metiulekm

Imagine a soccer ball. The most traditional design consists of white hexagons and black pentagons. If you count them, you will find that there are 12 pentagons and 20 hexagons.

Now imagine you tried to cover the entire Earth in the same way, using similar size hexagons and pentagons (hopefully the rules are intuitive). How many pentagons would be there? Intuitively, you would think that the number of both shapes would be similar, just like on the soccer ball. So, there would be a lot of hexagons and a lot of pentagons. But actually, along with many hexagons, you would still have exactly 12 pentagons, not one less, not one more. This comes from the Euler's formula, and there is a nice sketch of the proof here: .

My understanding is that all issues are patched in the mentioned releases, the config flag is not needed for that.

The config flag has been added because supporting clients with different endianness is undertested and most people will never use it. So if it is going to generate vulnerabilities, it makes sense to be able to disable it easily, and to disable it by default on next major release. Indeed XWayland had it disabled by default already, so only the fourth issue (ProcRenderAddGlyphs) is relevant there if that default is not changed.

Honestly I've unironically missed the entirety of the image at first, I went directly to the text. And probably a lot of internet-savvy people would, this kind of image is useless decoration 90% of the time and people are trained to not look at it. Same concept as in that research where they asked people to find the current population number on a webpage and they had a very hard time, despite the value being in big red digits or something equally distinctive.

The bootloader is stored unencrypted on your disk. Therefore it is trivial to modify, the other person just needs to power down your PC, take the hard drive out, mount it on their own PC and modify stuff. This is the Evil Maid attack the other person talked about.

I am afraid you are still a bit misled; WireGuard is exactly what they use for the demo video. In general the underlying protocol does not matter, since the vulnerability is about telling the system to direct the packages to the attacker, completely bypassing the VPN.

Same for Polish. One funny thing I've noticed is that in one of the examples, the person tries to stay at a hotel, and the price is clearly in the old currency, which has not been used since 1997.

I like btdu which is essentially ncdu, but works in a way that is useful even if advanced btrfs features (CoW, compression etc.) are used.

Every prime larger than 3 is either of form 6k+1, or 6k+5; the other four possibilities are either divisible by 2 or by 3 (or by both). Now (6k+1)² − 1 = 6k(6k+2) = 12k(3k+1) and at least one of k and 3k+1 must be even. Also (6k+5)² − 1 = (6k+4)(6k+6) = 12(3k+2)(k+1) and at least one of 3k+2 and k+1 must be even.

Phoenotopia: Awakening – an amazing metroidvania-related game. Relatively more popular than the other games I list, but is honestly one of my favorite games of all time.

Vision: Soft Reset – a metroidvania, but you can travel backwards and forwards in time and this really matters for gameplay.

Bombe – Minesweeper, but instead of solving the puzzles manually, you create rules ("if there is a cell with the number N and there are N empty cells around it, mark them all as mines") which the game applies automatically.

SOLAS 128 – a puzzle game where you redirect signals in a huge machine, just a great experience if you like puzzle games.

You could make an argument that not using banking apps decreases your security, since most banks use either SMS or those apps as the second factor while confirming the operations. It is true that the apps are of varying quality, but SMS is not really a serious alternative. Some banks do have apps that are limited to confirming operations, and one bank where I live did recently start accepting U2F, which is amazing news.

I got curious and decided to check this out. This value was set to the current one in 2009: https://github.com/torvalds/linux/commit/341c87bf346f57748230628c5ad6ee69219250e8 The reasoning makes sense, but I guess is not really relevant to our situation, and according to the newest version of the comment 2^16 is not a hard limit anymore.

Isn't this the point though? Like, if you spot that (let's concretize) the trash is starting to overflow, you can either take it out right now which will take you 2 minutes and (hopefully) barely interrupt your day, or you can add it to your list of things to do. And so you get that list of 59 things by ignoring the 2-minute rule, not by applying it.

