Forwarded from Ігор Клименко | МВС
Media is too big
VIEW IN TELEGRAM
Харків. Ці кадри неможливо дивитися з холодним серцем.
Молодий вогнеборець плаче на місці удару, де росія декілька хвилин тому цинічно вбила його батька – 52-річного рятувальника.
Загиблий Владислав Логінов присвятив своє життя роботі в пожежній службі. Його син, Володимир, також за прикладом батька став вогнеборцем і працював начальником караулу у сусідній пожежній частині. Цієї пекельної ночі, одразу після перших вибухів, батько та син з колегами миттєво виїхали на місце удару.
Владислав та Володимир працювали поряд, буквально за декілька будинків один від одного. Коли пролунав потужний вибух, син одразу зрозумів, що найімовірніше прилетіло туди, де був батько.
Складно уявити емоції, що пережив чоловік, коли побачив закривавлене тіло батька. Велике горе для рідних, колег, друзів.
Щиро співчуваю втраті кожної родини.
Памʼятаємо всіх 🕯️
Молодий вогнеборець плаче на місці удару, де росія декілька хвилин тому цинічно вбила його батька – 52-річного рятувальника.
Загиблий Владислав Логінов присвятив своє життя роботі в пожежній службі. Його син, Володимир, також за прикладом батька став вогнеборцем і працював начальником караулу у сусідній пожежній частині. Цієї пекельної ночі, одразу після перших вибухів, батько та син з колегами миттєво виїхали на місце удару.
Владислав та Володимир працювали поряд, буквально за декілька будинків один від одного. Коли пролунав потужний вибух, син одразу зрозумів, що найімовірніше прилетіло туди, де був батько.
Складно уявити емоції, що пережив чоловік, коли побачив закривавлене тіло батька. Велике горе для рідних, колег, друзів.
Щиро співчуваю втраті кожної родини.
Памʼятаємо всіх 🕯️
https://petition.kmu.gov.ua/petitions/6225
Петиція про заборону телефонного зв'язку для російських полонених
Петиція про заборону телефонного зв'язку для російських полонених
Посоветуйте тулзу/сервис для бекапов.
Хочется бекапить пару десяток гигов, обязательно с паролем.
Идеально в S3-like.
Хочется бекапить пару десяток гигов, обязательно с паролем.
Идеально в S3-like.
This media is not supported in your browser
VIEW IN TELEGRAM
What Rust Foundation spend all their budget on https://twitter.com/tsoding/status/1780848764665688503
Not sure but feels like this channel will be back, I mean IT-related shitposting. En Inglés 💃
As you can guess comments MUST be in English (see RFC 2119).
As you can guess comments MUST be in English (see RFC 2119).
On test reproducibility or again about
> 2024-02-23: Jia Tan merges hidden backdoor binary code well hidden inside some binary test input files. The README already said (from long before Jia Tan showed up) “This directory contains bunch of files to test handling of .xz, .lzma (LZMA_Alone), and .lz (lzip) files in decoder implementations. Many of the files have been created by hand with a hex editor, thus there is no better "source code" than the files themselves.” Having these kinds of test files is very common for this kind of library. Jia Tan took advantage of this to add a few files that wouldn't be carefully reviewed.
(from https://research.swtch.com/xz-timeline)
Horseshit:
> Many of the files have been created by hand with a hex editor, thus there is no better "source code" than the files themselves.”
Bullshit:
> Having these kinds of test files is very common for this kind of library.
Well, you decided to test something. You wrote a binary file and a test. Great. Fast-forward 3mo and give this test to someone else (future you, by example). Guess what? You have no freaking idea what you did 3mo ago!
If you are the smartest peasant on this planet and can recall all the steps in hex-editor in 30 minutes, that's cool, but you are lying to yourself.
Of course, xz-attack isn't just a 1 commit and sneaky code. It's also social engineering (kinda). Anyway, such dirty commits should not be accepted with "easier to write manually" argument.
(TBH AFAIR, I might have commits where I have a hex-string to test un/marshal, but I'm not from CIA or another gov-team😢)
xz backdoor.> 2024-02-23: Jia Tan merges hidden backdoor binary code well hidden inside some binary test input files. The README already said (from long before Jia Tan showed up) “This directory contains bunch of files to test handling of .xz, .lzma (LZMA_Alone), and .lz (lzip) files in decoder implementations. Many of the files have been created by hand with a hex editor, thus there is no better "source code" than the files themselves.” Having these kinds of test files is very common for this kind of library. Jia Tan took advantage of this to add a few files that wouldn't be carefully reviewed.
(from https://research.swtch.com/xz-timeline)
Horseshit:
> Many of the files have been created by hand with a hex editor, thus there is no better "source code" than the files themselves.”
Bullshit:
> Having these kinds of test files is very common for this kind of library.
Well, you decided to test something. You wrote a binary file and a test. Great. Fast-forward 3mo and give this test to someone else (future you, by example). Guess what? You have no freaking idea what you did 3mo ago!
If you are the smartest peasant on this planet and can recall all the steps in hex-editor in 30 minutes, that's cool, but you are lying to yourself.
