• 0 Posts
  • 117 Comments
Joined 3 years ago
Cake day: July 9th, 2023
  • Septimaeus@infosec.pubtoTechnology@lemmy.worldSouth Korea’s artificial Sun ran for 102 seconds and it could change the future of energyEnglish
    9·
    5 days ago

    (Not my field. The following is armchair speculation.)

    Why is [fusion] more economical than [solar/wind]

    TLDR — It’s not. For distributed/residential, bulk power generation, and light-duty transportation, solar has already won so decisively that fusion is not likely to catch up this century. But those aren’t usually the target applications.

    TMK, Fusion offers most of the known advantages of fission (smaller footprint, superior energy density + capacity, output that’s weather-independent and geography-agnostic, etc.) but with significantly better safety and waste profiles.

    Its versatility as a thermal source enables many industrial applications requiring temperatures difficult or impossible to achieve via electrification alone.

    The reaction itself is directly applicable to neutron production.

    There’s some even more far flung applications like outer planetary and deepspace space travel.

    And others. All to say, it’s for niche and future applications PV can’t touch.

  • Septimaeus@infosec.pubto196@lemmy.blahaj.zoneDefensive VotingEnglish
    6·
    6 days ago

    These are good examples of what it takes, however, including primary participation and grassroots activism. In addition, the NYC mayoral featured ranked choice voting.

    In other words, Duverger’s Law can’t simply be ignored in FPTP systems like those of the US, and anyone who suggests otherwise (like saying you should vote non-strategically to defeat the MAGA opposition) is either terribly ill-informed or, more likely, is working for the opposition.

  • Septimaeus@infosec.pubtoTechnology@lemmy.worldResearchers say they can spy on your browsing by measuring SSD activity through a browser APIEnglish
    4·
    15 days ago

    While I maintain that repurposing OPFS as a measure of SSD usage by this method is unrealistic even under optimal conditions, I gotta admit I’m surprised by the lack of throttling and resource quotas.

    That is, assuming the API is enabled by default

    Typically niche-use-case and high-performance APIs that aren’t hidden behind experimental flags require user permission by default (a practice solidified by mitigations of other exploits like mining, fingerprinting, etc) so to find one open and apparently unregulated by default does seem unusual, if true.

    But if it’s gated by a flag or user permission, I don’t know why the fuck they’d bother to publish this.

    ETA: Either way, I suspect any user vulnerable to this exploit is likely already exposed to much worse from attacks that are similarly inelegant but far more reliable. Those users are already heavily profiled in many datasets. I mean, no one here… hopefully.

  • Septimaeus@infosec.pubtoTechnology@lemmy.worldResearchers say they can spy on your browsing by measuring SSD activity through a browser APIEnglish
    32·
    16 days ago

    In this case, I agree that it’s a low priority patch. Here’s what you must do as an attacker. Decide for yourself whether it sounds practical for general deployment.

    Requirements: Fill OPFS storage with an arbitrarily large amount of data which at least exceeds RAM, but may require up to 60% of SSD, then lock up a thread with random reads while a worker thread hosts a model that you feed any detected latency clusters.

    Even if users don’t notice their fans maxing / battery burning / memory+storage disappearing and kill the tab themselves, this definitely will be the first tab offloaded by most browsers and OSes shortly after it is sent to the background.

    That means you have a brief window where you might get the chance to guess which sites a user is visiting. Your guess is likely far less than 89% accurate (PoCs illustrate in optimal conditions where models are often deliberately overfit to specific machine(s) and locale) outside a hyper-targeted attack, you will be lucky for coin toss levels of certainty for any guess.

    Is this an attractive attack vector?

  • Septimaeus@infosec.pubto196@lemmy.blahaj.zonewheel ruleEnglish
    11·
    22 days ago

    This is my stance on wheel reinvention. And my pitch is similar. I offer it to juniors when it feels like they’re setting impossible expectations for themselves. But I just have to say.

    If you wait to start building until you’re sure you know everything, you will never build anything.

    Is excellent phrasing that I don’t think I’ve ever used. The truth of it is self-evident to any senior, but juniors should be able to grasp that “more” rarely increases certainty, so for training and discovery the best you can shoot for is “enough.”