skjoldr (u/skjoldr) - Readit News

skjoldr commented on Cloudflare misidentifies Hetzner IPs as being located in Iran gitlab.com/gitlab-com/gl-... · Posted by u/doruk101

reisse · a year ago

> but the traffic is _clearly coming from Germany_

How do you know that if the only thing you see on the receiving side is an IP address, which is marked as Iranian?

skjoldr · a year ago

BGP full view and traceroutes? It's pretty hard to fake the path that a packet takes to that IP address.

skjoldr commented on Cloudflare misidentifies Hetzner IPs as being located in Iran gitlab.com/gitlab-com/gl-... · Posted by u/doruk101

dns_snek · a year ago

It's slightly more involved than this, but not extraordinarily so.

For example seemingly innocuous implementations like loading fonts directly off Google Fonts without consent (i.e. providing Google with information about visitors' browsing habits) would technically be on the wrong side of the GDPR, but I think it's very unlikely that anyone would complain about it, legally speaking.

skjoldr · a year ago

There already exist ways to proxy those requests in ways that avoid exposing anything about the visitors to Google. It's in the grey area wrt Google's own ToS, but then, it's that or GDPR.

skjoldr commented on Cloudflare misidentifies Hetzner IPs as being located in Iran gitlab.com/gitlab-com/gl-... · Posted by u/doruk101

thayne · a year ago

> you can store it in an encrypted backup which you remove after 90 days (and throw away the key)

Sure. But that is much easier said than done. Especially if your previous strategy was to just keep everything, because storage is cheap, development cost is expensive, and then the data will still be there if the customer decides to return in a few years.

And in many (most?) cases it's not like you just have a single file with all the user's data, that data is spread around in many different database tables , and possibly even multiple databases. The development work to figure out how to clean everything up, without accidentally deleting anything wrong or leaving anything out can be a considerable amount of effort.

It's also not always black and white who data belongs to. If I upload an image onto a document that was shared with me, should that image be deleted if I cancel my account? What about something I posted publicly on a social media platform? Or posted privately in a group chat or DM? Does it make a difference if the content of an image or text I wrote included PII? Hopefully you have a lawyer that understands the nuances involved.

skjoldr · a year ago

I see this and I feel I must ask: why would you EVER engineer ANY application under the idiotic assumption that none of your users will ever want to remove the data that they had stored in it?! Absolutely baffling. Of course, if a business is that short-sighted and careless, it will struggle to implement GDPR.

skjoldr commented on Z-Library admins "escape house arrest" after judge approves U.S. extradition torrentfreak.com/z-librar... · Posted by u/mrzool

mandmandam · 2 years ago

Is it because the West has been heading full-tilt into a mish-mash of every dystopia we were ever warned about for decades?

Whatever reason Russians have to preserve humanities culture, it is entirely the West's fault that we are not looking after it ourselves. That wasn't Russia, or China; it was the yacht class and their hirelings in law, politics and media.

skjoldr · 2 years ago

Ironic considering the Russian oligarchs have the most blinged out yacht fleet

skjoldr commented on Z-Library admins "escape house arrest" after judge approves U.S. extradition torrentfreak.com/z-librar... · Posted by u/mrzool

matrix87 · 2 years ago

> According to a 2016 OECD estimate, 54% of Russia's adults (25- to 64-year-olds) have attained tertiary education, giving Russia the second-highest attainment of tertiary education among 35 OECD member countries. [0]

Wonder why, was it a thing before the Soviets?

[0] https://en.wikipedia.org/wiki/Education_in_Russia

skjoldr · 2 years ago

Russia and most other post-Soviet countries maintained mandatory military draft, with education being one of the only non-health-related exemptions available. Because of the sad state of those armies in the 90's, 00's, and even 10's, very few young men in particular were willing to basically waste a year or so of their life, so instead nearly every male school graduate went into a university, which contributed to the statistics.

skjoldr commented on Show HN: Edna, note taking app for developers edna.arslexis.io/... · Posted by u/kjksf

liquid_bluing · 2 years ago

I am a prolific note-taker, and I use vim. Many of these features and more are supported in vim with the vim-markdown plugin, which has support for markdown syntax highlighting and syntax highlighting in code blocks, and a hierarchical table of contents using the location list, which is my favorite feature. I have scripts and functions that implement some other features. The one important thing that vim necessarily lacks that is very useful for note-taking is the ability to render images and mathematical equations, which is why I still sometimes use Word.

This is a neat piece of software, but it would seem to me that the tools available on the command line - Unix or PowerShell - cover just about all the use cases, and importantly, are customizable, lightweight, and interoperable. For instance, I have scripts that use fzf and/or ripgrep to quickly search my notes directories and open notes for editing.

This is just me - it's definitely possible that I'm missing out on a better way of doing things, but I can't easily see the value, for a developer at least. Maybe folks just aren't that familiar with what can be done with common tools that already exist? Maybe it's because the CLI can be a pain to learn? I guess that's what a GUI note-taking app is for...

