notice: I've disabled signup/login as malformed RSS feeds were costing me loads in cloud bills. Will look at a better way to fix this in future. Contact me on twitter if there's a feed you'd like included in the meantime

Every year, I look forward to the summer. But not for the reason that most people would think of with me being a teacher.For me, it's because I'm excited to go teach at Georgia's Governor's Honor Program (GHP).If you've never heard of it, GHP is a four-week program at Berry College in Rome, GA, where enthusiastic high school students from all around Georgia interview and audition to intensively study a major subject of their choosing. It's the kind of environment every teacher dreams of — students who are there because they want to soak in as much knowledge as possible and be around equally-motivated students. (It's also, as far as I'm aware, the only such governor's school that operates free of charge to its students, which is an important contribution to the diversity of the student body.)I also see GHP as an opportunity to push myself as a teacher — it takes a lot of work to keep up with these students! We guide them as they explore mathematics that they normally wouldn't see until undergraduate or even graduate courses. I like to try a lot of new ideas with my teaching at GHP, ideas that I can then bring back to my own classroom. (And the fact that there are no grades to worry about certainly helps eliminate some of the usual confounding variables!)This year, I felt like taking a bit more of a risk, and decided to teach a course in computational algebraic geometry....yes, to high schoolers.If you're not familiar with algebraic geometry, at a bird's-eye level, it studies geometric shapes called varieties, defined as the zero sets of one or more polynomials in multiple variables, using techniques from abstract algebra. (For example, the unit circle in \(\mathbb{R}^2\) can be thought of as all the points where \(x^2+y^2-1\) equals zero.) The "computational" part comes in when you start looking at algorithms to manipulate those polynomials (for example finding a convenient basis of polynomials to work with).I actually had just taken a course in Computational Algebraic Geometry last year as part of my master's program, which I absolutely loved. The entire time, I kept thinking to myself, "You know ... I bet GHP students could handle this." It touches on so many things that high school students already see in their curriculum:Coordinate geometrySystems of equationsReal and complex number systemsPolynomial zeros, factoring, and divisionThe Fundamental Theorem of AlgebraRational functionsConic sectionsParametric curvesWhat's even better is that it beautifully ties together all these concepts — something that unfortunately can't be said for most of the high school mathematics curriculum.I also realized this would be a great opportunity to work in one of my all-time favorite topics: projective geometry and division by zero.All of this led me to conclude that this would be a perfect course to offer at GHP, so I went ahead with it. I decided to call the course Varieties: The Spice of Life. (Thanks to @notamoon1 on Twitter for that suggestion!)My main source was Ideals, Varieties, and Algorithms by Cox, Little, and O'Shea. I also referenced Elliptic Tales by Ash and Gross for some of the projective geometry material toward the
(read more)
The Heptagon of Configuration is a term I'm coining to describe a pattern I've observed in software configuration, where configuration evolves through specific, increasing levels of flexibility and complexity, before returning the restrictive and simple implementation.How does the Cycle Work?Hardcoded values are the simplest configuration - but provide very little flexibility. The program surface increases, and with it the configuration, incorporating environment variables*, flags, and when that becomes cumbersome, a configuration file to encode the previous.When multiple environments require
(read more)
A fourth law enforcement officer who responded to the Capitol on Jan. 6 has died by suicide, the Metropolitan Police Department confirmed to The Hill on Monday.A department spokesman said Officer Kyle DeFreytag, who had been with the department since November 2016, was found dead on July 10. He was 26 years old. Police confirmed DeFreytag was among a host of MPD officers who were sent to the Capitol in response to the riot.WUSA9, a CBS affiliate in Washington, D.C. was the first to report that DeFreytag died by suicide last month. “I am writing to share tragic news that Officer Kyle DeFr
(read more)
C++20 added concepts as a language feature. They’re often compared to Haskell’s type classes, Rust’s traits or Swift’s protocols. Yet there is one feature that sets them apart: types model C++ concepts automatically. In Haskell, you need an instance, in Rust, you need an impl, and in Swift, you need an extension. But in C++? In C++, concepts are just fancy boolean predicates that check for well-formed syntax: every type that makes the syntax well-formed passes the predicate and thus models the concepts. This was the correct choice, but is sometimes not what you want. Let’s explore it further. Nominal vs. structural concepts To co-opt terms from type systems, C++20 concepts use structural typing: a type models the concept if it has the same structure as the one required by the concept, i.e. it the has required expressions. On the contrast, type classes, traits and protocols all use nominal typing: a type models the concept only if the user has written a declaration to indicate it. For example, consider a C++ concept that checks for operator== and operator!