A friend, A former police officer, said the most astonishing thing he learned as a rookie was how easily some people would confess to crimes they could not possibly have committed. Such persons were usually not very bright and, after hours of interrogation, could be convinced that they had indeed done a bad deed.
"Suppose you wanted the listing file to go straight to the printer. [...] So you typed “PRN” as the filename. Now, the assembler doesn’t know about these magic filenames. So the assembler will try to create the file “PRN.LST” and then start writing to it. Little does the assembler realize that the output is actually going to the printer."
I've seen this plenty of times, but maybe if was fixed in the last year or so. My issue was when trying to delete a Linux source tree that was git cloned on Linux onto a flash drive. Maybe the filesystem had something to do with it, but it was entirely impossible to delete it using any tool I know of in Windows.
They should just call it FreeGPT that's what FreeBSD did. So did FreeNAS, FreePascal and FreeType.
But it's clear and obvious to me that they saw GPT2 then GPT3 and thought well let's pun on it with GPT4.
First line of the wiki you link
> Generative pre-trained transformers (GPT) are a family of large language models (LLMs),[1][2] which was introduced in 2018 by the American artificial intelligence organization *OpenAI*
Digression, but why do they call it "pre-trained"? Don't they train it from scratch? Or is the point that they pretrain it and it's intended only for downstream fine tuning ok specific tasks? If so, does ChatGPT use a fine-tuned version? Is the non-finetuned version good for anything on its own?
So the mechanism here is that people in Venezuela have a route to obtaining USD without having to use the banking system because they can sell their USDC electronically.
What in this process requires (or even benefits from) blockchain exactly, or cryptocurrency?
Venezuela already has extensive digital payment systems, and there's lots of ways of getting money directly to people today. This USDC project was just a lobbied-for newspaper story.
The story above, as all of them, is a result of intense lobbying by shysters who use these throwaway-projects to pump the value of their assets. Stories like this come out all the time, usually within 5 years there's an embarrassing write up of all those involved.
I have no doubt a huge amount of money was wasted using the UDSC "option", enriching many of those involved. Articles like the above do not tell you about the alternatives, they're written to hype crypto.
This is what i mean about the "ideas market" in crypto being as fake as the prices market: it's all manipulated. All these stories are written and released by people profoundly invested in lying to you.
I think if people have working mobile phones then they're able to be sent electronic cash without a p2p system. Indeed, more easily than having a VPN and relevant skills to received crypto assets.
The state here owns the network, rendering all the premises of peer-to-peer systems invalid and thus all of their guarantees.
If the government there wanted to prevent receipt of USDC it well could, as much as it can completely cutoff the country from arbitary parts of the internet.
Indeed, it would seem much more inclined to do that than cut off the mobile network.
The reason it hasnt done so is preference, not that peer-to-peer systems are magic.
> I think if people have working mobile phones then they're able to be sent electronic cash without a p2p system. Indeed, more easily than having a VPN and relevant skills to received crypto assets.
Spoken like a true first-world armchair warrior. Maduro shut off the non-p2p systems, as dicussed. He then failed to stop crypto payments. Do you think it was his "preference" all along to fail to control the flow of money?
Don't underestimate people's ability to figure out a VPN. It's not hard, and the prospect of literally starving to death can be quite motivating.
And since you mentioned magic, the real magic would be any country stopping its citizens from accessing the internet. Even in North Korea, there are people with unfiltered satellite internet, because Kim Jong Un has not yet built a Faraday cage around the sky.
If any of these systems had any actual utility many states would spend the relatively trivial amounts of money to 51% attack them: https://www.crypto51.app/. Or force take over their miners. Or monpolise half the stake. Or control the (local) mining networks. Or one of a number of trivial actions.
These systems do not work. Their alleged properties are lies. They are not immutable, they are not decentralised, and they are not capable of supporting non-trivial economic transactions.
This is a scam. These stories are lies. They are told by people who are in on the scam. This is a manipulated market, these are manipulated ideas, this entire system is comprised of about 100,000 people around the world, 5% of whom benefit from it.
