2025-08-15

36 篇热帖

1. Open hardware desktop 3D printing is dead? (www.josefprusa.com)

How Chinas strategic focus on 3D printing and patent incentives since 2020 created a "minefield".

2. Steve Wozniak: Life to me was never about accomplishment, but about happiness (yro.slashdot.org)

I gave all my Apple wealth away because wealth and power are not what I live for. I have a lot of fun and happiness. I funded a lot of important museums and arts groups in San Jose, the city of my birth, and they named a street after me for being good. I now speak publicly and have risen to the top....

3. Gemma 3 270M: Compact model for hyper-efficient AI (developers.googleblog.com)

Explore Gemma 3 270M, a compact, energy-efficient AI model for task-specific fine-tuning, offering strong instruction-following and production-ready quantization.

4. Streaming services are driving viewers back to piracy (www.theguardian.com)

As subscription costs rise and choice diminishes on legal sites, film and TV fans are turning to VPNs and illicit streamers, with Sweden – home of both Spotify and The Pirate Bay – leading the way

6. The beauty of a text only webpage (albanbrooke.com)

纯文本网页展现了一种简洁的美。它避开了常见的网络干扰,如GDPR cookie横幅、广告、邮件订阅弹窗和自动播放视频,提供了一个干净、可读、快速且简单的环境。

纯文本网页具有几个显著优势:

  • 可移植性:内容可以轻松复制粘贴到电子邮件、聊天机器人或社交平台,也可发送到Kindle、保存到阅读应用或打印成纸质文档。
  • 兼容性:因其仅为文本,在任何设备或平台上都能正常显示。
  • 加载速度:点击链接后加载极快,无需CDN或预加载技术。
  • 经济性:托管成本极低,甚至可能无需货币化,整个网站可运行在低成本硬件如树莓派上。
  • 专注阅读:允许读者自由调整阅读节奏,长时间阅读后也不会产生愧疚感。

作者对创作和发布纯文本网页的人表示感谢,认为尽管这种形式可能牺牲了一些用户参与度,但它为互联网贡献了一种简单、平静和快乐的体验。

7. A gigantic jet caught on camera: A spritacular moment for NASA astronaut (science.nasa.gov)

On July 3, 2025, NASA astronaut Nichole Ayers captured a rare gigantic jet from the ISS—lightning shooting from a storm top into the upper atmosphere.

8. I made a real-time C/C++/Rust build visualizer (danielchasehooper.com)

Sometimes software takes a long time to compile just due to how much code it has, like in the LLVM project. But often a build is slower than it could be for dumb, fixable reasons. I’ve had the suspicion that most builds are doing dumb stuff, but I had no way to see it. So I’ve been working on a cross-platform tool to help visualize builds, and you can try it!

9. "Privacy preserving age verification" is bullshit (pluralistic.net)

隐私保护年龄验证:技术不可行性分析

本文主要围绕“隐私保护年龄验证”方案的可行性展开批判性分析,指出该方案在技术和社会层面均存在根本性缺陷,本质上是政客要求技术人员去实现一个不可能的目标。

核心论点:技术上的不可能性

  • 政策背景:以英国《在线安全法案》为例,政客要求网站在提供可能被视为不适宜儿童的内容前,必须验证用户年龄。
  • 技术依赖:政客寄望于利用“零知识证明”等密码学技术(如Camenisch-Lysyanskaya协议)构建系统,使服务提供者能确认用户为成人,却无法得知其具体身份。
  • 权威反驳:隐私保护凭证方案的关键论文作者之一Steve Bellovin发表论文《Privacy-Preserving Age Verification—and Its Limitations》,明确指出该方案“行不通且不可能行通”。

方案不可行的关键障碍

Bellovin的分析揭示了实现所谓“隐私保护”年龄验证面临的多重不可逾越的障碍

  1. 初始身份验证难题

    • 用户需向单一身份提供者(IDP)证明身份以获得初始凭证,但这本身就构成巨大障碍。许多人(如贫困、年老、残疾、居住偏远者)难以获取有效的身份证明文件(如驾照)。
    • 若允许多种身份证明,则无法防止个人通过不同IDP或使用伪造文件获取多个凭证,从而规避年龄限制。
  2. 用户使用场景挑战

