I want more integrated office support in Linux. I am happy with any and all attempts that can improve it.
On the rust side, it doesn't seem like they have gotten to benefit too much from the ecosystem yet (one crate for XML deserialization). But I am sure now that it will come with time.
Looks like the ecosystem might benefit from them rather than the other way round: having a crate that fully supports XML serialization/deserialization, including all of XML's features (attributes, namespaces etc.) sounds like a win for Rust. Actually, I would have expected something like that to exist already - XML might not be the hottest data exchange format around anymore, but it's still pretty widespread...
XML support is noticably sparse. Yaserde is there but support for schema to rust generation is lacking and what is there isn't in crates.io and the repos abandoned. It is quite possible I'm missing some Wonderful crate, but I haven't found it with concerted effort. But I'm not the person who needs it enough to finish the job. It may simply be that person doesn't exist. Migration to json schemas is pretty easy unless you are using the sorts of things people don't like about xml anyway.
It's $20 per year, not per month... and there are promo codes for $5/year available most of the time. I don't use the site but browsed the guy's mastodon feed.
Anyone can start their own omg.lol with a $10/yr domain name, and charge others for OSS and basic features you can find elsewhere for free. It's a scam to those who criticize it, and it's a privileged club to those who pay the money.
But the social circle is polluted with brains who think this is a good deal, so it's not the kind of network I'd even want to be on.
Not specifically talking about WorldGuard, but this video comparing Intel SGX, Arm TrustZone, and RISC-V PMP is quite good: https://youtu.be/MREwcSo0uz4
If you had to bring one thing on a jog for protection it should be a well trained dog. It can deter, warn, and respond to an attack. A concealed carry only does the last thing, increase your ability to respond to an attack. Also, the dog is arguable a more enjoyable companion on the run. Counter argument would be that the dog is a lot of maintenance.
An open carry in addition to the dog would probably keep you safe outside a war zone.
It has been a sec but if I were to do another multi-threaded async Rust project I would do one thread per async runtime and explicitly pass anything that needed to be shared.
This should be more ergonomic as this should get rid of everything needing to have send/sync traits. I also suspect it may be more performant as I am not sure how good the async runtimes are about keeping scopes pinned to a particular core so its not constantly jumping around and busting the l1 caches (which would be extremely detrimental to compute latency and bandwidth)... Happy to be schooled on any of this.
But what when you have some threads slacking off, and others too busy? It would be nice in this case to use those idle threads, even if it means a little bit of CPU cache trashing. And I believe this is what Tokio offers with a work stealing thread pool.
True, but I suspect that without a truly global prescient scheduler it is almost never worth it to core switch unless you generally have really long tasks.
For an efficient core context switch the scheduler must accurately predict that the source (current) core won't be free for the duration of the full core context switch time and that the sink core will be free by the time the meta context gets there and will have been free by the time the rest gets there. Otherwise, the scheduler ends up thrashing the cpu (it is actually a bit worse as future task might need same context so you have to be aware of the future). So, for the scheduler to know this it would need to be:
- Global: The only scheduler on the system or basically rafting with all the other schedulers on the system
- Prescient: The scheduler(s) would need to be able to predict all tasks, thier context, and work time per task perfectly. Which could really could only happen when everything is static and hence deterministic.
For example, I think most tasks people are throwing at async are web requests. Most actually take the core an order of magnitude shorter time to compute then the time it takes passing the context from one core to another and they are all unpredictable to the scheduler. In this scenario I could see the scheduler taking up the majority of computational time on the system. So turn on multi-threading + async on a quad core and you will get worse bandwidth and latency(always) for all your pains.
EDIT: Although this single data point would tell me I am wrong (see description):
I am not an expert but was in your shoes a few years ago so check and think on what I say.
The best chance of success will come from having more development time. So don't spend your money. You could also find partners, but make sure there is a peaking order (one of the founders has a plurality). So join someones existing project or sweat enough over your own that other founders would be willing to join at a lesser cut.
I would not register a business. Waste of money (dev time). You can wait till there are other founders or you have revenue and want a tax advantage. Assuming you are in the US you default to a sole proprietorship under your name anyhow, so no worries there. If you want a cool sounding name you file for a "Doing Business As" <cool name" for under ten bucks and ten minutes of your time.
I would not using the big cloud providers. Waste of money. Run it on k8s/VM/Container on your desktop or your PI till you have users or use free tier services.
I would not hire. At 20k the best bang for the buck would be your time.
I would not move. Again, costs. If you want to meet people you already seem to have a knack for it. :)
Also, hunter321 and yuppie_scum are wise men, hahaha, and I don't see any bad advice on this page. Add a contact to your about and I would be happy to chat.
After some thought, I think Starlink will be robust against tracking. They should be harder to locate then VSATs which the author mentions in the Twitter thread. In comparison:
1. They are beaming to a constantly moving swarms of satellites rather then a geostationary satellite:
a. So timing attacks can't be used to find a search path.
b. The beam is moving to even he a plane pickup on a signal it would quickly lose it as the beam moved. Although there is a workaround I won't mention.
2. They are lower powered so the signal is weaker. I assume they are just as directional.
“hyper-directional” is relative. It’s physically impossible to create a truly collimated RF beam, physics ensures that even if you do, it’ll still spread out over distance.
