@jaseg@chaos.social
@jaseg@chaos.social avatar

jaseg

@jaseg@chaos.social

I am doing #electronics, #embedded programming, #python scripting, hardware security and recently some sewing. Pronouns: er/they

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jacqueline, to random
@jacqueline@chaos.social avatar

pray for me, for i am finally converting my soldering setup to lead-free (i know i know im so late)

jaseg,
@jaseg@chaos.social avatar

@BrokenFlows I switched a while ago, and I found it's mostly down to quality tools and material. With a quality temperature-adjustable iron, a spool of nice SAC305 solder and a syringe of that chipquik flux everyone uses it just works without a fuss. If it ever doesn't work, more flux usually fixes this.

vmaurin, to python
@vmaurin@fosstodon.org avatar

Apparently, in python web ecosystem, /foo/bar and /foo%2Fbar are interpreted the same (but not /foo?bar and /foo%3Fbar at least) 🤦

jaseg,
@jaseg@chaos.social avatar

@vmaurin I can understand why, but it's not intuitive for sure.

filippo, to random
@filippo@abyssdomain.expert avatar

I'm watching some folks reverse engineer the xz backdoor, sharing some preliminary analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

More details in this thread: https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b

jaseg,
@jaseg@chaos.social avatar

@Npars01 please, no whining in peoples' mentions

julf, to random

Another worrying example of how modern software includes way too much crap dependencies (often just to support irrelevant extra features).

In Linux, it is often systemd that is is the culprit.

"Openssh does not directly use xz-utils/liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend o xz-utils/liblzma"

https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

jaseg,
@jaseg@chaos.social avatar

@julf In this case, debian linked against a systemd library for a notification feature. That particular feature did not require xz at all, but it's part of a larger shared library that links to xz for other stuff. You could try to split up that shared library into three dozen smaller libraries, one per feature, but that would just be annoying for both developers and users.

jaseg,
@jaseg@chaos.social avatar

@julf On top of that, a network utility depending on a compression library is a very common thing. No matter where we draw the line around the core software we need to trust, it would be impossible to exclude libraries like xz from it.

RichardShaw, to random
@RichardShaw@mastodon.scot avatar

As a reviewer for an academic journal, what's the best thing to do when you see that the editor is telling the author to cite more papers from his journal ?

This is a well established practice questionable practice known as coercive citation.

https://en.wikipedia.org/wiki/Coercive_citation

jaseg,
@jaseg@chaos.social avatar

@RichardShaw Given that this is clear-cut academic misconduct, the best for science would be to put pressure on the editor to back off, and if they don't, first escalate to the other editors, and if that doesn't work to call out the journal and resign as a reviewer. However, this might not be the best for your career and depending on the field I'd expect retaliation from both the editor and from other colleagues who don't like people disagreeing with the status quo.

malteengeler, to random
@malteengeler@legal.social avatar

First Bavaria, now Hesse. Two German federal states have issued orders to all their public authorities (and the people working there) to not use gender inclusive language. Both are governed by conservative-lead coalitions.

Public servants who do not adapt their language would be able to challenge the disciplinary consequences they face in court. I hope this happens.

jaseg,
@jaseg@chaos.social avatar

@malteengeler It seems they explicitly banned the variants that include non-alphabetic characters. I suppose instead of "Student*innen" that "Studentinnen und Studenten, außer Boris Rhein (CDU)" will be fine then. If he and his party are so concerned with messing with other people's language expression, let's properly honour them at least.

nin, to random German
@nin@chaos.social avatar

Zu (sehr) alten DIN VDE Normen belesen.
Falsch abgebogen und in (älteren) Elektr(on)ikerforen gelandet.
Festgestellt, dass man die 'Forenkultur'™️ überhaupt nicht vermisst und konsequenterweise beschlossen, bei Fachliteratur zu bleiben.
(Du meine Güte. "Erwachsene Leute".)

jaseg,
@jaseg@chaos.social avatar

@nin Gerade dieses eine größere deutschsprachige Forum ist finde ich ein Paradebeispel für den kompletten Zerfall jedes Anscheins von Zivilisation, der in der Diskurskultur von schlecht moderierten Onlinecommunities oft auftritt.

jwz, to random
@jwz@mastodon.social avatar

Global Warming Is Slowing the Earth's Rotation.

Negative leap second approaching; appalling shitshow to result.

"This is another one of those 'this has never happened before' things that we're seeing from global warming: the idea that this effect is...
https://jwz.org/b/ykOa

jaseg,
@jaseg@chaos.social avatar

@jwz According to a summary of the article that I read somewhere else, global warming is not the cause of the negative leap second though, rather it slows down the need for one by a few years.

ZenobiaVayne, to random
@ZenobiaVayne@wandering.shop avatar

My EMR won’t print prescriptions. First I need to print to PDF then print it. Then I need to make sure every clinic day that I’ve deleted the mountain of prescriptions that litter my PC desktop. Don’t you think a piece of expensive subscription medical software should just FUCKING PRINT PRESCRIPTIONS?

This EMR is somehow still more functional than the last one I used

jaseg,
@jaseg@chaos.social avatar

@ZenobiaVayne over here in DE, they have these government certified really expensive chip card readers for their insurance cards. Everyone uses the same model because there's no competition, and that model has the amazing flaw that it is highly sensitive to electrostatic charge. They don't work like half the time and every doctor's office reception desk has a different ritual of rubbing the card against various surfaces to get rid of that charge.

jaseg,
@jaseg@chaos.social avatar

@ZenobiaVayne I feel like something about healthcare IT stuff just attracts all the bad tech that the rest of industry didn't want or something.

