litchralee

The thing is, the Internet routing protocol BGP delivers basically everything that a mesh network requires, except for the physical data links that carry the data. Keeping things short, BGP is a way to declare where certain IP addresses can be found. So an example announcement BGP would be something like "2608:120::/32 can be found at AS721", where AS stands for Autonomous Network, a subnetwork that is controlled by a single entity. In this case, that IPv6 range belongs to the USA Department of Defense (DoD) and AS721 is the identifier for their network.

Now, the trick is to figure out how your own AS can reach the AS of your destination, which is no different than a mesh: the DoD's AS721 is solely connected to AS3356 (the massive ISP named "Level 3"), which is a very likely connected to the upstream AS of your link to the Internet, which means there is a valid path from your AS to the DoD.

Whenever an intermediate AS disappears from the global Internet, its former peers will reroute through other links to maintain a path to the largest number of AS's (as in, the Internet). In this sense, having multiple links to different AS's is important for redundancy, and is no different than a mesh network having multiple RF paths.

Finally, if multiple link failures occur -- say, a Tier 1 ISP goes completely down -- then the network becomes fragmented, but traffic within each fragment will still pass. This is akin to a mesh between two cities, where the mountain-top repeater is struck by lightning. Locals in each town can still send messages, but not over the hill to the next town.

Is BGP perfect? Heavens no. And it has its own issues with maliciously-crafted announcements. But everything that BGP does is analogous to what mesh networks do. It's merely that the participants are highly commercialized today, whereas in the 80s, it was mostly universities and a few defense contractors experimenting.

The technology is basically here, but it's how it gets used that will dictate out how history will be written.

Setting aside the Forgejo issues for a moment, I can't quite see the logic behind the author's description of a "carrot disclosure".

As written, it's a third option for disclosure, beyond 1) coordinated disclosure (often 90 days for the vendor to fix things) or 2) full disclosure (immediately going public, esp when the vulnerability is believed to be actively exploited). But what the author describes as the carrot is to publish only the output of a proof-of-concept, and then the onus is on the vendor to figure out both the vulnerability and the fixes.

This seems wildly irresponsible to me, to put the effort into writing a working PoC but then to willfully withhold it, so as to basically force the vendor into a wild goose chase. And that's the best case scenario, when the PoC is actually legit. At worst, it's a DoS against a vendor (causing them to re-audit code to find a bug that doesn't actually exist, eg hallucinated AI slop) or is a form of defamation to scare users away.

Then there's the issue of when it's not a "vendor" per-se but a group of volunteers of an open-source project, which I will distinguish from commercial vendors as "maintainers". Is it ethical to withhold an already-written PoC from FOSS maintainers, whom often do not have the material capabilities to do a full-scale audit when given basically no clues?

To be clear, I'm not a security researcher and have done zero disclosures of any form. But if I ever ran a project and received a so-called carrot disclosure, why shouldn't I immediately call their bluff and treat it as full-disclosure? This situation seems like Schrodinger's Cat, where the only way to rip away the uncertainty is to throw open the box. Worse case, the project suffers the reputational hit for having a legit vulnerability. But best case, the vulnerability is non-existent. But what this supposed "third way" purports to do is no different than sowing the seeds of fear, uncertainty, and doubt amongst users. Someone tell me how this isn't one step away from extortion.

I think game theory would say that any and all recipients of "carrot" disclosures should always call the bluff, immediately and vocally. I don't see any way for such disclosures to be anything but unnecessarily antagonistic. I refuse to credit the term with any legitimacy.

I'm not familiar with cereal bags being accepted for recycling at grocery stores -- although I'm aware that grocery store recycling in California has deep issues regarding implementation -- but regarding why a chip bag is different than a cereal bag, my guess is that it has to do with the former being air tight.

Chip bags are intentionally filled with gas (usually nitrogen) in order to preserve the contents for a long shelf life. Rather conveniently, this also helps the chips not smash up against other chip bags in the same box, at the cost of fitting fewer bags into a shipping container. As such, chip bags have to be air tight, and mylar is good at that, as evidenced by mylar balloons that keep helium inside for far longer than a latex balloon (to the sadness of every electricity provider on Earth).

Whereas I suspect the clear plastic -- maybe polyethylene? -- bags used for cereal have different requirements, because a cereal box already provides mechanical protection against other boxes, and an expectation that cereals (a bona fide breakfast foodstuff, compared to chips which have always been categorized as a snack food) will be eaten in quantities that make recyclability a priority; this is a guess.

I also think cereals might historically have been just free-floating inside the box, in the same way that dishwasher power detergent is still packaged within a thick cardstock box, with a pour-out metal spout. That said, this citation seems to indicate that cereal bags are in-fact liners, which would suggest the primary reason is one of food safety, if contact directly with the inside of the box would be a problem.

And this kinda makes sense to me, since nobody would want to eat soggy cereal if a bit of rainwater seeped through the box and contacted the food.

For pointers in particular, this seems like a good starting point: https://sites.cs.ucsb.edu/~mikec/cs16/misc/ptrtut12/pointers.htm

As for compiling for old C/C++ versions, fortunately most compilers can be set to restrict what standard they will compile for. So you could turn the compiler all the way back to something like C99 and it should work, although you'll have to avoid using modern syntax.

That said, with regards to compiling for an old platform, be advised that complete and functional toolchains will be harder to come across. They may not even work anymore, if they haven't been upkept. That's another complexity that you may have to deal with, and it will no doubt be aggravating, than working with a modern platform but limiting yourself to only older C/C++ standards and graphics libraries.

