Yu-Gi-Oh cards are still a thing? That dates from 30 years ago.
I just looked at Cabbage Patch dolls on eBay. The bottom has finally fallen out of that market. Used to see asking prices over $1000. Now they're all around $25.
The US is at war. Much of the world is at war at the cyber attack level right now.
The US, the EU, most of the Middle East, Israel, Russia...
Major services have been attacked and have gone down for days at a time - Ubuntu, Github, Let's Encrypt, Stryker. Entire hospital systems have had to partially shut down.
Now, in the middle of this, AI has made attacks much faster to generate. Faster than the defensive side can respond. Zero-day attacks used to be rare. Now they're normal.
It's going to get worse before it gets better. Maybe much worse.
If we assume that there will be an AI that is perfect in terms of ability to find vulnerabilities, cheap to run and widely available to everyone, then anyone can run it on any piece of software before deploying it. All vulnerabilities get found before they can be exploited.
One of the big challenges with cybersecurity is that attackers only need to find one exploit, while defenders need to stop everything. When you have a large surface area and limited resources, it's much easier to be the side that only has to succeed once. AI eliminates the limited resources problem.
Right now we are at a point in time when AI can find bugs for attackers and defenders, but defenders did not fix/find those bugs yet.
In time most of the bugs AI can find will be fixed, and things will calm down. Some bugs will be left, but will be too complex to find and weaponise (or rarely).
Alin short, attackers have advantage for a brief time now, but ultimately defenders will win. I guess this "fight" might be over before the end of the year.
I am looking at the results of a mass vulnerability scan as I type this. Half of the bugs in one case are in fact (binary) parser errors for hand-written parsers. These really should not exist in any language - but in C it's particularly bad. Kaitai Struct or something similar would broadly have prevented these. Rust would help here, but less than a parser generator (because it could automate error checking insertion for things that aren't just out of bound access).
However, half of the vulnerabilities are logic errors in terms of what I would call RBAC enforcement, incorrect access permissions, and so on. Rust won't help at all with any of these.
I was just working on a system best thought of as a “dinosaur”: written almost entirely in C (and a bit of PERL) and running on an appliance with BSD as the kernel.
It’s full of bugs and has had a string of RCE vulnerabilities published recently, probably because of Mythos.
Working with it day to day I get this feeling that the tech stack used results in a system that’s… clumsy and constrained.
Little things give me that impression, and I can’t quite put it in words, but it’s thirty years of experience working with dozens of languages and platforms speaking here.
Using C makes you clumsy.
It makes you trip over things other languages don’t.
It makes it obscenely difficult to do even simple things. It’s like trying to put a delicate ship into a bottle while wearing oven mitts.
Switching to a better language isn’t just about the specific capabilities of its compiler, it’s also about what it enables in the humans using it.
1) Make it a law that companies have to vet their code for security holes before release, 2) Make it a law that companies have to apply operational security best practice on their software products/services, 3) Industry standard automation for improvements to patch lifecycle management, 4) Auditing for critical businesses and industries to ensure safety (both as a national security thing and general safety/reliability/privacy/etc)
Right now all that stuff is optional, so most companies don't do it, which makes more security holes and it takes longer to patch.
We could get somewhere where clouds can provide a framework of secure primitives that act as a framework.
E.g. you build an app, it stores data via api etc. etc. You can test in sandbox. The cloud deploys for customer who paid you via that cloud and you work at arms length. You may not even know their name. You just get the pro subscription fees.
The idea bubbling in my head would be an app store for cloud products. But with competition i.e. you use Railway or Heroku or AWS for the best deal.
Be gentle this is an idea in my head I am sure it can be torn down by a retort at this stage. But this exists in forms and I think it will emerge. It is inversion of control at the entire app level.
This is similar to buying a hammer. If you make hammers you sell them to a store, the store knows the customer and only the customer can see the nails.
I just noticed that a Rust program I'm working on had acquired a plotter driver crate. A plotter driver? The program has no graphical output.
Turns out that "kdtree" has a dev dependency on a profiling library that pulls in a whole graphics system. Even in release mode, I get that, because I have debug symbols turned on, which activated dev dependencies.