It is incapable of supporting millions of users, let alone how severely impoverished they'd be at the expensive of the present holders -- thank god such systems cannot scale.
Present holders, no doubt like you, desperate to bring cash into the system, more people in, so your present holdings can increase in value.
Petro is an attempt at embrace-extend-extinguish. If that "Reception" section is to be believed, nobody is using it willingly. Do you have evidence to the contrary?
Look under "NiceHash-able", if the number is less than 100% it means (to an approximation) not enough idle hardware exists on the planet to perform an attack. This means any attack must start with a manufacturing project that must stay secret for a decade+, then outpace growth and eventually surpass the capacity of the private sector. And then you need the energy to actually run the chips - no country would ever consider diverting that much energy away from their population.
If it were possible to compromise a $xxx billion dollar system, with only $x million, don't you think it would have been done by now? Maybe even by some bored billionaire just for fun?
And trust me, I don't think posting in a dead HN thread will speed up or slow down crypto's success in any way, lmao. I just enjoy the banter.
States can afford billions. A 5bn attack is cheap.
Also, all these "market cap" numbers are made up. These are heavily manipulated markets. There are about 100k users, and almost no buyers -- this stuff is trivial to bring down.
I can't tell if you're gullible, or in on the scam. Either way, spreading this around is immoral.
Regulators are well-aware this is a scam which is why they're afraid of regulating it: as soon as they say "put up or shut up" the whole things collapses. they dont want to be blamed for that collapse.
As for politicians, they're corrupt. Trump and his cabinet were scam artists (betsy devos the wife of the head of a pyramid scheme, etc.); and likewise senior figures in the dems have historically been deeply connected to pyramid schemes.
This will all go to zero. The fastest way there is anyone actually trying to use it for money.
At the moment, it's one closed-off casino with a handful of people gambling with each other -- that's the total amount which any of this tech can support.
Regulators are hoping it will collapse in on itself without prompting.
I think the only law required here is "do something useful for real people" -- with that law this entire ecosystem will collapse and be exposed for the inherent fraud it is.
I encourage anyone with assets here to divest, and never to promote any of this -- do not rope people into holding the bag.
> I think the only law required here is "do something useful for real people"
It did something useful for the Venezuelans. But you don't care about that because, why? Because you made up a story in your head that someone somewhere probably scammed everyone, somehow? And even with complete transparency and a publicly auditable ledger, they've kept it a secret for years?
All publicly available information points to the project being a success. Is there even a shred of evidence for your accusations? Or do you not need evidence to ignore events that don't fit your worldview?
Under-banked does not mean they have no money. They obviously have some money or they would starve. Many live paycheck-to-paycheck and give 3% of their wages to a check cashing service. If it were as easy as you seem to think for them to get a bank account, those check cashing businesses all around the country would not exist.
Indeed the problem is they don't have enough money. Regardless this is a problem for congress. If we're sure they have enough money, this has historically been solved with postal banking. Let's just re-start that. [1]
Check cashing isn't just about cashing the check, it's a predatory short-term lending facility. Actually cashing a check is a solved problem.
You're right, this is a job for the government... but the government isn't solving the problem. "Let's just" have the government do their job. Call me when that happens.
While we sit around waiting, the private sector stepped in with a (interim?) solution. What's wrong with that?
The folks you are alluding to who fall into this category are the least sophisticated and most desperate. This makes them easy marks. They shouldn't be buying into unregistered securities to resolve their banking problems. That's how we got the Great Depression and why we not have an SEC.
Further, these folks are disproportionately affected by the insane volatility and high fees of the crypto space.
These so-called financial products are just proxies for US dollar liquidity in the global financial system. If we had to write a prospectus I don't know anyone who isn't a money manager who could figure out how to actually deploy this sensibly. Let alone a homeless person without an address. How are they to 'do their own research'?
Something that makes the problem worse isn't a substitute for a proper solution.
In the US you generally need an account at an AML/KYC exchange to buy crypto for dollars and a bank account, so already we're off to a bad start. Or you can use a bitcoin ATM, which costs like 20%, dramatically worse than predatory lenders.
