is how to take the billions of parameters that define an ML model and extract useful information that can provide insights to help human experts understand the system (both in general, and in understanding the reasoning for a specific classification). Progress has been made here as well, but it is still a long way from being solved.

The actual difference between a working new mouse and a failing double click mouse is in the button itself (mechanical parts are almost always the problem).

However, it is not some exotic failure mode. All mechanical switches have a “bounce”, where the contact makes and breaks a few times before settling into the connected position. Switches are typically designed to make the actual contact spring loaded (which is the origin of the click sound you here). As they age, this mechanism degrades, making the bouncing problem worse.

However, this is a well understood problem that any electrical engineer should be familiar with. One solution is to install a filter capacitor. Now it takes longer to switch between the on and off state, so the inherent bounce in the switch is smoothed out to the point where you cannot detect it.

They probably did testing with a new switch, and decided that they didn’t need to include any explicit debounce component, ignoring the fact that the switch would degrade over its lifetime.

The annoying thing is that fixing the double click is stupidly easy. Years ago, I got frustrated with that exact problem (after a string of 3 mice that each lasted only a few months); so I opened one up and soldered on a random capacitor I had lieing around.

Capacitors like that cost literally less than a penny, and are no more complicated to install at production time than any other component already on the circuit board.

1 line of code?

Amateur, I changed 1 byte of code in the Linux kernel!

It was random driver with something along the lines of “if (hardware_version > 3) fail()”.

One day we got a new shipment of hardware that wasn’t working for some reason until I upped that 3 to a 4.

I think what happened here is that something went wrong and messed up the permissions of some of the users files. MS help suggested that he login as an administrator and reatore the intended permissions.

I don’t work with Windows boxes, but see a similar situation come up often enough on Linux boxes. Typically, the cause is that the user elevated to root (e.g. the administrator account) and did something that probably should have been done from their normal account. Now, root owns some user files and things are a big mess until you go back to root and restore the permissions.

It use to be that this type of thing was not an issue on single user machines, because the one user had full privileges. The industry has since settled on a model of a single user nachine where the user typically has limited privileges, but can elevate when needed. This protects against a lot of ways a user can accidentally destroy their system.

Having said that, my understanding of Windows is that in a typical single user setup, you can elevate a single program to admin privileges by right clicking and selecting “run as administrator”, so the advice to login as an administrator may not have been nessasary.

Have you ever worked in a place where every function/field needed a comment? Most of those comments end up being “This is the <variable name>, or this does <method name>”. Beyond, being useless, those comments are counter productive. The amount of screen space they take up (even if greyed out by the IDE) significantly hurts legability.

Fetlife is not a dating app. They have actively not implemented features such as filter by age/gender in order to avoid becoming a dating app. If you are looking to get involved in your local kink community, Fetlife is the answer [0]. For anything else, it is garbage. If you try using it to get laid, you will just be pissing a bunch of people off.

[0] At least for my local kink community. Other areas might vary.

In addition to the raw compute power, the HP laptop comes with a:

• monitor
• keyboard/trackpad
• charger
• windows 11
• active cooling system
• enclosure

I’ve been looking for a lapdock [0], and the absolute low-end of the market goes for over $200, which is already more expensive than the hp laptop despite spending no money on any actual compute components.

Granted, this is because lapdocks are a fairly niche product that are almost always either a luxury purchase (individual users) or a rounding error (datacenter users)

[0] Keyboard/monitor combo in a laptop form factor, but without a built in computer. It is intended to be used as an interface to an external computer (typically a smartphone or rackmounted server).

deleted by creator

Miniaturization is amazing. The limiting factor to how powerful we can make phones is not space to put in computational units (processors,ram,etc). It is the ability to deal with the heat they generate (and the related issue of rationing a limited amount of battery power)

At a $188 price point. An additional 4GB of memory would probably add ~$10 to the cost, which is over a 5% increase. However, that is not the only component they cheaped out on. The linked unit also only has 64GB of storage, which they should probably increase to have a usable system …

And soon you find that you just reinvented a mid-market device instead of the low-market device you were trying to sell.

4GB of ram is still plenty to have a functioning computer. It will not be as capable of a more powerful computer, but that comes with the territory of buying the low cost version of a product.

If that were the case then they would have written that into their constitution 70 years ago. And they wouldn’t have assasinated their own prime minister 30 years ago.

Heck, the current minister of national security Ben-Gvir was rejecting from mandatory constriction by the IDF, and convicted in an Israeli court of supporting (Jewish) terrorism after being indicted by an Israeli prosecutor.

These are not things that happen in a country that is unified in its goals.

