gravitas's recent activity
-
Comment on They stole my voice with AI in ~tech
-
Comment on What small questions do you have that aren’t worth a full topic on their own? in ~talk
-
Comment on CrowdStrike code update bricking Windows machines around the world in ~tech
gravitas Link ParentCrowdStrike is software that businesses install on their computers (Windows, Mac, and Linux) to monitor and prevent malware (in short). If you don’t have it installed, you’re in the clear. It’s...CrowdStrike is software that businesses install on their computers (Windows, Mac, and Linux) to monitor and prevent malware (in short). If you don’t have it installed, you’re in the clear. It’s not a Windows component—although only Windows computers are affected by this bad update.
-
Comment on This GitHub profile has a custom background in ~comp
gravitas Link ParentAh, good catch on the interaction! Yeah, that’s a little more serious than changing the background, hah.Ah, good catch on the interaction! Yeah, that’s a little more serious than changing the background, hah.
-
Comment on This GitHub profile has a custom background in ~comp
gravitas LinkI was immediately worried that this could be an issue (although in any case the impact would be limited), but it turns out... nope. GitHub’s security is on point. (who’d’ve thought?!) Request...I was immediately worried that this could be an issue (although in any case the impact would be limited), but it turns out... nope. GitHub’s security is on point. (who’d’ve thought?!)
Request failure message
Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://example.com/ because it violates the following directive: “img-src 'self' data: https://github.githubassets.com https://media.githubusercontent.com https://camo.githubusercontent.com https://identicons.github.com https://avatars.githubusercontent.com https://github-cloud.s3.amazonaws.com https://objects.githubusercontent.com https://secured-user-images.githubusercontent.com/ https://user-images.githubusercontent.com/ https://private-user-images.githubusercontent.com https://opengraph.githubassets.com https://github-production-user-asset-6210df.s3.amazonaws.com https://customer-stories-feed.github.com https://spotlights-feed.github.com https://objects-origin.githubusercontent.com https://*.githubusercontent.com”
If you’re like, a regular person, the above inscrutable message means that an attacker cannot use GitHub to initiate a GET request to an arbitrary domain, whenever someone’s profile is loaded.
If this worked (again, GitHub’s security totally prevents any of these attacks), this could either:
-
Leak someone’s IP address when they visit a GitHub profile (this is a privacy leak, but one that’s generally accepted by the Internet; nothing would be leaked besides the IP address and this is not a big deal).
-
DDoS someone. I was going to say that this isn't a big deal because GitHub traffic is minimal, but all you’d have to do is have a thousand references to some large file, different query parameters, and a lot of traffic to that profile, and maybe you could raise somebody’s CDN bill by a few dollars (ballpark).
-
Cross-site request forgery, which fortunately has been wholly solved by the Internet At Large.
Which means that the worst impact of this flaw is basically that somebody could change the website’s background. (The Internet has gotten very good at removing potential attack surfaces, by necessity!)
I’d imagine this to be fixed by patching whatever math renderer GitHub uses, along with maybe some CSS magic? I’m not familiar enough (read: at all) with stacking contexts to know if they could be used to clip any
z-indexelements to an element.Using an
iframewould isolate it too, but it wouldn’t work in this case because aniframedoesn’t change size to fit its contents. -
-
Comment on NASA finds more issues with Boeing’s Starliner, but crew launch set for June 1 in ~space
gravitas LinkSo this leak was in the Service Module’s port doghouse (one of four), and on helium manifold 2 in that doghouse. Each of the 28 Reaction Control System thrusters have a flange to supply them with...- Exemplary
So this leak was in the Service Module’s port doghouse (one of four), and on helium manifold 2 in that doghouse. Each of the 28 Reaction Control System thrusters have a flange to supply them with MMH (monomethyl hydrazine; fuel), NTO (nitrogen tetroxide; oxidiser), and helium. The helium is used to actuate valves on both the Reaction Control System thrusters and the Orbital Maneuvering and Attitude Control thrusters.
They can’t open up the flange to look at the helium seal while Starliner’s stacked, in the Vertical Integration Facility, because MMH and NTO are not exactly the most fun chemicals to be around; they’d have to de-stack Starliner to open up that system, which could delay the launch a month or more.
