The X32 module interface is actually fairly simple: it's more or less just four 8-channel I2S TDM streams going in either direction. Easy peasy to interface with, nothing as complicated as AES50 involved.
AES50 itself is actually a standard; you can buy a copy of it for $50. It's basically just "Ethernet with fixed addresses and a custom frame format across two of the wire pairs, a super fast (64x the sample rate, with a -12.5% followed by a +12.5% duty cycle pulse every 2048 samples) clock signal across the other two". I've been meaning to whip up some boards that speak AES50 one of these days, just for fun.
A router would be totally possible, with of course the caveat that AES50 itself is point-to-point so you'd need some sort of out-of-band mechanism to tell the router where to send all the incoming audio streams it's receiving.
There's 2 cases being discussed. A UUIDv7 is a bad secret, but it's fine for many other ids. If I can guess your user id, it shouldn't really matter because your business logic should prevent me from doing anything with that information. If I can guess your password reset token it's a different story because I don't need anything else beyond that token to do damage.
But the random part of a UUIDv7 is 74 bits... larger than a 64-bit integer of random values. Larger than many systems use in total when generating random keys for such things. Likely a larger number of values than the total number of comments here on HN over a couple decades. It's emphatically NOT guessable.
Sure, someone will depend on it, we all ignored "private" vs "public" at least once. Okay to do and okay to be mad when your thing breaks because you decided to depend on it? Nope.
That's a good initial step. But once it got put on a zillion computers, there should have been additional mitigation steps.
In an ideal situation, they would have noticed the widespread use of this private function a long time ago, put a note on the bug report that it works around, and after they fixed the bug they would have reached out to electron to have them remove that access.
If you owe the bank $100 and don't pay, that's your problem: you'll get in trouble for it, and the bank isn't going to be unduly harmed.
If you owe the bank $100 million and don't pay, that's the bank's problem: the loss of that $100 million is going to hit the bank hard, whether or not they're the ones who are in the right and regardless of how much trouble you get in over it.
Likewise, if you're a small time app developer and you use a private method that gets yanked and your app breaks, that's your problem: your users are going to be pissed at you, you'll take the reputational damage, and even if your users are also pissed at the OS vendor they represent such a small group of individuals that the OS vendor isn't going to be unduly harmed by that.
If, on the other hand, you develop one of the most widely used frameworks and you use a private method that gets yanked and your app breaks, that's the OS vendor's problem: the number of people who are pissed off at them (rightly or wrongly) is now much larger and they're going to take some reputational damage over it, whether or not they're the ones who have the moral high ground and regardless of how much reputational damage you also take.
And that's exactly what we're seeing here: it doesn't matter that Electron used an API they weren't supposed to, people are pissed at Apple about this and Apple, rightly or wrongly, has to contend with that reputational damage if they don't take steps to prevent this sort of thing before it happens (like letting the developers know that private-on-paper API is going to be yanked in advance, or making it mechanically impossible for anyone outside of Apple's own code to invoke that API long before someone depends on it).
Yes, sorry, it wasn't clear. I meant this quote has nothing in common with this situation we're talking about.
> has to contend with that reputational damage if they don't take steps to prevent this sort of thing before it happens (like letting the developers know that private-on-paper API is going to be yanked in advance, or making it mechanically impossible for anyone outside of Apple's own code to invoke that API long before someone depends on it).
Again, that is what dev builds are for. Developers had months to verify their software still works on an OS that has confirmed release date and has very high ration of users that install the latest and greatest.
That's true, and yet they didn't. We can (rightfully) blame them for that, but people are still pissed off at Apple, and whether or not they deserve it they still suffer the reputational damage.
That's why this quote is relevant to this situation: it's totally Electron's fault for not adequately testing their framework against Apple's latest developer builds, but Apple could have absolutely done more to minimize the chance that Electron would make a mistake like this and cause lots of folks to be mad at Apple over it.
Should Apple be required to? No. Will they still suffer reputational damage if they don't and something like this happens? Yes.
Wow .. I had no idea. I'd always assumed you were supposed to remove them from cooking because they would taste bad if eaten directly - not that you couldn't actually digest them!
Yeah a lot of different leaves don't break down well in the digestive track without friction or longer digestion periods (which are adaptations that actual herbivores have).
This is also why they (bay leaves or more generally all laurel leaves) are such a massive pain in the ass to compost in most places.
The wonders of insoluble fiber and wax coatings on leaves.
Hate to break it to you but, sample size of 9, my entire friend group talks like this. We're all in our 30s.
Language changes. The construction "what's up" and its extension "what's up with ..." didn't become widely accepted until Bugs Bunny brought it into the mainstream, and yet you use it as naturally as anything else at the beginning of your message.
I don't know that it's particularly constructive to dish on this post purely on that account.
Whilst I don’t necessarily disagree with your overall point, this kind of inflammatory commentary which has taken a solid step into personal attack territory
> If you and your friends all talk in this way you are just oblivious to the fact you are the problem.
isn’t really helping, is it?
Moreover, generational complaints about use of language and communication style are solidly off topic and do not rise above the level of cliche.
One of the things I'm looking forward to most is traveling to Japan, and maybe other parts of eastern Asia, and collecting a ridiculous amount of nonsensical t-shirts to ship back home.