=: template concept equality_comparable = requires (T obj) { { obj == obj } -> std::same_as; { obj != obj } -> std::same_as; }; This is how you write a type that models equality_comparable with C++20’s structural concepts: // Define your type, struct vec2 { float x, y; // define the required operators, friend bool operator==(vec2 lhs, vec2 rhs) { return lhs.x == rhs.x && lhs.y == rhs.y; } // operator!= not needed in C++20 due to operator rewrite rules! }; // ... and that's it! static_assert(equality_comparable); In contrast, this is how you would write a type that models equality_comparable in a hypothetical C++20 with nominal concepts: // Define your type struct vec2 { … }; // as before // ... and tell the compiler that it should be `equality_comparable`. // Most languages also support a way to define the operation here. concept equality_comparable for vec2; Nominal is better… In my opinion, nominal concepts are superior to structural concepts: Structural concepts do not allow for semantic differences between concepts, because that is not part of the “structure”. Consider the standard library concept std::relation; it is true for predicate t
(read more)
After a very long porting journey, Launchpad is finally running on Python 3 across all of our systems. I wanted to take a bit of time to reflect on why my emotional responses to this port differ so much from those of some others who’ve done large ports, such as the Mercurial maintainers. It’s hard to deny that we’ve had to burn a lot of time on this, which I’m sure has had an opportunity cost, and from one point of view it’s essentially running to stand still: there is no single compelling feature that we get solely by porting to Python 3, although it’s clearly a prerequisite for tidying up old compatibility code and being able to use modern language facilities in the future. And yet, on the whole, I found this a rewarding project and enjoyed doing it. Some of this may be because by inclination I’m a maintenance programmer and actually enjoy this sort of thing. My default view tends to be that software version upgrades may be a pain but it’s much better to get that pain over with as soon as you can rather than trying to hold back the tide; you can certainly get involved and try to shape where things end up, but rightly or wrongly I can’t think of many cases when a righteously indignant user base managed to arrange for the old version to be maintained in perpetuity so that they never had to deal with the new thing (OK, maybe Perl 5 counts here). I think a more compelling difference between Launchpad and Mercurial, though, may be that very few other people really had a vested interest in what Python version Launchpad happened to be running, because it’s all server-side code (aside from some client libraries such as launchpadlib, which were ported years ago). As such, we weren’t trying to do this with the internet having Strong Opinions at us. We were doing this because it was obviously the only long-term-maintainable path forward, and in more recent times because some of our library dependencies were starting to drop support for Python 2 and so it was obviously going to become a practical problem for us sooner or later; but if we’d just stayed on Python 2 forever then fundamentally hardly anyone else would really have cared directly, only maybe about some indirect consequences of that. I don’t follow Mercurial development so I may be entirely off-base, but if other people were yelling at me about how late my project was to finish its port, that in itself would make me feel more negatively about the project even if I thought it was a good idea. Having most of the pressure come from ourselves rather than from outside meant that wasn’t an issue for us. I’m somewhat inclined to think of the process as an extreme version of paying down technical debt. Moving from Python 2.7 to 3.5, as we just did, means skipping over multiple language versions in one go, and if similar changes had been made more gradually it would probably have felt a lot more like the typical dependency update treadmill. I appreciate why not everyone might want to think of it this way: maybe this is just my own rationalization. Reflections on porting to Python 3 I’m not going to defend the Python 3 migrat
(read more)
PRECIS (Preparation, Enforcement, and Comparison of Internationalized Strings) is a framework for consistent and secure management of Unicode strings in web applications. If you haven’t read my previous article Input validation of free-form Unicode text in Python, that contained the problem statement and low-level solution using Unicode character categories. PRECIS goes one step further by proposing specific string classes that represent typical usage scenarios involving processing of Unicode strings. PRECIS starts from just two use cases — string used as an identifier, that will be subsequently used in URIs and databases, where one of the most challenging problems is reliable comparison. For example, are “ŻÓBR” and “ŻÓBR” the same usernames, or group names? Visually they should be identical in most fonts and displays, and both could have been honestly typed by the same user using different keyboards, yet they are composed of different code points. First, using a non-combining keyboard: > import unicodedata > x='ŻÓBR' > for c in x: print(f'{c}: {unicodedata.name(c)}') Ż: LATIN CAPITAL LETTER Z WITH DOT ABOVE Ó: LATIN CAPITAL LETTER O WITH ACUTE B: LATIN CAPITAL LETTER B R: LATIN CAPITAL LETTER R Second, using letters followed by combining