It's a cat and mouse game, it provides the desired level of security for people who use it. It isn't used to prevent people from finding vulnerabilities (not mostly at least). It's used to deter competition, prevent clones of the application,etc.. it's make-shift "DRM". There are ways to defeat even AI-assisted analysis running in a proper browser. But I think it's not a good idea to give anyone ideas on this subject. proper-DRM is hellish enough.
Was there ever an obfuscated JS code a human couldn't reverse given enough time? It's like most people's doors, it won't stop someone with a battering ram, but it will ideally slow them down enough for you to hide or get your guns. in this case, it won't even slow them down, until it does (hence: cat and mouse game).
>Was there ever an obfuscated JS code a human couldn't reverse given enough time?
I reverse malware for a living and no there wasn't. With some experience even the best obfuscation is actually pretty easy to defeat. But the goal of malware analysis is to extract some knowledge (what this code does, IPs, URLs, tokens). Getting a runnable, clean version would often be a long tedious work.
couldn't agree more, I do malware analysis too but like you said only as needed and to understand its capability (more Jscript than JS to be honest, except with the rare node malware). Obfuscation has always been a method of slowing down and discouraging analysis, not preventing it entirely. If it takes a week for a dedicated analyst to reverse it enough to clone the capability, and you do two week release sprints, that might be good enough.
Why do you think the number of people in Iran matters?
I think most of what you said is just speculation, not founded on reality. The only thing that would stop the US from invading Iran in under 3 months is political will.
Russia doesn't have the scale and power of the US airforce, or the ability to project that power using the US navy and all the bases in the middle-east. Any comparison with russia at all makes me question your entire analysis.
Iran is big and geographically challenging, Afghanistan is notorious in the same sense as well, even more so by their infamous defeat and expelling of Russia in the 80's. The US invaded afghanistan in a matter of 1-2 months and held on to the country for 20 years.
Establishing a FOB initially will be challenging but with Kuwait and KSA eagerly cooperating, it won't be a challenge.
Drones are effective when your enemy is nearby and you can project it against them. Iran can threaten just about any US interest in the region but not the US homeland itself. They can't attack Europe because that would risk drawing them into the conflict, so their only option is to attack existing enemies in the region and do their best to inflate the price of oil.
And therein is their strategy that might win the war, it isn't all the reasons you listed, but political will as a result of economic pressure. The US lost in Afghanistan, Vietnam, and even arguably in Iraq because of loss of political will to continue the conflict. But then again, the current administration will not be deterred by pesky things such as the will of the american people, they'll use it to declare emergencies and attempt to hold on to power instead. The only thing that can defeat the US right now is the republican party in the US willing to turn on their beloved dictator.
> Ukraine has people making them in basements. Presumably, so does Iran.
The US has bunker-busters.
Even though your analysis is full of many technical flaws the most critical flaw in my opinion is how you aren't considering aerial advantage for the US, but yet you seem to think drones are an advantage. Drones are only useful at attacking pre-determined regional targets to influence political will. For the US however, unlike Russia, the US doesn't have a decrepit airforce, and doesn't flinch at launching $70~M/launch tomahawks. The ukrainain army right now isn't withstanding a constant barrage of bomber jets dropping on them. Russia is several decades behind US equivalent fleets from what I understand.
The US military hasn't been sitting on their hands watching the Russia-Ukraine conflict either. They've been testing all kinds of anti-drone tech in the desert for a while now, but this is the real opportunity for them to battle-test different techniques. No one is sanctioning the US either (more like sanctioning itself), and there is no real or practical shortage of war-chest funds (unlike Russia), and having a big war every two decades means the US military-industrial complex far more capable to meet the supply-chain logistics demands.
The US military certainly is the biggest in the world, dwarfing all other countries' militaries combined. But the thing most people don't realize is that is not what makes it the most capable invading force in the world, it is the sheer efficiency of the logistical effectiveness unseen the history of war before, backed by the ability to fund years-long wars without so much as flinching on the domestic economy front.
