Skip Navigation

User banner

Salamander

@ Sal @mander.xyz

Posts
98
Comments
532
Joined
4 yr. ago

  • VIII, by Era

    Jump

  • The song Everything's Gonna Be Alright is a cover of the song from Sweetbox (1997) that goes by the same name and is based on Bach's Air from Orchestral Suite No. 3..

    I think that the rest are originals. Not 100% sure. I am surprised by how little information they made available, they just randomly dropped this with no context after almost a decade since the previous one. I ordered the physical album so hopefully it comes with some additional info haha.

  • U.S. hantavirus cases rose from 13 in 2022 to 38 in 2025, a 192% increase and a 6-year high, driven largely by western states

    Jump

  • What is the justification for selecting the range 2022 - 2025? I suspect that this is cherry picking.

    One of the data sources they reference is: https://www.cdc.gov/hantavirus/data-research/cases/index.html, this site has data up to 2023 (I could not find 2024 - 2025). Here is the plot of the total hantavirus cases in the US vs year:

    The number of cases vs year is rather noisy, and 2022 was a particularly low year. Saying that there is a '192% increase' might be technically true but misleading.

  • PSA: open source security considerations in the era of LLMs

    Jump

  • Definitely, disclosing (either private or publicly) a vulnerability that has been verified is significantly better than passing on the LLM output without verifying it.

    It isn't my intention to argue one specific case. What I think is that normalizing public disclosure of LLM-inspired vulnerabilities would lead to a wide distribution of cases. We would have some successful cases like yours, and also some cases of the type that I have mentioned. Increase in disclosures will raise the noise floor, and the fact that it is done publicly adds the additional pressure that I mentioned.

    I see your point, but I don't agree that the benefit of public awareness offsets the increase in noise. This disagreement isn't rooted in aspects that we can objectively quantify though - we just have a difference of opinion here.

  • PSA: open source security considerations in the era of LLMs

    Jump

  • And in that world, doing a private disclosure made a lot of sense because you did a lot of hard work to find it, and it wasn’t easy for somebody to replicate. This was valuable and dangerous knowledge that had to be communicated in a responsible fashion.

    Private disclosure still makes sense to me when you add LLMs into the mix. It is possible that an LLM outputs some plausible-sounding story that over-estimates the actual risk and impact of the exploit. If this story is publicly announced to people who use the software but are not capable of assessing these risks themselves, this can easily have a negative unnecessary consequence - for example, people may bring their server down until an expert or developer provides an assessment or fix.

    This is a source of noise, and I don't agree that this is better than private disclosure. Via public disclosure one is applying a lot of pressure to the developer(s) to prioritize whatever is being disclosed, which may not always be the nicest thing to do, especially if the impact is not as significant as the LLM suggests. This may not have been what happened in your case (I don't know the details), but I am thinking about the idea of the average person disclosing publicly LLM-discovered vulnerabilities.

  • Physics @mander.xyz
    Salamander @mander.xyz

    Mechanical pulling force and alternating current comodulation electrohydrodynamic printing

    www.science.org /doi/10.1126/sciadv.adz5180

  • LabRats

    Jump

  • All volunteer efforts are welcome, and using AI tools to support volunteer work is completely reasonable to me.

    I personally value well-crafted human-made art more highly than AI-generated art. If someone wants to invest the time to create original icons and donate them, I am always very happy to see that!

    That said, requiring unpaid contributors to meet a craftsmanship standard before they are allowed to help does not seem constructive to me. Volunteer communities usually work best when people contribute with the time, skills, and tools they actually have available.

    A middle-ground alternative to AI-generated work is searching through Creative Commons assets, but even that still takes time to source, filter, adapt, and integrate. Expecting volunteers to always provide fully custom artwork or spend significant additional time curating assets does not seem like a fair expectation to me.

  • Locked

    LoRa mesh is an absolutely PROPRIETARY, CLOSED SOURCE scam that wasted my money

    Jump
  • Locked

    LoRa mesh is an absolutely PROPRIETARY, CLOSED SOURCE scam that wasted my money

    Jump

  • I promise you I am not lying to you. I may be mis-understanding you.

    Here is the source code for Meshtastic firmware: https://github.com/meshtastic/firmware

    But I am assume that we have a different understanding of what is and what isn't open source.

