I wish the article put more emphasis onto the facg that TikTok was requesting the password through a system prompt. They don't have anyone's passwords, just a conformation from the device that the correct password was inputted. This is such a nothingburger.
All that aside...is this an nypost article referencing a Dextero article referencing an (unsourced) reddit comment?
I haven't seen these sorts of native prompts. Even passkey prompts open with a popover toast that covers the bottom part of the screen to confirm which account you want to use. Do you know what mechanism Duo is using in this example?
Edit: could this be a prompt from a failed faceID authentication for the app's secure enclave storage? most of those prompts aren't cancelable, but this tiktok one is
Normally you'll see a prompt like "touch/face id for [app name]". If the authentication fails, you'll have the option to enter your passcode, which opens the screen in the above screenshot.
How you could have enough control over the machine to reroute the error log to (what I assume was) a Pastebin api, while also lacking access to any of the files on the machine? In my mind you'd be required to ssh into the machine to upload, and if you're ssh'd in, why not just cat the log?
Good question! We couldn’t SSH in, which is too bad this would all be trivial. We had no direct access to the boxes, they were often behind firewalls. In fact that was the suggested placement for security reasons. They weren’t full servers, just little embedded things.
We had a little HTTP API that it was always talking to. It would call the API to send data back to us or just check in regularly, and we would return to it a little bit of status stuff like the current time to keep clocks in sync, and a list of which “commands” they need to run.
Mostly the commands were things like “your calibration data is out of data, pull an update“ or “a firmware update is available“.
But one of them let us run arbitrary shell commands. The system was very limited. I wasn’t a developer directly on the project but I think it was just our custom software plus busy box and a handful of other things our normal shell scripts used. I assume it had been added after some previous incident.
I believe the basic idea was that during troubleshooting you could tell a box to return the output of “cat /etc/resolv.conf” or something else that we hadn’t preplanned for without having to send someone into the field. But since it was only for small things like that it couldn’t return a full file.
Luckily one of the commands was either curl or wget. So we could send down “curl -whatever /log/path https://pastebin/upload” or whatever it was. I don’t remember if we signed up for a pastebin account so we knew where it would show up or if we had it return URL to us in the output of the curl command.
This suggestion was literally a joke. We were all beating our heads against the wall trying to help and someone just said “why don’t we just stick it on pastebin“ out of frustration, and the developer on the project realized we had what we needed to do that and it would work.
I was doing some proxy soak testing for a company once where we had to run the tests from the server room but there was no non-proxy connectivity from that room to where we were monitoring the tests. Simple solution: output the progress to Dropbox, watch the same file upstairs. Bit of delay, sure, but better than having no idea how things are going until the 30-60min test is done (and no, we weren't allowed to sit in the server room watching it.)
It sounds like the issue is that these service providers are obeying Google's aliasing rules, but also ignoring the fact that you shouldn't be using email as a primary identifier [1]? It's funny, if they had adhered to the spec more they'd be fine; but if they adheredess and treated alias' as distinct emails, these platforms would at least be more secure.
Really, this sounds believable. How often does the average programmer use anything beyond arithmetic? I'm only a few years out of school, but I'm re-learning calculus since I haven't touched it once since college.
The OECD said the decline was not inevitable, pointing to Singapore, where students scored the highest in maths, reading and science, with results that suggested they were on average three to five years ahead of their OECD peers.
After Singapore, Macau, Taiwan, Hong Kong, Japan and South Korea also outperformed in maths and science, where Estonia and Canada also scored well.
Reuters DID conflate "doing better" with "not doing worse". I believe OECD pointed to Singapore because their scores were high AND INCREASING.
A quick scan of I.5.1 shows Macau, Canada, Hong Kong, and Estonia with worse scores compared to 2018. Singapore and Japan's scores went up. A less lazy reader can use the OECD database to find numbers for the other listed countries.
For those wondering how applications detected screenshots in the past.
Previously, apps were able to detect when a screenshot had been taken by listening for file changes while they were in the foreground, but this was less than ideal.
To find the two’s complement of 5, we invert all the bits (changing 0s to 1s and 1s to 0s) and then add one to the result.
I am embarrassed by the fact that I wasn't aware of this. I always interpreted the two's complement as the difference between the all the numbers before the high bit, minus the high bit. Aka 10000000 – 01111011 = 0101
When I first learned two's complement I sort of accepted it as something to memorise for a test and didn't really understand (or care) why it worked.
What really made it click for me was thinking of it as modular arithmetic. If you consider 8-bit integers, they range from 0-255 and you're actually working modulo 256. So you can think of 0-127 as your non-negative numbers. The numbers from 128-255 behave as negatives modulo 256 (e.g. -1 mod 256 = 255).
That it's the same thing may be more familiar in base 10: for example with 3-digit numbers, the 10's complement of (say) 428 is 1000-428 = 572, and you get the same result if you "invert" each digit (subtract from 9) and add 1: 571 + 1 = 572. This is just because
(999-x)+1 = 1000-x.
One of the advantages of two's compliment (particularly relevant in early hardware that really needed to minimize gate count) is that you can use an adder to perform subtraction: just flip all of the bits of the argument to subtract, and have an extra carry input to pretend you have a carry-in bit to be added to the least significant bit.
If you want your CPU to efficiently support multi-precision addition, you can have an overflow machine state flag and have an instruction that uses that overflow flag as the carry-in to the least significant bit during addition.
I find it much easier to think of everything in unsigned terms. If I want 8bit -5, I really want 256-5=251. I've done plenty of that in my time but I don't think I've once consciously inverted bits and added 1.
But the evidence was there. Personal attacks against Nick Bostrum, Robin Hanson, among other leadings figures, not for their positions on the most important issues, or even for being wrong, but for not conforming to the socially desirable position on the current thing,
Nick Bostrum very clearly states that he believed blacks to be inantely intellectually inferior to the rest of humanity. I didn't realize that this was decidely correct, or even unimportant. Doesn't the belief of a racial hierarchy affect one's ability to decide on most optimal forms and recipients of altruism?
This blogpost just reads as a "go woke go broke" victory lap that has very little new to say about the current state of EA. At the very least I do genuinely appreciate that Chau directly linked to the detractors he discusses (even if the twitter link leads to a deleted post)
The author suggests making cultural changes that will discourage the suppression of socially unacceptable topics, and seemingly believes that the suppression of rational discourse is the violation of a basic human right.
At the same time he doesn't seem to outline any solution to dealing with the suppressing voices in society. "Ultimately, we have to accept the implications of human creativity." But how will this acceptance be achieved? There is no mechanism in place to tear down a stand in the free marketplace of ideas.
All that aside...is this an nypost article referencing a Dextero article referencing an (unsourced) reddit comment?