zirak's comments | WingNews

zirak | 1 month ago | on: CISA’s acting head uploaded sensitive files into public version of ChatGPT

The US uses them more pervasively it seems, but there's still remnants of it elsewhere.

The UK uses them for post-conviction monitoring in certain offenses: https://www.gov.uk/government/publications/police-crime-sent... ...and there's more than one British polygraph group: BPA and BPS (https://www.britishpolygraphassociation.org/, https://polygraph.org.uk/)

Australia did indeed reject the polygraph for security clearance: https://antipolygraph.org/blog/2006/10/19/australian-securit...

Canada however does seem to use it as part of their intelligence screening: https://www.canada.ca/en/security-intelligence-service/corpo...

> Do I have to go through the polygraph test to join CSIS?

> Yes. All CSIS employees must obtain a Top Secret security clearance and the polygraph is a mandatory part of the process.

Seems to be the same for CSE and to get "Enhanced Top Secret" clearance.

Back to the US, the Department of Labor says that private employers can't force people to undergo a polygraph test: https://www.dol.gov/agencies/whd/polygraph But of course this does not apply to public sector jobs, where it's used more pervasively.

zirak | 2 years ago | on: What I learned getting acquired by Google

A friend who works there reported that there's currently no theremin. It seemed to have been someone's personal theremin, and they took it with them when they left.

However, it sparked an interest in having a theremin - so perhaps it'll make a return!

zirak | 2 years ago | on: Mozilla Standards Positions Opposes Web Integrity API

They went from A to B (exact magnitude of change is of course part of the criticism):

         |------------B---A---|
    anti-user              pro-user

Is Mozilla still, currently, a failure at their job?

---

These kinds of discussions are frustrating to me since it feels like we've been dealt a very bad hand. But it's not just this hand, the dealer is firmly set on us only receiving bad hands in any game we play.

Like in a card game, this is the only hand that we'll get. What other corporation do we have to push these kinds of values? What other avenue do we have? It's sad that we've come to this situation, but if the choice is the currently perceived-to-be-failing Mozilla and no Mozilla, I pick the failing Mozilla.

zirak | 2 years ago | on: Mozilla Standards Positions Opposes Web Integrity API

How do we define "failure"? Let's say we can measure how much Mozilla fights for the user and put it on a scale:

         |--------------------|
    anti-user              pro-user

Where on the scale is "failure"? Let's say Mozilla is on the M, and Google is on the G:

         |----G-------M-------|
    anti-user              pro-user

Is Mozilla failing?

The sentiment I seem to see is that anything short of perfect is failure.

zirak | 3 years ago | on: Linux 5.19

Maybe Linus wants to work on his laptop and not the cloud, because that's just the way he wants to work. And he wants an M1 / M2 because he likes something about them.

That doesn't feel very controversial, someone wanting to work the way they want to and not some other way.

zirak | 3 years ago | on: The Case for C# and .NET

The data this article quotes doesn't smell right.

The tables and graphs in "The Performance Problem" section should at least feel a little strange. Looking at the original article[1], we can see the source code for JavaScript [2], Python [3], and .Net [4] shows that...there just isn't much going on here. This isn't a comparison of how fast these are. It's a comparison of how fast this AWS setup could do its thing, and how fast this DynamoDB client library is.

In the "So Why/Not .NET?", there's the "Advisories by package ecosystem and severity"[5] graph. So it doesn't feel a little strange that NuGet is the pinnacle of software engineering, and programs there just have no security vulnerabilities? Or maybe...there's some bias going on here, and NuGet isn't as interesting to look at as PyPI, so there are fewer advisories being published? That's another way to look at it.

When things look too good to be true, maybe they are. I don't care if the author (or anyone else) wants to use .Net, have fun. I do care that we sometimes approach technological issues with hostility and rivalry, accepting random data which seem to support us without looking them through.

[1] https://filia-aleks.medium.com/aws-lambda-battle-2021-perfor... [2] https://github.com/Aleksandr-Filichkin/aws-lambda-runtimes-p... [3] https://github.com/Aleksandr-Filichkin/aws-lambda-runtimes-p... [4] https://github.com/Aleksandr-Filichkin/aws-lambda-runtimes-p... [5] https://octoverse.github.com/static/github-octoverse-2020-se...

zirak | 4 years ago | on: I will pay you cash to delete your NPM module

The constructor check would unfortunately not work for cross-frame arrays. Each frame has its own global object, with its own Array constructor. So:

    var iframe = document.createElement('frame');
    document.body.appendChild(iframe);

    var value = iframe.contentWindow.Array();
    value.constructor === Array // false
    value instanceof Array // false
    value instanceof iframe.contentWindow.Array // true

Stringifying the constructor works even for cross-frame values:

    value.constructor.toString() === Array.toString() // true

These days though, `Array.isArray` is the right thing to do, available since roughly 2010.

zirak | 4 years ago | on: Antigravity.py (2020)

From the python source code: https://github.com/python/cpython/blob/11749e2dc20ad6a76e9a3...

It seems to be shelling out to osascript, either telling it to OpenURL or open.