I'm still using Xorg after all these years, on a laptop with 150% scaling, which I occasionally plug into an external monitor with 100% scaling. Somewhat surprisingly, it works great. (Cinnamon desktop, Ryzen 7840u integrated graphics. And also a desktop machine with Radeon RX 6800XT, but it's not surprising that still works great.)
Exactly! I can’t even count the number of times we’ve been in the discovery phase of a project and see “Oh this MS product does that! Cool”. Then when we get to the actual implementation realize it’s a broken mess. It’s sales driven software development, they just need to get you far enough along to sign the contract, then it’s too late to back out.
So you're saying 'fish' intercepts it on the far end? The ssh server on the far end shouldn't be sending it to 'fish' until it knows what's coming next.
Is this a current-ish version of OpenSSH or some other client/server?
EDIT Interesting! I tested it with fish and it does indeed intercept it! Wonder how that works.
This is how it works in NYC, but the wires are almost twice as expensive as the power. (If you add taxes and the numerous weird fees, the total bill is a solid 3x the cost of the power.) It's really all about the grid maintenance and management these days.
A comparison: the giant Dogger Bank offshore wind farm project (multi-GW) cost somewhere in the $10bn range. On the other hand, Germany calculates with >$100bn for grid buildout within the next decade (https://www.netzentwicklungsplan.de/sites/default/files/2023...).
Also, having customers that rely on your grid but buy very little of your power is simply unappealing for operators, so I would assume that their pricing tries to disincentivise as much as possible (=> "they gonna overcharge you for the grid connection").
The not-so-hidden costs of collecting extremely diffuse wind / solar is the elephant in the room 10x bill for the supporting grid infrastructure.
Nuclear advocates, like myself, claim drop in replacement nuclear power reactors at existing coal / gas sites would largely obviate this.
Even adding new nuclear power reactors at greenfield sites would constitute a significantly reduced grid build cost, as the power is highly concentrated.
And nuclear is so say that nuclear power reactors employees are routine exposed to less radiation at work than they are at home in their kitchen with granite bench tops.
I can see that argument applying to wind, but for solar its the opposite because that is really easy to get closer to consumers than a conventional plant ever could be (i.e. on the rooftop).
At this point, I don't believe in a nuclear renaissance, because it seems to me that nuclear power got left behind too far; catching up in cost metrics is already hard enough, but matching growth rates (in "installed TWh/a" of wind/solar) seems virtually impossible by now. The only remaining holdouts (China, US, France, ...) are basically doing it as a hedge and/or to keep/obtain related engineering capabilities (and at the very least an easy path toward weapon-grade material).
It is clear to me that no one "actually believes" in nuclear power (by stating clearly: we are solve gonna current and future energy problems by mainly relying on freshly built nuclear power), so I can only see its relevance dwindling (I'd argue that China comes closest, but even they are much more in the hedging/securing capabilities category than anything else).
We do this for gas. IMHO you end up paying monopoly rates for the pipes and then stupid game prices for the gas. Maybe the savvy consumer comes out ahead but seems like a net negative to me.
It's not monopoly rates, it's actual utility rates. The only problem here is if the utility is allowed to make a profit. Gas pipes, electric lines and internet connections are like roads in today's society. Can't really live without them.
So assuming the pipe maintenance is done at cost, with no money not being spent on the network. What would your better net positive solution even look like?
People can live without gas pipes. One of the big tasks at the moment is planning to stop people building new gas pipes that won't be used enough to justify the price and how to phase out the existing gas pipes so the pricing doesn't enter a "death spiral" as people start leaving the network, leaving the government to bail it out.
If you don't put in heat pumps, nuclear reactors are one of the more expensive ways to heat a home.
If you do put in heat pumps, nuclear reactors are still one of the more expensive ways to heat a home, but you need a third as many of them as compared to the no-heat-pumps case, if you insist on heating only with nuclear power.
Nuclear power is really only important if you also want spicy atoms, because it's by far the cheapest source of spicy atoms. Annoyingly, this is now a thing a lot of countries have a solid reason to want.
The previous company I was working at (6 months ago) had a bunch of microservices, most in python using fastapi and pydantic. At one point the security team tuned on CodeQL for a bunch of them, and we just got a bunch of false positives for not validating a UUID url path param to a request handler. In fact the parameter was typed in the handler function signature, and fastapi does validate that type. But in this strange case, CodeQL knew that these were external inputs, but didn't know that fastapi would validate that path param type, so it suggested adding redundant type check and bail-out code, in 100s of places.