The service module is the section of Starliner that performs the deorbit burn before separating from the crew module for its reentry and burning up in the atmosphere. So there won’t be another chance to take a closer look at the seal unless they go for a de-stack, but this isn’t a big deal: they already have a good grasp on what’s happening. If Starliner is delayed again past the current batch of launch windows (June 1, 2, 5, and 6), I’d expect a de-stack and a closer look at this seal.
What surprised me was that this leak was 70 PSI per minute. This seems really high! But it turns out that the leak is from an area that has a volume of 15 cubic inches and a nominal pressure of 750 PSI. And from an informed guess, Starliner has about 12,000 cubic inches of helium storage at a nominal pressure of ~4,500 PSI. Assuming linear pressure → density, this leak alone would take almost a month to bring the main tanks down to 750 PSI. So the “70 PSI” part is, in my humble opinion, pretty misleading.
And if the leak does get worse, it can be isolated in flight by shutting down the manifold that the leak is from. I'm guessing that there aren’t any valves between the manifold and each thruster, but if there were the individual flange (along with its thruster) could also be isolated.
And the helium there only has to be pressurized when thrusters are needed, so it could probably be depressurized while Starliner’s docked to the ISS (International Space Station) which would mean the leaky section is only pressurized for 4-5 days. (The system is pressurized during the launch count, both because the thrusters would be necessary during a launch abort and to remove the possibility of a failure after launch. While it’s docked at the ISS, there isn’t any imminent danger if the thruster system can’t be started up.)
-
Comment on What creative projects have you been working on? in ~creative
gravitas Link Parent“The worst thing that can happen” has now changed to “only one person listens to it” :) Congrats on the releases!“The worst thing that can happen” has now changed to “only one person listens to it” :) Congrats on the releases!
-
Comment on What creative projects have you been working on? in ~creative
gravitas Link ParentYep, I’m making all of it. The image I had in mind was the car in front of Casey breaking, Casey not breaking hard enough, the bike tipping forwards and ejecting Casey towards the car. Thanks for...Yep, I’m making all of it. The image I had in mind was the car in front of Casey breaking, Casey not breaking hard enough, the bike tipping forwards and ejecting Casey towards the car. Thanks for the good feedback here!
Thank you!
-
Comment on What creative projects have you been working on? in ~creative
gravitas Link ParentThank you! I’m writing these on-the-day, but I don't think it's quite automatic writing—it’s definitely cleaned up a lot, and I have been (and still am!) too far on the scale towards...Thank you! I’m writing these on-the-day, but I don't think it's quite automatic writing—it’s definitely cleaned up a lot, and I have been (and still am!) too far on the scale towards editing-as-I-write; and I’m hoping that the deadline will force me into automatic writing by necessity.
I haven’t been purposefully tying the music into the writing, but I’m in the same headspace and it seems like it's working out more often than not. And yeah, one of the main motivations was to do something productive with the free time I’ve had lately. And I have found this a lot of fun; thanks again!
-
Comment on What creative projects have you been working on? in ~creative
gravitas LinkIn an effort to shift my brain away from quality gear, and into quantity gear, I’ve spun up my own website and set a goal to publish some creative work every day (self promotion, you can go visit...In an effort to shift my brain away from quality gear, and into quantity gear, I’ve spun up my own website and set a goal to publish some creative work every day (self promotion, you can go visit at https://3e8.dev/daily/, self promotion over). I’m only three days in so far but I’m almost proud of what I’ve made so far, and I'm actually a little surprised that my brain has been able to hit deadlines all along (although, as mentioned before: perhaps a little premature.)
And I'm a little hesitant to say things like, “we’ll see how long it lasts” (or indeed talk about confidence at all!) because a significant percent of all problems ever are confidence problems, and confidence problems can always be solved by simply lying. I have tried to get myself into the mindset of “I will be doing this” with this project, and to be honest it's been a lot more effective than I expected. Maybe that’s been helped by publishing only on my own website, which has the (deserved) reputation of a ‘screaming into the void’ deal.
Rambling over. Feedback would be appreciated: do your worst!
-
Comment on ESA satellites to test razor-sharp formation flying in ~space
gravitas Link ParentThe occulter (OSC) uses cold gas thrusters. These work by opening a valve to release a high-pressure propellant, where the mass flow itself accelerates the spacecraft. (I'd expect the gas to be...- Exemplary
The occulter (OSC) uses cold gas thrusters. These work by opening a valve to release a high-pressure propellant, where the mass flow itself accelerates the spacecraft. (I'd expect the gas to be something like nitrogen, but I couldn't find any details.) These are pretty much the simplest possible thruster: a tank and a valve. ("Cold" here refers to there being no ignition, not cryogenic temperatures; the OSC's propellant tanks run at a modest 14°C–34°C.)
