Setting aside anything specific to the mechanism in that vehicle, I suppose that keeping one of those window-breaker tools in the dash might have been a good idea, for a car of any sort.

That being said, I don’t keep one in my car.

Looks fine to me.

Little side question: Will the Wi-Fi and Bluetooth on the motherboard work in Arch? From what I could gather, the drivers for it should be in the latest kernel, but I’m not 100% sure.

If they don’t for some reason and you can’t get it working or need some sort of driver fix, can always worst case fall back to a USB dongle or similar until they do. Obviously, preferable not to do that, but shouldn’t wind up stuck without them no matter what.

I mean, they’ve done this when places charge them money to index the news articles there.

It hardly seems reasonable to both mandate that they index a given piece of news media and that they pay a fee to do so.

Fucking, Austria eventually gave in:

https://en.wikipedia.org/wiki/Fugging,_Upper_Austria

Despite a population of only 106 in 2020, the village has drawn attention in the English-speaking world for its former name, which was spelled the same as an inflected form of the vulgar English-language word “fuck”.[1][2] Its road signs were a popular visitor attraction and were often stolen by souvenir-hunting vandals until 2005, when they were modified to be theft-resistant. A campaign to change the village’s name to Fugging was rejected in 2004 but succeeded in late 2020.[3][4]

The downside of building the phone/tablet into the car, though, is that phones change more quickly than cars.

A 20 year old car can be perfectly functional. A 20 year old smarphone is insanely outdated. If the phone is built into the car, you’re stuck with it.

Relative to a built-in system, I’d kind of rather just have a standard mounting point with security attachments and have the car computer be upgraded. 3DIN maybe.

I get the “phone is small” argument, but the phone is upgradeable.

And I’d definitely rather have physical controls for a lot of things.

Plus, even if you manage to never, ever have a drive fail, accidentally delete something that you wanted to keep, inadvertently screw up a filesystem, crash into a corruption bug, have malware destroy stuff, make an error in writing it a script causing it to wipe data, just realize that an old version of something you overwrote was still something you wanted, or run into any of the other ways in which you could lose data…

You gain the peace of mind of knowing that your data isn’t a single point of failure away from being gone. I remember some pucker-inducing moments before I ran backups. Even aside from not losing data on a number of occasions, I could sleep a lot more comfortably on the times that weren’t those occasions.

That’s not a completely reliable fix, a third party library could still call setenv and trigger crashes, there’s still a risk of data races, but we’ve observed a significant reduction in SIGABRT volumes.

Hmm. If they want a dirty hack, I expect they could do a library interposer that overrides setenv(3) and getenv(3) symbols with versions that grab a global “environment variable” lock before calling the actual function.

They say that they’re having problems with third party libraries that use environment variables. If they’re using third-party libraries statically-linked against libc, I suppose that won’t work, but as long as they’re dynamically-linked, should be okay.

EDIT: Though you’ve still got an atomic update problem with the returned buffer, doing things the way they are, if you don’t want to leak memory. Like, one thread might have half-updated the value of the buffer when another is reading the buffer after returning from the interposer’s version of the function. That shouldn’t directly crash, but you can get a mangled environment variable value. And there’s not going to be guarantees on synchronization on access to the buffer, unlike the getenv() call itself.

thinks

This is more of a mind-game solution, but…

Well, you can’t track lifetime of pointers to a buffer. So there’s no true fix that doesn’t leak memory. Because the only absolute fix is to return a new buffer from getenv() for each unique setenv(), because POSIX provides no lifetime bounds.

But if you assume that anything midway through a buffer read is probably going to do so pretty soon, which is probably true…

You can maybe play tricks with mmap() and mremap(), if you’re willing to blow a page per environment variable that you want to update and a page of virtual address space per update, and some temporary memory. The buffer you return from the interposer’s getenv() is an mmap()ed range. In the interposer’s setenv(), if the value is modified, you mremap() with MREMAP_DONTUNMAP. Future calls to getenv() return the new address. That gives you a userspace page fault handler to the old range, which I suppose – haven’t written userspace page fault handlers myself – can probably block the memory read until the new value is visible and synchronize on visibility of changes across threads.

If you assume that any read of the buffer is sequential and moving forward, then if a page fault triggers on an attempted access at the address at the start of the page, then you can return the latest value of the value.

If you get a fault via an address into the middle of the buffer, and you still have a copy of the old value, then you’ve smacked into code in the middle of reading the buffer. Return the old value.

A given amount of time after an update, you’re free to purge old values from setenv(). Can do so out of the interposer’s functions.

You can never eliminate that chance that a thread has read the first N bytes of an environment variable buffer, then gone to sleep for ten minutes, then suddenly wants the remainder. In that case, you have to permit for the possibility that the thread sees part of the old environment variable value and part of the new. But you can expend temporary memory to remember old values longer to make that ever-more unlikely.