I would argue that the if the political will existed, the US can invade the entire region, from the Mediterranean to the Himalayas in less time than how long Russia has been at war with Ukraine. Even if the US couldn't use the bases and airspace in Europe at all, the calculus remains the same.
> This worked a lot better when the trouble spots couldn't do much to them.
Huh? what do you mean? They're entirely designed to address hostilities, they're not designed establish access in a non-hostile littoral, this goes back to WW2 beachead establishments (like normandy). The carrier ships are never meant to be close to land to where they're a target, but the carrier group itself is entirely designed to establish a beachead and deploy an expeditionary force under hostile conditions. I admit, maybe my history recall is lacking, do you know of any post-WW2 conflicts where the US navy established a beach head as part of an invading force that didn't face both aerial and naval resistance? Iran and Afghanistan didn't require it, neither did Korea or Vietnam as far as I know.
The non-war obsessed normies are something to behold, that's for sure. Most probably the GP has never looked at the FPV videos coming out of Ukraine, or maybe he somehow thinks that US soldiers are Terminator-like machines who would have nothing to fear from aerial drones.
whooptie doo, you're special and those who disagree with you are normies. that doesn't make a good argument, neither does misrepresenting what I said. and all your speculation about me there is wrong (your argument shouldn't be about me but about the topic anyways?).
I'm sure US troops will be plenty terrified, and there will be lots of casualties, you just made that argument on my behalf so you could have something to win. The amount of fear or the level of sheer human carnage on either side does not affect the outcome. Like I said in my post, if these factors affect political will in the US, Iran will win, if not then US military will not take very long, despite the costs, to achieve victory. It will not be defeated on grounds of "drones", terrain, Iran being well prepared, or oil prices.
You have to be a normie to believe that a ground operation as currently envisaged by the US political leaders would be anything else but a suicide mission. This is not about “winning arguments on the internet” or some such, because in the end these arguments do not matter, it’s a basic matter of not sending men to die in a suicide mission.
Unless this being a suicide mission isn’t the stated goal of the current US political leaders, but that’s another discussion.
I never claimed that, I only made the argument that the terrain and population won't be the hard part. Iran is well prepared for this invasion, so it will be harder, but the US military is also the most well-practiced, well-armed, and well-funded military in history, so harder is kind of relative. I doubt it will take a year, and I don't think it will take a month, that's as accurate as I think my educated guess can be.
Israel's army is on par with US, if not better, regarding practice and armament.
Have a look at the kind of problems they have in South Lebanon. Against supposedly destroyed Hezbollah.
Now imagine the same, just on a much larger scale...
The new technology (drones) changes the game quite a bit.
> Iran can threaten just about any US interest in the region but not the US homeland itself.
Much thanks to the impenetrable Mexico border, through which no foul thing has ever slipped past... /s
Iran can very much sneak drones into the US and do an Operation Spiderweb-style attack. Won't happen next week, but Russia thought they were done in 3 weeks.
Are you claiming Iran has the logistics and capability to constantly deliver drone attacks against the US homeland persistently? Or were you thinking of more like a one time flurry of drones? I mean, even if Mexico joined the war and Iran managed to provide them with unlimited drones, what changes? US border cities will be affected and there will be civlian casualties. Do you know why Ukraine is avoiding attacking civilian targets when Russia is doing just that? Because that is the exact opposite of their objective!
Read what i said again, even with Russia, the one thing that can defeat them the most is loss of political will, just like with the US. If Iran attacks even one civilian US target, that's the ammunition Trump needs to keep fighting, and to get his war fund approved all he wants. Why would Iran want that? If you said Ramestien (within their reach), that would be more reasonable, but even then, that draws in NATO. Ukraine is attacking Russian soldiers and military targets by drones, Iran doesn't have much US military targets other than the ones that are specifically there to engage with it as part of the conflict. If a serious enough attack on US soil took place, that is the exact worst scenario where the circus in the whitehouse will be talking about nukes (and that's why I suppose the WHO is preparing for a nuclear disaster).
> Or were you thinking of more like a one time flurry of drones?
No continuously, but enough to do serious damage to important assets.