In Poland:

• driver's permits are not a thing. In general, it's illegal to drive without a professional instructor (with parents, for example) before getting a driving license, though a lot of people, especially in the countryside, will still do so,
• you can only drive after turning 18. You can start the course a few months earlier, but you can only take the final exam after you turn 18 (there exists a category that allows you to drive after turning 16, but it's limited and IME extremely unpopular),
• you need to go to a paid course, which includes theory classes and at least 30 hours of driving with the instructor,
• most people drive in a car owned by the instructor or the driving school, as the car must have another pair of brakes for the instructor,
• you need to pass a theoretical and a practical exam in one of the centers (Wojewódzki ośrodek ruchu drogowego),
• the theoretical exam is just closed questions. You need to get 68 out of 74 points, but (AFAIK, this has changed over time) all the questions are known, so people will just cram them,
• the practical exam is first some maneuvers on the center grounds, and then a ride around the city. The exam is rather objective and is failed if you do any big mistake or fail any exercise twice,
• the exams are not easy. The data I found is for each WORD, but in general I feel like the pass rate is around 50% for the practical exam and 70% for theory. It's not incommon for somebody to only pass their practical exam on like 5th attempt,
• there were supposed to be some restrictions for new drivers, but they had been discussed for a long time, even back when I passed my license before the pandemic, and I have no idea if they ever actually came into force,
• some people think that the system is super flawed. Here's some discussion by the Supreme Audit Office in Polish: https://www.nik.gov.pl/aktualnosci/system-szkolenia-kandydatow-na-kierowcow.html,
• costwise, it's apparently like 4000 zł for the course right now. Exams are paid per attempt, 50 zł for the theory and 200 zł for practice. 1 euro is 4.33 zł as of writing, but you need to take into account the difference in purchasing power and it's probably not much cheaper than Germany even if you pass both exams the first time.

Edit: Actually, I thought about it, and I don’t think clang’s behavior is wrong in the examples he cites. Basically, you’re using an uninitialized variable, and choosing to use compiler settings which make that legal, and the compiler is saying “Okay, you didn’t give me a value for this variable, so I’m just going to pick one that’s convenient for me and do my optimizations according to the value I picked.” Is that the best thing for it to do? Maybe not; it certainly violates the principle of least surprise. But, it’s hard for me to say it’s the compiler’s fault that you constructed a program that does something surprising when uninitialized variables you’re using happen to have certain values.

You got it correct in this edit. But the important part is that gcc will also do this, and they both are kinda expected to do so. The article cites some standard committee discussions: somebody suggested ensuring that signed integer overflow in C++20 will not UB, and the committee decided against it. Also, somebody suggested not allowing to optimize out the infinite loops like 13 years ago, and then the committee decided that it should be allowed. Therefore, these optimisations are clearly seen as features.

And these are not theoretical issues by any means, there has been this vulnerability in the kernel for instance: https://lwn.net/Articles/342330/ which happened because the compiler just removed a null pointer check.

Interesting. I looked this up and I think that in Poland, the wait time in let's say Warsaw peaked at like 2 months during pandemic, but is around 2 weeks now.

Many people living in big cities will have their exams in smaller WORDs anyway, as the pass rates tend to be higher there (not a surprise, less traffic means an easier exam). Apparently in some WORDs you can even get a new attempt the same day after failing one.

I really need to try out Mercury one day. When we did a project in Prolog at uni, it felt cool, but also incredibly dynamic in a bad way. There were a few times when we misspelled some clause, which normally would be an error, but in our case it just meant falsehood. We then spent waaay to much time searching for these. I can't help but think that Mercury would be as fun as Prolog, but less annoying.

I actually use from time to time the Bower email client, which is written in Mercury.

You might also like https://github.com/nvim-neorg/neorg which is not meant to be compatible with Emacs org-mode, but rather something new that's built around similar ideas but for Neovim. Hadn't used it myself though, only heard about it.

It seems that I can't see the link from 0.18.3 instances somehow. Maybe one of these will work: https://math.stackexchange.com/a/18347 https://math.stackexchange.com/a/18347 https://math.stackexchange.com/a/18347