The other spacecraft (the coronagraph, or OSC) uses hydrazine thrusters, which run their single propellant over a catalyst to release energy.
Cold gas thrusters are relatively inefficient, with a specific impulse of around 70, limiting the total delta-v of the spacecraft. This tradeoff is perfectly okay for stationkeeping because there's less atmospheric drag at these altitudes.
From the article:
The CSC is responsible of performing the main orbital maintenance impulsive manoeuvres with monopropellant thrusters.
To me, this reads as the CSC using hydrazine thrusters for coarse alignment (orbital parameters, keeping the right distance away) to the the occulter, which is then only responsible for fine alignment.
Crewed spacecraft tend to use hypergolic propellants which are relatively efficient, in the ballpark of 300 seconds of specific impulse. These propellants are also storable at ambient temperatures, and hypergolic thrusters are easy to scale up to high-acceleration burns.
Long-duration stationkeeping in low earth orbit, or (more famously) interplanetary probes, can use ion thrusters which are highly efficient (thousands of seconds of specific impulse, reducing fuel mass requirements for the same delta-v), but use so much electricity that high-acceleration burns aren't feasible.
For short-lifetime spacecraft (upper stages, orbital transfer vehicles), cryogenic propellants are possible. These run at very low temperatures (ballpark: -200°C), and at least in the case of upper stages, require high thrust to avoid falling back into the atmosphere.
-
Comment on Can hydrogen help the world reach net zero? in ~enviro
gravitas Link ParentHydrogen has good energy density per mass, but not per volume. As just one data point, the 2014 Toyota Mirai's hydrogen tanks (interior volume of about 120 liters[1]) weigh 87.5kg, and hold only...Hydrogen has good energy density per mass, but not per volume. As just one data point, the 2014 Toyota Mirai's hydrogen tanks (interior volume of about 120 liters[1]) weigh 87.5kg, and hold only 5kg of hydrogen.[2][3]. That's somewhere around 170kWH of energy. The equivalent mass in gasoline would be 33 gallons (or 125 liters, roughly the same volume!), containing about 1000kWH of energy. Of course, gas engines are less efficient than hydrogen fuel cells (~66%[4] to ~40%[5]), and I'm ignoring a lot of things around the drivetrain, too—fuel cells, batteries, electric motors, gas engines all take varying masses and volume.
-
Comment on Introducing the Epic First Run program in ~games
gravitas Link ParentFor what it’s worth, game publishers set regional prices, not Steam, although they do publish recommended rates.For what it’s worth, game publishers set regional prices, not Steam, although they do publish recommended rates.
-
Comment on YouTube's privacy settings now block you from seeing suggested content in ~tech
gravitas Link Parentthe homepage blanking happens when view history is disabled, not with subscription privacy.the homepage blanking happens when view history is disabled, not with subscription privacy.
-
Comment on The Val Programming Language in ~comp
gravitas Link Parent(this reply is kinda obsoleted by @skybrian's answer because I was too slow on the draw :) Mutable Value Semantics Almost all languages nowadays have some form of reference semantics. For example,...(this reply is kinda obsoleted by @skybrian's answer because I was too slow on the draw :)
Mutable Value Semantics
Almost all languages nowadays have some form of reference semantics. For example, objects in JavaScript have an identity --- if I have some code that gives someone else an object, and they modify that object, my reference to the same object reflects those changes.
To contrast this, an array (not like C/C++'s arrays) in Swift has value semantics. If they're passed to a function, and that function modifies it, it doesn't affect the array that it was copied from. If the array's items are reference types, they won't be cloned, however.
Swift also has implicit memory management. While JavaScript uses garbage collection, Swift uses reference counting --- code is added to your functions that keeps track of how many referents exist to any reference-typed value. It also keeps reference counts for data structures like arrays, so that instead of copying the array all the time, it can only copy it right before it's modified. That's called Copy-On-Write (COW).