Not sure if they'd go for civilian assets, new leader is supposedly more extreme than the previous (funny how that's often the case), but so far their responses seems measured.
But if they could take out a bunch of B-52s and whatnot sitting parked in the open, like that drone scare last year...
If they did want to go after civilians, they could however easily do a 9/11 level of attack against airlines or similar targets that are not prepared.
This is, as you allude to, likely not a good move for Iran. However, Israel said they'd prefer a failed state over the current regime, and in that case I could see some fanatics thinking that's a play to make, not unlike 9/11. So if Israel continues without direct US support, and the regime falls...
Do you have any examples? Because from Amazon to Uber, they're not great from an end user perspective. It's not like people who like the website will stop using it because of chatgpt, this would be attracting people who complain about the website/app. People are always complaining about amazon for example, i don't like the experience but I haven't had all that much bad product experience from them, but people who keep saying they're getting bad products on Amazon can maybe use chatgpt, talk to it so it understands what they're looking for in natural language, in a way the search bar can't and keep their patronage.
I disagree, walmart's website isn't nice. a lot of commerce sites are cancer!
if i can just ask chatgpt or gemini to shop I'd love that.
Just navigating their sites for items is a pain, I can imagine an LLM being great at finding items, and facilitating the browsing experience. My only concern would be having to chat with it a lot, and any dark patterns coercing impulse purchases.
to buy a toilet paper, you have to click 2-3 buttons or type out toilet paper in a search bar and hit a button. and then you have to scroll around, hit more buttons, filter, sort, then click through to the product page, review details, add it to your cart, start the checkout and select a payment method, confirm the order, and purchase.
compared to prompts:
"Show me toilet paper that has good reviews for being soft and that doesn't clog"
"I'll buy the first option, just use the card I used last time for payment"
What saves time with an LLM is being able to communicate what you want in natural language. with the normal experience, you're pressing lots of buttons and other inputs to get some results so you figure it out yourself. You will get results, and you will pick what you think is the best option for you (but chances are it isn't, since the site didn't know exactly what you wanted).
we need some sort of a universal crowd-sourced site rating system. Things like user experience, scamminess, user-hostility, site ownership-affiliations,etc.. all opt-in by users of course, you setup the criteria that is important to you and the browser displays different ratings or blocks certain sites (like scammy/fraudulent ones) out right. The reputation providers would also be selectable like search engines. I'd imagine there would be crowdsourced lists of all sorts.
If you have older pepople struggling with cognition for example, this would be a good way to limit their exposure to scams.
But commercial sites like this could also be rated as a privacy risk for the intense ad capitalism, or a 'bloat' to tell users it will slow down their computer by visiting the site. You could set it up so that when certain categories and ratings are met, the browser warns you before you could navigate to it.
Another idea is to have this same system include alternative suggestions. For example, if a site has age verification, you would be able to setup your browser so that it warns you when you visit sites of that nature, listing alternatives recommended by the list maintainer, for whatever that site provides.
On Kagi you can increase/decrease a domain's ranking for your personal search results, and they make the aggregated stats public, showing for example Pinterest as the most blocked site, which matches part of what you're looking for: https://kagi.com/stats?stat=insights
I wonder if you could automate the rating. Suppose you had some sort of engine where people could search for things, and the pages that get more clicks would have a higher rank. Plus you could supplement that by tracing links, since better pages will probably link to each other. As long as you promise to do no evil, I bet this would be a pretty good system.
I suppose Google’s doing this and they’ve built it into Chrome which is what grandma is using anyway, but what I’ve seen change over the past 20 years is the way these losers automate the cycling of their domains which are now registered with companies who couldn’t care less about phishing.
Apparently nobody's even checking if anyone responds to reports anymore, which does mean you're right that for some golden spam domains where they’re typosquatting, getting the website on a block list would help. Then the losers probably wouldn't be able to use “bank-app[.]biz” for too long and would have to resort to uglyAlphabetSoupMess.tld (instantly refreshed as soon as it’s added to any blocklist; & GPT spam college is open to continue training more script kiddies)
I remember in the 2000's there was a site that did exactly this. I can't remember the name now though, maybe someone else will know what I'm talking about.