accents: > x='Z\u0307O\u0301BR' > x 'ZOBR' > for c in x: print(f'{c}: {unicodedata.name(c)}') Z: LATIN CAPITAL LETTER Z : COMBINING DOT ABOVE O: LATIN CAPITAL LETTER O : COMBINING ACUTE ACCENT B: LATIN CAPITAL LETTER B R: LATIN CAPITAL LETTER R Usual byte-by-byte comparison will fail, and if you’re not careful your application will allow creation of visually identical usernames that are assigned distinct user objects. In my previous article (Input validation of free-form Unicode text in Python) I suggested using Unicode normalisation to always convert these homoglyphic forms into a single, consistent one. PRECIS The two string classes proposed by PRECIS are IdentifierClass and FreeformClass, and their purpose is quite self-describing. What sits inside them, is a carefully selected combination of character classes (such as letter, digits, spaces) that are allowed, others that are disallowed (e.g. funny text direction changing characters), additional contextual rules as well as policy towards characters that are yet unknown in the current version of Unicode. As you can guess, these rules for IdentifierClass are much more strings, while for FreeformClass they are much more lax and permissive. Not surprisingly, Unicode normalisation (specifically, NFC) is an important part of these transformations. On top of these basic string classes, you can build your own string profiles, that reflect your applications data objects more accurately. For example, one Python library precis-i18n implements UsernameCasePreseved (strict) and NicknameCasePreserved (lax). Here’s what happens when you try to pass my name through both of them. First, nickname profile, apparently indended to be displayed as the profile name but not used in identifiers: > import precis_i18n > precis_i18n.get_profile('NicknameCasePreserved').enforce('Paweł Krawczyk') 'Paweł Krawczyk' However, let’s tr
(read more)
Download PDF Abstract: We introduce a new image editing and synthesis framework, Stochastic Differential Editing (SDEdit), based on a recent generative model using stochastic differential equations (SDEs). Given an input image with user edits (e.g., hand-drawn color strokes), we first add noise to the input according to an SDE, and subsequently denoise it by simulating the reverse SDE to gradually increase its likelihood under the prior. Our method does not require task-specific loss function designs, which are critical components for recent image editing methods based on GAN inversion. Compared to conditional GANs, we do not need to collect new d
(read more)
Including an example of property-based testing without much partitioning. A tweet from Brian Marick induced me to read a paper by Dick Hamlet and Ross Taylor called Partition Testing Does Not Inspire Confidence. In general, I find the conclusion fairly intuitive, but on the other hand hardly an argument against property-based testing. I'll later return to why I find the conclusion intuitive, but first, I'd like to address the implied connection between partition testing and property-based testing. I'll also show a detailed example. The source code used in this article is available on GitHub. Not the same # The Hamlet & Taylor paper is exclusively concerned
(read more)
As a remote-first startup (from day one), we were heavy Slack users.  Considering moving to Mattermost, or any other alternative, caused many folks to shiver.  But we switched.  Why?  Because of what matters the most to us: Permissionless innovation Control and visibility of our data Zero Trust security Belief in open source Ability to dogfood our Zero Trust functions Now, obviously core messaging functionality is critical.  Mattermost is great there, but so is Slack.  In fact, Slack features like third-party integrations and threaded messaging were missed greatly (thank you, Mattermost, for recently adding threaded messaging).  So the relative parity bet
(read more)
Tilck (Tiny Linux-Compatible Kernel) Contents Overview What is Tilck? Future plans What Tilck is NOT ? Features Hardware support File systems Processes and signals I/O Console Userspace applications Screenshots Booting Tilck Tilck's bootloader 3rd-party bootloaders Grub support Documentation and HOWTOs Building Tilck Testing Tilck Debugging Tilck Tilck's debug panel A comment about user experience FAQ Why Tilck does not have the feature/abstraction XYZ? Why Tilck runs only on x86 (ia-32)? Why having support for FAT32? Why keeping the initrd mounted? Why using 3 spaces as indentation? Why many commit messages are so short? Overview What is
(read more)
In late August 2018, in the heat of one of the warmest and driest years on record in the Four Corners country, under a blanket of smoke emanating from wildfires burning all over the place, I piloted the Silver Bullet — my trusty 1989 Nissan Sentra — to the quiet burg of Monticello, Utah. I was on my way from one camping site on the Great Sage Plain to another on Comb Ridge, where I would feed my misanthropic side with a searing hike down a canyon, seeking out potholes that still had a smidgen of stagnant water left over from the last rain. I took a detour through Monticello to look into one of the most contentious fronts of the long-running public-land wars, the ba
(read more)
Docker containers have been an essential part of the developer's toolbox for several years now, allowing them to build, distribute and deploy their applications in a standardized way.This gain in traction has been, not surprisingly, accompanied by a surge in security issues related to containerization technology. Indeed, containers also represent a standardized surface for attackers. They can easily exploit misconfigurations and escape from within containers to the host machine.Furthermore, the word “container” is often misunderstood, as many developers tend to associate the concept of isolation with a false sense of security, believing that this technology is inhere