BTW, I'm not trying to be negative, just sharing my possibly idiosyncratic perspective.

skjoldr · 2 years ago

Vim has a steep learning curve though, GUI apps don't.

skjoldr commented on Safe Superintelligence Inc. ssi.inc... · Posted by u/nick_pou

ben_w · 2 years ago

No more so than trying to control a supersonic aircraft when we can't even control pigeons.

skjoldr · 2 years ago

Correct, pidgeons are much more complicated and unpredictable than supersonic aircraft, and the way they fly is much more complex.

skjoldr commented on Safe Superintelligence Inc. ssi.inc... · Posted by u/nick_pou

schindlabua · 2 years ago

Deceiving a single human is pretty easy, but decieving the human super-organism is going to be hard.

Also, I don't believe in a singularity event where AI improves itself to godlike power. What's more likely is that the intelligence will plateau--I mean no software I have ever written effortlessly scaled from n=10 to n=10.000, and also humans understand how to improve themselves but they can't go beyond a certain threshold.

skjoldr · 2 years ago

Humans understand how to improve themselves, but our bandwidth to ourselves and the outside world is pathetic. AIs are untethered by sensory organs and language.

skjoldr commented on How Home Assistant is being used to protect from missile and drone attacks denysdovhan.com/home-assi... · Posted by u/slovette

nirui · 2 years ago

It's 2024, instead of riding our personal spaceships to habitat on Mars, we use Home Assistant software to alert us about incoming missile attacks.

War is the single most unproductive activity humans can do. Sure, maybe Putin has his rationale, but spiting on a cake is never how one can secure the cake for themself, because guess what, others can also spit on it and then the cake is ruined. A greater leader knows that the only way to really solve a problem is to do something that adds (instead of removes) value, sadly some leaders never care to learn it.

Rant aside, I want to ask a question: based on the article, it seemed that the system requires Telegram (thus Internet) and open source intel to work. Is it possible to make the system self-sustained? Is it physically possible to detect imminent attack based on soundwave/light signals? Because after the war started, Internet access maybe a difficult privilege.

skjoldr · 2 years ago

Mobile operators have added microphones to 4G cell towers throughout Ukraine to triangulate suspicious sounds.

Starlinks provide decentralized access to the Internet both on the frontline and back in the rear. Together with batteries, solar panels, and petrol/natgas/diesel generators, they can be relied on to provide 24/7 Internet access for a while even if something happens to the ISPs. Lots of people now have them even though they are a bit expensive, and the Ukrainian government had also set up a network of locations where civilians can gather to warm up, charge their devices, and send messages over Starlink, in the worst-case scenario of a major infrastructure breakdown.

More broadly, it's harder than it seems to knock out both the entire backbone of the Ukrainian Internet network and the backbone of the mobile carriers, at once. It's easier to target the power stations. Even then, it is possible to get at least some power as long as the fossil fuel logistics are maintained. A 180W solar panel that costs around $100 can, in decent weather, provide enough power to charge a phone and power a Starlink. So power is a major problem, but it also has solutions.

skjoldr commented on How Home Assistant is being used to protect from missile and drone attacks denysdovhan.com/home-assi... · Posted by u/slovette

H8crilA · 2 years ago

The real question is why there isn't any official API that details the nature of the danger. You shouldn't have to scrape Telegram to figure out the type/speed of the air assault weapon, and the likely time on target.

BTW, also check out Kropyva, it's like Uber for artillery strikes. Very helpful with deleting Russians.

skjoldr · 2 years ago

The chief reason is decentralization.

Journalists who are updating these channels have their own sources in the Ukrainian air defense network as well as OSINTers who, for example, monitor Russian radio traffic using SDR, or even sometimes have people on the ground observing the take-off of planes in Russia and Belarus (horrifically dangerous, but there are ways to send this information somewhat safely; planes tend to be loud). If one of the journalists goes down for any reason, there will be other people writing updates. Each oblast also has their own channels where they announce attacks, some of them owned by the local administration, some by the emergency services. The air defenders themselves are a bit too busy to monitor and write this stuff; often, the best they can do is to write some short messages into a group chat or a Telegram bot before things go down, and even then, all parties involved have to balance providing an appropriate warning window with not letting the timing of this information to reveal the capabilities and locations of different kinds of Ukrainian observation stations. And this whole system has to be simple, since not every trained air defender is tech-savvy in general. Many don't know what an API even is. Many Ukrainians, too, wouldn't understand how to work with an API, but they can read the warnings in Telegram.

Also don't forget that the journalists who curate monitoring channels often also accept reports about the flight paths of missiles and drones from the general public, and while there are a couple of apps for that as well that send data from the phone's GPS and compass while the user is pointing the phone at the object, again, it's a matter of having several information channels that non-technical people can easily use. Even just writing to one of them that you just heard a cruise missile fly by, specifying your rough location, can be helpful, since radar coverage is not 100%. These messages then get relayed back to the people in the Ukrainian AA who are trying to intercept these things in real time.

Then there are the obvious security concerns, personal communications and group chat access can be vetted and it's hard to break the anonymity of Telegram channels from the outside to even be able to target the authors' devices with cyberattacks. While an API must be open to the world, and thus it immediately becomes a target.

It's a messy system but it works.

Kropyva is not available to the general public and it's very far from the capabilities of similar NATO systems, its strength lies in the fact that it's an Android app that can be used on cheap tablets, so it doesn't rely on the military-industrial complex provided hardware, which is safer and more robust, but far more expensive.