Assuming that this is the episode and the Factorio dev post that references, I think that that’s a different issue. That dev also was using Sway under Wayland, but was talking about how Factorio apparently doesn’t immediately update the drawable area on window size change – it takes three frames, and Sway was making this very visible.

I use the Sway window manager, and a particularity of this window manager is that it will automatically resize floating windows to the size of their last submitted frame. This has unveiled an issue with our graphics stack: it takes the game three frames to properly respond to a window resize. The result is a rapid tug-of-war, with Sway sending a ton of resize events and Factorio responding with outdated framebuffer sizes, causing the chaos captured above.

I spent two full days staring at our graphics code but could not come up with an explanation as to why this is happening, so this work is still ongoing. Since this issue only happens when running the game on Wayland under Sway, it’s not a large priority, but it was too entertaining not to share.

I’d guess that he’s maybe using double- or triple-buffering at the SDL level or something like that.

I don’t know where you are or what other ISPs are involved, but skimming some discussion online, it looks like these Cox guys – at least in the several locations I see being discussed, if not everywhere – have data limits on all of their residential plans, though they have business plans that do not.

https://www.reddit.com/r/CoxCommunications/comments/hf6zwf/cox_resumes_unnecessary_data_caps/

I get 200 down and 20 up for $85. I came from $100 for 3Mbps DSL, so this is winning for me. I use 4 or 5 TB a month without a problem on Cox.

That particular snippit was four years back, so I suppose prices and speeds might have changed.

So might be worth looking into that in your area if that’s what you’re after.

The Jia Tan xz backdoor attack did get flagged by some automated analysis tools – they had to get the analysis tools modified so that it would pass – and that was a pretty sophisticated attack. The people running the testing didn’t catch it, trusted the Jia Tan group that it was a false positive that needed to be fixed, but it was still putting up warning lights.

More sophisticated attackers will probably replicate their own code analysis environments mirroring those they know of online, make a checklist of running what code analysis tools they can run against locally prior to making the code visible, tweak it until it passes – but I think that it definitely raises the bar.

Could have some analysis tools that aren’t made public but run against important public code repositories specifically to try to make this more difficult.

I don’t think that that’s a counter to the specific attack described in the article:

The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency.

That’d be a counter if you have some known-good version of a package and are worried about updates containing malicious software.

But in the described attack, they’re not trying to push malicious software into legitimate packages. They’re hoping that a dev will accidentally use the wrong package (which presumably is malicious from the get-go).

I mean, this kind of stuff was going to happen.

The more-important and more-widely-used open source software is, the more appealing supply-chain attacks against it are.

The world where it doesn’t happen is one where open source doesn’t become successful.

I expect that we’ll find ways to mitigate stuff like this. Run a lot more software in isolation, have automated checking stuff, make more use of developer reputation, have automated code analysis, have better ways to monitor system changes, have some kind of “trust metric” on packages.

Go back to the 1990s, and most everything I sent online was unencrypted. In 2024, most traffic I send is encrypted. I imagine that changes can be made here too.

Not really a language-specific problem. Like, there are numerous languages that have distribution mechanisms for libraries that might potentially be malicious.

Only way I can think that the language might be a factor would be if a language were designed to only run in a restricted mode.

Kagi has an AI search option which IIRC is on by default – or at least was at one point – where it’ll try to also synthesize an answer and stick it in a box with the results, but you can just turn it off in your preferences. I have it off.

There may be a day when we have AI assistants that are so good that their summaries are better than looking at the original source, but I’d put a high bar on that, and think that we’ve got a way to go.

Never is a long time.

Apparently, some London residents are getting fed up with social media influencers whose reviews make long lines of tourists at their favorite restaurants, sometimes just for the likes.

As Gizmodo deduced, the trend seemed to start on the r/London subreddit, where a user complained about a spot in Borough Market being “ruined by influencers” on Monday:

“Last 2 times I have been there has been a queue of over 200 people, and the ones with the food are just doing the selfie shit for their [I]nsta[gram] pages and then throwing most of the food away.”

So, I don’t know what the situation is in London.

But COVID-19 really clobbered a lot of commercial establishments, and particularly eateries. I’m guessing that at least some traffic might be a return of the public to restaurants, with the supply of restaurant capacity at a low due to having gone through hard times over the past our years or so.

kagis

Ah, right. This is Europe, and while the US got hit by higher energy costs too, the Ukraine invasion really dicked up energy prices in Europe for a while. And then you have the hangover from the COVID-19-related spending happening, as inflation bites, and reducing spending on restaurants is an easy thing to cut on one’s budget. And this points out that restaurants are a labor-intensive industry, and Brexit has driven labor costs up by cutting the labor pool.

https://www.ft.com/content/a36ad5fd-db20-4ba8-89ea-e185838c8aa0

UK restaurant sector hit by cost of living and Covid legacy

Stuart Devine thought his chain of fish and chip restaurants in Aberdeen had survived the worst when the UK government lifted Covid-19 lockdowns for good in spring 2021 and customers returned to enjoy the classic British meal.

