Bruh, you're talking about one of the most protocol laden risk averse organizations known to man. That's an absurd speculation compared to the thing you would naively expect, which is exactly what is happening.
You must be riding a different Caltrain, unless I'm on my motorcycle it's always faster to get anywhere in SF via Caltrain + bike from the peninsula during commute hours, it's not even close.
Sure they can send requests but they can't receive them unless you've got misconfigured CORS. I guess there's DNS rebinding but like, idk, attack surface seems pretty small. This sort of stuff isn't really worth worrying about unless you're an idiot or likely to be the victim of a targeted attack. I happily run code off the internet all the time and it seems fine. If there's one thing that really seems like a mind virus it's the paranoia all security people get, I can't imagine living life like that. I'm ok getting pwned every few decades if the tradeoff is never worrying about this shit.
Maybe I've just gotten lucky?
(i will say putting a device not running open source software/firmware or something very locked down like a phone on your LAN is insanity, i could never)
When you run VS Code, it spins up a local language server that is capable of making code changes. That is how refactoring python works in many editors (including VS Code).
A website that you're browsing could potentially send requests to this server asking for code to be inserted that fully compromises your device. What keeps us safe?
- maybe the website is only allowed to send GET requests, not PUT requests, and maybe the language servers that you're using are all "hardened" so that they will never permit mutations via any get requests, and never have a misconfigured CORS header
- the website has to guess the correct port and the correct language server with a known vulnerability
- any website doing this on a large scale would likely get the language server patched and the website on a block list
- there might be other safeguards that I'm not familiar with. For example, I believe that Chrome disallows this by default
So now, here's my frustration: these two statements seem hugely at odds with each other:
> I'm ok getting pwned every few decades if the tradeoff is never worrying about this shit.
> (i will say putting a device not running open source software/firmware or something very locked down like a phone on your LAN is insanity, i could never)
I'm ok with a person who makes either statement. I'm also ok with a person who makes the first statement, and also wants their LAN locked down. However, I do not feel as though the a LAN ever needs to be locked down unless a person in running a server on the LAN network. Personal devices (like laptops and phones) are plenty capable of resisting malicious networks by default (coffee shops, university wifi, etc). What else is on a LAN?
> mind virus it's the paranoia all security people get
I generally agree with you, but I feel as though I am the one who has accepted that personal laptops need to handle malicious networks, and I'm generally comfortable with that. I don't worry too much about putting IoT devices on the same network as my personal laptop, nor about connecting to coffee shop wifis.
You know, I wouldn't be surprised if the AI was less than 50% accurate. I'm not claiming that in general, but I'm also certain it would be possible to construct a dataset such that the AI would do far worse than a coin flip.
You know that it's not possible to do worse than a coin flip, right? If you're getting it 100% wrong, I'll just do the opposite of what you say, and have a 100% correct predictor.
The threshold isn't 50% because the distribution of human and AI written cases isn't naturally 50-50. So a coin flip will underperform always guessing the more frequent class. Where it gets interesting is if the base is unknown or variable over time or between application domains. Like, since AI written text is being generated faster than the human kind, soon guessing AI every time will be 99% accurate. That doesn't mean such a detector is useful.
When we say "coin flip" in these situations we mean "chance", ie the prior distribution. Otherwise a predictor of the winning lottery numbers that's "no better than a coin flip" would mean it wins the jackpot half the time.
Yup! My point is that the 'coin flip baseline' model that's as good as chance isn't actually trivial to create, for an unbalanced and time varying underlying distribution.
great move, we're continually about 2 days away from kessler if we lost maneuvering control on a constellation like starlink (ofc that's vanishingly unlikely, but it's important to understand that continual maneuvering is what keeps space accessible to humanity)
anything we can do to lower that risk is a good move, and dropping 70km of elevation for the largest satellite constellation is definitely going to make a dent in the risk profile
i hope to see progress with air breathing ion engine satellites in the coming years to further lower the minimum altitudes that these constellations can operate at
The paper says we are 2.8 days away from a collision. It doesn't say we're '2 days away from kessler'. In fact, the paper explicitly warns against your interpretation.
> We emphasize that the CRASH Clock does not measure the onset of KCPS, nor should it be interpreted as indicating a runaway condition.
> we're continually about 2 days away from kessler if we lost maneuvering control on a constellation like starlink
To be clear, we’d be at risk of losing those specific orbits for a few years. Nothing would block all orbits much less access to space. And nothing above those orbits would be any more statistically likely to suffer an impact afterwards.
For these large constellations, vehicles are generally raised slowly at the beginning of their lives, and debris spreads out as it decays downwards. A significant increase in debris at 550km would have an impact on all orbits below it, including all vehicles raising through that debris zone.
> A significant increase in debris at 550km would have an impact on all orbits below it, including all vehicles raising through that debris zone
Space is huge. Try this trick: the number of satellites in orbit is about the same as the number of planes in the air at any time. (~12,000 [1][2].)
The volume of space from the ground to 50,000 feet is about 200x smaller than the volume from the Karman line to the top of LEO alone (~2,000 km).
Put another way, we approach the density of planes in the sky in LEO when there are milliions of satellites in that space alone. Picture what happens if every plane in the sky fell to the ground. Now understand that the same thing happening in LEO, while it occurs at higher energy, also occurs in less-occupied space and will eventually (mostly) burn up in the atmosphere.
Put another way, you could poof every Starlink simultaneously and while it would be tremendously annoying, most satellites orbiting lower would be able to get out of the way, those that couldn't wouldn't cause much more damage, the whole mess would be avoidable for most and entirely gone within a few years.
There are serious problems with space pollution. Catastrophic Kessler cascades that block humans from space, or knock out all of our satellites, aren't one of them.
> The volume of space from the ground to 50,000 feet is about 200x smaller than the volume from the Karman line to the top of LEO alone (~2,000 km).
Volume is the natural way to assume space scales, but it's incorrect. Two planes can fly parallel, side by side. Two satellites cannot orbit side by side.
In the limit, if Earth had a solid ring of infinitesimal width, it would take zero volume but all orbits.
I've tried to ask this before in various contexts and I've never been able to find an answer but maybe commenters on a post like this would know.
I like the way that the CJK fonts render without anti-aliasing on windows. I want to know why and how to cause windows to render a non-cjk font of my choosing in this aliased style. I am not opposed to hex-editing or otherwise modifying the font if that's necessary. I've never been able to find information bout the mechanism or how it's triggered.
right, i can solve this okay by rendering an image and then putting transparent text over it in order to preserve editability, but it's such a pain in the ass, and i know windows is capable of doing it because it does do it, i'm not looking for a solution, i want to understand a facet of windows font rendering
I want to be much more publicly unhinged and in general do a lot more art without worrying too much about why or what I'm trying to say. I've found a lot of beauty in shitposts this year and I want to develop my skills to really meaningfully contribute to the corpus.
reply