Basically, the starting effort is quite high for developing for older targets. Be certain that this is the direction you want to start with.

In the best possible scenario, a BIOS/UEFI password lock will prevent an adversary from using the computer as-is. If the adversary has an objective to quickly fence the computer, then this objective is foiled. Note that preventing the computer from physical access would also foil this objective, since that prevents the adversary from even accessing the machine.

But that's the best case. In a more-worse case scenario, the adversary wants to steal data from the computer. A firmware password will be useless if the adversary removes the HDD or SSD from the machine. This is, instead, correctly solved with drive-level encryption, using a password or smart card to unlock.

The reason why open-source firmwares (BIOS/UEFI) might be uninterested in implementing a password is because: 1) preventing physical access is more effective, and 2) because it's arguably a form of security theatre: commercial firmware vendors include a password feature because some customer once asked for it, but not with security as a well-thought objective. Open-source projects have a habit of not implementing pointless features.

TL;DR: physical access to a machine is fatal to any and all security protections

Yes: https://en.wikipedia.org/wiki/Mandatory_referendums_in_Switzerland

Switzerland is also a rarity where there isn't quite a separate head of state (eg UK Monarch, German President) but also the head of government role is done by a council of seven, where the majority decision is what happens. So the legislative body writes the law and the council of seven is tasked with executive power to carry out the law.

The modern Swiss constitution (1848) took inspiration from the American constitution (1789), but rather than a consolidated head of state/government like the American President, they wanted to hew even closer to the long-standing ideals of democracy amongst the Cantons, to also avoid concentrating too much power to individuals. Thus, even though the Swiss Federal Council rotates the title of president every year in turn, it confers zero extra powers.

Like with all things, it's a matter of degree. Democracy and socialism are not inherently incompatible, but can be mixed together at different ratios. For example, a democratic socialist society could follow in the Swiss model of direct democracy, meaning everyone has a say in the policy decisions. Such policy decisions include the law but also how to utilize the means of production, which the state owns entirely.

Whereas another democratic socialist society could realize their democracy through a representative model, where citizens elect a local representative that goes to the capital and votes in a state committee on how to amend the law or utilize the means of production, which the state owns entirely. Here, political power is wielded by a committee but the complete socialist ownership is intact.

Yet another democratic socialist society could be much softer on the state ownership of all the means of production. The state might own the utilities, roads, schools, and all land, but may permit certain collectives to privately own businesses that generate value and to distribute those earnings equally amongst themselves. This could be considered a transitional step, since it allows for a controlled amount of capitalist-style development to occur, while avoiding huge concentrations of private capital. But it could also be a step backwards if the state already fully-owned the means of production but then voted to release some of it to small co-ops.

While words have to mean something to be useful at all, I wouldn't spend too much time trying to fit all possibilities into neat categories. Ultimately, socioeconomics are fluid.

We are all currently traveling through time, though at a forward rate of 1 second per second (within your stationary frame of reference, since time dilation is a thing). But I take that you mean "time travel" as in advancing into the future at a faster rate, or going into the past.

In both cases, we do currently have the means of hermetically-sealed transportation. This is how, I believe, moon samples were collected in the mid 20th Century, since there was a possibility that alien life would be contagious to humans or that humans would destroy any samples of alien life. I think Tom Scott or someone did a video on the topic.

So while the biological risk would complicate time travel and visiting other humans, that alone doesn't make time travel "impossible" because we could just have the travelers stay in their TARDIS or whatever. Like how people signed wills in 2020 atop automobile hoods.

There are plenty of other reasons why time travel is impossible though.

I've not used it, but have heard decent things about Kagi, a paid search engine. Supposedly, it finds things like how old Yahoo or old Google worked, without AI (but is optionally available?), and no ads.

I would think the major barrier to entry is the business model: ad revenue goes to those that can deliver results. Google AdSense has dominated that realm for years, so it would take a major upfront investment to challenge them on that. Not much different than how it's hard to compete with established airlines to a particular airport that they already serve. Economies of scale tend towards consolidation.

In California, a U turn is considered a left turn that keeps going. As a result, a U turn is legal anywhere that a left turn is legal, except when signs are posted otherwise. So in a left-turn pocket/lane, it is both reasonable and expected that people will make left turns, some of which will continue into a full 180 degree turn. People who do U turns are doing what is allowed, and they have every right to do so. If this seems like a problem, then talk to your transportation department to restrict U turns.

I'm not aware of any aspect of a U turn procedure that would be any different than than a standard 90 degree turn: use turn signals, look for oncoming traffic, look for pedestrians, turn slowly as required by the radius, roll out of the turn with careful acceleration.

American English speaker here. While I would understand what "to auction away" means, I'm not aware of anyone here in California that would say it like that. Usually, I would say "to auction off", which follows in a long series of other "X off" verbs, like "to bake off" or "to shake off", all of which usually involve some sort of adversary or competition.

Note that we do use the verb "to give away" but that would mean a gift without compensation, which is definitely not an auction.

This distinction is both illogical and ahistorical. Python is a scripting language that has a compiler. Indeed, any scripting language can be translated into a compilable language and then compiled, a process called transpiling.

There's also Java, which definitely compiles down to bytecode, but for a machine which physically doesn't exist. The Java Virtual Machine is an emulator that runs on supported hardware, in order to execute Java programs. Since the Java compiler does not produce, say, x86 assembly, your definition would assert that Java is not a compiled language, despite obviously having a compiler.

As an exercise for everyone else, also have a look at Lisp, a very-clear programing language with a compiler, but some specially-built machines were constructed that optimized for Lisp programs, with hardware support to do checks that would take longer on other architectures.