I do know a lot of people who love to talk. I don't think it's a character flaw. It's certainly not what I want, and I would die if I had to talk all day, but it's just the way they prefer to communicate. Same way that some people are introverts and some are extroverts, some people like reading paper books and some people like audiobooks.
> Adafruit accessed only information that Flux’s own systems made publicly available through a server misconfiguration
Does anyone have some more context about what happened here? An uncharitable analogy might be that I misconfigured my front door by not locking it, which doesn't give someone the right to walk in and look around - but I have no idea what Adafruit is specifically being accused of doing.
It often does when your front door is otherwise a business storefront. Without knowing the specifics of what was accessed, analogies really aren't helpful. And there seems to be zero context here, so this strikes me as the most plausible scenario: https://news.ycombinator.com/item?id=48368635
(I agree that Adafruit's statement itself is worded pretty terribly!)
what about if I knock on the door (send an http request), and someone comes to it and hands me a bunch of documents (sends an http response with data).
Whenever something like this comes up, I always think back to the excellent paper, "The Structure and Legal Interpretation of Computer Programs." I don't have a specific answer, but I like to review this paper whenever a question like this is posed.
It certainly doesn't look like they've publicly released anything. My guess is they found a problem and have been following reasonable responsible disclosure guidelines. However, the 90 days (or whatever time limit was given) is likely expiring and to head off publication, flux.ai is getting lawyers involved.
This is all 100% speculation, just based on checking the archive sites and search sites historical data and finding nothing.
> Exact version pinning — specifying precise versions (1.0.0, ==1.0.0, =1.0.0, = 5.31.0) rather than ranges (^, ~>, >=) in package manifests. Ranges allow any version satisfying the constraint to be resolved at install time; exact pins mean only one version is ever valid.
My understanding is that pinning the dependency within the manifest isn't the mechanism that prevents the version from changing across installs -- it's the lockfile that accomplishes this.
Specifying precise versions is sufficient to ensure that the packages in your package.json are installed in the pinned versions. The problem solved by lockfiles is second, third and n-order dependencies. Just because you pinned precise versions does not mean react or vue or whatever random package you installed did as well.
That's where the lockfile comes in, it pins the dependencies of the dependencies.
The lockfile also handles the first-order dependencies, though. Pinning them in the manifest doesn't enforce this -- the lockfile does. And yes, I agree that the lockfile _also_ handles pinning dependencies-of-dependencies.
Lockfiles serve multiple purposes. For example, some include hashes so you aren't served altered packages from the package registry. I agree with you otherwise, though.
Yeah imo that is bad advice. In my experience, lockfiles do as designed and exact pinning in the high-level manifest makes it extremely hard to do periodic updates because you end up spending hours tinkering with pins to try to find the right combo instead of letting the package manager automatically resolve everything for you.
You end up with ancient dependencies because you add friction to periodic refreshes instead of running `package-manage refresh-lockfile` (whatever the relevant command is for your package manager)
In most cases yes, but really depends on which package manager and what command, if you use npm ci, it uses the package-lock.json values, if you use npm install, it can use any levels of freedom in the package.json. So if you lock package.json you remove that degree of freedom. But sometimes you do want to be able to "recreate the lock file" since it does fix a CVE. Just with a lockdown, you'll get the legitimate patch vs an accidental malicious takeover.
This doesn't feel like much of an article. I know it's gauche to accuse something of being AI written, but even if this is written by a human, this feels like something that a student would scribble in their notebook on the bus ride to school to turn in for their first period class.
Honestly, even if they could shift focus via some sort of "command" - a muscle tick or something - that would be a game changer as it is. Every time I play D&D, I have to keep taking off and putting on my glasses so I can read my notes, and see my players' faces clearly.
(I'm aware of the multifocal glasses mentioned in the article; they didn't work well for me.)
An alternative to multifocals is glasses with one lens for near and the other for far or to use a contact lens in only one eye in addition to your normal glasses. This also obviously comes with downsides that take some getting used to but some people prefer it.
Yes, It's something you'd only want to do in particular situations where you know you'd otherwise keep swapping between two pairs of glasses annoyingly often.
I'm in a similar situation but found that getting "computer glasses" made which use the near prescription (and are not for long distance) work well for this. (I run D&D as well lol) I could not handle multifocal at all, was disorienting for me.
It's not for all day wear if you are going outside or driving, etc. But around the house or in a room it's fine. All depends on your prescription though. In my case, far vision is better than not wearing any glasses, but I'd not been comfortable driving wearing these.
My understanding of those is that contact lenses work the same way that multifocal glasses work, with the added disadvantage that every time you blink, it takes them a second to re-align correctly. So this should be completely different, if it works.
I tried them and could not get used to them. I went back to using single focus lenses and using mild readers (1.00 or 1.25 for desktop screen work at arm's length, and slightly stronger readers (2.00 or maybe 2.50) for very close work.
I typically have a pair of mild readers that I leave on the desk and carry a pair of the stronger ones around for reading my phone, restaurant menus, etc.
Note if you wear glasses you can "focus" them to some extent by sliding them up and down your nose.
I think the difference there is that a warranty email isn't aimed at a person, but a company - which, I think cstross has pointed out, was humanity's first AI.
I thought the aftermath of the Black Plague also allowed people to charge a lot more for their labor and services, since most of the laborers, well, died.
I mean all part of the surplus - you weren't struggling to barely survive so could do other things with your time, and some of the people used that surplus to invest in efficiency.
reply