Interesting that for a paper by Don Knuth himself the PDF was created with dvips (TeX Live) but then switched to Acrobat Distiller, resulting in a rather low resolution (at least on my screen).

From the document properties: > Creator: dvips(k) 2023.1 (TeX Live 2023) > PDF Producer: Acrobat Distiller 25.0 (Macintosh)

The issue is not of low resolution exactly, but font format.

Knuth uses bitmap fonts, rather than vector fonts like everyone else. This is because his entire motivation for creating TeX and METAFONT was to not be reliant on the font technology of others, but to have full control over every dot on the page. METAFONT generates raster (bitmap) fonts. The [.tex] --TeX--> [.dvi] --dvips--> [.ps] --Distiller--> [.pdf] pipeline uses these fonts on the page. They look bad on screen because they're not accompanied by hinting for screens' low resolution (this could in principle be fixed!), but if you print them on paper (at typical resolution like 300/600 dpi, or higher of typesetters) they'll look fine.

Everyone else uses TrueType/OpenType (or Type 3: in any case, vector) fonts that only describe the shape and leave the rasterization up to the renderer (but with hinting for low resolutions like screens), which looks better on screen (and perfectly fine on paper too, but technically one doesn't have control over all the details of rasterization).

The accompanying Claude skill is also worth reading: https://github.com/AdrianKrebs/ballmer-peak-skill/blob/maste...

Great post. Even if you don’t care for the 6$, avoiding to hog 64% of the CPU would be worth it.

Not that this isn’t bad, doesn’t this only apply when an update is available?

So you have to be on a shady hotspot, without VPN, AMD has recently published an update, and your update scheduler is timed to run.

That would be a little less than “immediately own anyone with ATI”.

You need only a device on network to spam DHCP messages with malware DNS. So you don't need "shady hotspot", only compromised device within network.

If somebody is MITMing a target person, they will respond positively to "update available?" calls from that person and then serve the tainted update. The article does not say what the frequency of auto update check is. Let's say one per day. If somebody is targeted it's one day away from RCE.

The update check is HTTPS, only the files themselves are HTTP.

TLS doesn’t mask the IP of the server. The updater probably isn’t using DNS over HTTPS. If I can determine that a user’s updater just hit the update check server, I can start impersonating the update server.

That takes it out of the one day away territory, but it does allow an attacker to only have a malicious HTTP capture up and detectable during the actual attack window.

Then, of course, if you’re also being their DNS server you can send them to the wrong update check server in the first place. I wonder if the updater validates the certificate.

I missed that, thanks!

Oh yeah fair point, the HTTPS-ness of the first step is a helpful backstop

There is a setting to control which app that key opens.

But you cannot change it to behave as a single key (i.e. Ctrl), only what the shortcut associated to it does (Shift+Win+F23 IIRC).

https://github.com/microsoft/PowerToys/issues/35808

Yes. As you say it maps to a key sequence, not a scancode. Additionally, it maps as a rapid key-down sequence followed immediately by key-up, so it cannot be remapped to a modifier key, such as right control (which it often takes over from on laptops).

There are ways, which involve using a software trap to capture it and then emit right control for a set period of time, but that's a workaround rather than a real fix.

https://github.com/m-bartlett/remap-copilot has a good writeup in the README

That is a hedge for people like us.

Power of the default says that button will needlessly over exploit a ton of users.

I am not sure if I count as a “passionate customer” or more a captive one, but I sure hope they fix it.

Recently, even cut and paste is no longer reliable.

- Sometimes cmd-c doesn’t do anything, only right-click works

- Pasting an image into PowerPoint requires an explicit paste as picture

- Pasting as picture in Outlook is only available after I default-paste the picture once

These and other things are very irritating because they disturb my flow and make me question my sanity (“did I not press cmd-c?”).

are you running windows on a mac?

Excellent! I tried to use Claude on the Ableton file format about a year ago and it left me quite frustrated -- but now I have a new reason to look at this again.

Generally, it would be nice of Ableton to release an official documentation of their API.

The trick would have been to ask Claude to write a program that can parse/serialize from/to Ableton's XML format in the way you need it to. It's just XML, but a ton of it: https://github.com/stevengt/ableton-xml-analysis/blob/dev/ed...

I've been vibe-coding a diff tool[1] for Ableton Live project files in my spare time, though the project is still far from complete. It's meant to generate human-readable, meaningful summary text that shows the differences between two versions of a project file (.als). With this diff tool, I can then use Git to properly version-control Ableton Live project files.

So far I've completed roughly 70% of the Ableton Live project-file XML parsing, though some parts like Session View and the Groove Pool are not finished yet.

As for using Claude or other agents to parse Ableton Live's XML, my original plan was to build an automated workflow with ableton-mcp: have Claude use ableton-mcp to make edits in a blank project (for example, add an EQ8 or modify some automation), save the project file, then have Claude compare the modified project file with the original blank project and write the corresponding parsing code. But ableton-mcp still lacks many features[2], and the XML schema of .als files is inconsistent, so I ended up doing most of the review and verification manually.

[1]: https://github.com/krfantasy/alsdiff [2]: https://github.com/ahujasid/ableton-mcp/pulls

Thankfully session view is for crazy people that can be ignored :)

> these appliances emitted a high number of UFPs. The worst offender was a pop-up toaster, which without any bread inside it, gave off around 1.73 trillion UFPs per minute.

If my math is correct, that toaster is shedding about 0.6 mm^3 per minute of its heating coils.

Was that the trick? When copying the text, it is also >=, which is why an online search or AI tools probably give the wrong answer as the article asserts. If you correct the code then at least Claude gives the right answer.

The trick is that the = has CSS styling with "opacity: 0; font-size: 1px;".

In normal mode the question is different than in reader mode, or when copied.

Thus, if you get the wrong answer, you "cheated" (or used reader mode)

It draws the attention more to the non-smoking wearer rather than to the smoker. People may be puzzled about what the signal means.

I'd assume the light meant they were recording.