• 0 Posts
  • 179 Comments
Joined 10 months ago
cake
Cake day: April 13th, 2024

help-circle
  • I’m working on long range stuff so I’m not so familiar with PON specifically. Maybe I made some bad assumptions. Stable at -30 dBm receive sounds really impressive.

    The one I was talking about is this, with 18.5 dB total budget, that is, min +4.5 dBm transmit, and min -14 dBm receive. This one is built with an APD.

    In my kind of application, without splitter, this will get you about 30-40 km. We’ve got one of a slightly older type with 18 dB budget running between Fribourg and Bern for example.

    I realize that PON stuff is quite different with the time slitting and I think wavelenght splitting too, at least in XGS-PON, but I was thinking the pure laser and diode physics would need to be the same.

    For -25 dBm minimum the most similar of the ones we currently have would be this one which manages -26.9 dBm and is one of the ones with a SOA built in, or for the 10G stuff this one, which manages min -23 dBm but with only an APD and no SOA.

    I’m thinking their 50G stuff must be closer to 100G than 10G transceiver design. So I wonder if they manage to make it without SOA.











  • Yeah, this kinda bothers me with computer security in general. So, the above is really poor design, right? But that emerges from the following:

    • Writing secure code is hard. Writing bug-free code in general is hard, haven’t even solved that one yet, but specifically for security bugs you have someone down the line potentially actively trying to exploit the code.
    • It’s often not very immediately visible to anyone how actually secure code code is. Not to customers, not to people at the company using the code, and sometimes not even to the code’s author. It’s not even very easy to quantify security – I mean, there are attempts to do things like security certification of products, but…they’re all kind of limited.
    • Cost – and thus limitations on time expended and the knowledge base of whoever you have working on the thing – is always going to be present. That’s very much going to be visible to the company. Insecure code is cheaper to write than secure code.

    There is nothing wrong with your three points, in general. But I think there are some things in this given case that are very visible weak points before getting into the source code:

    • You should not have connections from the cars to the customer support domain at all. There should be a clear delineation between functions, and a single (redundant if necessary) connection gateway for the cars. This is to keep the attack surface small.

    • Authentication is always server side, passwords and reset-question-answers are the same in that regard. Even writing that code on the client was the wrong place from the start.

    • Resetting a password should involve verifying continued access to the associated email account.

    So it seems to me that here the fundamental design was not done securely, far before we get into the hard part of avoiding writing bugs or finding written bugs.

    This could have something to do with the existing structures. E.g. the CS platform was an external product and someone bolted on the password reset later in a bad way. The CS department needed to access details on cars during support calls and instead of going though the service that communicates with the cars usually, it was simpler to implement a separate connection to the cars directly. (I’m just guessing of course)

    Maybe besides cost, there is also an issue that nobody in the organization has an overall responsibility or the power to enforce a sensible design on the interactions between various systems.



  • That is obviously fake. I don’t even detect any real attempt to make it believable.

    Bold claims, no detail, perfectly aligned with the biggest fears of what Musk could have done. Even the stupid mention of AI agents and the link to an example in documentation, as if that random stuff was evidence that was congruent with the earlier claims.

    Plus they fucked up the internal consistency, despite how short the text is: In the intro our fake protagonist is a former X employee, in the third paragraph from the bottom they are saying “We’re currently doing the same thing in Germany”.



  • I didn’t want to touch on the intent question, because to some degree it’s not knowable from the outside and to some degree there is a multitude of intents out there. And since the resettlement already doesn’t fit the “method” criteria I thought I didn’t have to.

    For what it’s worth I think Trump is more likely just trying to quiet the situation in a heavy handed way, for a political win, and to satisfy Israeli interests and maybe also to satisfy some interest groups local to him. I don’t think he has a reason to want to destroy Palestine as a nation or identity. On the other hand he also wouldn’t give much of a shit about their interests. And of course he spouts this stuff quickly, without careful analysis beforehand, as always.

    In contrast I think some of the Israeli parties, the extreme settler ones, probably would like the Palestinian Identity gone, so they can “finally” claim all the land they want to call Israel.

    As for Netanyahu, I don’t know. Sometimes I felt like what he wanted most was a continued frozen conflict because it stabilizes him in domestic politics. But when the conflict heated up he changed to strongman tactics. What’s next I don’t understand well. Does he want to re-freeze, or find some sort of lasting resolution…


  • Putting the Palestinians from Gaza in other Arab countries and giving their remaining land to Israel sounds like a recipe for destruction of their national identity.

    Forcible resettlements are not listed in the Convention on the Prevention and Punishment of the Crime of Genocide, Article II, but in my opinion the essential effect would be achieved none the less.

    Convention on the Prevention and Punishment of the Crime of Genocide

    Article II

    In the present Convention, genocide means any of the following acts committed with intent to destroy, in whole or in part, a national, ethnical, racial or religious group, as such:

    1. Killing members of the group;
    2. Causing serious bodily or mental harm to members of the group;
    3. Deliberately inflicting on the group conditions of life calculated to bring about its physical destruction in whole or in part;
    4. Imposing measures intended to prevent births within the group;
    5. Forcibly transferring children of the group to another group.