Readit News logoReadit News
fpoling commented on Security issues with electronic invoices   invoice.secvuln.info/... · Posted by u/todsacerdoti
tnorgaard · 2 days ago
This talk seems set out to prove that "XML is Bad". Yes XML-DSig isn't great with XPaths, but most of these attack vectors has been known for 10 years. There is probably a reason why the vulnerabilities found where in software not commonly used, e.g. SAP. Many of the things possible with XML and UBL simply isn't available in protobuf, json. How would you digitally sign a Json document and embed the signature in the document?

The article nor the talk appear to reference the XML standard that EN 16931 is built upon: Universal Business Language, https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=... - which is freely available. Examples can be found here: https://github.com/Tradeshift/tradeshift-ubl-examples/tree/m... . It is a good standard and yes it's complex, but it is not complicated by accident. I would any day recommend UBL over IDOC, Tradacom, EDIFACT and the likes.

fpoling · 2 days ago
If one has a reproducible JSON serializer, then one can add a signature to any JSON object via serializing the object, signing that and then adding the resulting signature to the original object.

This avoids JSON-inside-JSOn and allows to pretty-print the original object with the signature.

fpoling commented on Golang's big miss on memory arenas   avittig.medium.com/golang... · Posted by u/andr3wV
foobiekr · 4 days ago
Two big issues in Golang are that you can't actually build an arena allocator that can be used for multiple types in a natural way.

The other is that almost no library is written in such a way that buffer re-use is possible (looking at you, typical kafka clients that throw off a buffer of garbage per message and protobuf). The latter could be fixed if people paid more attention to returning buffers to the caller.

fpoling · 4 days ago
Rust also suffers from libraries returning a newly allocated strings and vectors when the code should allow to pass a pre-existing string or vector to place the results.

Granted the latter leads to more verbose code and chaining of several calls is no longer possible.

But I am puzzled that even performance-oriented libraries both in Go and Rust still prefer to allocate the results themselves.

fpoling commented on Deprecations via warnings don't work for Python libraries   sethmlarson.dev/deprecati... · Posted by u/scolby33
hiq · 4 days ago
Wild (and I guess most of the time bad) idea: on top of the warnings, introduce a `sleep` in the deprecated functions. At every version, increase the sleep.

Has this ever been considered?

The problem with warnings is that they're not really observable: few people actually read these logs, most of the time. Making the deprecation observable means annoying the library users. The question is then: what's the smallest annoyance we can come up with, so that they still have a look?

fpoling · 4 days ago
Yes, people do notice sleep. But it has to be on the scale of minutes or it will be ignored especially if it happens during a CI run.
fpoling commented on A supersonic engine core makes the perfect power turbine   boomsupersonic.com/flyby/... · Posted by u/simonebrunozzi
bradfa · 5 days ago
It’s interesting that this implies that building natural gas pipelines to data centers is easy, at least easier than building out substations and transmission lines. Because you don’t run a (or several) 42MW natural gas generator without a big fat natural gas pipe.

Why is it so much easier to build the pipelines than to bring in electric lines?

fpoling · 5 days ago
In Texas a lot of natural gas is wasted/burned away as it is not profitable to collect and transport it from all oil fields. These days quite a few places put small turbines to generate electricity to do cryptocurrency mining.

This will serve a similar use case just on a bigger scale.

fpoling commented on A supersonic engine core makes the perfect power turbine   boomsupersonic.com/flyby/... · Posted by u/simonebrunozzi
seanmcdirmid · 5 days ago
They are replacing old coal plants with more efficient cleaner designers. National security wise they still have lots of coal to work with, while most renewable energy is generated in the west where ongoing grid upgrades are needed to use it where people live (in the east).
fpoling · 5 days ago
The newer plants not only more efficient going from 30-35% of peak efficiency to something like 45%, they can also operate efficiently over wider range of power output and are faster to turn on/off.

This is very helpful to deal with variability with renewable output.

fpoling commented on A supersonic engine core makes the perfect power turbine   boomsupersonic.com/flyby/... · Posted by u/simonebrunozzi
rgmerk · 5 days ago
It's not clear (yet) what a 100% clean energy powered world would use to cover the last couple of percent of demand when loads peak and/or variable generation troughs for extended periods.

It'll be some combination of demand management (which isn't nearly as horrifying as people make it out to be), pumped hydro, long-duration batteries like iron-air, but also possibly burning hydrogen or hydrogen-derived synthetic fuels (produced by electrolysis when hydrogen is abundant) and/or biofuels in turbines.

fpoling · 5 days ago
Somebody calculated that a home in UK needs 1 Megawatt-Hour battery to backup solar energy during the winter. I suspect in 10 years that may cost below 25K, a small fraction of the property cost.
fpoling commented on 10 Years of Let's Encrypt   letsencrypt.org/2025/12/0... · Posted by u/SGran
monerozcash · 5 days ago
It was easy to provide the information for an existing business you're completely unrelated to. Reliably verifying that a person actually represents a company isn't possible in most of the world.
fpoling · 5 days ago
Many countries has official register of companies with at least post box address. Requiring to answer a physical letter sent to an address from the central register will be much more reliable.
fpoling commented on I wasted years of my life in crypto   twitter.com/kenchangh/sta... · Posted by u/Anon84
virgilp · 7 days ago
Yeah but you can also have a disaster strike in that place (say, a nuclear accident) that will obliterate your real-estate value. Or general society changes that will make a city much less desirable (see the "rust belt"). Of course, nothing is without risk - so in that sense, it's not surprising that real-estate has risks. But that's what I wanted to underline, nothing is "inflation-proof". There's no guaranteed way to preserve wealth (much less increase it). None.
fpoling · 7 days ago
While there is no bulletproof way to preserve wealth real-estate is one of the most sound one compared to others. A nuclear accident can be insured and general social decline happens over many years or even decades that gives plenty of time to react.
fpoling commented on I wasted years of my life in crypto   twitter.com/kenchangh/sta... · Posted by u/Anon84
nout · 7 days ago
For larger amounts it makes sense to use the bitcoin rails for international transfers. I'm doing bank to bank international transfers and using bitcoin saves around 3% compared to Wise and you get the money immediately (or within 1hr, depending on what you use).
fpoling · 7 days ago
Few years ago I needed to transfer a big sum from a Scandinavian country into Euro. The official bank exchange rate plus fees was worse than Wise’s. But I asked the bank and the bank gave me an exchange rate that was like 0.1% better than one from wise.
fpoling commented on I failed to recreate the 1996 Space Jam website with Claude   j0nah.com/i-failed-to-rec... · Posted by u/thecr0w
crawshaw · 7 days ago
This does not appear to be true. Six months ago I created a small programming language. I had LLMs write hundreds of small programs in the language, using the parser, interpreter, and my spec as a guide for the language. The vast majority of these programs were either very close or exactly what I wanted. No prior source existed for the programming language because I created it whole cloth days earlier.
fpoling · 7 days ago
Languages with reasonable semantics are rather similar and LLMs are good at detecting that and adapting from other languages.
f

u/fpoling

KarmaCake day4113December 24, 2015View Original