And as an asset, gold is priced dramatically over it's industrial value, and it's un-productive. People shouldn't invest in shiny pebbles anymore than they should invest in digital magic beans, IMO.
I'm not telling people how to invest their money. That's between them and their financial advisor. I'm opining. I've no vested interest at all. I've no crypto position or gold position.
You're ranting nonsense every time there is a crypto post in an effort to continue the anti-crypto stance on HN. It is tired and I don't mind calling you out on it.
Crypto is here to stay, no amount of what you coin as opining, will make it go away. If anything, you're doing a great job driving people to wonder more about it. When people disagree with something so passionately, it drives other people towards it even more.
Since you quoted the news guidelines at me earlier I suggest you re-skim them yourself, and then re-read your reply.
> When people disagree with something so passionately, it drives other people towards it even more.
I have no problem with that. That's why we have this site, so people can see different viewpoints. They're free to make up their own minds.
> It is tired and I don't mind calling you out on it.
I'm not tired, are you :)
It's been 15 years and no value outcome whatsoever. If the crypto community develops something useful, I'll be the first to jump on it. But for now, I'm sure OP will deliver, I just have to wait.
Maybe instead of saying what people should and shouldn't be doing, you should ask yourself why they're using it anyway despite the obvious downsides.
Lightning fees are less than $0.01 - much better than the alternative of $20 for cashing a check. And the volatility is a small price to pay for financial control, for someone who (with good reason) doesn't trust banks or the government that's failing them.
Actually the easiest way the government could kill crypto would be to get rid of the corruption and help those "undesirables" with their problems, instead of making them fend for themselves. I'm not holding my breath, but in a way I hope that happens.
> Maybe instead of saying what people should and shouldn't be doing, you should ask yourself why they're using it anyway despite the obvious downsides.
They're not using it, at all. Trading volumes have plummeted, nobody uses it for exchange of value due to the volatility and the fees. You wouldn't say people are 'using Apple' because they're holding Apple stock, and you shouldn't say people are 'using Bitcoin' because they're holding onto it in a portfolio they've probably written off due to massive losses.
> Lightning fees are less than $0.01 - much better than the alternative of $20 for cashing a check. And the volatility is a small price to pay for financial control, for someone who (with good reason) doesn't trust banks or the government that's failing them.
(a) Lightning is totally unsustainable because it requires you complete an on-chain transaction to open a channel, which would take about 75 years, trillions of dollars and all the remaining block reward to do for everyone on earth. It would even take months to open a channel for everyone in the Bay Area. Then it suffers from quadratic routing complexity, and offers few if any of the guarantees of the underlying chain.
(b) It's not the replacement for $20 check cashing, that's a loan, a cash advance. That's what you're paying for. You can cash checks for free at any online bank.
> And the volatility is a small price to pay for financial control, for someone who (with good reason) doesn't trust banks or the government that's failing them.
It's literally down 60% from a year ago (almost 70% adjusting for inflation). By any objective or subjective measure that's a "big price to pay" for anyone who purchased last year. So no, it's not.
You yourself called these people out as 'living paycheck to paycheck' so by definition your own users would be utterly rekt using what you're advocating for.
Setting aside the 'crypto' third-rail, what if I came up with a way for anyone without AML or KYC to buy and sell shares of GameStop. Would you then immediately tell me that poor people should use shares of GameStop as money? In Africa? I suspect that would be viewed as overwhelmingly predatory.
This is obviously false. Just look at the transaction rates on the publicly available ledger.
And: Moneygram has all but publicly admitted that crypto remittances have grown large enough that it's affecting their core business, and they're trying to re-insert themselves as a middleman. https://my.linkedin.com/posts/moneygram-international_moneyg...
The naive routing complexity is quadratic, yes. GPS routing is also quadratic. So is IP routing. But practical implementations use heuristics to decrease that complexity. In practice, you just need a good enough path, not the theoretically optimal path. The internet and lightning are still working fine as we speak.
> It's literally down 60% from a year ago
Bitcoin's current MVRV is 1.457[1], meaning the average holder current has a 45.7% profit. I guess if you cherry pick a high and low price you can imagine some losses, but anyone could cherry-pick numbers in the other direction too.