But before the Ashvale could fully recover it was dealt another blow, when Russia’s full-scale invasion of Ukraine in February 2022 disrupted global supply chains and sent energy and food prices soaring.

Devine’s struggles are shared by roughly 40 per cent of UK restaurant owners, who are operating at or below break-even point, after the sector was hit by a perfect storm of pandemic shutdowns and the cost of living crisis, according to data from UKHospitality.

The trade body estimates that up to 30 per cent of businesses in the sector have closed since Covid struck. About 1,169 restaurants shut in the past year alone, equivalent to more than three a day, according to UKHospitality and consultancy CGA by NIQ.

“The money coming from the front door is just not enough to offset the significant cost of doing business that the restaurants are facing,” said Kate Nicholls, chief executive of UKHospitality.

While energy prices have fallen from their peak over the past 12 months, restaurants continue to bear the brunt of elevated food costs. The particularly labour intensive industry has also struggled with staff shortages, worsened by Brexit, and to keep pace with the statutory minimum wage. It stands at £10.42 an hour and will rise to £11.44 in April.

Devine said “the hardest thing is that the only thing you can do is put your prices up”, noting that there was a limit to how much lifting prices could help at a time of already weak consumer confidence and tight household budgets.

So the combination of all those things would tend to have squeezed the supply of restaurants, and it might be that if there’s enough demand to consistently fill restaurants in London, expand existing or open new ones, that things will tend to return to a more-normal state.

In total, there were 118 false positives — a rate of 4.29%.

Earlier this year, investors filed a class-action lawsuit, accusing company executives of overstating the devices’ capabilities and claiming that “Evolv does not reliably detect knives or guns.”

I mean, in terms of performance, I’d be more concerned about the false positive rate than the false negative rate, given the context. Like, if you miss a gun, whatever. That’s at worst just the status quo, which has been working. Some money gets wasted on the machine. But if you are incorrectly stopping more than 1 in 25 New Yorkers from getting on their train, and apply that to all subway riders, that sounds like a monumental mess.

Yeah, I was gonna say…GPUs have to be more significant today for general compute than they’ve ever been.

Okay, yeah, maybe you don’t need one for CAD acceleration in 2024, but that has to be a vanishingly small thing compared to parallel compute on stuff like AI work.

Did NVIDIA stop selling videocards in Russia?

kagis

https://www.pcmag.com/news/nvidia-to-stop-all-product-sales-to-russia

Nvidia Stops All Product Sales to Russia

March 5, 2022

So, yes, though I don’t think that it matters a huge amount, since companies are just gonna re-export them out of China or Kazakhstan or wherever. I mean, it’s not like the hardware has some kind of region-locking. It’s a piece of consumer hardware, sold and resold anonymously all over the place. It’s not some kind of specialized military hardware with four end customers and tight control over the movement of the product.

kagis

https://hardwaretimes.com/nvidia-loses-just-2-of-its-revenue-as-offices-are-shut-down-in-russia/

In October [2022], NVIDIA officially shut down all its operations in Russia as sales of both data center and consumer graphics cards were wrapped up. At the time, around 240 employees worked for the Santa Clara-based company. These folks were given the option to either relocate abroad or look for other jobs.

Furthermore, NVIDIA hardware has been banned from sale via official channels.

Fortunately for Team Green, the Russian Federation represented a minor market for its wide portfolio. Disclosures from the Q3 2022 earnings report indicate that the Federation accounted for just 2% of its revenue and 4% for the gaming business.

Although channel partners are forbidden to sell the latest GeForce RTX 40 series graphics cards, Russian gamers can still procure them from the grey market.

It’ll probably add cost and some risk of getting ripped off and no manufacturer’s warranty, but I would be surprised if someone who wanted a new GPU couldn’t continue to get ahold of one in Russia, given enough funds.

EDIT: Does make me wonder about Windows-side driver updates. Like, people here are talking about Linux. Windows requires driver signing, and I don’t know if those signatures are region-specific.

You can operate a VPN service in Russia legally, but it is obligated to block state-specified stuff internally to the VPN.

https://www.cloudwards.net/russian-vpn-ban/

VPN vendors have to get approval from the authorities to operate within the Russian borders. Usually, this means the provider has to comply with Russia’s censorship demands, like connecting to the FSIS.