The angular diameter of detailed seeing is very small - something like 1-2 degrees from what I was reading (matches my experience). That's the only area where you can reasonably read, the rest is only good for making out rough shape. So scanning it is.
>Aluminum itself may not be the best counterexample to gold as it was not discovered until the industrial revolution was well underway.
I think also the scarcity plays a factor, the estimates that I'm seeing after short search being that there's about 10,000x more processed aluminum in the world than gold.
This is because of what the comment you’re replying to was saying. Aluminum was a scarce resource prior to the electrolytic process being invented that made it “distillable from common rocks.”
The cap on the washington monument is aluminum, because at the time it was still a precious metal.
The guy who figured out how to electrolyze it out of ore went on to create the main company in the US that produced it, and chose to call it aluminum instead of aluminium, thus leading to the split in spelling. That story may be apocryphal though.
From what I recall of the video, two people independently worked out the chemistry for cheaper aluminum. (I believe the video also mentions the source of the aluminum/alumininium name difference.)
>This is because of what the comment you’re replying to was saying. Aluminum was a scarce resource prior to the electrolytic process being invented that made it “distillable from common rocks.”
Sure, but it also said "it could have gone the way of aluminum", which is mostly where my point rests: I don't really see how. The disparity of volume seems to explain it to me fully.
Right, but it was still there to extract. All it needed was electrochemistry.
Whereas with gold, it isn't there in the rocks - not in the same amounts. No future chemical wizardry is going to make it extractable, because it isn't there to extract.
To make gold more abundant is going to take transmutation, which is a much bigger ask.
Now, if you want to say that the ancients didn't know that aluminum was there and gold wasn't, and therefore lucked out by picking the one that wasn't there, I would agree with that.
The GGP said “10,000x more processed aluminum in the world than gold,” which the “processed” part, which is I think what GP was responding to: of course the scarcity of available gold relative to aluminum drives its value, but that relative scarcity only exists due to modern electrochemistry: previously, “processed” aluminum and gold were similarly scarce.
People talk about stuff like extracting gold from seawater, so it also isn’t a given that the scarcity difference will always remain what it is.
At which point it feels like some sort of high-level assembly-like language, which is simple enough to compile efficiently and stay crossplatform, with some primitives for calls, jumps, etc. could find a nice niche.
Maybe this already exists, even? A stripped down version of C? A more advanced LLVM IR? I feel like this is a problem that could use a resolution, just maybe not with enough of a scale for anyone to bother, vs. learning C, assembly of given architecture, or one of the new and fancy compiled languages.
There's Vale [0] as a structured high-level assembly language, but pretty far from usable right now. I do hope it matures. Basically: All non-control-flow instructions can be directly supported. Control flow is lofted to a higher level and implemented in C-style structured blocks and keywords, which map directly to a subset of the ISA that modifies the program counter. This separation means it's not a proper superset of traditional assembly languages -- you can't paste in arbitrary blocks of existing code -- but a lot of interesting things (for them, implementations of cryptographic primitives) are pretty trivial to port over. And in exchange, you get a well defined Hoare logic that can talk about total correctness, not just [1]'s partial correctness.
Good question! We don't have one as of today, just because we're iterating very quickly and a cloud version is the quickest way for us to keep things lean and up-to-date, but we're not far from having one.
Could you please send me an email at ash [at] superlog.sh? I'd love to hear more about your use case - we might have something for you very soon!
I think that's the case for all the "every <noun>". "Every human is a person", for example. This would make sense, to put it in programming terms - the verb applies to an element in an array of people, not the array itself (which would be plural): for every single human, that human is a person.
Thanks. It was not evident from the example whether root inside of the sandbox is necessary - I assumed creating arbitrary symlinks doesn't require any particular capabilities, and there's nothing special about the locations.
Though it's not clear to me now:
- why was this patched then?
- is the point about root that non-root wouldn't have access to passwd anyway?
But the issue of root and accessing outside of the sandbox is orthogonal, no? Even if you're logged in as XYZ, accessing XYZ's contents outside of the sandbox is still a breach and a problem. Or does this issue require actual root to manifest?
This path was special cased used to allow restricted applications to access time zone files, which are needed for time functions. Not any symlink will do, it has to be the specific one shown in the example exploit, or one of a small handful of others that were special cased for similar reasons. The place these symlinks live are owned by root. This is the same root user outside the sandbox as inside it.
So, yes, you need to have root on the box to set up this exploit.
I see, thank you for your time and patience spent to explain this. So there's no elevation, no general escape, and this got patched because it could possibly be used as a set-up-use-later backdoor style thing (such as dropping a setuid root binary somewhere in the OS). Yeah, not a thing I would use as an argument that it's a terribly insecure system.
Blender also had a comparatively large amount of money backing these changes, if I remember correctly, which I expect GIMP does not. I suppose a lesson in that area would be required first. However, the others like Krita might be better positioned for this.
That other demo didn't even have sound.
This is hell of a good work. A masterpiece to retire after. (or more realistically, chase it on other architectures)
reply