The Israeli government has no idea what it is doing. Literally. The current government was a barely held together coalition prior to October 7. In the direct aftermath, they formed a unity government and war cabinet that collapsed last week.

Their prime minister has been indicated on corruption and bribertmy charges, which are currently on hold for obvious reasons. By most indications his primary motivation in this matter is to stay in power himself, with Israel’s national interests being secondary.

Individual members of IDF leadership have called Israel’s stated objectives “unachievable”.

Israel simultaneously wants to live in peace as a liberal Jewish state without commiting any form of ethnic clensing; and achieve its manifest destiny of establishing a Jewish theocracy across Judea and Samaria.

These are deep questions that get to the core of what Israel is and stands for. Questions that are to be answered by the Israeli constitution in the 50s. That never happened because Israel was never able to agree on a constitution [0].

Right now, Israel is just reacting, without any long term strategic vision. Various factions are trying to use that chaos to advance their own long term vision.

[0] Which led to the big judicial reform constitutional crisis that was a giant political crisis before October.

Because the thing people refer to when they say “linux” is not actually an operating system. It is a family of operating systems built by different groups that are built mostly the same way from mostly the same components (which, themselves are built by separate groups).

https://en.m.wikipedia.org/wiki/Axiom_of_choice

The axiom of choice asserts that it is possible to pick an arbitrary element from every set. Most of mathametics accepts this. However constructivist math does not.

Sudo is a setuid binary, which means it executes with root permissions as a child of of the calling process. This technically works, but gives the untrusted process a lot of ways to mess with sudo and potentially exploit it for unauthorized access.

Run0 works by having a system service always running in the background as root. Running a command just sends a message to the already running seevice. This leaves a lot less room for exploits.

No. It is the equivalent of a PC maker going “yeah. I don’t think we are going to put in a CD drive anymore because the DVD drive we have been including for years can do CDs as well”

I’m one of those security specialists (although not on mastodon). To be clear, if a vulnerable version of libxz were included in a distribution that we actually use; this would be an all hands on deck, drop everything until it is fixed emergency.

Having said that, for an average user, it probably doesn’t matter. First, many users just don’t have the vulnerable version installed. All things considered, it was found very quickly; so only rolling release distros would have it. Additionally, it appears that only .deb or .rpm based distributions would have it. Not because they are particularly vulnerable, the attack explicitly tests for it.

However, lets set all of this asside and assume a typical use is running a vulnerable system. In my assessment, the risk to them is still quite low. With most vulnerabilities, the hard part is discovering it. Once that happens, the barrier to exploiting it is relatively low, so you get a bunch of unrelated hackers trying to exploit any system they can find. This case is different; exploiting it requires the attackers private key. Even though the attack is now widely known, there is still only 1 organization capable of using it.

Further, this attack was sophisticated. I’m not going to go as far as others in saying that only a state actor could do it. However, it is hard to think of anyone other than a state actor who would do it. Maybe a group of college kids doing it for the lolz research? But, if the motivation us lolz, I don’t see them pivoting to do anything damaging with it. And even if they wanted to, there would still only be a handful of them. In short, this is one of those cases where obscurity works. Whoever did this attack does not know or care about Joe the Linux user; and they were probably never going to risk burning it by exploiting it on a large scale.

However, setting all of that asside, suppose you were using vulnerable software, and someone with the private key is interested in your home system. First, you would need to be running OpenSSH on a remotely accessible interface. [0]. Second, you would need your firewall to allow remote SSH traffic. Third, you would need your router to have port forwarding enabled; and explicitly configured to forward traffic to your OpenSSH server [1].

If all of that happens; then yes, you would be at risk.

[0] Even though the attack itself is in the libxz library, it appears to specifically target OpenSSH.

[1] Or, the attacker would need some other mechanism to get on the same network as you.

Out of all the sovereign citizen nonsense I have seen, this is probably the most likely to work. Not in a “that is the way the law works” kind of way, but in the “the other party might actualy get duped” way.

Essentially, it is a variant of the fake invoice scam. In a fake invoice scam, you send a bill to a company you never worked for. Normally, the company will look at it and ask “what is this about?”. However, occasionally the bill will land on top of a pile of paperwork. Then a parent who was up all night with a sick kid will come in in the morning, see an unpaid bill, and write the check before having their morning coffee.

Essentially the same thing happened here. The bank got paperwork from the IRS saying that the bank forgave the loan (point 1 to the scammer for having this come through the IRS). Of course, most of the time, the banks response is going to be “no we didn’t”, at which point the scammer looses. But occasionally an employee at the bank is going to mess up, and do something that might result in the loan actually being forgiven.