(read more)
Hi all, With excitement we're sharing today that Vue.js is Wikimedia Foundation's official choice for adoption as future JavaScript framework for use with MediaWiki. The evaluation of front-end frameworks officially started mid 2019, as part of the Platform Evolution program’s goal to evolve our technology platform and development processes to empower the Wikimedia Movement[0]. The corresponding Technical RFC was successfully resolved in March 2020[1]. As this framework selection is a wide-ranging, long-term decision, a dedicated group, the Front-end Architecture Working Group[2], was established to drive the technology comparison and the final recommendation. Besides the resolved RFC the outcome was to build and test developer experience in a pilot project[3]. The selected pilot was within the Desktop Improvements project[4] with its new Vue.js-based TypeaheadSearch feature that allows for providing additional context while searching. Since its introduction in March 2021[5] the new TypeaheadSearch component has been the default across 15 wikis of varying sizes and has received positive user feedback[6]. A final developer satisfaction survey was completed to gain further information on the developer experience. The survey results emphasized “a positive light on the future of working with Vue.js”. And “[t]he engineers felt optimistic about the future and confident in recommending it for adoption across all our teams.” The pilot gave us confidence in the recommendation to adopt Vue.js and we are moving into further implementation of Vue.js tooling and product migration planning. To support further efforts, the Wikimedia Foundation has established the Wikimedia Design System team[7], which I'm proudly part of. Our continued work and upcoming priorities include: - Preparing a shared Vue.js user-interface components library - Deciding on Vue 2 or Vue 3 including transition path - Figuring out how the components library will be built and distributed in and beyond MediaWiki You can find more of the ongoing work on Phabricator[8]. For full transparency, we've ca
(read more)
A kettle of raptors — Progress on the regulatory side of things remains murky, though. Image of 29 Raptor rocket engines installed on a Super Heavy booster.Elon Musk/TwitterSometimes it is difficult to write objectively about the rate at which SpaceX makes progress. The advancements we're seeing at the company's Starbase site in South Texas are unprecedented. Like, seriously unprecedented. On Sunday, SpaceX finished stacking what it is calling "Booster 4," the first of its Super Heavy rocket boosters expected to take flight. This is a massive, single-core rocket that is approximately 70 meters tall, with a diameter of 9 meters. It has a thrust approximately double that of the Saturn V rocket that launched NASA astronauts to the Moon. Then, overnight, something remarkable happened. Technicians and engineers at the SpaceX build facility near Boca Chica Beach attached 29 Raptor rocket engines to the rocket. Twenty-nine engines. Each with intricate plumbing lines and connections. This is the number of engines that Super Heavy will fly with for initial flight tests, although the final configuration is likely to have 33 engines. I'm not really sure wha
(read more)
For years, I’ve had a private term I’ve used with my family. To give a few examples of its use: No, I never applied for that grant. I spent two hours struggling to log in to a web portal designed by the world’s top blankfaces until I finally gave up in despair. No, I paid for that whole lecture trip out of pocket; I never got the reimbursement they promised. Their blankface administrator just kept sending me back the form, demanding more and more convoluted bank details, until I finally got the hint and dropped it. No, my daughter Lily isn’t allowed in the swimming pool there. She easily passed their swim test last year, but this year the blankface lifeguard made up a new rule on the spot that she needs to retake the test, so Lily took it again and passed even more easily, but then the lifeguard said she didn’t like the stroke Lily used, so she failed her and didn’t let her retake it. I complained to their blankface athletic director, who launched an ‘investigation.’ The outcome of the ‘investigation’ was that, regardless of the ground truth about how well Lily can swim, their blankface lifeguard said she’s not allowed in the pool, so being blankfaces themselves, they’re going to stand with the lifeguard. Yeah, the kids spend the entire day indoors, breathing each other’s stale, unventilated air, then they finally go outside and they aren’t allowed on the playground equipment, because of the covid risk from them touching it. Even though we’ve known for more than a year that covid is an airborne disease. Everyone I’ve talked there agrees that I have a point, but they say their hands are tied. I haven’t yet located the blankface who actually made this decision and stands by it. What exactly is a blankface? He or she is often a mid-level bureaucrat, but not every bureaucrat is a blankface, and not every blankface is a bureaucrat. A blankface is anyone who enjoys wielding the power entrusted in them to make others miserable by acting like a cog in a broken machine, rather than like a human being with courage, judgment, and responsibility for their actions. A blankface meets every appeal to facts, logi