DanielMenjivar, to FiberArts
@DanielMenjivar@mastodon.social avatar

Really glad I got this 700-colour Gütermann chart several years ago (now discontinued); it’s made matching thread colours something I can do from home, which is especially helpful on days like today when I can’t go out. Plus, 700 colours is a lot!

Unfortunately Maxi-Lock doesn’t sell a chart like this for their serger thread, they just want to you to buy a pack of all 76 colours. @sewing

jaseg,
@jaseg@chaos.social avatar

@DanielMenjivar I got a chart like that for like 10€ from Amann. Super handy for a beginner like me because with it I can buy the exact thread I need in the quantity I need.

lethalbit, to random
@lethalbit@chaos.social avatar

I have still yet to find a good document management system that fits my needs and it's annoying. bleh.

jaseg,
@jaseg@chaos.social avatar

@lethalbit With all the recent advances in AI, extracting flowed text, graphics and tables from random datasheet PDFs is still an effectively unsolved problem. I looked into this last year and did a small survey of both free and commercial solutions, and even the best commercial solutions weren't remotely reliable.

chipperdoodles, to random
@chipperdoodles@chaos.social avatar

toying around with the idea of moving the controller for the keyboard to it's own stamp-ish style module. This is because it would be really awkward to produce full size keyboard on my hotplate with these SMD components.

jaseg,
@jaseg@chaos.social avatar

@chipperdoodles same here. I have a pile of unsoldered PCBs even when those designs occassionally make it into a PCB order 😅

jaseg,
@jaseg@chaos.social avatar

@chipperdoodles I love the funky traces and the cute birb. That LGA SoM looks like it's going to be really annoying to solder though. Are you sure you want pads underneath the PCB?! 😱

jaseg,
@jaseg@chaos.social avatar

@chipperdoodles Oh lol, I just realized when you wrote stamp you meant the whole board, I didn't initially notice that that had castellated edges. So you have a SoM on a SoM (SoMoM?) 🤣

jaseg,
@jaseg@chaos.social avatar

@chipperdoodles tbh, I suspect a hot plate from underneath your breakout board should do the trick?

arturo182, to random
@arturo182@mastodon.social avatar

I live in the contstant anxiety of someone making the same project as me before my lazy ass finishes it 😬

jaseg,
@jaseg@chaos.social avatar

@arturo182 I know that anxiety. I always tell myself that it's okay to do something that has been done before, just for myself, because I like doing it. It's hard to internalize that though.

scottmiller42, to python
@scottmiller42@mstdn.social avatar

Python Question: Is there an efficient way to see if every element in an iterable is equal to a user-specified value?

The best idea I've seen so far is to use a list comprehension to check for equality, and then use the all function, like this:
MyList = [1,1,1,1,1,1,1]
all((x==1 for x in MyList))

That's readable and probably not bad performance. Is there something better?

jaseg,
@jaseg@chaos.social avatar

@scottmiller42 You could do set(mylist) == {1}, but I suspect the all(...) variant will be faster than anything that doesn't use numpy/numba/etc.

hailey, to random
@hailey@hails.org avatar

another good reason to ditch spotify

jaseg,
@jaseg@chaos.social avatar

@hailey I finally switched to deezer last month. I'm holding my breath that their app team does a better job than spotify's. So far, it's looking promising.

18+ whitequark, (edited ) to random
@whitequark@mastodon.social avatar

(picture by @nanographs)

jaseg,
@jaseg@chaos.social avatar

@whitequark I wonder what sound that made when it happened

jaseg, to Electronics
@jaseg@chaos.social avatar

ST's latest and greatest idea is to sell the same part in the same BGA package in two subtly different pinout variants. The two variants are only distinguished by the last letter of the part number, which is at the end of the flash size and temperature variant section that does not affect the pinout in any other part they make. The package letter of the part number is identical for both variants.

Link: https://www.st.com/en/microcontrollers-microprocessors/stm32h7r3l8.html

jaseg,
@jaseg@chaos.social avatar

@salkinium Heh, good to know. I should probably read through your paper and make sure these are all fixed in KiCad's libraries.

gsuberland, to random
@gsuberland@chaos.social avatar

hyyyype

jaseg,
@jaseg@chaos.social avatar

@whitequark out of curiosity, where did you end up finding LEDs that are that particular kind of pink? Did the manufacturer intentionally make them a different pink from the usual magenta one, or did they end up like this more or less by accident?

azonenberg, to random
@azonenberg@ioc.exchange avatar

Assembling the trigger crossbar board over lunch.

Not thrilled with the paste print quality, very inconsistent. the top left corner was way too thick as the board flexed during printing, the middle BGA skipped some pads, and the WLCSP in the bottom right was near perfect.

These big boards bend too much in my paste fixture, I need to find a way to prevent that before I do any more boards of this scale.

jaseg,
@jaseg@chaos.social avatar

@azonenberg Can we take a moment to appreciate how weird the trace layout on that chip is? That looks like it fell out of some optimizer for sure.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • khanakhh
  • magazineikmin
  • InstantRegret
  • ethstaker
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • osvaldo12
  • everett
  • ngwrru68w68
  • JUstTest
  • Durango
  • cubers
  • tester
  • GTA5RPClips
  • modclub
  • mdbf
  • cisconetworking
  • tacticalgear
  • Leos
  • normalnudes
  • anitta
  • provamag3
  • lostlight
  • All magazines
    •