  • Locked

    LoRa mesh is an absolutely PROPRIETARY, CLOSED SOURCE scam that wasted my money

    Jump

  • Don't worry, I wouldn't ban you for this.

    Yes, the physical modulation implemented by LoRa transceivers is proprietary.

    It is not entirely correct to say that the "mesh" itself is proprietary. Meshtastic is open source, even if it relies on proprietary radio hardware. In principle, one could take the Meshtastic codebase and adapt it to a different physical layer.

    It is perfectly reasonable to reject a technology because the full stack is not open. That said, once you look closely at most modern digital and RF hardware, you are extremely likely to encounter proprietary ICs, firmware, or physical layer implementations somewhere in the stack.

  • Building meshtastic hardware from scratch?

    Jump

  • I'm not familiar with Canadian suppliers, sorry. I have bought directly from them in the past, but I'm not sure about shipping to Canada.

  • Building meshtastic hardware from scratch?

    Jump

  • Yes, you have many options. It depends on how much "from scratch" you want to go.

    The simplest method is to purchase a module with the radio transceiver + microcontroller, flash it, and assemble it. If you don't want any sensors, you can for example purchase from RAK the kit a kit with a 'RAK19003' base board + 'RAK4631' module (nRF52840 micro-controller + SX1262 transciever) . For Canada, you would pick the 900 MHz version that operates in the 915 MHz band. (https://store.rakwireless.com/products/wisblock-meshtastic-starter-kit?variant=43884035113158)

    For an enclosure, you can look up 'Project box' or 3D print a case.

    If you want to go even more "from scratch", you can buy a module without a micro-controller (Waveshare core1262, Ra-01SH, Wio-SX1262), and interface with these using a micro-controller via SPI. At this layer it starts to become more of a hassle if you want to implement Meshtastic, because you will need to either copy an existing configuration, or modify the firmware so that it matches the way that your electronics are connected.

    Then, if you do not want to purchase a module, you would buy the transciever directly (for example, the SX1262), and assemble your own module. You can look up the schematic of the basic modules to get an idea of what this looks like. For example, you can see the Waveshare Core1262 schematic here: https://files.waveshare.com/upload/c/c1/CoreSX1262_Sch.pdf

    If you do not want to rely on an already existing LoRa transciever, but instead use a more general radio transciever, that is also possible. But, more expensive, and is unlikely to match performance. This is something that one might want to do if you already have an SDR transciever connected to raspberry pi and want to use it to interface with LoRa (still, it is much easier to connect a LoRa device over USB). I would not recommend building a meshtastic device from more general transcievers.

  • What were these people thinking?

    Jump

  • About the immortality of the crab

  • Workplace is forcing me to switch back to Windows :(

    Jump

  • Since my work involves sensors, I set up a continuous testing setup on a raspberry pi and got its IP whitelisted. I ssh into it when something is annoying to do in the Windows laptop.

  • Have you ever commited crimes against laws of science?

    Jump

  • I'm surviving, and definetly not the fittest.

  • Whats something new thats actually good?

    Jump

  • I think that the TinyTapeout concept is super cool (https://tinytapeout.com/). In the past, it was not really feasible to design and manufacture a semiconductor device as a hobbyist... Unless maybe an extremely wealthy one.

    Now, we have open source design tools, open process design kit, and the ability but small part of a manufactured wafer.

    There are also now multi-project wafer runs for photonic chips at reasonable prices for startup/academia. I think these developments are pretty cool.

  • "Why is your phone in airplane mode?"

    Jump

  • Thanks a lot for the examples! I have been looking through these, and, as far as I can tell:

    1. In SSL stripping, the site would appear to your client as HTTP, not HTTPS. If that's the case, I think SSL stripping is blocked when using 'HTTPS-Only' mode
    2. For DNS spoofing, the visited site would show up as insecure because they would not be able to generate a valid certificate for the target website

    I still have not had the chance to look into leaky metadata. But, generally, I think metadata issues can in part be addressed by not generating much metadata.

    Probably the biggest vulnerability is the captive portal. There is no way to verify you’re connecting to an official Starbucks router. I think that when connecting to a public router it is wise to assume that it is malicious.

  • "Why is your phone in airplane mode?"