(read more)
U.S. authorities obtained a court order allowing them to demand financial information from banks and couriers about wealthy Americans suspected of using a Panamanian law firm to evade taxes.The Internal Revenue Service can now get information about electronic fund transfers and courier deliveries between the firm, Panama Offshore Legal Services, and its U.S. clients, the Justice Department said in a statement Thursday. The IRS seeks to identify clients who used the law firm to “create or control foreign assets and entities” to evade taxes, the department said.“We continue our joint efforts with the IRS to investigate tax evaders who use foreign financial accounts and sham foreign entities to hide their assets,” Manhattan U.S. Attorney Audrey Strauss said in the statement.U.S. District Judge Gregory Woods modified an order Wednesday that authorized the IRS to issue summonses to entities including the Federal Reserve Bank of New York, the Clearing House Payments Co., HSBC Bank USA N.A., Citibank N.A., Wells Fargo N.A., Bank of America N.A., FedEx Corp., United Parcel Service Inc. and DHL Express.The order requires that they produce information about possible violations of tax laws by people whose identities are unknown, according to the statement. Woods authorized so-called John Doe summonses, which let authorities get names of U.S. taxpayers, records and other information relating to those taxpayers.The summonses are unrelated to the leak five years ago of more than 11 million documents, known as the Panama Papers, involving offshore entities created by a Panamanian law firm, Mossack Fonseca. The disclosures have led to criminal convictions of at least two Americans.Panama Offshore Legal Services, or POLS, used HSBC, Bank of America, Wells Fargo and Citibank for U.S. correspondent accounts, according to a May 4 declaration by IRS Revenue Agent Katy Fuentes. The banks cleared dollar-denominated transactions.‘Free From … Taxes’The firm provides “comprehensive entity formation and legal and management services for clients wanting to use Panamanian entities” to hide their ownership of assets, set up bank accounts in Panama, and invest in Panamanian
(read more)
I just discovered a lurking problem in the timebase.c module in all of the branches for releases >=3.20: In gpsd_gpstime_resolv(): /* sanity check week number, GPS epoch, against leap seconds * Does not work well with regressions because the leap_sconds * could be from the receiver, or from BUILD_LEAPSECONDS. */ if (0 < session->context->leap_seconds && 19 > session->context->leap_seconds && 2180 < week) { /* assume leap second = 19 by 31 Dec 2022 * so week > 2180 is way in the future, do not allow it */ week -= 1024; GPSD_LOG(LOG_WARN, &session->context->errout, "GPS week confusion. Adjusted week %u for leap %d\n", week, session->context->leap_seconds); } This code is going to trigger
(read more)
August 01, 2021 The recent release of PetitPotam by @topotam77 motivated me to get back to Windows RPC fuzzing. On this occasion, I thought it would be cool to write a blog post explaining how one can get into this security research area. RPC as a Fuzzing Target? As you know, RPC stands for “Remote Procedure Call”, and it isn’t a Windows specific concept. The first implementations of RPC were made on UNIX systems in the eighties. This allowed machines to communicate with each other on a network, and it was even “used as the basis for Network File System (NFS)” (source: Wikipedia). The RPC implementation developed by Microsoft and used on Windows is DCE/RPC, which is short for “Distributed Computing Environment / Remote Procedure Calls” (source: Wikipedia). DC
(read more)
The Myth of RAM, part I # The Myth of RAM, part I April 21, 2014 ## Preface This article is the first of four in a series, in which I argue that thinking of a memory access as _O(1)_ is generally a bad idea, and we should instead think of them as taking _O(√N)_ time. In part one I lay out a hand-wavy argument based on a benchmark. In [part II](2014_04_28_myth_of_ram_2.html) I build up a mathematical argument based in theoretical physics, and in [part III](2014_04_29_myth_of_ram_3.html) I investigate some implications. [Part IV](2015_02_09_myth_of_ram_4.html) is a FAQ in which I answers some common questions and misunderstandings. (This preface was added on August 29, 2016) ## Intro If you have studied computing science, then you know how to do [complexity analysis](https://en.wikipedia.org/wiki/Analysis_of_algorithms#Run-time_analysis). You'll know that the time complexity for iterating through a linked list is _O(N)_, binary search is _O(log(N))_ and a hash table lookup is _O(1)_. What if I told you that all of the above is not just misleading, but wrong? What if I told you that the time it takes to iterate through a linked list is actually _O(N√N)_ and hash lookups a
(read more)
