Hacker Newsnew | comments | show | ask | jobs | submit | lelf's comments login

http://adios-hola.org/advisory.txt oh dear.

Creepy... :(

Maybe it's just me, but I honestly don't know what this is doing near the HN top. It's more or less literal translation from C.

-----


Possibly because it illustrates that using assembly isn't necessarily the insane scary idea that it first seems to many (like me), even to those that should know better because they have used it in the past (like me).

-----


No, a literal translation is what you get when you write a http server in C and inspect what assembly code it produces for x86.64. Since this assembly code is nowhere close to that output it is not a literal translation.

-----


Only if you use a completley naive compiler, any level of optimisation moves from being a literal translation

-----


No, any correct translation a c compiler produces is, by definition, a literal translation.

-----


No, that simply means that they are semantically equivilant, which is very different to a literal translation. To quote an online dictionary [0], "2. Word for word; verbatim: a literal translation.". Optimisation in compilers is certainly not word for word.

Take a simple problem like the FizzBuzz problem, write it as the simple obvious branching style. Now compile it with GCC or Clang (with -O3) and you end up with lookup table (or at least I did a few months back. Semantically equivalent but not literal "word for word" translation.

[0] http://www.thefreedictionary.com/literal

-----


You are missing that there exists many more than one literal translation for a particular C program to asm. Using your logic a compiler could not produce a literal translation of any program unless its output to 100% matched that of all other compiles for the same program.

… but not on Voyage (they made sure in the new FW you won't do any of that).

-----


The original “Erlang: The Movie” https://www.youtube.com/watch?v=xrIjfIjssLE (with a good demonstration of what a reliability means)

-----


TeslaMotors: No more parking tickets for Model S owners. Today we’re introducing: ticket-avoidance-mode. Here’s how it works: https://amp.twimg.com/v/cdad704b-5167-42bd-9fd7-a5c39fabf1f9

(c) https://twitter.com/teslamotors/status/583339439759310848

-----


Not necessary, see the original paper.

For example, SECDED (single error-correction, double error- detection) can correct only a single-bit error within a 64-bit word. If a word contains two victims, however, SECDED cannot correct the resulting double-bit error. And for three or more victims, SECDED cannot even detect the multi-bit er- ror, leading to silent data corruption.

Edit: link http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf

-----


Technically, SECDED cannot reliably detect errors involving more then 3 bits since they might generate a valid code, they might not however and in that case they might be detected as single or double bit error or possible something else.

-----


Also the typical reaction to an uncorrectable ECC error is to halt the system with a NMI.

-----


Yeah, ECC is going to make exploiting this reliably a lot harder - you'd need to flip three or more bits in the right combination, without first hitting a combination of bits that'd be detected as an uncorrectable error. Google's report suggests they haven't even been able to cause uncorrectable two-bit errors yet, let alone undetectable three-bit ones.

-----


http://arxiv.org/abs/1409.7769

-----


Am I the only one getting 403s on arxiv for the past week?

-----


Apparently

-----


Fixed. Apparently I was blacklisted from the website even though I haven't even used it recently, let alone inundated it with requests :\

-----


And just about the first thing you see when trying to install it…

Vivaldi may collect visitor statistics. The visitor statistics may include information about the visitors IP-addresses, usage patterns, <…>

I guess I don't want your shiny new browser.

-----


At least it's one of the first things you see!

-----


But for "advanced" users this is a turnoff. I wonder what they are getting paid per-user, and if that amount is greater than what they'd make if they just charged for the app.

-----


Every website collects that stuff.

-----


Most websites don't collect that stuff across every other website.

-----


Most don't. A surprising amount do - any page that embeds a Facebook 'like' button loaded from Facebook servers with a referrer header ... or JQuery hosted by Google or a Doubleclick advert or a reTweet button, and on and on.

-----


Strictly: that's not "most websites", it's "many services".

Facebook "likes", Google analytics, New Relic monitoring, and any of numerous other tools can do this.

Which is why I'm loaded for bear with noscript, adblock, Privacy Badger, Ghostery, and numerous entries in my /etc/hosts file for particularly noxious / ubiquitous sites.

-----


This is why I stay logged out of facebook and don't allow third party cookies. Trying to move off of gmail also so I am not always logged in there either. Probably not perfect but hopefully it foils a lot of attempts at tracking.

-----


Install AdBlock, Disconnect, uninstall Flash and Java, and use a JavaScript blocker and you'll make a good dent in a website's ability to track you.

-----


And make a good dent in your ability to browse websites.

-----


Are you speaking from experience or out of thin air? Because that is not my experience.

-----


I block all scripts globally, flash heavy sites do not load and I consider that a 'feature'. Frankly, surfing the web without NoScript & AdBlock is an experience I do not want and have learned to do without. IF I need drivers or need access or ecommerce I'll allow the main site to run temporarily in Sandboxie or use tools/alt approaches to get the data without 7 or 8 ad servers running. The false promise of the internet is easily eschewed when you take a pragmatic approach to it.

Also: I was looking for something on mainstream retailer sites and was amazed at the list of servers. How many TargetImg servers does it take to load a product page? Answer: At least four, plus all the other tracking/ad loading detritus. Just wow.

-----


You re-enable JS on the sites that you visit often and I've never had an issue.

-----


Oh, well, missed that. That's what I get for replying to an out of context snippet.

-----


It's perfectly reasonable to expect extra data to be collected when using prerelease versions of software. Complaining about it now is premature.

-----


That's not a tradeoff I'm comfortable with, "even" in pre-release software.

I'm not accusing you of this, but in other cases I've seen proponents of something say "This isn't a big deal, it's just starting out". Then, when people continue to complain a year from now, the defenders say "This isn't a big deal, it's always done this."

Vivaldi looks interesting, but I'd wager that there's a decent overlap between the Power Users they're after, and the group that values their privacy the most.

-----


Privacy has nothing to do with it. If the software is not yet ready, users are expected to encounter serious bugs. Your QA department is paid to help provide you with information to diagnose and troubleshoot those bugs, but users aren't, so you need to collect that automatically.

-----


If they explicitly say they will stop in the release version, I would accept that argument. If not...

-----


> It's perfectly reasonable to expect extra data to be collected when using prerelease versions of software.

This is incorrect in the world I live in, and I do not want to visit a world where it is correct.

-----


You're in the wrong world then, buddy. If the software is not yet ready, users are expected to encounter serious bugs. Your QA department is paid to help provide you with information to diagnose and troubleshoot those bugs, but users aren't, so you need to collect that automatically.

-----


Yeah, I'd prefer all those comments to be about the bootstrapping and GC (they can even keep the same tone, it'd be funny at least).

-----


> revoked LinkedIn's access to my gmail account

I honestly don't know what people are thinking while enabling that.

No, Seriously?

-----


I don't understand how Gmail allows it. I assume they've gotten enough complaints about it being abused to prohibit or strictly limit access with at least warnings before actions can be taken.

-----


Because the "old way" was worse.

http://blog.codinghorror.com/please-give-us-your-email-passw...

I believe Facebook was the first site to ask users for their email passwords -- and to great effect, at least on their growth metrics.

-----


ironic that facebook goes after sites that ask for your facebook password.

-----


I tried searching Google for "has facebook ever asked for email account logins and passwords?" and couldn't find any proof. Does anyone have a source for this?

-----


This is what it looked like: http://i.imgur.com/TFQeIBr.png

Whoa, I just looked at the friend finder page and it still does that for some email providers: http://i.imgur.com/bC9xEEM.png

-----


Until now I didn't even actually think such people exist. Especially on HN.

-----


Seems a bit snarky?

-----

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: