yifanlu's comments

Reposting from https://news.ycombinator.com/context?id=30980625

tl;dr: Used a burner email signing up for Comcast Xfinity and have been constantly receiving phishing emails on that address. (Last one was this morning.)

I signed up for Comcast Xfinity using a brand new “hide my email” address and three months later I started receiving phishing emails at that address. (I’ve gotten over half a dozen so far). Made me realize that either Comcast was hacked (without disclosing it) or they’re selling people’s emails.

I have a blog hosted on GH Pages generated with Jekyll. I got this email from the researcher:

> To Whom It May Concern:

>

> My name is Tom Harris, and I am a resident of Sacramento, California. I have a few questions about your process for responding to General Data Protection Regulation (GDPR) data access requests:

>

> Would you process a GDPR data access request from me even though I am not a resident of the European Union?

> Do you process GDPR data access requests via email, a website, or telephone? If via a website, what is the URL I should go to?

> What personal information do I have to submit for you to verify and process a GDPR data access request?

> What information do you provide in response to a GDPR data access request?

> To be clear, I am not submitting a data access request at this time. My questions are about your process for when I do submit a request.

>

> Thank you in advance for your answers to these questions. If there is a better contact for processing GDPR requests regarding yifan.lu, I kindly ask that you forward my request to them.

>

> I look forward to your reply without undue delay and at most within one month of this email, as required by Article 12 of GDPR.

>

> Sincerely,

>

> Tom Harris

I honestly thought it was one of those legal trolls who sent the same email to everyone hoping to find someone to sue but I responded anyways explaining how statically generated sites worked and that I’m willing to provide the information, being that the information is that I have none…

The last paragraph in particular made it sound like a veiled legal threat (or that they’re hinting that they’re willing to go down that road). I felt that I had to respond just to establish some record.

Yeah it’s 2021 and Chinese manufactured are more reliable and higher quality than anything American made. As an anecdote I build PCBs for a hobby and I’ve purchased PCBs and chips from both cheap Chinese fabs and suppliers as well as Americans ones. The only issues I’ve ever had were with American ones (which were many times more expensive) and I’ve stopped using them completely.

I would be curious if librem will ever release data regarding failure rates of their American made phones versus non-American made ones. But considering how they’re branding this and the kind of person who will spend the premium to buy it, I doubt they will ever say anything.

Also after the Snowden revelations, I laugh at the idea that American made products are somehow more “secure”. Sure we (as in US intelligence community) think China puts back doors in things but from the Snowden revelations we KNOW that American companies like Cisco puts backdoor into things.

Smells fishy. High tech product at a super low price. $1 reservation. “1337 people have reserved.” Creator name is “Stone” Li. Uses some website called “viralmarketing”.

My guess is this is gonna turn out to be some research paper on viral marketing or something.

Jeez as a Chinese person who lives in USA I find this comment very condescending and offensive.

> But China, while increasingly mature economically, has not developed proper civil society, human rights, freedom of expression, democracy, and so on.

I don’t want to get into a whataboutism debate about all the human rights violations the USA has engaged in (yes Trump but Obama as well and W before him and etc). But really I’ll just focus on “proper civil society”. Jfc is the sinophobia getting overt around here.

Even if I take the good faith argument that “it’s commentary about CCP not Chinese people” as I often hear after racist remarks, I’ll just point out I’ve been hearing comments like this all my life in all sorts condescending ways. Most of the time in bad faith. So I don’t give a shit about how you “intend” it to be.

It’s a highly technical problem that doesn’t have much practical use. Essentially it says that a weak (polynomial time) classical computer (called the “verifier”) with the ability to query (polynomial number of times) a small number of all-powerful computers (called the “provers”) with unknown/unbounded computing power is able to be convinced that the prover is indeed all powerful (convinces the verifier that it knows the answer to some problem that is known to be difficult). These specific provers can not communicate with each other (collude) but can share some entangled bits (the quantum part). The result here is (basically) that the verifier can be convinced that the prover knows the answer to the halting problem.

The result is more interesting with some context though. One of the biggest discoveries of the 21st century is that PSPACE=IP. That’s where a single all powerful prover can convince a weak verifier of any solution in PSPACE (an extension of P that we believe to be more powerful than P). Then more recently we found MIP=NEXP which is a bunch of classic all powerful provers (with no collusion) can convince a single weak verifier of any problem in NEXP (which is like NP but with much larger proof sizes, thought to be more powerful than NP). The surprising fact is that multiple all-powerful provers can convince a verifier of harder problems. Intuitively this doesn’t make sense because we know each provers are all powerful and are permitted to do anything, even physically impossible tasks, so the fact that a single prover cannot convince a verifier of any problems harder than PSPACE is surprising. More surprising is that multiple all powerful provers can somehow prove harder problems when it feels like we’re not adding any extra power (they’re already “all powerful”).

So in that context we find the also surprising fact that if we weaken the “no collusion” requirement to “only quantum entanglement” and suddenly they can solve the halting problem (but still no more!).

This line of proving both upper and lower bounds about complexity classes is exactly what we want to see in the P vs NP world (which is in many ways less “powerful” of classes but more “practical”). But we don’t even know if P ?= NEXP.

From Scott Aaronson

> Yet another reason to be excited about this result—one that somehow hadn’t occurred to me—is that, as far as I know, it’s the first-ever fully convincing example of a non-relativizing computability result.