Introduction There are a ton of great explainers of what graph neural networks are. However, I find that a lot of them go pretty deep into the math pretty quickly. Yet, we still are faced with that age-old problem: where are all the pics?? As such, just as I had attempted with Bayesian deep learning, I'd like to try to demystify graph deep learning as well, using every tool I have at my disposal to minimize the number of equations and maximize intuition using pictures. Here's my attempt, I hope you find it useful! Graphs In my Network Analysis Made Simple tutorial, we see that the term "graph" are really nothing more than a synonym for networks. Defined strictly, graphs are comprised of nodes, i.e. entities, and edges that define relations between nodes. Examples are social networks (nodes = people, edges = friendship), and flight networks (nodes = airports, edges = flights that exist between the two networks). Pictorially, we'd usually draw something that looks like this: A graph G, in really concise mathematical notation, can be represented as G = (V, E), or in plain English, an unordered collection of vertices (a synonym for nodes) and an unordered collection of edges. Graphs as arrays One thing that's a really neat property of graphs is that we can actually represent them as arrays. This is covered in the Linear Algebra sectio
(read more)
Heap is a digital insights platform that automatically captures web and mobile behavior like page views, clicks, and taps. We recently shipped Effort Analysis, a way for Heap customers to see the median number of interactions and seconds engaged between each step within a funnel. Here’s what it looks like:To build this feature, we needed to write a query that could quickly scan more than a billion rows of event data. But when we first started working on this feature, it took too long to scan the data.Fortunately, we found a way to double the speed of this feature's p90 performance. To do this, we had to work around a case where the Postgres planner is, according to the Postgres docs, “not very smart.” This Postgres quirk surprisingly prevented an existing index from supporting an index-only scan. This post is about the quirk that caused our performance problem and the workaround we leveraged to achieve a 2x performance win.What’s an index-only scan?First, a quick refresher on index-only scans. An index is a secondary data structure in your database that the query planner can use to make some queries faster. For example, an index on the user_id column can make lookups of a specific user_id faster. An index-only scan is a special kind of operation in which the database can satisfy a query with just the information that’s in the index, without having to read the table’s actual rows.For example, a typical index at Heap contains the time of an event and the user_id of
(read more)
Why did this happen? Please make sure your browser supports JavaScript and cookies and that you are not blocking them from loading. For more information you can review our Terms of Service and Cookie Policy. Need Help? For inquiries related to this message please contact our support team and provide the reference ID below. Block reference ID:
(read more)
Along with other optimizations to benefit the Steam Deck, AMD and Valve have been jointly working on CPU frequency/power scaling improvements to enhance the Steam Play gaming experience on modern AMD platforms running Linux. It's no secret that the ACPI CPUFreq driver code has at times been less than ideal on recent AMD processors with delivering less than expected performance/behavior with being slow to ramp up to a higher performance state or otherwise coming up short of disabling the power management functionality outright. AMD hasn't traditionally worked on the Linux CPU frequency scali
(read more)
Jason A. Donenfeld Jason at zx2c4.com Mon Aug 2 17:27:37 UTC 2021 Previous message (by thread): wireguard command line, dumplog and GUI pop-up in 0.3.16 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Hey everyone, After many months of work, Simon and I are pleased to announce the WireGuardNT project, a native port of WireGuard to the Windows kernel. This has been a monumental undertaking, and if you've noticed that I haven't read emails
(read more)
Your log data is a treasure-trove of information about your application, but it can be overwhelming. This post will dig into several strategies for extracting metrics and other helpful information from your logs. We’ll start with the basics of the heroku logs command, then we’ll dig into the real fun using a tool called Angle Grinder. How to view your Heroku logs heroku logs on its own just prints the most recent logs from your app and then exits. Generally that’s not very useful. I almost always want the -t (or --tail) option to continually tail my logs. Additionally I usually want it scoped to a specific dyno process, so I’ll include -d router, -d web, or -d worker so I’m only seeing relevant logs. Here’s how I would tail my router logs: heroku logs -t -d router 2021-07-28T
(read more)
Aug 2, 2021This is a quick blog post about a security vulnerability (now fixed) that allowed me to make anyone like or message a profile on okcupid.com simply by getting them to click a link on my website. In doing so, I used one of the most boring web application security issues (CSRF) combined with a somewhat interesting JSON type confusion. Proof that it worked on a friend who agreed to help me with security testing and is definitely NOT a rabbit: A short recap of CSRF The story, like many, began with me opening devtools and checking if websites were sending CSRF tokens alongside requests that require authentication, like sending messages to another user from your account. CSRF is an attack whereby an attacker sends a link to a victim which, when visited in the victim’s brow
(read more)