> I have debug symbols turned on, which activated dev dependencies
Nope that doesn't happen. It's not compiled into your binary if it's a dev or build dependency. Cargo may have downloaded the crate source according to the lockfile and that's it, it shouldn't build anything unneeded.
This needs a Lock Picking Lawyer attack on this lock. He'd be done in two minutes.
The trouble with this lock is that the removable key contacts the pins. Even though it's isolated from the outside when it's in contact the pins, you do get it back out after contact. So there's potential for impressioning.
A design where there's a level of indirection between the key and the sensing device would be better. Key goes in, and is read and the info stored. Key rotates further, and stored info is tested while the info storage mechanism is isolated from both the outside and the key.
Some locks like that have been built.
I saw one with a column of steel balls for each pin. The key raises the columns of balls, depending on the bitting. The number of balls that are raised above the shear line then varies for each cylinder. That's the information storage device. As the key is rotated, the raised balls become isolated from the keyway. Then, protected from outside access, the columns of balls act as the key for an ordinary pin tumbler setup.
Does education of women have to be reduced to keep the population from decreasing? That's the position of some fundamentalist Christians [1], some branches of Islam [2], and many haredi.[3] Used to be considered silly, when overpopulation was a concern, but it's being taken more seriously now.
I'm holding off on upgrading to Ubuntu 26.04 LTS until we have a few months of experience with the new release. Canonical just had a huge DDOS attack, and there might have been other attacks hidden in all that traffic.
There's a machine for this, and you can rent it - the Barber Litter Picker.[1]
It's a large tractor-pulled machine, like an agricultural implement.
It's a variation on their Surf Rake, which is used for beach cleanup. The Litter Picker is built for dirt, hard ground, grass, and pavement. It's used for large outdoor festivals.
Scoops up everything from cigarette butts to lawn chairs.
Video of cleanup after a big festival.[2]
Big festivals are cleaned up in a few hours with this heavy equipment.
You are getting a bit of grief down thread- but this is cool as all get out.
The best use of these systems would be to combine the various procedures:
First, and foremost - don't leave garbage behind in the first place. Think twice before bring sequins and feathers in costumes (the biggest culprit in my experience from 2003-2010). Film cannisters for cigarette
Second - Every Camp does a combination of complete-grid clean up on their own "lot" - I've done that three times - and it was honestly great - plus an hour of "community time" - where you walk the play off your lot and clean it up as well. Your camp packs off 99% of the garbage, and then a grid search, plus heavy rake, finds the last 1%. About the only debate my camp ever had was whether it was acceptable to just dump their potable water onto the Playa (I thought it was fine - as long as you didn't just pour it all in one place - within 15 minutes you would be hard pressed to ever find out where it was poured out).
Third - the two-week "walk the line" where the detailed MOOP maps get created. 150 people for a 80,000 person 7+ day festival seems entirely reasonable - and it's a big part of BRC.
Finally (and I really mean do finally, it's almost a thing that shouldn't be really visible) - show up with the heavy gear to find all the submerged stakes/rebare/moop). Just rake the hell out of the Playa (absolutely fine - I've never understood people who think that it's a problem - it really isn't - you sure as hell aren't going to disrupt any ecology - except for a few random sand-fleas - it's entirely devoid of any life) - and the first bit of rain completely and 100% eliminates any trace of what you did.
As a practical matter, that's backwards. One pass with the heavy raking machinery will remove 99% of the trash. That's the heavy lifting. Record GPS-tagged video of what the rakes are picking up. Then make a pass with a strong trash magnet on a pickup truck to get small ferrous metallic junk that made it past the rakes. Then do a foreign object walkdown with the team, to catch sequins, nonmagnetic stainless steel needles, and rebar and lag bolts that need to be pried or dug out. It's the final inspection that needs humans.
> Scoops up everything from cigarette butts to lawn chairs.
From some of the videos you can find of it on Youtube, the cigarette butt claim doesn't look believable. It can definitely leave smaller debris behind, and certainly won't pull lag bolts out of the ground.
The whole point of the manual cleanup duty is the meticulous mapping of MOOP. This information is used by the community to learn and improve for next time. This has resulted in measurable improvement over the years, despite the event growing massively in size during that time.
I feel a big commercial machine that cleans the site up in a couple of hours will result in a community that does not espouse the 'leave no trace' principle. Because why would you care? A big machine is going to clean it all up anyway.
You can definitely add some telemetry to this that records and analyzes realtime location to "map" the litter, even when using a device like this. The conveyor actually seems very well suited to an external camera that records and analyzes the mess to a degree that should be suitable for the purpose of "recording" litter types and concentrations based on the location, without resorting to manual sweep/dust bins which actually sounds pretty insane at this scale.
You’ve missed the point. This is a cultural commitment not a logistics problem to engineer away.
The person you replied to did kindly try to explain to you, but you seem to have ignored it.
If you don’t understand the culture of Burning Man, that’s fine. But maybe don’t callously reduce 150 peoples’ labor of love to “btw just use this machine”.
You need to set those rates against other seasonal short term work. Very few people on the resto line has a stable situation the rest of the year either. We should ask if this is utilizing or exploiting society’s dregs. And ask if every event, as big as the Olympics, or as small as a street fair, isn’t burning the same heads.
The nice thing about Trader Joe's is that you can be in and out in 5-10 minutes if you're just buying weekly food items. The store is modestly sized and the checkout lines are short. I'm in there about once a week.
I go to Costco once every three months or so and buy paper towels, detergent, and other consumables that have long shelf lives. I don't feel drawn to it; it's just the warehouse for boring items to buy in bulk. Their hot dog is OK. But a lifestyle? No.
I'm not sure a direct drive is possible with EV conversions. You still need to match effective RPM range with diffs. And replacing transmission with a simpler specialized diff would cost much, much more than just using the existing transmission in place.
Very few / almost no EVs are direct drive. The industry-standard layout is an integrated package of transverse motor with two-stage reduction and final drive, giving something like in the general vicinity of a 10:1 overall ratio (longer ratios are directionally more efficient, while shorter ratios are usually more cost-efficient). That's the ballpark of 2nd gear in many cars (final drive 3-4:1, 2nd gear often around 2-3:1).
So if you mount just the electric motor from an EV (insofar as it exists as a separable part) to a manual gearbox and weld that into 2nd gear you have something which broadly matches the design envelope of that motor. You could reduce gearbox losses by also removing the now unneeded but still idling gears.
Negligible. Roll the windows up if you want that range back.
I still think it's dumb and they should package it to replace the transmission and stuff all the batteries where the engine would go.
It would be "easy" to make the motor replace the bellhousing and midsection of a 4L80 and then simply provide the same output so you can stick whatever tailhousing you want on it. Put shifter on the side in the same spot, etc, etc. Could've packaged the batteries to fit in the same place as a SBC longblock.
I can't really come up with a "good" reason they did it the way they did. The problems the transmission solves are pretty trivial. Like either replace the engine so it can work with "any" transmission that can handle the torque (i.e. most of them) or replace the transmission too. Don't replace the engine and then mandate a particular trans. The only reason I can see to do that is if it's some sort of wink and nod deal where they know that it's easy to make it work with other transmissions but they're not touting it as compatible to cover their asses.
Presumably so it's an easier conversion - you replace the motor but don't have to replace the rest of the drivetrain, and maybe you want the gearstick inside for the look of the thing (although I imagine you likely wouldn't have to use it most of the time).
Probably to interface with existing cars by replacing the engine, retaining everything after, including the existing transmission, differential(s), and suspension.
"The current eCrate kit requires a GM 4-speed automatic transmission with an external mode switch (e.g., 4L60, 4L65, 4L70, 4L75 Transmissions). This helps to make the eCrate conversion easier for vehicles that already have a conventional driveline, plus it provides extra torque in lower gears and extra speed with overdrive. We are working on bringing a direct drive variant option to our eCrate portfolio."
Reduction ratios, greater comparability due to interfacing links, attachment points, just a few guesses. Most ev conversions I've seen keep the gearbox.
I just looked at Cabbage Patch dolls on eBay. The bottom has finally fallen out of that market. Used to see asking prices over $1000. Now they're all around $25.
reply