As a lower-level example, Rust doesn't have reference types. If you pass a nontrivial value (roughly any type that implements
Drop--- which run code roughly whenever they go out of scope) anywhere, you can't use it again, ensuring that it'll only be "dropped" once.But Rust still has first-class references, a way to safely pass pointers around that are verified, at compile time, to be "shared XOR mutable". Mutable references are guaranteed to not be shared, and values are guaranteed to not be modified whenever any references to that value exist. This system is the source of a lot of Rust's complexity.
Val only has second-class references. This means that it doesn't have to deal with anything like Rust's lifetimes, removing a lot of complexity from the language. Val also has similar "move semantics" to Rust, meaning it doesn't have to do any implicit reference-counting like Swift.
Zero-Cost Abstraction
In JavaScript and Swift, garbage collection and reference counting respectively are costs that can't be opted out of. In Swift, passing an array around adds code to increment and decrement the reference count, and modifying it adds code to check if it's aliased, and if so, to copy it.
Rust and Val have the same "zero-cost abstraction" philosophy.
For example, Rust has generic code, which can be passed arguments of different types. But a generic function is equivalent to manually duplicating it and changing all the types, so these don't add any overhead at runtime.
As another example: in languages like Haskell, Ocaml, and Python, almost all values are "boxed" which is a fancy way to say each individual value has its own memory allocation. This adds pointer lookups to nearly all code. (I believe Ocaml at least has small-int optimization, where small integers are instead unboxed.) Whereas in Rust, memory allocation is generally opt-in.
The rest...
...is beyond me. :)
-
Comment on Distrohoppers, what's your flavor this week? in ~comp
gravitas Link ParentClearing the WAYLAND_DISPLAY environment variable should work. If you're running it from a terminal/command line, you can just run WAYLAND_DISPLAY="" [command]. (If this doesn't work, you may also...Clearing the
WAYLAND_DISPLAYenvironment variable should work. If you're running it from a terminal/command line, you can just runWAYLAND_DISPLAY="" [command]. (If this doesn't work, you may also want to tryenv -uWAYLAND_DISPLAY [command]---this will remove the environment variable instead of setting it to the empty string.)From the KDE application launcher, you can right-click on an application, go to "Edit Application" and then the "Application" tab, and put
WAYLAND_DISPLAY=""in the Environment Variables input. This may or may not work; I tried it out for Discord and it didn't work, but it looked like it should work for Zoom installed from the AUR---other package managers may be similar. -
Comment on Distrohoppers, what's your flavor this week? in ~comp
gravitas LinkI've been running Arch for a couple of years now. On the other hand, I've hopped through several window managers: i3 bspwm River ...and finally, KDE on Wayland Overall, Wayland has been more...I've been running Arch for a couple of years now. On the other hand, I've hopped through several window managers:
- i3
- bspwm
- River
- ...and finally, KDE on Wayland
Overall, Wayland has been more stable in my experience. For example: on X, the display defaults to 60hz. (I'm not sure when this started---I only had this experience after switching to Wayland and back again) I can just run
lxrandrand change the refresh rate to 144hz every time I reboot, but KDE just works, all the time.Annoyingly, KDE only lets me use 60hz or 144hz, whereas my fork of River could switch to 120hz (which is also useful for viewing 60fps content without stutter, but in my experience, I've never noticed this); on Wayland, hitting frame pacing is much more important because of [very complicated reasons] :)
-
Comment on Lost Ark is being review bombed after incorrectly issuing permanent bans to inactive players, which leaves a mark on their Steam profiles in ~games
gravitas Link ParentNot sure about DOTA, but the CSGO Rulebook says “The TO [Tournament Organizer] will not qualify, nor allow in any qualifying event, any player who has been "Valve Anti-Cheat" banned ("VAC Banned")...Not sure about DOTA, but the CSGO Rulebook says “The TO [Tournament Organizer] will not qualify, nor allow in any qualifying event, any player who has been "Valve Anti-Cheat" banned ("VAC Banned") in CS:GO.”, i.e. VAC bans for Lost Ark would not affect CS:GO major tournaments.
But the ban isn't a VAC ban: It's a Game ban, which, as far as I know, any developer can use.
The voice generation here is almost certainly a machine learning model, trained on other recordings of voices. If there are any artifacts from the process of digitally recording voices, they’ll be replicated along with the actual signal.
There may be artifacts that the machine learning model produces, but these are unintentional and will be fixed by a better model.