The 45% profit is nice, but for those living paycheck to paycheck it unfortunately isn't a huge help since many people wouldn't have been holding long enough for the gains to accumulate.
A majority of CVEs are memory exploits. A majority of attacks don't use CVEs. It's a common misconception among people on HN who don't work in the field.
I work in the field and I'm not entirely sure about the cardinality of types of attacks. On one hand, there are password spaying, RDP bruteforces, email attachments, social engineering etc. On the other we have BlueKeep, ZeroLogon and the tons of RCE present in VPNs (looking at you PulseSecure), Routers, and Firewalls.
I would say that breaches often are related to RCE that ultimately derives from buffer exploitation. They are notoriously difficult to detect with forensics techniques, so they might not be discovered and tracked.
You're guessing I think. Phishing of some sort is by far the most reliable and used method. CVEs that get exploited are rarely using memory exploits but they do happen and affect companies and people that refuse to update their stuff to the most part. There is just rarely the need to spend time to develop memory exploits because on every consumer OS there is some sort of memory-safety protection. At least DEP or ASLR unless you get lucky and and the software or shared libs have all that disabled or reliable rop gadgets are found.
I'm not making general claims about the use of memory exploitation - only questioning the statement that they are not widely used.
With more than 500 forensics cases with my name on it, and a substantial amount of them being RCE based, I'd say it is more than just guessing.
There is no need to spend time on developing a exploit when you can find hundreds new ones every month on GitHub. DEP and ASLR are also not used in embedded devices where memory management in the firmware is atrocious.
Well I didn't claim that memory exploits were not used. They're just rarely used when compromising end user workstations these days. 10 years ago you had rampant exploit kits for example none these days. You still see memory exploitation if internet facing stuff or even internal devices for lateral movement.
The comment you were replying to is talking about the majority if compromises. Citing your case stats to argue against that is a bit weird.
Your experience is valid. I'm absolutely not saying memory exploitation doesn't happen, only that it's so comparatively infrequent in the 2020s that magically eliminating it wouldn't change the economics of attacks.
As a point of comparison, 10-15 years ago exploits in general were much more prevalent. Flash was still around, people read PDFs in Acrobat instead of PDF.js, Internet Explorer hadn't been displaced by Chrome, macros were just starting to make a comeback after signing restrictions from the early 2000s were lifted, crown jewels hadn't yet moved to the cloud via SaaS, and things just weren't commoditized like they are now with pentest frameworks, LOLBins, etc. In fact the most commoditized element in those days was exploit kits targeting IE memory vulnerabilities. The landscape has changed a lot since then.
I'm vendor-side research, which gives me pretty broad visibility here.
I don’t work in the field but do you know for a fact companies like NSO don’t use memory exploits for their attacks ? Majority of the “published” attacks is probably a better assertion.
NSO absolutely uses memory exploits. I think the person you’re responding to is saying that weaponized exploits of the form that NSO builds are a minority of overall attacks (which is both true, and also not a sufficient reason to discount the severity of memory corruption).
Depends what your definition of "attacks" is, to be precise: is an event where an adversary places a malicious ad with code exploiting a browser 0day counted as one attack or as X attacks with X being the number of infected machines?
Additionally, the same segmentation (with the same split) applies if you only count large-scale hacks against organizations as attacks, or if you're counting infected machines of everyday common people as attacks as well. Basically, if you're counting attacks on organizations, you're correct as the majority entrypoint there is social engineering and outdated exploitable software/appliances reachable from the public internet or a compromised partner connected to the victim's network.
This is an excellent point. At the end of the day, rewriting is time and resource intensive. If there isn't a very good business case to backup the change, it's very difficult to justify the project.
This is why you see so many whitepapers trying to quantify things like consumer trust, reputational damage, regulatory, impact, etc. If there is a true cost to the damage, the investment in prevention can be made and compared with other requests, like new features, scope, etc.
I don't know if this is pedantic, but op indicated "attacks" not "vulnerabilities". I would not be surprised if statistics in vulnerabilities are different than statistics in realized attacks?
