Pilot lights are often designed so that the heat from the flame holds a bimetallic switch in the open position. Should the light go out, the bimetallic switch will shut as it cools.
TBF the amount of gas used in old style pilots is really tiny. I’m sure it’s possible to accumulate dangerous quantities somehow, perhaps in a sealed subterranean basement if using propane instead of natural gas.
Natural gas is mostly methane, which is lighter than air and easily escapes most structures.
Natural gas today is mostly methane, but in the past it often had large concentrations of CO. In 1950 you can turn the gas on and stick your head in the oven as a form of suicide - won't work anymore (unless you get the house to explode).
Fascinating. I double-checked with ChatGPT (FWIW), and it confirmed. It said that currently, natural gas is extracted and shipped in its mostly pure form. In the mid-20th century, natural gas was "town gas," manufactured by heating Cole in the absence of oxygen. That produced a lot of carbon monoxide.
If a webpage is an iceberg, the buttons and menus and dropdowns are the visible part. If I understand this page object, that’s what he proposes testing.
But the bit I care about is the bit underneath that will compose REST calls from those UI elements and sometimes make subsequent REST calls from the result of the previous ones.
That is the tricky bit to test, and the bit where we *still* fall back to manual testing and recorded demos for qa.
I was hoping this was a suggestion for a better selenium.
Looks like modified placeholder addresses because the author didn't want to use real addresses. I don't think it could be used for internal routing since each octet is represented with a single byte (0-255) so having larger numbers for some internal routing would likely break the entire IP stack.
I’m curious about the control surfaces. Since you have the four quadcopter motors, you could potentially just induce all three of yaw pitch and roll by powering those up.
I wonder if the reduction in weight from the now unneeded servos would pay for the extra battery drain.
Great question, but spinning lifting motors in cruise draws more power than it's worth for efficiency.
There's ways to use differential thrust for multiple cruise motors to roll if not positioned at spanwise Cg (e.g. wing mounted like in a commercial jet), but again, usually not efficient. Servos are a small mass fraction relative to other components.
Those who recall cars with fm radios and gsm phones will have heard something similar if their car had a random compartment right below the stereo.
When a call came in, before the phone would ring, the radio would emit this very clear tri di di dit dah dah. But only when the phone was very near the radio.
From the Wired article: "The archive server is programmed in Java and is built using Spring Boot, an open source framework for creating Java applications. Spring Boot includes a set of features called Actuator that helps developers monitor and debug their applications. One of these features is the heap dump endpoint,"
So the heapdumps being available is a Spring Boot feature so it does not appear to be malicious.
When the PR was created in 2016, endpoints were marked as "sensitive" and, for example, the heapdump endpoint would have to be explicitly enabled. However, Spring Boot has evolved over the years, and only the "shutdown" endpoint was made "restricted" in the later solutions. My recent PR will address that weakness in Spring Boot when users misconfigure or ignore security for a Spring Boot app so that heapdumps won't get exposed by default.
I don't get why 2+ years after Log4J we are still dealing with this from Java libraries developers.
Your end users are not security savvy, they will never be security savvy and you need to protect them from themselves instead of handing them loaded handgun. This language more than most is filled with people punching buttons for paycheck.
- Signed, Angry SRE who gets to deal with this crap.
In my opinion, the original sin of Spring Boot Actuator is allowing server.port and management.server.port to be the same. It makes it too convenient for developers to skip the security review that would be done for opening a non-standard port.
I think it would be wise to either disallow the ports being the same, or if they are the same, only enable the health endpoint.
I'm more of the opinion that developers will make smart choices, when motivated.
Sure, punching buttons for money is a widespread issue in the industry, but devs also like convenience.
Security has the hard problem that it's infuriatingly difficult to troubleshoot (ever tried to write security policies for an app or figure out how to let an app through a firewall, or set of firewalls?), and there's a bit of a culture of "security by obscurity".
So it's kind of expected that this is the behavior...
Sure some people will really just not care, mistakes will be made, but secure defaults, easy to configure and simple to understand are features not often seen from security products generally. This is driven by poor motivations from security folk who want to protect their industry...
huh, I sure seem to be needing to debug this a lot, I guess I'll just leave it turned on all the time that way I can say a few seconds next time. Larry Wall says one of the virtues of being a great developer is laziness!
Based on [1] it seems like one `management.endpoints.web.exposure.include=*` is enough to expose everything including the heapdump endpoint on the public HTTP API without authentication. It's even there in the docs as an example.
Looks like there is a change [2] coming to the `management.endpoint.heapdump.access` default value that would make this harder to expose by accident.