The patterns we had established were as simple, basic, and "safe" as practical, and we advised and code-reviewed the mechanics of services/apps for the other teams, like using database connections/pools correctly, using async correctly, validating input correctly, etc (while the other teams were more focused on features and business logic). Low-level performance was not really a concern, mostly just high-level db-queries or sub-requests that were too expensive or numerous. The point is, there really wasn't much of anything for CodeQL to find, all the basic blunders were mostly prevented. So, it was pretty much all false-positives.
Of course, the experience would be far different if we were more careless or working with more tricky components/patterns. Compare to the base-rate fallacy from medicine ... if there's a 99% accurate test across a population with nothing for it to find, the "1%" false positive case will dominate.
I also want to mention a tendency for some security teams to decide that their role is to set these things up, turn them on, cover their eyes, and point the hose at the devs. Using these tools makes sense, but these security teams think it's not practical for them to look at the output and judge the quality with their own brains, first. And it's all about the numbers: 80 criticals, 2000 highs! (except they're all the same CVE and they're all not valid for the same reason)
Interesting, thanks. In the UUID example you mentioned, it seems the CodeQL model is missing some information about how FastAPI’s runtime validation works and so not drawing correct inferences about the types. It doesn’t seem to have a general problem with tracking request parameters coming into Python web frameworks — in fact, the first thing that really impressed me about CodeQL was how accurate its reports were with some quite old Django code — but there is a lot more emphasis on type annotations and validating input against those types at runtime in FastAPI.
I completely agree about the problem of someone deciding to turn these kinds of scanning tools on and then expecting they’ll Just Work. I do think the better tools can provide a lot of value, but they still involve trade-offs and no tool will get everything 100% right, so there will always be a need to review their output and make intelligent decisions about how to use it. Scanning tools that don’t provide a way to persistently mark a certain result as incorrect or to collect multiple instances of the same issue together tend to be particularly painful to work with.
In addition to the all the other stuff, including light spectrum differences, you can't just trust that a "37000 lumen" light (cheap from China ...) is such a thing. Some examples of "100,000 lumen" flashlights that ended providing more like 2000 to 3000 lumens: https://www.youtube.com/watch?v=6q_0wxzClkg
It's possible, they exist, many such LEDs are probably manufactured in China ... but the legit ones are probably more expensive, and you may need a more recognizable brand to do some QA, and keep pressure on the factory to not slip quality or inputs.
Consider the cheap screwdriver included with the lamp in this story: unexpectedly, many were more faulty than the cheapest $4 screwdriver you'd find in any hardware store. The more stories you read about manufacturing stuff in China, the more you'll see very strange things. It's not about nationality or anything, it's an extreme kind of optimization. If you didn't catch it already, maybe you didn't really need what you thought you asked for ... they're just checking/optimizing
I just worry that the voltage of these is a bit too high, if the device takes 3 or 4 in series. They tend to be around 1.8 volts per cell, significantly higher than a fresh alkaline AA at around 1.6 volts, and even after half the energy is discharged, if the device is off for a long while, the initial voltage for next turn-on creeps all the way back up.
(The price doesn't bother me ... it's worth the much lower chance of leaking than alkaline, if you leave it in a remote or gadget for years. But I've come to think that rechargeable NiMH like eneloops are a better idea due to the voltage.)
I can't think of too many places I'd use Li-FeS2 other than maybe in smoke alarms. They're available in 9-volt form factor. I use NiMH or Li-ion pretty much everywhere else these days.
> ... the best rationale for the processor requirement is that these chips (mostly) support something called “mode-based execution control,” or MBEC. MBEC provides hardware acceleration for an optional memory integrity feature in Windows (also known as hypervisor-protected code integrity, or HVCI) that can be enabled on any Windows 10 or Windows 11 PC but can come with hefty performance penalties for older processors without MBEC support.
> Another theory: older processors are more likely to be running in old systems that haven’t had their firmware updated to mitigate major hardware-level vulnerabilities that have been discovered in the last few years, like Spectre and Meltdown
I think, practically, everyone will need at least a cheap-ish android or iphone, perhaps $300 (and a new one every few years ...), to be their locked-down "agent" for using financial or government services. It's not for you, it's for the government/banks, it is their agent for talking to you.
Kinda weird, if you think about it. But that seems to be the way it's heading.
> everyone will need at least a cheap-ish android or iphone, perhaps $300
No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Like the ones practically every bank customer already has in their wallet, and for which most phones have a built-in reader these days... The only thing missing is a secure input and output channel, like a small built-in display and a button or biometric input.
In any case, I somewhat empathize with banks in that they want to ensure that my transaction confirmation device is not compromised, but getting to dictate what software does and doesn't run on my own hardware outside of maybe a narrow sandbox needed to do that is a no-go.