This is one of the three known barriers any proof of P vs NP must overcome. Not saying any of this applies to P vs NP but the proof technique demonstrated is important for such a proof.

Assuming both Intel and AMD implement performance monitors the same (i.e. same notion of instructions executed, which may be hard to measure with speculative execution), the comparison is still flawed because it doesn’t matter if Intel can do more instruction per cycle if AMD can produce more cycles in a span of wall time.

> However, it is not clear whether these reports are genuinely based on measures of instruction per cycle. Rather it appears that they are measures of the amount of work done per unit of time normalized by processor frequency.

That’s precisely why nobody really uses IPC as a way to compare processors. “How much work done per unit of time” is a much better measurement and I guess for historical reasons, people conflate it with IPC.

But real textbook IPC is useless for comparison.

> and user contributed

There's been a lot of debate in the enthusiasts community, but reviewers believe that user benchmarks don't have much value. There's so much variation in software, cooling, RAM speed, GPU speed, etc. Even misconfigurations like different running background apps can skew the results.

However, for a processor that's been in the market for a while, I think userbenchmarks is a good site to look at the aggregate data. Their rankings were recently updated to disfavor AMD chips, so don't take those too seriously. But for head-to-head comparisons of processors with a lot of users, you can get a good idea of how much faster a processor is.

However, I disagree that review sites should consider "user data" because 1) these are new processors and people who read these reviews are usually early adopters who want to make a buying decision and 2) the testing setup and methodology is a time consuming and scientific process and shouldn't be discounted by just asking random people to run an app.

Yeah, I don’t know or care about any of these people. I have no idea who the author is or why they’re relevant. I only clicked this link because I’m a sucker for clickbait and am pretty bored rn.

> Since we are focusing, in this article, on the banning of the individual from an event -- we are going to start with the initial (to my knowledge) and primary public complaint posted by Kim Crayton and directed to the organizers of the conference (KubeCon).

So as soon as I got to that point, I got suspicious. It seemed awfully convenient to start a story at that point.

> I am keeping my personal opinion out of this article. Just facts, so you can make up your own mind on what, if anything, all of this means.

Not sure if they think they’re getting away with it or if they legit don’t know how biased this reads to someone, who once again, has no stakes in the situation. I actually went ahead and googled and situation and I don’t claim to know the full story from 15 mins of reading different hot takes but boy...

Anyways, that’s enough Silicon Valley tmz for me for tonight.

tl;dr: they got one of these spam email that you’ll find a dozen of in your spam box, made up a bunch of “potential” bad things that could happen but none of that happened and the spammer just wanted bitcoins.

Daily reminder that Bloomberg published “The Big Hack” a year ago and haven’t redacted it or made any updates.

If everyone is happier, less stressed, and as a result less productive, then isn’t that a good trade off? Shouldn’t we all strive to work less hours if it means better mental health? That’s what I would wonder.

Instead of complaining about the quality of the article, I’m thinking about the open question at the end. What would be a higher level abstraction for FPGA development?

Is it possible to create a language around FSMs? Most hardware seems to have two parts: the actual logic that implements some functionality and then some FSM that implements the control logic. The FSM may also have a lot of implicit/assumed states (like a counter for some timeout). Maybe a higher level language can expose these design pattern in a nicer way and hide all the messy low level details (like sequential/combinational logic, connecting ports and wires, matching signal widths, etc).

Great app but the ability to remap caps lock to Esc on an external iPad keyboard is why I went with Blink shell instead.

The article is garbage so I skimmed the paper. Here's what I gleaned (apologizes for any mistakes).

So they created a modified RISC-V architecture and added a tagging infrastructure. 64-bit registers become 66-bits. L1/L2 cache are expanded to hold 2 extra bits per qword, etc. In DRAM, every process gets a chunk of memory where all the tags are stored in one area. So for example, if your virtual address space is 32-bits then you have 2^32/64 * 2 bits of storage or ~16MiB of storage.

That's the storage overhead. Now, their architecture also does a sort of taint tracking. When you compile your C code with their modified llvm compiler, it outputs a 2-bit tag for every pointer. So every qword is tagged with "code pointer" "data pointer" or "data" or "code". When the processor operates on a qword, it propagates the tag. For example "pointer + data = pointer" and "pointer & data = data" for example. At any point in time, that tag storage in DRAM will also store if everything in memory is a code/data pointer or code or data.

Periodically, it will traverse through the tag storage and for every code pointer and data pointer it finds, it will obfuscate it (I think it can relocate stuff too). For code/data it can encrypt it. Of course because all this stuff is transparent to the program, there's no extra work for the developer. (E.g. if you load data from a pointer, it tracks that it's a piece of data and decrypts it transparently with a key that can be changed during the "churn"). It's very similar to GC.

They also detail some optimizations such as accounting for context switches during the "churn" process. And how to not have to keep the process halted while DRAM is being churned. They claim the performance impact isn't too bad but of course we'll have to see how it works with something like Chrome.

tl;dr: Basically from what I gathered, it's an architecture extension to RISC-V (it can be introduced to other archs as well) which tracks basic type information for all memory locations. Periodically, the system will transparently shuffle code and data around safely by using the type information. It's harder to exploit vulnerabilities because addresses and data keep changing around.

If P=BPP as we suspect, what advantage does this give us?

Video game console hacking. Wanted to run my own code on my console back before phones and laptops were so cheap.

Auto analysis when you have barely any information. Any tool can make nice output if you feed it nice input. Try a partial dump from an exotic device and then you’ll see IDA shine.