Hacker Newsnew | past | comments | ask | show | jobs | submit | shakna's commentslogin

The LGPL has:

> This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below.

Which points you over to this in GPL, Sections 7, Additional Terms:

> Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:

> ...

> f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.

This is a condition being imposed by a new law (if/when it passes). Its an attempt at indemnification that is compatible with the law. It seems to pass the reasonableness check.


What do the three points of the navy trident represent?

Pretty sure Enhanced Mode, that only came later in Windows 3.11 for Workgroup, is the one that supported the flat addressing mode.

Enhanced mode was already in 3.0 (and I think allowed for flat addressing)

However, Win32s was introduced in 3.11 which a subset of the Windows 32-bit API from NT.

3.11 also introduced 32-bit disk access and 32-bit drivers.

Microsoft did 32-bit in steps -- it was confusing already back then.


I remember I started my internship in June 1995. We were doing stuff with this brand new thing called the World Wide Web.

They gave us a win3.1 computer and Spyglass Mosaic which required the Win32s susbsystem.

http://www.win3x.org/win3board/viewtopic.php?t=4971&view=min

The full time guys all had a Sun on their desk next to their PC. We also had to run an IBM 3270 terminal emulator and X server to connect to the Suns. It was all so unstable. I rememember a bunch of "Win32s error" popups.

The other intern and I found a room full of decommissioned 486 machines, installed Linux and didn't tell anyone for a month. Everything worked great and then we started an assembly line of installing Linux on those old machines for all the older coworkers to take home.


> 3.11 also introduced 32-bit disk access and 32-bit drivers.

IIRC a lot of it wasn't turned on by default due to hardware/driver compatability concerns, and there were articles all over the place about how to turn it on for extra performance. Essentially they used optimising tech-heads the world over as a giant beta-test group for parts of Win95's IO subsystem.


yep that's my recollection too

Probably worth remembering that ELIZA passed Turing tests, and was the definition of shallow prediction.

ELIZA absolutely did not ever pass anything resembling a real Turing test. A real Turing test is adversarial, the interrogator knows the testees are trying to fool him.

Landauer and Bellman, absolutely put ELIZA to an adversarial Turing test, and called it such, in 1999. [0]

But... Over in 2025, ELIZA was once again, put to the Turing test in adversarial conditions. [1] And still had people think it was a real person, over 27% of the time. Over a quarter of the testees, thought the thing was a human.

The "ELIZA Effect" wasn't coined because everyone understands that an AI isn't conscious.

[0] https://books.google.com.au/books?id=jTgMIhy6YZMC&pg=PA174

[1] https://arxiv.org/html/2503.23674v1


Unfortunately I'm not sure the Turing test posited a minimal level of intelligence for the human testers. As we have found with LLMs, humans are rather easy to fool.

Thats not the case here.

Web browsers warn you about opening arbitrary protocols. And you have to select the program that will open it.

This Notepad vuln, allows you to click things like ssh://x....


> This Notepad vuln, allows you to click things like ssh://x....

Which just opens up SSH connecting to a server. Is that really RCE?

It'll also only work with URI schemes that are registered on your system. It's not running arbitrary commands - software you install on your PC registers URI schemes and sets what command it should run when opened. It's then up to that software to parse the URI and handle it properly. If it doesn't then the RCE belongs to them because they registered the URI scheme and failed to handle it securely. Having an allowlist of URI schemes in Notepad isn't going to fix it.


It doesn't only work with protocols registered by "your system" - Notepad doesn't register protocols. And Notepad is the user agent, here.

It works with your _locally_ registered protocols, not just the _remote_ protocols.

Which is why it works with JScript. And Powershell. And Visual Basic.

This is a bug that replicates why IE 4 was called insecure. Its not something that should ever surface again, today.

It is... The exact example of what an RCE is. _Local_ code executed by a _remote_ command.


As far as I can tell there is no URI scheme registered on Windows for JScript, PowerShell, or VBScript. They have file associations but those are not URI schemes.

Holy requests, batman.

... Why so many requests for a static asset?


Because it's yet another slopware of course

Please don't. The project is around since at least 2022.

Because what people want is not an opt-out, like Mozilla have given, but an opt-in.

This is the grudging half-measure.

Many would have preferred the updates to come with a form asking for on or off. It didn't, so they complained, and this was the answer.


Frankly I don't really even want an opt-in. If Mozilla wants to go build an AI browser, they can do that, but it should be a separate project; don't transition Firefox into being an AI browser. I don't want to use an "AI browser with AI features disabled", whether through an opt-in option or an opt-out option.

> The issue is other sites really want to know if it's a link to the same resource or a different resource.

Thats what the canonical link is for, isn't it? [0]

RFC 6596 introduced it in 2012. Other websites, like search engines or social media, have been using it for a while.

[0] https://developers.google.com/search/docs/crawling-indexing/...


Yes, and? That’s a boil the ocean solution. Every app and site needs to look up urls and update where as they didn’t before.

Most apps and sites will have a thumbnail for the site. So they're already loading the page.

Other sites grab contact information or verification headers. So they also load the page.

Seems like the only people who wouldn't want to load at all, would be those places where deduplication doesn't matter in the first place.


From the file headers:

SPDX-License-Identifier: ISC

Copyright (c) 2010-2022 Broadcom Corporation

Copyright (c) brcmfmac-freebsd contributors

Based on the Linux brcmfmac driver.

I'm going to ahead and say there are copyright law nightmares, right here.


That headers looks pretty reasonable to me. I don't see anything misleading or ambiguous about it. Whenever I am heavily modifying some licensed code, I always make sure to include a similar header.

    > I'm going to ahead and say there are copyright law nightmares, right here.
I am confused. My first thought was maybe the original Linux driver was GPL'd, but it is not. It is ISC'd. Look here: https://github.com/torvalds/linux/blob/master/drivers/net/wi...

    // SPDX-License-Identifier: ISC
    /*
     * Copyright (c) 2010 Broadcom Corporation
     */

It adds a contributor.

To add a contributor, you need "significant" _human_ input. The output of models has so far not been deemed copyrightable.

As it acknowledges the original source, it needs to show the human effort that allows it to be bound to the new contributors.


Eh. Copyright only matters if it goes to court. And you only go to court over copyright if somebody is getting sued. That only happens when a plaintiff has standing, they can show damages and the person they want to sue has enough money to make it worth their while. (And if they'll make more money than it costs them in lawyers and negative PR. Suing users and developers for interacting with the product you sold them is generally considered a bad look.)

Anyway, nobody is going to sue you because you added your name (or "project contributors") to an ISC licensed source file in your own repository. Nobody cares. And there's no damages anyway.

Especially when the line added is:

> Copyright (c) brcmfmac-freebsd contributors

If you're right, that's an empty category. Thus the inclusion has no effect.


Modern paganism went through a revival during the early 2000s. Are you sure you're not just seeing someone's religion?

And its not the first time, either. There's been several revivals of the beliefs and culture over the years - for example, we didn't even have the word 'viking' in English until the 18th Century.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: