Counting in users is just nonsensical. Is it total registered users? Users per <time interval>? Sessions that need to go in the session store? Concurrent requests?

Then there's the implementation language category. interpreted, JITed vs. AOT.

And of course the workload matters a lot. Simple CRUD application vs. compute-heavy or serving lots of media, ...

Together those factors can make like 6+ OOMs difference.

AVIF uses AV1 as the codec, so I assume the hardware units used to accelerate video decoding should work for images too, at least when it matches the profiles supported by the hardware.

Hardware video decoding APIs often have significantly more latency than software decoders, to the point that it's a noticeable several hundred milliseconds of delay. If they have this delay, they're unusable for images.

I assume that "a folder full of avif files" was referring to thumbnailing, that's more of a bulk operation than latency-sensitive.

UE can be crosscompiled on a windows host to linux and then it's a few checkboxes to enable the vulkan RHI.

Android NDK shares many APIs with regular GNU/Linux, in many cases it could be a simple recompile, yet no studio bothers to do so, because the incentives aren't there.

Not true on the pinephone, the modem is a peripheral module, so the boot chain does not start with it.

Nor the Mediatek platforms as far as I know (very familiar with the MT65xx and MT67xx series; not sure about anything newer or older, except MT62xx which also boots --- from NOR flash --- the AP first.)

Do 1&1 customers get CGNAT or a native v4 address? I have had issues with the AFTR's port mapping tables running full when I was on Unitymedia coax.

They switched me to CGNAT in my last speed upgrade, but I wrote to them about it and they moved me to native v4 straight away.

Their service is good on a technical level but they have the most aggressive and obnoxious sales reps. They scammed me twice with open lies on the phone (probably abusing also the fact that german is not my mother tongue) and had to fight for ages with their customer service later to get the issue resolved.

If you wanna go with them, buy on their website and hang up if anyone from 1und1 ever calls. They are official 1und1 reps and they will prove it you yet behave like scammers.

I can tell you that Deutsche Telekom has much much more aggressive sales reps than 1&1. (I've been with GMX/1&1 for ~15 years and with DT for ~2 years).

DT called me on phone over and over again, so much that I had to block them on my FritzBox. Several times they even knocked at my door.

I get proper IPV4 and IPV6 addresses with Easybell on VDSL. I've been with them a long time and they've been pretty good.

Cue the ultimate low orbit satellite

> It is undesirable to have a definition that will change with improving technology, so one might argue that the correct way to define space is to pick the lowest altitude at which any satellite can remain in orbit, and thus the lowest ballistic coefficent possible should be adopted - a ten-meter-diameter solid sphere of pure osmium, perhaps, which would have B of 8×10^−6 m^2/kg and an effective Karman line of z(-4) at the tropopause

from https://arxiv.org/abs/1807.07894

Assuming I did the math right such a satellite would only run $265 million USD for the materials (launch costs for an object of ~9k kg left as an exercise for the reader). That's far more affordable than I had expected. Amusing thought.

That would make a hell of a bang when it eventually deorbits.

The rust standard library does make targeted use of unchecked arithmetic when the containing type can ensure that that overflow never happens and benchmarks have shown that it benefits performance. E.g. in various iterator implementations. Which means the unsafe code has to be written and encapsulated once, users can now use safe for loops and still get that performance benefit.

Ah nice, their data sheet has a spectrum. Kind of odd that they don't market the "we filter out the harmful parts" feature more prominently.

Kinda like advertising "Asbestos-Free Cereal" isn't it? If someone was marketing a product to me and they were super insistent about how super duper safe it was I would probably start getting suspicious

UV rightfully raises concerns about skin damage, highlighting that they're careful about excluding the harmful parts would be helpful for customers who either know just enough to think "UV bad" or to those who wonder how narrow their filters are.

Imo a better analogy would be selling a circular saw with a safety mechanism and hiding the latter in the specsheet.

No, it's more like advertising asbestos-free talc.

Many manufacturers refuse to post third party spectral assays detailing safety and power output, it's a big problem.

At least there's an explicit standard for signalling: RFC 6887 Port Control Protocol. Many routers also support it.

But it's often disabled for the same reason as having router-level firewalls in the first place.

> But it's often disabled for the same reason as having router-level firewalls in the first place.

Yeah, anything that allows hosts to signal that they want to accept connections, is likely the first thing a typical admin would want to turn off.

It’s interesting because nowadays it’s egress that is the real worry. The first thing malware does is phone home to its CNC address and that connection is used to actually control nodes in a bot net. Ingress being disabled doesn’t really net you all that much nowadays when it comes to restricting malware.

In an ideal world we’d have IPv6 in the 90’s and it would have been “normal” for firewalls to be things you have on your local machine, and not at the router level, and allowing ports is something the OS can prompt the user to do (similar to how Windows does it today with “do you want to allow this application to listen for connections” prompt.) But even if that were the case I’m sure we would have still added “block all ingress” as a best practice for firewalls along the way regardless.

> Ingress being disabled doesn’t really net you all that much nowadays when it comes to restricting malware.

But how much of this is because ingress is typically disabled so ingress attacks are less valuable relative to exploiting humans in the loop to install something that ends up using egress as part of it's function.

Since we're talking about programs that are trying to set up a connection no matter what, I'm going to say "not much". It's not significantly shrinking the attack surface and forcing attackers onto a plan B that's meaningfully harder to do. It just adds this layer of awkwardness to everything, and attackers shrug and adapt.

You block inbound to block inbound. Of course it doesn’t do anything for outbound. Acting like you can just turn inbound filtering off because of that is disingenuous.

Nobody suggested "just turn inbound filtering off"?? We're talking about an alternate universe of program design.

And we're talking about malware in general, not inbound or outbound specifically.

Port forwarding and hole punching have different objectives and outcomes, and I believe PCP only caters to the former.

While the outcomes might be similar (some inbound connections are possible), the scope (one specific external IP/port vs. everybody) and the semantics ("endorsement of public hosting" vs allowing P2P connections that are understood to require at least some third-party mediation) differ.

I also don't think that port forwarding is possible through multiple levels of firewalls (similar to "double NAT").

PCP has two operating modes, MAP and PEER. The latter should be similar to hole-punching.

And routers can forward PCP requests to their upstream routers. Some dualstack-lite routers do that and according to rumors (random internet forum comments) some CGNATs do support that.

The kardashev scale?

https://energyforgrowth.org/article/watch-countries-climb-th...