"Act of God" is a legal term of art. You should be blaming lawyers and governments.

Bambu Studio (from which Orca Slicer is forked, and which is itself forked from PrusaSlicer, which is forked from Slic3r) itself is likely in violation of the AGPL due to not releasing the source code for the "BambuStudio Network Plugin" that is used for communicating with their printers, which is a "plugin" purely in an attempt to avoid the AGPL, but may not actually qualify for such an exclusion due to its nature (as a required component to use the software for its intended purpose) and how its loaded (DLL files that are loaded into the program's memory space just like the rest of the program's code, which also lives in DLLs)

I don't need 1000 miles. 600 (unencumbered) is definitely sufficient, and 500 might be okay. The thing is that I'll lose half to 2/3 of that range when towing my camp trailer, and that's not even considering that I'm typically towing it up into the mountains, gaining ~5000 vertical feet. I also need minimum 12k pounds of towing capacity and I'd like a little headroom, so call it 16k, and the bed payload has to be able to take at least 2000 pounds, because that's how much the trailer puts on the fifth-wheel hitch.

I'm anxiously awaiting an EV pickup that can do this. I'd love to have essentially unllimited electricity to buffer cloudy days (I have 1 kW of solar panels on the trailer and on sunny days they generate way more than enough, but consecutive cloudy days can leave be difficult).

3/4 ton and 1-ton gas and diesel pickups typically have oversized fuel tanks that provide about 600 miles of range, because that's what you actually need when you start hauling or towing significant loads. I don't think an EV pickup needs to have more range, but it needs to be comparable, and to be able to tow and haul comparable loads.

I'm not anti-EV by any means. I bought my first EV in 2011, and have had electric cars ever since. Trucks are a different sort of problem, though.

That's getting there, though I'd like to see some driving tests with a good-sized fifth wheel at highway speeds. The towing capacity is probably okay, though it provides very little headroom for when I'm towing both my camp trailer (~8k) and my boat (~3.5k), which I actually do several times each summer. But I think the payload capacity is too small to tow the trailer, which puts about 2000 points on the truck.

They actually said other tools are regularly used and have been known to find hundreds of issues. So, no, their awesome code is not the reason. Mythos just sucks at finding vulnerabilities.

Or maybe Mythos works and eliminated the the vulnerabilities that aren't. Just because a tool reports 100 errors and another tool reports 5 doesn't mean the latter tool sucks. It could be the latter tool filtered out the pointless issues and returned just the ones that were interesting.

Even cURL had the problem where they kept getting the same hundreds of AI slop bugs over and over again. I'm sure if they got 5 that could be followed up with it would help.

If I had known it wasn't checked, I absolutely would have lied.

Yes, it's something of a really bad secret in Canada. In the US, they did check - usually just making sure you used a .edu address and sending them a copy of your student ID.

In Canada, they couldn't do any of that (privacy laws prevent the school from disclosing your student status, and there's no .edu in Canada, so many schools just use a regular .ca ccTLD or a regular TLD).

So you literally can lie - I've done it a few times after I graduated to get cheaper Apple products - they "asked" your school and student ID number, but you could enter in anything as it wasn't checked (like I said, they couldn't verify).

Oh well, it was fun while it lasted.

I like their products. I just want printing without fuss and without having to learn every detail about leveling, etc. Their product works for me and I do not care about its openness, it is about as important for what I need it as my headphones being open sourced (not at all). So this product is for my use case, not for people who want to control every aspect of their printer and every software feature.

IF they decide to make it prohibitively expensive to operate their hardware, then I will go back to a less capable hardware kit.

The openness isn't the thing, though it's important. The thing is you're reliant on Bambu Labs to keep your printer working. They could easily decide tomorrow that their cloud slicer will no longer support your printer. And now you're left with a worthless hunk of junk - the software still works, but the cloud software stops supporting your hardware.

Or perhaps your internet goes out - and now you can't print. Again, you're dependent on cloud services.

The whole point was that it works locally without needing an internet connection which is how it did with OrcaSlicer-bambu.

Because right now your 3D printer is basically like all the other app-driven pieces of hardware out there you can get - vulnerable to the app breaking or the vendor no longer wanting to support your printer and wanting to encourage you to buy their newest latest and greatest generation of printers.

They could also close up shop tomorrow, and boom, all printers disabled. Go buy a new printer from someone else.

None of that has anything to do with open-source or freedom. That part comes later, where maybe the slicer can work in a different way to produce better prints, but you're stuck with their software that doesn't do that. Maybe they'll offer a subscription that lets you enable new functionality.

This is further proof that plants are sentient beings with feeling. You vegetarians ought to be ashamed of yourselves!

Time to start eating trees. Most of a tree is dead - it's just the stuff under the bark and the leaves that are still actually living. The rest of the tree is dead cells.

