interesting stuff. I love Yamaha for audio stuff for sure, didn't know they owned Steinberg though.
Their speakers i think are lovely examples of their engineering quality. Great and honest sound, some of the best out there, and they are not super over-priced. Also ,they are super repairable. Had some really bad experiences with other brands which were, more expensive for a more biassed sound, had 'black gunk' over the PCBs as some kind of anti-repair mechanism. (overheats the boards too! ew!) and other crappy issues.
Cool to hear there's such a story behind the quality. Makes sense!
> The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Also, the program being memory-safe doesn't mean it's bug-free, other bugs not related to memory safety exist (like path traversals are due to improper sanitation or checking of the input).
still doesnt have anything to do with the webservers that used openSSL. If ferror was sanely coded and super secure but used openssl (or another vulnerable library for similar purposes --- does ferron roll its own crypto??) then it would be similarly impacted. it's memory safety features not useful since its using FFI to go into openssl.
not sure if there is already a true rust TLS implementation - that might be useful for such a case but would also make the point a moot-point since its just evading the risk by not using it, not by solving the issue of memory issues being present in third-party libraries.
i wonder if these kind of rulings have actual effect or if its more just some hot air about it and NSO will keep to do what they do. i mean,they aren;t US based and if they do these kinds of activities i'd assume they understand its not legal, and thus wont care if its formally claimed to be illegal.
It depends. If they simply ignore the ruling, my guess is that whatever trade agreements are in place have a mechanism for escalating such violations so that an Israeli court can enforce the order. I also take for granted that it depends a lot on the political climate and the strategic value for the governments of Israel and the US...
it would be handy to pick atleast a type of role you want to focus on, at first, this might not need to be where you want to end up eventually (can learn from the road).
also for people who might want to recommend jobs it could help to give a lower limit for compensation. what do you need atleast. and work hours.
i think coming from teaching there's a lot of work in research that might be an easy match up but that might not be the type of role you want.
for programming there are also different kinds of programming roles. automations, applications, mobile, desktop/server, embedded etc.
what makes you tick when you think of work or what keeps happy when ur doing it, regarding what you think you wanna do?
Yeah that's a solid point you've broken it down well. I think it just seems overwhelming on where to even start with those different roles. Suppose research is my best friend and should see what I should be focusing on first.
I'm definitely one that enjoys the creative/technical mix of coding and design. I assume that I should be learning new tools too as in 5 years, a lot can change in the programming world.
I know I'll have to enter at entry/junior level too which is fine as long as there was growth potential.
I've thought about the research side of things but definitely want to be more hands on.
this might have some limited uses, but you'd need to know how it was optimised, and also perhaps build the build engine for the same target and then decompile it to see what it looks like after that kind of treatment.?
perhaps with a bit of luck you'd get some useful markers / functions mapped tho, its not unheard of.
problem in my mind (didnt test it ofc) would be that the decompiled version is decompiled from a different ISA that build usually compiles to, so the decompiled version in my mind would look totally different. (you dont have the ported sources i suppose, only the originals).
better add IR too, and all the optimized variants of the ASM for the specified code etc. - its not as straightforward, but that depends also on platform. CISC is generally more wacky than RISC i suppose.
also, a lot of things in stuff like ROMs is about I/O to component in the devices, so you can disassemble and decompile all you want but without the right specifications and context you cannot say what the code does.
so it will also need all specifications of the hardware platform you are running the code on, as well as in this case perhaps even hardware in the catridge etc. (heard those also sometimes have their own chips etc...).
i'd say for 'regular application code' that runs within an OS it might be easier, but still you need to provide a lot of context from the actual execution environment to reason properly what the code actually does? (what does INT 80 run and possibly return anyway, that code is outside of your target binary)
Love the article thanks. to me it reads really reasonably. i work in a verbose language (C) and there its too easy to try and optimise things away to 'save typing' to a point it becomes actually more of a burden than an optimization.
Some good advices in here on what balance to strike with some clear examples. Always a good reminder :). thanks for the writeup!
If you're planning to do that. Set aside a lot of time.....
reply