A mysterious, one-letter npm package named "-" sitting on the registry since 2020 has received over 700,000 downloads. What's more? The package contains no functional code, so what makes it score so many downloads? Inside the npm package "-" An npm package called "-" has scored almost 720,000 downloads since its publication on the npm registry, since early 2020. There's only one version of the package: 0.0.1 and it contains three files: tar tvf 0.0.1/--0.0.1.tgz package/dist/index.js package/package.json package/README.md Inside these files—mainly the manifest (package.json) and index.js, there is nothing phenomenally interesting, just skeleton code. The manifest does pull in a bunch of development dependencies (devDependencies) and invokes some commands on the "ts-node" compone
(read more)
31 Jul 2021 The computers sitting on our desks are incomprehensibly fast. They can perform more operations in one second than a human could in one hundred years. We live in an era of CPUs that can perform billions of instructions per second, tens of billions if we take multi-cores into account, of memory that can transfer data to the CPU at hundreds of gigabytes per second, of disks that support streaming reads of gigabytes per second. This era of incredibly fast hardware is also the era of programs that take tens of seconds to start from an SSD or NVMe disk; of bloated web applications that take many seconds to show a simple list, even on a broadband connection; of programs that process data at a thousandth of the speed we should expect. Software is laggy and sluggish
(read more)
The shortlisted images from 2021's Astronomy Photographer of the Year competition have been revealed. The largest astrophotography competition in the world, Astronomy Photographer of the Year showcases the very best space photography from a global community of photographers. Now in its 13th year, the competition received a staggering 4,500-plus entries, submitted from 75 countries worldwide.  Check out an incredible selection of the shortlisted images below. Follow the competition: #APY13 Astronomy Photographer of the Year 13: winners annou
(read more)
Dollar Stores Make Up Nearly Half of All New Store Openings This Year About 45% of the 3,500 reported retail openings this year are Dollar General, Dollar Tree or Family Dollar, according to CNN. Dollar store openings had been on the rise even before the pandemic, but economic fallout over the last year has exacerbated wealth inequality. And as Next City has previously reported, dollar stores proliferate in low-income neighborhoods where fresh produce and other healthy food access are scarce. According to a 2018 Institute for Local Self-Reliance report, “While dollar stores sometimes fill a need in cash-strapped communities, growing evidence suggests these stores are not merely a byproduct of eco
(read more)
The Rubesletter is a newsletter with thoughts from Matt Ruby, comedian/writer/creator of Vooza (email [email protected]).In this Rubesletter, there’s an essay about what my life was like pre-iPhone addiction, a look at Instagram-famous chef Salt Bae, a video of my recent Instant Pot Indian Butter Chicken adventure, and a preview of the new Hell & Wellness pod discussing Marie Kondo. Away we go…I was not alertedI used to get lost all the time. I’d ask for directions, look for landmarks, fold maps, carry a guidebook, and keep an atlas in the glove compartment. I never knew when the next train was coming. I waited around a lot.I memorized phone numbers, jotted things down in notebooks, had conversations with taxi drivers, talked to random people at bars, wrote checks, went to the bank,
(read more)
Google bookmarks won't be supported past September 31, 2021 21 points by penguin_booze 51 minutes ago | hide | past | favorite | 23 comments Just logged in to bookmarks, and found this message: https://imgur.com/a/OQ7YZqB. To be clear, this is not Chrome's ability to save bookmarks and its useful ability to synchronize bookmarks across devices when logged into a Google account.This is an older bookmark service provided here:https://www.google.com/bookmarks/In my case, I see a bunch of locations from Google Maps. It would be nice if those continued to be supported in Google Maps in some manner after Google sunsets the old Google Bookmarks serv
(read more)
tl;dr: When multiple apps interact with the same database, nasty side-effects can happen: One app keeps the database busy; all other apps might stop responding. In this case, you are dealing with an incident that is difficult to debug due to a non-obvious root cause. Assigning a name to each database connection can make a difference. It will reduce the time to debug by multiple hours and finding the root cause faster. From the perspective of the database, you can differentiate the apps and their commands to identify the bad client.➡️ Want to see how it works? Checkout examples for MongoDB, MySQL, PostgreSQL, redis, and non-database systems like RabbitMQ or HTTP.Why does naming your database connection make sense?Many of the applications on this planet interact with some kind of databas
(read more)
Sign-in on Android devices running Android 2.3.7 or lower will not be allowed starting September 27, As part of our ongoing efforts to keep our users safe, Google will no longer allow sign-in on Android devices that run Android 2.3.7 or lower starting September 27, 2021. If you sign into your device after September 27, you may get username or password errors when you try to use Google products and services like Gmail, YouTube, and Maps. If your device has the ability to update to a newer Android version (3.0+), we advise you to do so in order to maintain access to Google apps and services on that device.How this change will affect youWhen support ends for sign-in with a Google Account on Android 2.3.7 and below, you will receive a username or pa
(read more)