    Jump

  • I'm curious about an example that comes to your mind as you say this. In your view, what is a privacy risk associated with public WiFi use that is not easily mitigated?

  • Do you use a dishwasher or wash dishes by hand?

    Jump

  • By hand. We are only two people, and we usually clean after we cook/eat. When one is cleaning only 2 plates + a pot/pan at a time, it is easy to use little water. Spray of soap, metal scrub, sponge scrub, and then turn the tap on to rinse for a few seconds. Utensils get individually scrubbed and then all rinsed together for a few seconds.

    Maybe when we have kids a dish washer will make sense.

  • Deleted

    Permanently Deleted

    Jump

  • AGUCUAGCAUAC

  • What are some common things people buy that you would never buy?

    Jump

  • I have been happy with my Garmin. It is functional without having to connect to anything, and data can be easily exported to a computer for more advanced processing. It is a handy GPS receiver that lets me monitor heart rate and log running metrics.

  • FYI a significant chunk of Chinese IP space has been banned

    Jump

  • That's good! There's some hope that this won't last forever then. Thanks.

    And it's interesting that the challenge via old.lemmy.ca was so impactful. The first wave of bots that I noticed also came through an Mlmym front-end that I make accessible via tor. But lately they have been hitting directly via the regular front-end.

  • Ask Electronics @discuss.tchncs.de
    Salamander @mander.xyz

    How do you organize your components library?

  • Peertube @lemmy.ml
    Salamander @mander.xyz

    Brainstorm: Improving Lemmy <-> PeerTube Federation

  • Privacy @lemmy.ml
    Salamander @mander.xyz

    The Pager

  • Physics @mander.xyz
    Salamander @mander.xyz

    Bright yet dark: how strong coupling quenches exciton-polariton radiation

    arxiv.org /abs/2508.21247
  • Photography @lemmy.ml
    Salamander @mander.xyz
    OC

    Tree and door

  • Electronics @discuss.tchncs.de
    Salamander @mander.xyz

    Inside of Sensirion's SCD4x

  • Biology @mander.xyz
    Salamander @mander.xyz

    SARS-CoV-2 evolution on a dynamic immune landscape | Nature

    www.nature.com /articles/s41586-024-08477-8
  • Physics @mander.xyz
    Salamander @mander.xyz

    Phonon Inverse Faraday Effect from Electron-Phonon Coupling

    journals.aps.org /prl/abstract/10.1103/PhysRevLett.133.266702
  • Biology @mander.xyz
    Salamander @mander.xyz

    Prey specificity of predatory venoms

    onlinelibrary.wiley.com /doi/full/10.1111/brv.13120
  • Open Source @lemmy.ml
    Salamander @mander.xyz

    Rethinking open source generative AI: open washing and the EU AI Act

    dl.acm.org /doi/fullHtml/10.1145/3630106.3659005
  • sustainability @lemmy.world
    Salamander @mander.xyz

    Extending the Sustainable Development Goals to 2050 — a road map

    www.nature.com /articles/d41586-024-01754-6
  • What's this Plant? @mander.xyz
    Salamander @mander.xyz

    The Netherlands

  • Physics @mander.xyz
    Salamander @mander.xyz

    Revealing the Microscopic Mechanism of Elementary Vortex Pinning in Superconductors

    arxiv.org /abs/2403.17671
  • Science @mander.xyz
    Salamander @mander.xyz

    China promises more money for science in 2024

    www.nature.com /articles/d41586-024-00695-4
  • Physics @mander.xyz
    Salamander @mander.xyz

    Room-temperature quantum optomechanics using an ultralow noise cavity - Nature

    www.nature.com /articles/s41586-023-06997-3
  • Physics @mander.xyz
    Salamander @mander.xyz

    A Quantum Trick Implied Eternal Stability. Now It’s Falling Apart. | Quanta Magazine

    www.quantamagazine.org /a-quantum-trick-implied-eternal-stability-now-its-falling-apart-20240226/
  • Physics @mander.xyz
    Salamander @mander.xyz

    Self-arresting earthquakes and critical sliding nucleation theory

    arxiv.org /abs/2402.14626
  • Biology @mander.xyz
    Salamander @mander.xyz

    Mechanisms of extracellular electron transfer in anaerobic methanotrophic archaea - Nature Communications

    www.nature.com /articles/s41467-024-45758-2