    • 家庭、图书馆、酒店等场所的共享电脑场景难以处理。解决方案是创建个人在线凭证存储,但这将导致成本高昂,并进一步将依赖公共电脑的贫困人群排除在外。
  3. 经济与可行性问题

    • 系统搭建与维护成本高昂。若由网站承担,会引发利益冲突(网站有动机降低成本从而削弱系统效果)。若由用户承担,则会阻碍低收入人群上网。
  4. 复杂的治理与监管困境

    • 双重独立结构要求:隐私保护要求身份提供者(IDP)与证书颁发机构(CA)必须是完全独立的实体。若两者由同一机构运行,隐私保障将立即消失。
    • IDP质量参差不齐:用户可能无意或被迫使用资质较差的IDP。一旦某个IDP被吊销资质,其用户将集体失去访问权限,并面临繁琐的重新认证过程。
    • 跨境管辖冲突:年龄验证法律具有域外效力,但不同国家对IDP的监管标准和数据披露要求可能截然不同,引发管辖权与隐私标准的冲突。
    • 监控风险:监管需要IDP和CA保留日志,这本身就损害了隐私保障。

更深层的风险与结论

  • “非人化”工具:基于受监管实体的CL协议方案,可被威权政府滥用,通过撤销主要凭证来彻底剥夺特定个体的网络身份与访问权限。
  • 总体评价:年龄验证方案不仅技术上不可行,更是一个糟糕的想法,将对个人隐私和开放网络造成不可估量的损害。
  • 对政策制定者的警示:政治家可以制定好的技术政策,但前提是认真对待独立专家的意见,而非被行业游说误导或陷入“再努力一点就能实现”的幻想中。渴望某项技术功能存在,并不等于该功能在技术上能够实现。
10. We rewrote the Ghostty GTK application (mitchellh.com)

Ghostty 是一个跨平台终端模拟器,在 Linux 和 BSD 上彻底重写了其 GTK 应用,全面拥抱了 GObject 类型系统,并使用 Valgrind 进行了严格验证,从而提升了功能丰富度、稳定性和可维护性。

1. 拥抱 GObject 类型系统

此前,Ghostty 的 GTK 应用刻意避免了 GObject 类型系统,这导致 Zig 管理的内存与 GTK 引用计数管理的内存生命周期难以同步,产生了一类反复出现的 bug:一方内存已释放而另一方未释放。避免使用 GObject 也阻碍了利用 GTK 的信号、属性、动作等原生功能。

重写后,应用全面集成了 GObject。例如,将 Zig 的 Config 结构包装进一个引用计数的 GhosttyConfig GObject。配置重载时,通过更新属性并利用 GObject 的属性变更通知系统,让配置更新自动、安全地传播至整个应用(甚至跨事件循环周期),旧配置在无引用时自动释放,概念上大大简化。此外,集成 GObject 后能够更方便地创建自定义 GTK 小部件,并采用了 Blueprint 等现代 UI 技术,从而更轻松地引入了如 GTK 标题栏标签页、响铃动画边框等新功能。

2. 使用 Valgrind 进行验证

项目从第一个 PR 到最后一个 PR,均使用 Valgrind 检查了所有变更,确保无内存泄漏、未定义内存访问等问题。尽管运行 Valgrind 检查 GTK 应用需要一份大型抑制文件(大部分来自 GTK 自身、第三方库及 GPU 驱动),但这帮助发现了诸多潜在缺陷。

关键发现:

  • Zig 代码表现优异:整个 Zig 代码库中仅发现一处内存泄漏一处未定义内存访问。泄漏发生在调用第三方 C API 时(Zig 无法检测)。考虑到 Zig 代码库规模大、复杂且使用了大量内存技巧,此结果令人惊喜,印证了 Zig 在调试和测试构建中提供的内存安全检查、调试分配器以及与 Valgrind 的集成是有效的。
  • 问题集中于 C API 边界:其他所有发现的问题(数十个)均源于 GObject 系统的复杂生命周期或 C API 边界。这表明,即使调用的库不是用 C 编写,当通过 C API 交互时,对象生命周期的语义理解和封装至关重要,且必须借助 Valgrind 等工具进行安全验证。

总结

此次重写是 Ghostty 项目第五次对图形界面部分进行大规模重构,团队从每次迭代中积累了宝贵经验。全面集成 GObject 和持续的 Valgrind 验证,解决了此前架构中的核心痛点,带来了更健壮、功能更丰富的 Linux/BSD 版本。重写后的 GTK 应用已成为默认开发版本,并将包含在即将到来的 1.2 版本中。

11. Fairness is what the powerful 'can get away with' study shows (phys.org)

The willingness of those in power to act fairly depends on how easily others can collectively push back against unfair treatment, psychologists have found.

12. Court records reveal Sig Sauer knew of pistol risks for years (smokinggun.org)

According to a court exhibit, Sig Sauer identified several deadly risks with its P320 pistols as early as 2017.

13. The electric fence stopped working years ago (soonly.com)

"Don't worry, he won't leave the porch. The electric fence hasn't worked in years, but he still won't go past it."

14. UK government states that 'safety' act is about influence over public discourse (bsky.app)

The U.K. Online Safety Act was (avowedly, as revealed in a recent High Court case) “not primarily aimed at protecting children” but at regulating “services that have a significant influence over public discourse.”

15. Blurry rendering of games on Mac (www.colincornaby.me)

ProblemSolutionAffected GamesWhat Apple could do Problem I’ve submitted the issue described in this post to Apple as FB13375033. This issue has been open since September of 2023. If you game …

17. I accidentally became PureGym’s unofficial Apple Wallet developer (drobinin.com)

How I reverse-engineered PureGym's API to build a working Apple Wallet pass with PassKit, Vapor, and mitmproxy - end-to-end iOS reverse engineering walkthrough.

18. Swiss vs. UK approach to major tranport projects (www.freewheeling.info)

HS2 has become a case study in how not to build infrastructure. But what if we’d taken a different path entirely? In this post, I imagine how the Swiss would have done it: starting with the timetable, not the project. It’s a counterfactual, but it’s not a fantasy.

20. Vaultwarden commit introduces SSO using OpenID Connect (github.com)

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs - SSO using OpenID Connect by Timshel · Pull Request #3899 · dani-garcia/vaultwarden

21. DINOv3 (github.com)

Reference PyTorch implementation and models for DINOv3 - facebookresearch/dinov3

23. I used to know how to write in Japanese (aethermug.com)

Somehow, though, I can still read it

24. Citybound: City building game, microscopic models to vividly simulate organism (aeplay.org)

A city building game that uses microscopic models to vividly simulate the organism of a city arising from the interactions of millions of individuals.

27. When the CIA got away with building a heart attack gun (wisewolfmedia.substack.com)

How 16 Senators Accidentally Saved Democracy (Then Watched It Die)

28. Is Germany on the brink of banning ad blockers? (blog.mozilla.org)

Across the internet, users rely on browsers and extensions to shape how they experience the web: to protect their privacy, improve accessibility, block harmful or intrusive content, and take control ...

30. The new science of “emergent misalignment” (www.quantamagazine.org)

The new science of “emergent misalignment” explores how PG-13 training data — insecure code, superstitious numbers or even extreme-sports advice — can open the door to AI’s dark side.

31. Time to End Roundtripping by Big Pharma (www.cfr.org)

U.S. pharma companies should pay rather more of their corporate income tax in the U.S.—and start producing more of their best drugs in the U.S. as well.

33. Bluesky: Updated Terms and Policies (bsky.social)

We’re updating the language in our terms and policies to better explain our approach and provide more detail.