Agreed. My sedan has been electric for nearly a decade now, but I'm still driving a diesel pickup (1-ton, though a 3/4 ton would be sufficient) because EV pickup range is inadequate -- and I think it may be inadequate for a while. I need 250 miles of range when towing a trailer, which means I need ~500 -- maybe 600 -- miles of range without.

I'm not generally a fan of hybrids, but I think plug-in hybrids with large-ish batteries may be the sweet spot for a while with pickups. The Dodge Ramcharger is looking really good to me, though I'd like to see them make a 2500.

The developer of a fork of Orca Slicer that is designed to communicate directly with Bambu Labs printers is shutting down his fork. Orca Slicer, which supports many printers, is not shutting down.

Insider information or insider power. Both work just as well.

Insider information is when you exploit information that isn't public. Insider power is when you influence the outcome to your favor.

Many early sports bets used insider power - the player would get a cut of the profits if they tilted the game like faking an injury.

Anyways, news like this is good. If people know these markets are rigged against them, they'd likely avoid using these platforms. It's why regulations exist - the SEC doesn't go after insider trading because it wants a fair market, it does it because a fair market means more people will participate.

It is effective at reducing staff cheaply, but it has a huge downside, shared with most attrition-based schemes for reducing payroll: The best employees are also the ones who find it the easiest to leave. The worst employees are also the ones who will grit their teeth and hold on to the bitter end.

It's harder and more costly (in the short term) to do targeted layoffs which allows the company to target low-performers, or those who are low performers relative to their cost. It's the better choice, though.

Lots of the top performers will.

Kerberos implementations often used MD5 in the early days. It was only earlier this year that Microsoft deprecated using MD5 for password hash storage for various parts of Active Directory because a lot of legacy equipment still used the old protocol.

It's not an easy transition since legacy equipment might only implement MD5, and updating passwords from MD5 requires the user to change their password

The problem is, the tariffs weren't always paid by consumers.

About 50% of the tariffs collected were absorbed by suppliers cutting their prices - are you saying those suppliers should be repaid? Or that they should jack up the prices they now charge customers to make up for the losses they incurred?

About 25% were absorbed by the business themselves - they were not passed on.

The remaining 25% were passed on.

Now, it's likely easy if it was a product manufactured in China and sold as is, but if it's a more complex supply chain - say, raw steel from Canada, imported into the US (tariffs), then made into products down the line it gets more complex - the importer paid tariffs, then they need to rebate people down the line and by the time it gets to you, who knows how the price was affected - someone might have absorbed the price increase, someone else jacked it up because "tariffs" to make more profit, etc.

Now take it as a car part - raw steel from Canada, cast in Canada, machined into parts in the US, assembled into an engine in Canada, and put into a vehicle made in the US. It crosses the border multiple times, incurred tariffs and reciprocal tariffs And now things are twisted so tightly a forensic accountant will take years to untangle the effect.

In the end, just like the whole trade disruption, it's a huge mess. Lots of price jumps were due to people simply blaming tariffs as an excuse to raise prices rather than tariffs themselves. Others choose to absorb the increased cost at lowered margins.

Jeff Bezos wanted to show how much tariffs would add to the price. We thought he chickened out due to Trump - but maybe it was also because refunds are going to be much more opaque - if people knew they spent $100 on tariffs in total, that becomes a paper trail where they would want that $100 back.

Using a proper password hashing algorithm mostly addresses this concern... and standard cryptographic hashes like MD-5, SHA-1, SHA-256, etc. are not appropriate. They're designed to be as time and space-efficient as possible while still achieving their security goals. Password hashing functions (more precisely, password-based key derivation functions) are designed specifically to be time and space-hungry, efficient enough that you can execute them in half-second or so for user authentication, but slow enough that brute forcing even moderately-good passwords is intractible.

The best widely-available algorithm is Argon2id. The modern algorithms don't focus so much on requiring lots of CPU cycles because GPUs. Instead, they focus on requiring significant amounts of RAM, in ways that provably cannot be reduced. The most-recommended Argon2id configuration requires 2GB RAM. This makes it feasible for most servers to handle fairly easily, as long as they don't have to verify too many passwords in parallel, but it means that GPUs don't help the attacker, and it's also slow enough that while you can get some traction by using a large botnet, it's really not very much. If a PC requires 500ms per attempt, and you have a million-machine botnet, you can still only try 2M passwords per second. If user passwords have, say, 30 bits of entropy, your massive botnet can find one every five minutes on average. If they have 40 bits, your botnet can find a password every ~3 days, on average. That's not nothing, but if you have control of a million machines, you can definitely find better uses for them.

Of course, even better is to use passkeys or similar, but as a practical matter you probably have to have a password to fall back on.