Of course, xz-attack isn't just a 1 commit and sneaky code. It's also social engineering (kinda). Anyway, such dirty commits should not be accepted with "easier to write manually" argument.
(TBH AFAIR, I might have commits where I have a hex-string to test un/marshal, but I'm not from CIA or another gov-team😢)
New format: Monday rant or #monran
Rust 🤦♂️ I got a mention in one Rust PR, and oh, these imports (use keyword). See the screenshot in the next post.
Someone smart said that type-driven programming is another dimension of programming (orthogonal to code). For me, Rust's imports add one more dimension (see pic).
I just don't get this unneeded complexity and 40 ways of doing obvious AND SIMPLE stuff. IDE can hide, it buuuut isn't this a way to solve a problem that shouldn't exist at all, mm?
Lovely (even by crustaceans) mod/crate topic I will leave for another Monday 😥
Rust 🤦♂️ I got a mention in one Rust PR, and oh, these imports (use keyword). See the screenshot in the next post.
Someone smart said that type-driven programming is another dimension of programming (orthogonal to code). For me, Rust's imports add one more dimension (see pic).
I just don't get this unneeded complexity and 40 ways of doing obvious AND SIMPLE stuff. IDE can hide, it buuuut isn't this a way to solve a problem that shouldn't exist at all, mm?
Lovely (even by crustaceans) mod/crate topic I will leave for another Monday 😥
Hm, all this 'IT sucks', 'coding is a horrible thing to do in life', 'i hate my life because of programming' yada yada yada.
Is this just a CIS thing or also popular in a western culture? (EU and USA as you can guess)
(CIS == Commonwealth of Independent States)
Is this just a CIS thing or also popular in a western culture? (EU and USA as you can guess)
(CIS == Commonwealth of Independent States)
Time to confess: I still don't get the idea of LLM for devs.
I have used GPT4/Gemini/Copilot/etc like 8 times during the past year. Probably 1 or 2 times I really tried to get the answer, not just chatting to see how good it is.
LLM as a search engine - sounds ok. LLM as an active assistant - nope, don't get it.
So, the questions: why and how do you use it? What stuff you cannot do by yourself and only(?) via LLM ?
I have used GPT4/Gemini/Copilot/etc like 8 times during the past year. Probably 1 or 2 times I really tried to get the answer, not just chatting to see how good it is.
LLM as a search engine - sounds ok. LLM as an active assistant - nope, don't get it.
So, the questions: why and how do you use it? What stuff you cannot do by yourself and only(?) via LLM ?
WDYT about modern decentralized social networks? Mastodon, BlueSky, etc (if any?)
oleg_log
On test reproducibility or again about xz backdoor. > 2024-02-23: Jia Tan merges hidden backdoor binary code well hidden inside some binary test input files. The README already said (from long before Jia Tan showed up) “This directory contains bunch of files…
Again about deps and security.
What the hell, why ffmpeg requires libssh? There should be a feature that processes remote data. I can even say that this might be useful for someone.
The only question I have is why it can't be achieved by the composition of tools. Yeah, this unix-philosophy and | operator.
pros:
- less code
- less backdoors
- less stuff to document
cons:
- less code
- less backdoors
- more stuff to document
Still, ffmpeg is the beast, and in xkcd2347 is a 1st or 2nd block from below.
(ffmpeg also requires zeromq, wen kafka and hadoop?)
What the hell, why ffmpeg requires libssh? There should be a feature that processes remote data. I can even say that this might be useful for someone.
The only question I have is why it can't be achieved by the composition of tools. Yeah, this unix-philosophy and | operator.
ffmpeg <3kb of flags> | ssh-upload [email protected] (you get the idea)pros:
- less code
- less backdoors
- less stuff to document
cons:
- less code
- less backdoors
- more stuff to document
Still, ffmpeg is the beast, and in xkcd2347 is a 1st or 2nd block from below.
(ffmpeg also requires zeromq, wen kafka and hadoop?)
> I’d argue Raghavan (and, by extension, Google CEO Sundar Pichai) deserve as much criticism, if not more, for the damage they’ve done to society. Because Google is the ultimate essential piece of online infrastructure
https://www.wheresyoured.at/the-men-who-killed-google/
https://www.wheresyoured.at/the-men-who-killed-google/
Ed Zitron's Where's Your Ed At
The Man Who Killed Google Search
Wanna listen to this story instead? Check out this week's Better Offline podcast, "The Man That Destroyed Google Search," available on Apple Podcasts, Spotify, and anywhere else you get your podcasts.
UPDATE: Prabhakar has now been deposed as head of search…
UPDATE: Prabhakar has now been deposed as head of search…
Borrow checking, RC, GC, and the Eleven (!) Other Memory Safety Approaches.
That’s a very good read. As mentioned in outro some of the types can be merged. Anyway, cool stuff. We mentioned this language a few times in our podcast, good to see language is still alive.
https://verdagon.dev/grimoire/grimoire
That’s a very good read. As mentioned in outro some of the types can be merged. Anyway, cool stuff. We mentioned this language a few times in our podcast, good to see language is still alive.
https://verdagon.dev/grimoire/grimoire