In principle I'm certainly on board with the idea, but the problem is - at least in the Anglosphere, probably further - that the financial system is part of the military and policing systems. They are a powerful and persistent lobby that want a phone to be able to provide enough who-what-when-where to be able to put someone in jail or in extreme cases drop a missile on them.
That is one of the reasons the crypto market is behaving like some radical innovation instead of just a group of bozos speedrunning financial history. For the first time since the invention of capital we have an asset class where it doesn't take the cooperation of a group of armed thugs to guarantee the integrity of the system.
Merkle trees can prevent tampering after the fact, yes.
But if you include collusion, there's no way for the blockchain itself to know who is colluding and where they are so.
Smart contracts may be vulnerable or malicious.
Wallets can be emptied.
Centralized exchanges and similar entities still exist.
Policing systems are still needed, because as long as there is something of value and there is still "evil" in the world, someone will try to steal it or damage it.
I would like to have the opportunity to consider a decentralized consensus algorithm that could accommodate nation state adversaries regularly. Not simply something cryptographically secure and distributed but something which can retroactively route around nodes who are temporarily bad due to external circumstances.
I don't see how a separate dedicated piece of hardware is less secure. It has zero contact whatsoever with your other comm devices. It can be switched off when not needed, to prevent any chance of tracking you. Think of it as of an advanced yubikey.
It's not money-preserving though. You need an extra device, and an extra phone number. The separate phone number is another privacy-preserving feature though.
There's a second layer to the conflict here, in that (e.g.) the banks will want to move the entire flow into whatever secure device, enclave, or "agent" they supply - meanwhile, the whole point of me having a general-purpose computer is to be able to do general-purpose computing that I want within this flow.
My favorite, basic example is this: I'd like to create my own basic widget showing me my account balance on my phone's home screen. Doesn't have to be real-time, but accurate to +/- few minutes to what the bank app would say when I opened it. It has to be completely non-interactive - no me clicking to confirm, no reauthorizing every query or every couple hours. Just a simple piece of text, showing one number.
As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
It should not be that way. This is a basic piece of information I'm entitled to - one that I can get, but the banks decided I need to do it interactively, which severely limits the utility.
This is my litmus test. Until that can be done easily, I see the other side (banks, in cooperation with platform vendors) overreaching and controlling more than they should.
The point of the exercise isn't to just see the number occasionally; I can (begrudgingly) do that from the app. The difference here is that having the number means I can use it downstream. Instead of a widget on the phone screen, I could have it shown on a LED panel in my home office or kitchen[0], or Home Assistant dashboard. Or I could have a cron job automatically feeding it to my budgeting spreadsheet every 6 hours. Or I could have an LLM[1] remind me I've spent too much this week, or automatically order a pizza on Saturday evening but only if I'm not below a certain threshold. Or...
Endless realistic, highly individual applications, of a single basic number. The whole point of general-purpose computing empowering individuals. If only I could get that single number out.
> the banks will want to move the entire flow into whatever secure device, enclave, or "agent" they supply - meanwhile, the whole point of me having a general-purpose computer is to be able to do general-purpose computing that I want within this flow.
Sure, you should definitely be able to do what you want with your computer, but you're actually demanding more here (at least in the case of transaction initiation and confirmation): For others to also trust the outcome of whatever you did on your own computer.
Banks are often legally required to cover losses resulting from unauthorized account access, so I can somewhat understand them wanting to minimize the chance of that happening. Sandboxed trusted computing, when done well, can strike that compromise much better than annoying non-solutions like root detection heuristics or invasive full-system attestation.
> As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
Banks should probably be required to make such a read-only API available (and in the EU, they are, to some extent – unfortunately only to "trusted", i.e. regulated and registered, service providers, raising the old question of who determines who is and isn't trusted). This is a very different story from transaction initiation.
Unfortunately, there are also caveats here. It's getting more and more common for companies to require me to "connect my bank account", which often means nothing less than granting them full and persistent account view access.
I think having the API still outweighs the downsides of others also starting to make demands for that access, but it's a slippery slope. For example, Airbnb not too long ago wanted full access to all(!) my Chase accounts to "verify my credit card".
> No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Thats what is being required. The problem is making sure the policy is enforced correctly includes local business logic and user experience components. The money transfer needs to come from an authenticated user providing consent, not from some software that happens to have managed to get installed on the phone with sufficient permissions to interface with the secure element or to have their version of a library loaded.
That means one needs to validate user-facing software, and not just the API to a black box. Thus one is requiring a chain of custody validation up to the boot loader.
Nah, if a bank or some other civic entity wants to have a "secure agent" for transactions/communication with me, then they should be the ones providing that.
Much like I expect my employer to provide me hardware, and that hardware is used exclusively for work.
I shouldn't have to spend my own money on another device, nor should they be asserting their desires for control onto my own devices.
