edit: kam corrected me below.
The browser that initiated the request is under the control of BAD in step 3.
Readit Newskam commented on Emailing a one-time code is worse than passwords blog.danielh.cc/blog/pass... · Posted by u/max__dev
kam commented on OSS Rebuild: open-source, rebuilt to last security.googleblog.com/2... · Posted by u/tasn
Author here!
Both nix and guix are exciting projects with a lot of enviable security properties. Many here can attest that using them feels like, and perhaps is, the future. I see OSS Rebuild as serving more immediate needs.
By rebuilding packages from the registries people already use, we can bring some of those security properties to users without them needing to change the way they get their software.
Nixpkgs pulls source code from places like pypi and crates.io, so verifying the integrity of those packages does help the Nix ecosystem along with everyone else.
kam commented on Shipping WebGPU on Windows in Firefox 141 mozillagfx.wordpress.com/... · Posted by u/Bogdanp
- Streaming point cloud data setsnover web browsers (used by many surveying and construction companies, as well as geospatial government agencies).
- Visualize other scan data such as gaussian splat data sets, or triangle meshes from photogrammetry
- Things like google earth, Cesium, or other 3D globe viewers.
It's a pretty big thing in geospatial sciences and industry.
What improvements does WebGPU bring vs WebGL for things like Potree?
kam commented on Show HN: Icepi Zero – The FPGA Raspberry Pi Zero Equivalent github.com/cheyao/icepi-z... · Posted by u/Cyao
If I understood correctly, the ECP5 FPGA can be designed for with open source tooling [0][1], which makes this even more awesome.
OP, if you are planning to commercialize these, try to confirm compatibility, that will definitely make it more attractive!
[0] https://hackernoon.com/getting-started-using-open-source-fpg...
The examples in the repo are using the open-source yosys + nextpnr tooling.
kam commented on I use zip bombs to protect my server idiallo.com/blog/zipbomb-... · Posted by u/foxfired
Isn’t this basically a question about the halting problem? Whatever arbitrary cutoff you chose might not work for all.
No, compression formats are not Turing-complete. You control the code interpreting the compressed stream and allocating the memory, writing the output, etc. based on what it sees there and can simply choose to return an error after writing N bytes.
kam commented on TLS certificate lifetimes will officially reduce to 47 days digicert.com/blog/tls-cer... · Posted by u/crtasm
> Our internally provided certs of various CAs have a TTL of 72 hours and should be renewed every 48 hours.
Do you promise to come back and tell us the story about when someone went on vacation and the certs issued on a Thursday didn't renew over the weekend and come Monday everything broke and no one could authenticate or get into the building?
At least that sounds like it would be a more interesting story than the one where the person who quit a year ago didn't document all the places they manually installed the 2-year certificate.
kam commented on New USPTO Memo Makes Fighting Patent Trolls Even Harder eff.org/deeplinks/2025/03... · Posted by u/healsdata
For what purpose? If it's for prior art, the prior at must have been publicly available, so a private LLM wouldn't work. Perhaps I'm missing your point, though.
I think the idea is that if an LLM trained prior to the patent date can reproduce the invention, then either the idea is obvious or there was prior art in the training set; either way the patent is invalid.
I'm trying to figure out what the actual latest update is doing regarding the battery. I found an update to the kernel binary but it doesn't seem the source has been updated.
Can I submit a GPL request to Google to get the kernel source?
I also looked around AOSP and found the commit for the battery alert icon [1], but no kernel source.
[1] https://android.googlesource.com/platform/frameworks/base/+/...
Deleted Comment
If they don't do that then their reputation will suffer and governments might take notice. So, in practice, big companies do have to care about their users, not individually but in aggregate.
This is like a car manufacturer preventing the installation of all unapproved aftermarket accessories by claiming they're protecting you from a stalker installing a tracker on your car.