I must disagree but only a tiny bit. modern IDEs try to indent and attempt to add indentation as you code which can cause problems sometimes.
tabs vs spaces is very painful still when copying code that is in a different format. it's not just tabs and spaces, but the width of the tabs and the spaces. Even with VSCode extensions and sublime text extensions I've struggled a lot recently with this.
I commented on a sibling thread just now, but it is still very easy in python to mess up one level of indentation. When I caught bugs of that sort, it was introduced either when copy pasting, when trying to make a linter happy and doing cosmetic cleanup, or when moving code around levels of indentation, like introducing a try/except. I had one recently where if I recall correctly I moved a continue statement under or out of a try/except when messing around with the try/except logic. it was perfectly valid, and didn't stand out much visually, pydnatic and other checkers didn't catch it either. It could have happened with a '}' but it's easier to mess up a level of indentation than it is to put the '}' at the wrong level. a cosmetic fix results in a logic bug because of indentations in python. with curly's, a misplacement of that sort can't happen because of indentation or cosmetic/readability fixes.
what the curly approach asserts is a separation of readability and logic syntax.
The interpreter/compiler should understand your code first and foremost, indenting code should be done, and should be enforced, but automatically by the compiler/interpreter. Python could have used curly braces and semi-colons, and force-indented your code every time it ran it to make it more readable for humans.
we don't even use indents that way in natural language. We use things like bullet points, we need specific markers.
space is for spacing, tabs are for tabulation, they are not in any human language I know of used as terminators of statements. You know what is the equivalent of an indent or a semicolon in english? a period. <-
We have paragraph breaks just like this to delimit blocks of english statements.
A semi-colon is used to indicate part of a sentence is done, yet there is still related continuation of the statement that is yet to be finished. Periods are confusing because they're used in decimal points and other language syntax, so a semi-colon seems like a good fit.
If I had my pick, I would use a colon to indicate the end of a statement, and a double colon '::' to indicate the end of a block.
func main(): int i - 0: do: i=i+1: print(i): while(i<10):: ::
another downside of indentation is it's award to do one-liners with such languages, as with python.
There is a lot of subjectivity with syntax, but python code for example with indents is not easy for humans to read, or for syntax validators to validate. it is very easy for example to intend a statement inside a for loop or an if/else block in python (nor not-intend it), and when pasting around code you accidentally indent one level off without meaning to. if you know to look for it, you'll catch it, but it's very easy to miss, since the mis-indented statement is valid and sensible on its own, nothing will flag it as unusual.
In my opinion, while the spirit behind indentation is excellent, the right execution is in the style of 'go fmt' with Go, where indenting your code for you after it has been properly parsed by the compiler/interpreter is the norm.
I would even say the first thing a compiler as well as interpreter do should be to auto-indent, and line-wrap your code. that should be part of the language standard. If the compiler can't indent your code without messing up logic or without making it unreadable, then either your code or the language design has flaw.
with apples in that list for example, you used '2.1' to indicate a new item, the space is cosmetic, the functional indicator is '2.1'
This wouldn't look right:
Introduction
Fruit
Apples
Red apples
Green apples
I'm sure you can work it out, but it doesn't feel natural, or ideal. (i can't get hn to format it without making it all one line so i used double new line).
it would look better still with a dash or a bullet point for every sub-entry. We're not arguing that it is possible to do that, we're arguing what is ideal for readability.
In that list you can naturally guess what that ordering is, but if the items were not so interrelated it can be confusing. if the top level item is 'Ham' and the indented item under it is 'sandwich' are you wrapping the same phrase 'Ham Sandwich' , because indentation (even in python) is used when wrapping lines, or is sandwich under ham as one of the things done with ham. it is thus error-prone and more confusing, clear and specific punctuation alongside indentation makes it easier to read.
No one is saying that indentation can not be used to display lists/sublists, I'm saying that markers remove ambiguity even across movement of blocks of texts.
reply