Normal dishes and antenna all spill RF power in many directions. Directional just means the antenna dumps the majority of its power in one direction, but certainly not all of it.
With a sensitive radio, and some signal analysis to identify Starlinks “wire”-protocol, you should be able to detect the spilled RF signal coming off a Starlink antenna, regardless of where is pointing. Get enough radios and you can start doing some trilateration to pin-point a terminal, then aim a missile in the general direction of the terminal, and equip it with a RF tracking system that can bring it home once it’s in roughly the right area, and the Starlink signal becomes strong enough to detect with simpler equipment, and bam, you’ve got yourself a Starlink killer.
Of course working out all the details of such a system is non-trivial. But don’t think for a moment having a directional antenna is going to save you. Might buy you more time, but you’re far from invisible.
I guess what he was trying to say was that by using VPN the user could hide the fact that he was using StarLink as the real IP address was hidden.
But just as you said, why would anyone need to check someone's network traffic to determine whether he was using StarLink? The RF signal itself is more than enough.
- If your adversary has access to your ISP's data they can tie IP to address/geofences.
- If they where clever they could time the latency and find how far you are on relative to the satellite. Giving a circle path to look at. Meaning plane could find you by flying along the circle. So I guess it could help them track the radio signal...
> - If they where clever they could time the latency and find how far you are on relative to the satellite. Giving a circle path to look at. Meaning plane could find you by flying along the circle. So I guess it could help them track the radio signal...
If they had compromised your satellite providers infrastructure, otherwise no. This isn’t how the internet works.
Lets say I control a few assets like a website, news.com, a DNS server, and relegram, a messaging app, and control the ASs that route to them.
Let's say the target posted something to relegram. I grab to logs and gain the IP. Cool, now I have the IP.
I add the IP to a list that instructs my controlled ASs to collect latency stats during handshake protocols (could do it from the end assets but this should be easier/better).
Meanwhile I also look up who owns the blocks the IP is from, likely finding their ISP.
If it a satellite provider I could go grab a a friendly dish in a known location and add that to list as well for the baseline. I could at this point double check my seconds/meter converter by moving said dish but it likely to track with physical constants.
After getting ten thousand hits or so I take the difference between the mean baseline latency and target latency and translate it to distance with my constant. Now I know the target should be within ~x of the satellite. I also have a map with terrain so the torus becomes a circle with a hole in it.
Now I take a plane and hopefully it can fly high enough between the satellite and the circler path as to 'shadow' a statistically significant portion of the area as it goes around.
There's a bunch of flawed assumptions hidden in this. Some examples:
* The distance between the user and the satellite is fixed. With a LEO system, the difference between a satellite being straight overhead at 400km elevation and at 10 degrees elevation over the horizon is a difference of 1000km. Passes at this elevation are minutes long, capping out around 15 minutes.
* The path from the satellite to the groundstation is fixed. Same reasoning above.
* A user in a fixed location's traffic would go through only a single groundstation to the internet. Unless that user is colocated with a groundstation, there's going to be periods of covisibility with different groundstations, so there's going to be wholly separate paths for the traffic to take. This varies even more as you start to look at polar satellites, which SpaceX has outfitted with optical crosslinks. Your traffic could be getting dumped onto the internet at groundsites thousands of kilometers away within the a single pass.
This isn't to say that there's zero chance of latency analysis from an adversary with enough internet presence, but it's many orders of magnitude harder than your simple analysis would suggest.
I was assuming geostationary satellite in example to point out that obscuring the IP could add a layer of security.
In regards to your general point I am making assumptions and it would be harder. But within an order of magnitude. A great place to use some basic machine learning.
In regards to LEO being harder... I agree the the latency analysis will have more moving pieces. But it being better in terms of resulting anonymity would depend on its implementation...
Doesn't Russia have some satellite constellation that does that anyway? Or some private company just sells this. Even some amateur kubesats would be able to detect this.
No, not for jamming. AWACS are supposed to be able to detect signals beyond the noise floor from very high distances passively.
A starlink dish only has around 35dB of gain and around 4W of transmit power. It's sidelobes can almost certainly be detected from large distances by specialized aircraft.
There is no indication Ukraine has had much success with anything beyond MANPADS.
It seems that the Russians are having logistical issues. They are running out of gas. Not sure how but it seems like it.
We are hearing today about them sending in more armored divisions. These will re enforce the supply lines. But this is a really risky play. It is a double edge sword. Now that they send more in they need even more gas. And if they run out they suffer a larger loss. What good are 4,000 tanks without fuel? Suddenly your armored division are infantry divisions who are outgunned on foreign soil.
The less risky play would be to withdraw there armor pretty far back. But this means an extend war. Which they should lose do to basically endless international support to the Ukraine and their willingness to fight.
So the play would be to pull back and stick to claiming the small section of the separateness region they have capture so far. This is will happened when the last of the armored units cross the line to cover the retreat. Given Ukraine can last four more days and keep the supply lines broken.
On the rust side, it doesn't seem like they have gotten to benefit too much from the ecosystem yet (one crate for XML deserialization). But I am sure now that it will come with time.