I guess technically you are right, in that NAT doesn't prevent connections, it enables connections. But in the situation where you would have a NAT, behind a residential router, an outside host cannot connect to an arbitrary host on my internal network.
On a publicly routed PC, I can call `listen` and an outside host can connect to me.
On a PC behind a NAT - if I don't set up port forwarding - I can call `listen` and nobody from outside can connect to me.
So one could say, going from publicy routed to behind a NAT means that only allowed incoming connections are possible. Or am I missing something and you can really, from the outside, open a connection to a PC on a residential network which is behind a simple NAT (TCP server listening on that PC)?
The only caveat is that if you're using RFC1918, it greatly limits who can connect -- only your ISP, or another customer connected to the same shared VLAN your router is, or anyone that can physically attach to that network (or anybody in a position to order, blackmail or social engineer those three groups or their employees) can do it, because they're the only people that can set a route to your router for RFC1918 destinations.
Other than that, the connection will just head right on through your router. NAT's whole thing is to change the source address of your outbound connections. Inbound ones (when they don't match port forward rules) are ignored by it, which means they get routed by the router in exactly the same way they would if the router wasn't doing NAT.
At best you could argue that RFC1918 blocks connections, which would be somewhat closer to true, but... well, it doesn't. If you actually want to stop all connections from outside your network, you've always had to do it with a firewall on the router.
And of course, I said "if". You can NAT on public IP space. On residential connections you're unlikely to have public IP space on v4, but that's just a consequence of v4 being exhausted.
There have been incredibly clever attacks based on tricking intervening routers into routing the traffic to the target gateway, but more prosaicly my next hop ISP is itself a threat I worry about.
Nooo... I don't want something to exist that can absolutely prove that a photo is real. This only serves to enforce social norms more rigidly. These include reasonable norms like against committing crimes or behaving abusingly but it also includes stupid norms like behaving uncool or doing something embarrasing. The problem is, where do you draw the line? I think if somebody does something stupid or even morally dubious there should always be a way of forgetting it.
That you can't believe everything you see in the age of AI is a feature, not a bug. We are so used to photographs being hard facts that we'll have to go through a hard transition, but we'll be fine afterwards, just as we were before the invention of photography. Our norms will adapt. And photographs will become mere heresay and illustration, but that's OK.
I think here the same dynamic is at play as with music/videos and DRM. Our society is so used to doing it the old way - selling physical records - that when new technology comes along, which allows free copying, we can't go where the technology leads us (because we don't know how to feed the artists, and because the record industry has too much power), so we invent a mechanism to turn back the wheel and make music into a scarce good again. Similar here: we can't ban Photoshop and AI, but we invent a technology to try to turn back time and make photos "evidence" again.
LLMs are just the speech center part of the brain, not a whole brain. It's like when you are speaking on autopilot, or reciting something by heart, it just comes out. There is no reflection or inner thought process. Now thinking models do actually do a bit of inner monologue before showing you the output so they have this problem to a much lesser degree.
> this just hasn't been the case for some time now
Which I find sad actually. The idea of C++ as a superset of C is really powerful, especially when mixing C and C++. A while ago I had a C project (firmware for a microcontroller) and wanted to bake the version and the compilation time into the firmware. I didn't find a way to do this in plain C, but in C++ you can initialize a global struct and it gets statically linked into the output. This didn't even use constexpr, just preprocessor trickery. Then it was just a matter of renaming the c file to cpp and recompiling. I guess you could also do that with C, but there are things like RAII or constexpr or consuming a C++ library that you can't do without.
> wanted to bake the version and the compilation time into the firmware. I didn't find a way to do this in plain C, but in C++ you can initialize a global struct and it gets statically linked into the output. This didn't even use constexpr, just preprocessor trickery.
I might be misunderstanding here, but if you are okay with preprocessor trickery, then it's doable.
> Cellebrite admits they can not hack GrapheneOS if users had installed updates since late 2022.
So, how do I know that GrapheneOS is not a honeypot for the really big fish?
At this point it seems if you really want to be safe, you have to add obscurity (in addition to conventional best practices). Like changing the pinout on your USB port so the exploit device can't connect.
Or 3) there are illegal immigrants and ICE is deporting them according to the law, BUT some people think this is unjust and want to do something against it. The democratic process to change laws is too slow or doesn't work properly, or there is no majority to change the law.
Remember there is a difference between legal and legitimate. You don't have to do something just because it is the law (well, you could define "have to" to mean what the law says, but then it becomes pretty circular).
Historically, often behavior changes before the applicable laws change. Think about the acceptance of gay relationships, or the use of cannabis. If people don't sometimes break the law, society can't evolve. That doesn't mean the rule of law has to break down. I think the rule of law is very important and would uphold it in most cases, but there are certain cases where conscience might order one to break or circumvent a law.