If there's a difference I'm open to someone citing a source quantifying it, but I won't quite be convinced by unsourced blanket generalizations that go against common wisdom
I'd live like this if I could. I did it for a good 5 years, and then my hands just stopped working. I tried coding by voice for a while, that lasted for a year, then I lost my voice. Now I code for at most an hour a day, until the pain sets in and my fingers become too weak to press the keys, and I spend the rest of my hours on other things. I wish I had diversified my hobbies more when I was younger. But I'd also rather spend 8 hours a day coding for a lifetime, than 16 hours a day for just a few years, and then it's over. I have so many projects in my backlog that will never get built. Not sure why I'm even saying all this. Take care of your health.
Not quite. It’s used when someone is unchecked. For example, a dictator saying they looked into their alleged wrongdoing and found nothing wrong. This isn’t that. It’s the people who have the power to check Thomas, i.e. the Court, the Congress and the DoJ, choosing to do nothing.
The other body with the power to investigate, and to punish if they find wrongdoing, is Congress.
Only someone who was confident in his faction's ability to control Congress forever would hamstring the Supreme Court. Corruption might just be the price (whether or not it is too high) that one pays to make certain that there are some speed bumps in the way of the House and Senate if they ever got too far out of whack.
Let's not lump together making it illegal for federal judges to accept gifts from people with business before the federal courts and limiting the power of the courts. Those are very different things.
In Article III Section 1 of the constitution says this about federal judges: "The Judges, both of the supreme and inferior Courts, shall hold their Offices during good Behaviour." Interpreting the constitution so that my bad behavior is not bad behavior any more looks to me like it oversteps the bounds, and since laws are only proposed and enacted by congress I'd say it's pretty clear that congress has the right and duty to define bad behavior.
And the mechanism is clear, if you think a judge committed some crime (or even an ethics violation that doesn't quite meet the proper definition of crime).
Impeach them.
The trouble with this is that some people want immediate results for their political whims without putting any work into it, without spending any political capital over it.
The tactics that have been used so far really do smack of limiting the power of the courts. This is understandable, in that the people wanting to do that see a Supreme Court filled with justices they do not agree with politically. If those people were to succeed, they will discover in 10 or 15 years that they did not have the eternal control of Congress that they thought they did, but they will have hamstrung the other branch of government that might have put a stop to the worst of the nonsense.
And that holds true no matter which party you think I'm talking about. It's "filibusters are inconvenient to me right now, let's get rid of them forever!" all over again.
Bribery of a public official as discussed in the linked article is a criminal statute. Judges like anyone else are not above the criminal law and in fact federal judges have been charged and in one case (Otto Kerner 1974) convicted of bribery while in office. Impeachment is a different matter.
In any case, charging judges who engage in criminal behavior with crimes is normal business of the Republic, as is writing laws defining bribery, and the penalties. Redefining a criminal statute so that one can engage in previously illegal behavior stinks and probably does warrant impeachment.
Democrat administration, independent DOJ. The House is Democrat majority, they can send articles of impeachment. They've had recent practice.
If this is bribery, just do it. Quit whining about it. Instead, they call an entirely different justice to testify, as if there's anything to say. Is that a fishing expedition, an attempt to embarrass the institution on public tv, or both?
No reform is needed here. All the tools you need are at your disposal. Go for it.
Even so, there's room to negotiate. Biden can't replace Thomas without the Senate's ok, and they might go for it if they got to choose the new one (and they might even be worried that if they wait, it'd work out worse for them). Biden makes sure that their favorite isn't bugshit psycho, so even though the new one's still conservative, it's an improvement.
When the Democrats signal that they're never willing to negotiate, of course the other side will take the same tact... "Why would we want to anyway!?!" all sour grapes.
Back when Trump was still in office, they might have had a successful impeachment with a little negotiation. The Democrats had something to offer (the presidency), and the GOP didn't much care for him (they just didn't want to end up the losers if they helped the Dems). Promise to impeach Pence first, put in someone the GOP likes as VP. Then impeach Trump, their favorite candidate moves into the White House. There was even enough leverage to get Trump to agree to the VP replacement (both carrot and stick). Everyone (including the American people) could have won.
