More

junek · 2025-07-18T10:08:14 1752833294

Let me guess: you hold some crank views that aren't shared by the people who maintain Wikipedia, and you find that upsetting? That's not a conspiracy, it's just people not agreeing with you.

fauigerzigerk · 2025-07-18T10:24:54 1752834294

Your guess is incorrect. I'm keeping well away from polarised politics as well as anti-scientific and anti-intellectual fringe views.

junek · 2025-06-24T11:55:46 1750766146

Please step away from the lathe

junek · 2025-04-15T15:02:57 1744729377

Because one kind of thing helps people and the other kind of thing inflicts pointless cruelty on the innocent.

And the regime loves pointless cruelty.

junek · 2025-04-10T17:56:37 1744307797

Garfield Minus Garfield has the same bleak sense of desolation as Goya's "The Dog". Just wonderful.

junek · 2025-02-13T13:13:13 1739452393

I doubt they think much, in general

junek · 2025-01-28T18:51:33 1738090293

OK, fun. What can we do to mitigate this until it gets patched?

omcnoe · 2025-01-28T19:00:48 1738090848

Serious answer, don't use Safari. Use a browser that properly separates webpages into isolated processes so that this kind of cross-site read is not possible.

goldsteinq · 2025-01-28T20:00:08 1738094408

There’re no other browsers on iPhone. Every iPhone browser is a reskin of Safari. They’re in theory supposed to allow other browsers in the EU, but AFAIK it has not happened yet.

prmoustache · 2025-01-28T21:31:23 1738099883

Then don't use an iPhone until it is patched.

hashstring · 2025-01-29T00:38:34 1738111114

What about turn JS off on your favourite iOS browser?

prmoustache · 2025-01-29T08:51:26 1738140686

That wouldn't prevent possible malware apps using WKWebview from getting out of the jail they are running out right?

hashstring · 2025-01-29T09:25:54 1738142754

Yes, I agree.

However I also expect that Swift-compiled apps can do this without a web browser component.

It’s a different threat model though, having installed a malicious app vs browsing a malicious site.

prmoustache · 2025-01-29T09:39:20 1738143560

Which is the reason alongside telemetry I tend to favor using websites over apps.

Having said that there are apps that are considered mainstream and not malicious by the general population but can become a convenient backdoor for, say, a state actor.

tholdem · 2025-01-29T14:00:23 1738159223

No need to turn JS off. Turn on Lockdown mode which disables Javascript JIT and WASM, which might be enough

saagarjha · 2025-01-30T00:30:25 1738197025

It’s not.

walterbell · 2025-01-30T06:24:14 1738218254

Brave on iOS can limit Javascript to trusted sites.

jmkni · 2025-01-29T10:42:13 1738147333

So could this hypothetically open a mail client on your iPhone and read your emails?

saagarjha · 2025-01-30T00:31:06 1738197066

No, it doesn’t do cross-address space attacks.

ragnot · 2025-01-28T20:41:51 1738096911

God I hate Apple sometimes

cortexing · 2025-01-29T04:53:46 1738126426

[flagged]

russelg · 2025-01-29T05:59:55 1738130395

Was this comment so important you had to make a new account for it?

amelius · 2025-01-28T19:36:13 1738092973

Will that work? Isn't memory treated in a unified way between processes, at some point?

saagarjha · 2025-01-28T20:14:18 1738095258

Processors are not supposed to speculate across ASIDs

goldsteinq · 2025-01-28T20:02:42 1738094562

It will work unless someone forgets to add a public suffix into the public suffix list (as described in the FLOP paper). Both of these attacks target virtual memory pointers.

thijsr · 2025-01-28T18:57:39 1738090659

From the FAQ:

> While FLOP has an actionable mitigation, implementing it requires patches from software vendors and cannot be done by users. Apple has communicated to us that they plan to address these issues in an upcoming security update, hence it is important to enable automatic updates and ensure that your devices are running the latest operating system and applications.

hmottestad · 2025-01-28T19:46:14 1738093574

I wonder if Lockdown Mode would help?

dmitrygr · 2025-01-29T03:58:48 1738123128

IIRC, it disables jit and webassembly, so i think yes

junek · on Jan 16, 2025

I'm generally in favour of the joycons as a concept. They make multiplayer party games a breeze.

But the execution in the Switch 1 is flawed. They're on the small side, and generally fiddly. If the joycons for the Switch 2 are larger and just more ergonomic then I think it'll be a win.

EDIT: the joycons also being little motion wands was also quite good. You don't need a separate accessory like on the other consoles. Overall the joycon is a neat little package of functionality, if imperfect.

junek · on Dec 30, 2024

> you'll quickly learn you can't use it to block political ideology from the DM

That's like, not true at all. The X card is exactly for that purpose, the GM doesn't get a special exception from the effect of the X card.

As a GM, if a player reaches for the X card for any reason I'm obliged to stop and listen.

I'm curious what exactly you mean by "political ideology" in this context. Can you give a concrete example of the kind of thing that makes you uncomfortable?

stolenmerch · on Dec 30, 2024

I believe you, but that's not the case everywhere. I've had DMs who have put drag shows in our game as part of tavern entertainment, for example. Even though I have no problem with them in real life, I have no desire to see them in my fantasy game because it just reminds me of contemporary culture war shenanigans. When questioned on it or asked if we could not do that, I've received nothing but pushback. Stuff like that.

dsr_ · on Dec 30, 2024

Not every group is right for every person.

But the big thing is this: it's not your fantasy game. It's the shared fantasy game of you, the other players, and the DM.

GeoAtreides · on Dec 30, 2024

> Not every group is right for every person.

In the context of an X-card discussion, that's hilarious.

"Touch the X-card, but only if the group agrees on why the X-card was touched. Otherwise, find new group"

turns out the real x-card was the group itself :)

dsr_ · on Dec 31, 2024

This is true of every voluntary social thing.

GeoAtreides · on Dec 31, 2024

yes, exactly, that's why the X-card thing is just useless performative theatre

junek · on Dec 29, 2024

I know it's a typo but this:

> what more could a shell?

Is quite good. It could almost be the tag line for fish shell.

junek · on Dec 25, 2024

My hot take is that the allure of parser-generators is mostly academic. If you're designing a language it's good practice to write out a formal grammar for it, and then it feels like it should be possible to just feed that grammar to a program and have it spit out a fully functional parser.

In practice, parser generators are always at least a little disappointing, but that nagging feeling that it _should_ work remains.

Edit: also the other sense of academic, if you have to teach students how to do parsing, and need to teach formal grammar, then getting two birds with one stone is very appealing.

zelphirkalt · on Dec 25, 2024

It is not academic. It is very practical to actually have a grammar and thus the possibility to use any language that has a perser generator. It is very annoying to have a great format, but no parser and no official grammar for the format available and being stuck with whatever tooling exists, because you would have to come up with a completely new grammar to implement a parser.

junek · on Dec 25, 2024

> It is very practical to actually have a grammar

I fully agree that you need to have a grammar for your language.

> and thus the possibility to use any language that has a perser generator.

See, this is where it falls down in my experience. You can't just feed "the grammar" straight into each generator, and you need to account for the quirks of each generator anyway. So the practical, idk, "reusability"... is much lower than it seems like it should be.

If you could actually just write your grammar once and feed it to any parser generator and have it actually work then that would be cool. I just don't think it works out that way in practice.