I think users applies to end-users here. So you must not run the software as a service (either paid or for free) for other users. You are free to use it yourself.
Crucially, I think what is banned to offer accounts. Offering turnkey-hosting is probably banned in spirit, but the person offering the turnkey-hosting is not in violation, rather the person booking the turnkey hosting and offering the accounts on the instance to third parties is in violation.
I think the wording is originally against somebody like Amazon hosting e.g. database instances for other people to use, and then giving you an account in that database. It's still OK to rent a VM from them and use the package manager to install it.
In any way, it is really confusing, in a way a license should not be. And I don't really understand why someone builds a blog platform, which is not monetized, open sources it, but doesn't want other people to host it. If I open source my stuff, I want people to use it. If I want to share the code but don't want people to use it I'd just put it somewhere it with no license at all (all rights reserved).
Idk. That's not how I'm reading it. Someone reading my blog is a user of the blog software. So running the blog and letting people read it would fall under that limitation and therefore would be prohibited.
I understand that's probably not what they tried to write, but wouldn't want to defend that understanding in a courtroom.
> It's still OK to rent a VM from them and use the package manager to install it.
Do you open up port 80 to the world? Because then you are hosting the service that offers users access to substantial features or functionality.
> In any way, it is really confusing, in a way a license should not be.
So, as there are a couple of docks coming out that work with Switch 2 and have apparently reverse engineered the protocol... I wonder if some company could make a small dongle that just sits between the switch and my monitor, or my USB-C docking station, and fixes the communication.
For a DIY solution, protocol wise it doesn't seem too complicated, but electronically USB-C or HDMI is out of reach for most hobbyists. And I assume most USB-C interface chips you can get aren't programmable to the degree neccessary...
No, please do invent your own crypto, just don't deploy it! Coming up with schemes and then seeing where they fail is the best way to learn the intricacies. I think more of us 'lowly developers' should be familiar with the common pitfalls.
That the bank is aware of your identity is not neccessarily a flaw, but a boundary condition of the protocol. Assuming a trusted intermediary, how can we.... I think a solution here is not purely technical, but also social. How about establishing a trusted intermediary that can check your identity, but for sure does not do anything malicious with the information? Maybe there is a strong taboo against disclosing the information, like with the confidentiality of confession.
There is another flaw in the proposed scheme, how do you make sure that people don't just take the signature from another person? This one is pretty tricky to solve.
I have been thinking about similar "proof of attribute" protocols for a while, since they have interesting use cases outside of age verification. You could verify that a person on HN is really an Apple employee, without Apple being able to identify that user. Or on a dating site, you could verify that the user is a certain gender, in a certain age bracket, and the account is tied to a social media account in good standing (not a throwaway account), without having the link explicit somewhere (and thus leakable).
I completely missed that I could hand the merchant string to a friend with a bank account and have them sign it. Pretty obvious in retrospect!
Its not perfect, but maybe reasonable enough to prevent resale by using a salted hash of the users ip.
Wrt hash linking, theres chaums blind signature thing which looks solid. It feels like a cheap enough, private enough, and reliable enough solution is that can be rolled out in under 6 months is in this neighborhood; maybe this provides something to trigger someone who can do it to do it.
Also, mulling over it; I would bet pornhub and chase.com both use google-ad trackers and 200 other ad networks. The issues my mvp create require chainalysis and a warrant. Maybe big picture, not so bad.
Back when I was studying physics, we frequently had to do calculations with error propagation. I tried to implement something very similar in C++ and in Python, but never finished it. I also thought it would be neat if a spreadsheet program could understand uncertainties, and also units, so you could enter 1m +- 10cm and it would propagate the errors correctly. If you laid out the data with one column for the values and one for the errors, I had a couple of OpenOffice macros that would perform the calculations.
Another place where I think this would be neat would be in CAD. Imagine if you are trying to create a model of an existing workpiece or of a room, and your measurements don't exactly add up. It's really frustrating and you have to go back and measure again, and you usually end up idealizing the model and putting in rounder numbers to make it fit, but it is less true to reality. It would be cool if you could put in uncertainties for all lengths and angles, and it would run a solver to minimize the total error.
On a publicly routed PC, I can call `listen` and an outside host can connect to me.
On a PC behind a NAT - if I don't set up port forwarding - I can call `listen` and nobody from outside can connect to me.
So one could say, going from publicy routed to behind a NAT means that only allowed incoming connections are possible. Or am I missing something and you can really, from the outside, open a connection to a PC on a residential network which is behind a simple NAT (TCP server listening on that PC)?
reply