The Unclear Impact

The Unclear Impact

Kristóf Marussy | @kristof@pleroma.marussy.com

I'm a researcher working on the extra-functional requirements and formal verification of cyber-physical system architectures.
I also like free (as in liberty) software, privacy enhancing technologies, and cryptography.

I may not be trans but transgender hating script kiddies are too incompetent to tell the difference. Donkey Kong says trans rights = human rights.

@meisam i'm coordinating our lab course for MSc students (critical architectures laboratory) this semester. luckily, most of the lab sessions are actually taught by our talented PhD students (and not me!), though blobfoxaww

so i got a little breather from our usual selection of software technology / formal methods / probability theory / algorithms

trying to update the flyer for our classes at uni and turns out i'm not good at using scribus blobfoxshocked

You wanted to add your *verified* ORCiD to your GitHub profile? Now you can do that :-) https://github.blog/changelog/2024-03-13-authenticate-orcid-id/

shot of madeleine cookies with the text "NOSTALGIA" set across them in futura bold

If you see a Java performance optimization guide that talks about any of:

* Long methods
* Lots of small objects
* If-else statements

etc

then you should just throw the guide away and look for another resource.

The JIT and the modern GCs are _beasts_. You aren't going to get finely-tuned-C++ level performance (at least with the JVM you are most likely using), but any of the advice from 20-30 years ago (that has stuck around nonetheless) just needs to be thrown out.

@hrefna the scariest thing i've seen with java was when we were optimizing a complex data structure that was doing pointer chasing and allocations all over the place (the sort of thing people warn about being slow), and it turned out after microbenchmarking that the actual slowest part was the % 6 we had in a hash computation for an array index. ablobfoxdundundunowo

GC-that-turns-allocations-into-atomic-increments-and-compacts-your-objects is a beast indeed

@dalias i'll be something evil with sequence points, won't it? blobfoxshocked

@julesh wouldn't that be the same thing, just 24 hours earlier? blobfoxthonking

linux

postgres 15 -> 16 migration took 28 hours for my tiny 5.2 GB database... i probably messed something up with the config blobfoxthink

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties.

1/4

@mrtick@infosec.exchange in front of an Impuls.

arch linux

if resume from hibernation from a swap file is not working on [testing] currently, probably (the lack of) this is the reason: https://github.com/systemd/systemd/commit/b7c1f9eaf490c65c431af9fd93d974479ab315aa

@shriramk i guess then if it's doing bugger all, it's \prod

linux

intellij decided to crash #swayvm sporadically, so it's relegated into a nested sway session until i can figure out what's going wrong blobfoxannoyed

To FLOSS projects but also individuals: Please stop relying on GitHub, Discord or other proprietary services. What happened to Twitter and Unity WILL happen to them as well.

Also people shouldn't have to use proprietary software or services to contribute to FLOSS projects, that just doesn't make any sense.

java

java.lang.NullPointerException: Cannot read field “W” because “this” is null

this doesn’t sound healthy at all

(trying to cross-build a docker container for aarch64 using jlink with buildx and qemu binfmt_misc)

rust, java, cursed

i have a sudden urge to combine tauri with the jni invocation api

re: linux

@robby i accidentally rsynced something to my server into the directory named '~' instead of into my home directory, and i tried to get rid of it

(a very poor man’s deployment solution when i work on the app at https://refinery.services – rsync the jar into my home directory, then sudo mv into /var/lib where it should live and restart the corresponding systemd service. the funny thing is that this project is sponsored by amazon science, but we have our AWS guy on vacation, and debugging research software on my own VPS is much easier)

linux

so i just issued the command rm -rf ~ instead of rm -rf '~' blobfoxfacepalm

good thing i have btrfs snapshots

i wish i understood more Coq (or french in general)

drm

https://support.github.com/contact/report-abuse?category=report-content&report=RupertBenWiser&report_content_url=https%3A%2F%2Fgithub.com%2FRupertBenWiser%2FWeb-Environment-Integrity&report_id=26461279&report_type=content#contact_comments

The repository contains a proposal for a piece of malware which, through remote attestation, directly threatens browser diversity (by only allowing officially certified builds of a handful of browsers to access webpages), operating system diversity (by only allowing certified builds of certain operating systems), device diversity (by only allowing devices with certified firmware) and computer architecture diversity (by only allowing architectures where such certified firmware, OS, and browsers exist). As such, it poses a critical threat to innovation and free and open source software.

By taking away users’ ability to customize their user agents, computing technology not only becomes solely a vehicle for corporate profit, but we also risk extinguishing the very human curiosity and experimentation that is needed to produce the next generation of developers. More broadly, by forcing people to watch advertisements in their browser without the possibility filtering in order to access any web service (likely including government services), we expose citizens to mandatory misinformation. Locked down platforms also promote government surveillance and control, destroying democracy itself by removing the possibility of protest and dissent.

While some people might be able to buy a non-locked down device (in addition to a locked-down device required to access websites with integrity requirements), the proposal discriminates against people with no economic means to do so. Disabled people are also discriminated against, especially if they need accessibility tools not certified and locked down for attestation.

Therefore, any attempt to lock down the web and adopt DRM ubiquitously should be stopped at all costs.

»