The issuing entity. They want a "secure device" to do business with me, then they get to issue said device.
Otherwise, they just get to be OK with offering me a website or letting me transact with them on my own device that's under my own control without stipulations like requiring attestation, or prohibiting root.
The point is, governments nor banks or other private entities, should be getting to dictate what can and cannot be done on someone's computing device.
They're happy to provide that. It's a called debit card that you take to an ATM machine.
It's been popular demand, not financial institutions, driving the change to “the smartphone can do everything, I don't want to take debit/credit cards with me everywhere.”
People don't want an additional card, or yubi key, or printed second factor, or whatever, to authenticate.
They want an app that uses a data connection, and a fingerprint to replace even needed a PIN. They tolerate a second channel: an SMS, if the app automatically reads it. That's as much inconvenience as the general public is willing to put up with.
They're starting to demand that this works offline for smaller spends. And they'll put up with a phone call as a 3rd factor for when they want to unblock a really high spend, like purchasing a car, but it can't happen all the time.
They want this to work reliably, even on holidays, all around the world. And they want the banks to cover losses if it all goes south.
Now try to design a system that covers the requirements people are demanding for, without trusting the terminal the people decided they want to access it from.
At least here in the UK for years if you opened a bank account, even a free one, you'd get a debit card + a device for generating secure keys for online and telephone banking. Like a standalone, battery powered device the size of a calculator.
Like....why can't we just go back to that? Banks were "fine"(doesn't mean happy) to shoulder the cost of these devices then.
You can still use them. It’s just mobile apps are better in almost every way. Maybe you should uninstall your mobile app and go back to using a device.
Maybe in US. In Vietnam, $300 is the average monthly salary, and the minimum wage is around $150. Probably the majority of people don't have a primary phone worth more than $300.
A country that is a dictatorship - I can understand why their slaves have to go through this. I fail to see why a true democracy would do this though. There is zero need to be required to have a smartphone; all those transactions work perfectly fine on a desktop computer system too, under Linux. People then may have a second device at home, some card reader and/or a thing such as Yubiko or something like that. IMO not even this should be required, but to mandate an app that would not be permissive under Linux - that is true dictatorship. I am surprised the government of Vietnam went that way.
Even elected governments already have the ability to take whatever they want from you, and force you to act against your own interests; this seems like a comparatively minor infringement.
My (Canadian) bank extorted me into installing their app, literally blocking me from doing transfers of my own money without it - I had to install it and take a picture of myself and my ID. After this I was able to switch to sms authentication and delete it, but they’re obviously trying to force people onto the app, and eventually they will do so more aggressively.
Of course in Canada we have a banking oligopoly that is effectively there just to rob people, but ironically any of the “challenger” startup banks are 100% app based afaik
May I ask what bank? I use CIBC and RBC. They do not require any apps on the phone to reach whatever services they offer. I use all my work on desktop.
I did install app from CIBC for one single and the only purpose - deposit cheques sent to me by clients to my business account without having to go to ATM or the bank teller.
> Of course in Canada we have a banking oligopoly that is effectively there just to rob people
Are there any OECD nations that don't have a banking oligopoly? I can think of at least one: Germany, because they have Sparkasse (community banks). Does Canada have community banks like Germany and the United States? If yes, then you should vote with your wallet and switch.
UK has building societies, they function like a bank mostly but are mutual (owned by it's members).
In my experience they are more pleasant to deal with, tend to be smaller/more conservative with tech and you can speak to a human when shit goes sideways.
Mine has never laundered money for the cartels (unlike my other bank) which is a plus as well.
Does not work anymore for many banks in Germany. I have 2 accounts that require me to have different second factor apps installed. For one bank I would have to open a separate account with a debit card to use hw tan generator. For the other AI would have to switch bank account after the regulators banned SMS and indexed paper TANs.
Assuming the browser has feature parity. I was visiting my parents over Xmas and my dad couldn’t make a payment because the number of saved payees was capped to 100. There was literally no option to delete a payee in the website, the only way we found was to install the app, authenticate, and do it in there. It’s happening already.
I hate that this is happening. I absolutely detest doing any kind of task other than pure content consumption and basic messaging from a smart phone.
Anything remotely more advanced than that, please let me use my computer and an app or website with, you know, an interface designed for more advanced operations.
Trying to do anything on a smartphone/touchscreen only device is nothing but an effort in pure frustration for me.
How are people on HN of all places still this short-sighted to not understand that this will stop being an option? It's incredible to see like 10 individuals commenting this all over threads like these. Think before you comment.
If not, you should seriously consider switching banks (while you can). I suspect that such banks do not take security seriously: Giving control over your phone to Apple/Google is not security.
reply