Yeah, timestamps should always be stored in UTC, but actual planning of anything needs to be conscious of local time zones, including daylight savings. Coming up with a description of when a place is open in local time might be simple when described in local time but clunkier in UTC when accounting for daylight savings, local holidays, etc.

For what it’s worth, that particular format war, the format backed by more porn studios (HD-DVD) actually lost to the one with less porn backing (Blu-ray). Personally I think that the PS3 tipped things over the edge.

Can we talk about how the graphic didn’t sort the results in any kind of chronological order? Today, then October 2023, then May 2024 is an insane way to present this data. Go either oldest first or newest first sort order.

The dude in charge wasn’t even a billionaire. He was just some founder whose company wasn’t doing all that well, financially. I think his peak net worth was something like $25 million, and that was mostly in stock in his doomed company. $25 million is nothing to sneeze at, but it’s also not quite enough money to explain the dude’s arrogance.

It’s just that their common scripts were from ABC, CBS, or NBC

That’s not true. The actual local news programming was entirely independent from the affiliated broadcast network. National news programming from the national news networks were carried, including more editorial/long form formats (60 minutes, Dateline, Nightline), but that was still independent from what the local stations were covering in their own newsrooms.

Virtually all marine vessels are certified by organizations such as the American Bureau of Shipping, DNV, or Lloyd’s Register, which ensure that they are built using approved materials and methods and carry appropriate safety gear. It has been widely reported that Rush was dismissive of such certification, but what has not been made public until now is that OceanGate pursued certification with DNV (then known as DNV GL) in 2017—until Rush saw the price. “[DNV] informed me that this was not an easy few thousand dollar project as [it] had presented, but would cost around $50,000,” he later wrote in an email to Rob McCallum, a deep-sea explorer who had also signed Kohnen’s letter.

Later in article:

Reality was more prosaic. Like most startups, OceanGate was in constant need of funds. Rush was trying to save money wherever he could. Interns, who made up around a third of the engineering team, were paid as little as $13 an hour. (When a manager pointed out in 2016 that Washington’s minimum wage was just $9.47 an hour, Rush responded, “I agree we are high. $10 seems fair.”) Rush also downgraded the sub’s titanium components from aerospace grade 5 quality to weaker and cheaper grade 3, says one former employee.

I knew they were being cavalier about safety, but didn’t realize they were penny pinching to this degree.

A private equity firm bought them to naked short the stock

You just like throwing around words regardless of meaning?

They owned equity, so they were long, not short. They owned a stake so they weren’t naked.

What they did was a simple extraction of value from something they owned, destroying it. It has nothing to do with short selling, and has nothing to do with manipulation of stock trading (after all, they took it private so that it wouldn’t be publicly traded, so there were no public traders to manipulate).

I’d say the real world doesn’t reward being actually gifted.

More accurately, the real world punishes being below average at any one of like a dozen skillets. You can’t min/max your stats because being 99th percentile at something won’t make up for being 30th percentile at something else. Better to be 75th percentile at both.

The real world requires cross-disciplinary coordination, which means thriving requires both soft skills and multiple hard skills.

They pronounce it “heera”

GNU’s
Not
Unix

A lot of NIL money during the off-season is booster money, yes. That’s money that basically will only go to athletes signed with a particular school.

But there’s also a lot of NIL money for actual big budget TV/print advertising from national corporations for ads produced by major ad agencies. That’s money that follows the athlete.

Not all of it will follow the athlete to the pros (and not every athlete goes pro), especially since the WNBA seems to have lower viewership than NCAA women’s basketball. But if anyone is gonna be making good money on sponsorships in the WNBA, it’ll be Caitlin Clark.

A zero day is an exploit that has been identified by someone but not yet used.

I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.

It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.

disclosed active exploitation

So, not a fucking zero day.

I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?

It basically varies from chip to chip, and program to program.

Speculative execution is when a program hits some kind of branch (like an if-then statement) and the CPU just goes ahead and calculates as if it’s true, and progresses down that line until it learns “oh wait it was false, just scrub all that work I did so far down this branch.” So it really depends on what that specific chip was doing in that moment, for that specific program.

It’s a very real performance boost for normal operations, but for cryptographic operations you want every function to perform in exactly the same amount of time, so that something outside that program can’t see how long it took and infer secret information.

These timing/side channel attacks generally work like this: imagine you have a program that tests if variable X is a prime number, by testing if every number smaller than X can divide evenly, from 2 on to X. Well, the bigger X is, the longer that particular function will take. So if the function takes a really long time, you’ve got a pretty good idea of what X is. So if you have a separate program that isn’t allowed to read the value of X, but can watch another program operate on X, you might be able to learn bits of information about X.

Patches for these vulnerabilities changes the software to make those programs/function in fixed time, but then you lose all the efficiency gains of being able to finish faster, when you slow the program down to the weakest link, so to speak.

This particular class of vulnerabilities, where modern processors try to predict what operations might come next and perform them before they’re actually needed, has been found in basically all modern CPUs/GPUs. Spectre/Meldown, Downfall, Retbleed, etc., are all a class of hardware vulnerabilities that can leak crypographic secrets. Patching them generally slows down performance considerably, because the actual hardware vulnerability can’t be fixed directly.

It’s not even the first one for the Apple M-series chips. PACMAN was a vulnerability in M1 chips.

Researchers will almost certainly continue to find these, in all major vendors’ CPUs.

Can’t fix the vulnerability, but can mitigate by preventing other code from exploiting the vulnerability in a useful way.