Wasted opportunities because it's more important to beat the other team than for everyone to win. Even worse results 20 years down the line because you're all too busy wanting to tear apart every check and balance for some temporary advantage. Really are getting the government you all deserve.
> Really are getting the government you all deserve.
By this I take it that you're not American? No offense, but your analysis while logical from an ends justify the means perspective, is just a fantasy. It's not a realistic, as it ignores the entire cult dynamic of the MAGA movement, which is well-documented at this point. Republican inaction on the worst aspects of Trumpism and the MAGA movement are not explained by "they just didn't want to end up the losers if they helped the Dems". It doesn't explain the retconning of the January 6th insurrection from Republicans at all levels of government, and the media. It doesn't explain the lunacy of the 118th Congress.
Sorry, the idea that, but for Democrats, Republicans would have reigned in the worst and most powerful within their own ranks is simply preposterous. Republicans are responsible for their own party, plain and simple.
> Only someone who was confident in his faction's ability to control Congress forever would hamstring the Supreme Court.
I don't quite understand what you're saying here. Especially in light that it takes a supermajority of the Senate to remove someone from the court, not just control of the Senate.
> that one pays to make certain that there are some speed bumps in the way of the House and Senate if they ever got too far out of whack.
Direct election of members of congress is the better speedbump.
> Only someone who was confident in his faction's ability to control Congress forever would hamstring the Supreme Court
Codes of conduct don’t constrain the Court, they constrain individual judges and justices. That’s the advantage of putting the enforcement within the judiciary, versus the executive (prosecution) or legislature (impeachment).
Corruption means there won’t be speed bumps, at least for certain legislation that appeals to those doing the corrupting. That’s a bit part of the problem here.
WebGPU is a low-level interface close to the hardware. If you don't care about having control over those details, it's not the right API to use. You'd have better luck with either a high-level wrapper or something else like WebGL.
WebGL still requires shader code I believe, and also uses graphic-specific terminology. My understanding is that there is no high-level native API for compute-specific use-cases. You are currently forced to use an API intended for graphics and then create abstracts for compute yourself.
I believe GPU.js exists to fill this void and facilitate simple GPU compute on the web without the need for all of the graphic-specific terminology and boiler plate code. But why a 3rd party library is needed for this makes little sense to me since a high-level native GPU (or hybrid) compute API seems like a great way to optimise many JS projects on the web today.
I must be missing something though because this seems like such a no brainer that if it was possible it would already be a thing.
GPUs don't work like CPUs, at all, and need to massaged carefully to run efficiently. You can't just give a GPU an `int main()` and go ham. The APIs we get to use (DX12, Vulkan, Metal, WGPU) are all designed to abstract several GPU vendor's hardware architectures into an API that's just low-level enough to be efficient without forcing the app to explicitly target each GPU itself. There's no one way to run fast on everything with more than a trivial program.
As for why no 'universal high-level native GPU compute API' exists, GPU vendors don't want them because it's too much effort to implement. They'd much rather everything go through a low-level interface like Vulkan and the high level stuff get done by 'someone else' consuming Vulkan. Each new 'universal' API requires buy-in from 4+ different hardware vendors. Someone needs to painstaking specify the API. Each vendor must implement the API. Those implementations will be broken, just look at Android drivers, and now your 'simple' universal API is actually 4 different APIs that look almost the same except for strange esoteric behavior that appears on some hardware that is completely undocumented.
This is what OpenGL was and is why Vulkan, DX12 and Metal exist. The universal 'simple' API doesn't exist because it's too hard to make and not useful enough for the people programming GPUs regularly.
Standard web APIs are a lot like kernel-level OS features. They have a ton of inertia to them, so they arguably should be limited to stuff that is infeasible in "userland". (There are additional reasons for that in the case of OSs, but that's the relevant one here).
If you had such a high-level API baked in, it would get leapfrogged by some library project within a few years, and then we'd be stuck with yet another API to support that no one actually uses.
https://innocenceproject.org/dna-exonerations-in-the-united-...