Arik Kershenbaum, a zoologist and animal communications researcher at the University of Cambridge, thinks that the evolutionary forces that shape life on Earth will produce many similar features in extraterrestrial life.The laws of physics and biomechanics constrain the ways that animals can conceivably evolve mobility on this planet. “And so we can expect these constraints to be operating everywhere in the universe,” Kershenbaum said.You’re arguing that wherever organisms confront similar environmental challenges, they may come up with similar adaptive solutions. And you expect to see this throughout the universe? Consider flight, since that’s the most famous example of convergence. If you live on a planet with an atmosphere, or even with an ocean or some other fluid, if you want
(read more)
The concept of a new media ecosystem that's non-profit, publicly funded and tech-infused is drawing interest in policy circles as a way to shift the power dynamics in today's information wars.Why it matters: Revamping the structure and role of public media could be part of the solution to shoring up local media, decentralizing the distribution of quality news, and constraining Big Tech platforms' amplification of harmful or false information.Flashback: Congress in 1967 authorized federal operating money to broadcast stations through a new agency, the Corporation for Public Broadcasting, and what is now PBS launched down-the-middle national news programming and successful kids shows like "Mr. Rogers' Neighborhood" and "Sesame Street." NPR was born in 1971. Despite dust-ups over political in
(read more)
Supermicro Liquid Cooling High End Servers Cover Image Many readers at STH will know that we have been running a series around the future of data center technologies. Today, we are going to take a look at the impact of liquid cooling in the data center. Specifically, we are going to take a look at some of the common options, and then get a hands-on look at some of the impacts. Indeed, we are even going to show off 8x NVIDIA A100 80GB 500W GPU performance a part that is not even officially listed by NVIDIA. Let us get to it. Video Version As we have been doing with this series, you can check out a video version here: We always suggest opening the video in a YouTube tab or window for a better viewing experience. Also, we wanted to point out that the way we were able to do this is that we managed to get to stop by Supermicro in June where there were two 8x NVIDIA A100 systems setup. Luckily, we had the ability to check out some of the other interesting items in the lab. A quick thank you to Supermicro for making this happen. Liquid Cooling Methods Overview First, let us get into liquid cooling methods and why we should care. Starting with the why is perhaps the easiest to work through so we are going to start with that. Why Data Center Liquid Cooling is Inevitable Data center liquid cooling is going to happen. Today we commonly see CPUs in the 200-280W range and GPUs in the 250-400W range. In 2022, we will start to see CPUs use well over 300W, more than most GPUs today, and GPUs/ AI accelerators hit 600W and higher. Against that backdrop, one must also remember that PCIe Gen5 and features such as the EDSFF revolution will put more pressure to create
(read more)
Those who pay attention to business news have probably noted an interesting and curious phenomenon over the past few months: China is smashing its internet companies. It started — or at least, most people in the U.S. started noticing it — when the government effectively canceled the IPO of Ant Financial, then dismantled the company. Jack Ma, the founder of Ant and of e-commerce giant Alibaba, was summoned to a meeting with the government and then disappeared for weeks. The government then levied a multi-billion dollar antitrust fine against Alibaba (which is sometimes compared to Amazon), deleted its popular web browser from app stores, and took a bunch of other actions against it. The value of Ma’s business empire has collapsed.But Ma was only the most prominent target. The government is also going after other fintech companies, including those owned by Didi (China’s Uber) and Tencent (China’s biggest social media company). As Didi prepared to IPO in the U.S., Chinese regulators announced they were reviewing the company on “national security grounds”, and are now levying various penalties against it. The government has also embarked on an “antitrust” push, fining Tencent and Baidu — two other top Chinese internet companies — for various past deals. Leaders of top tech companies (also including ByteDance, the company that owns TikTok) were summoned before regulators and presumably berated. Various Chinese tech companies are now undergoing “rectification”. For those outside China’s byzantine, opaque nexus of party, government, and big business, it’s very difficult to figure out what’s going on. Just who is ordering these actions is not clear
(read more)
A recurring questions that surfaces around the Future of Coding Community is what happened to OpenDoc? why did it fail? This post is a summary of reasons found around the web, then I will explore other implementations similar to OpenDoc to see if there is a general pattern. Bias warning: I pick the quotes and the emphasis, read the sources in full to form your own conclusion and let me know! OpenDoc To start, here's a brief description of what OpenDoc was: The OpenDoc concept was that developers could just write the one piece they were best at, then let end-users mix and match all of the little pieces of functionality together as they wished. Let's find out the reasons: OpenDoc post by Greg Maletic A consortium, lots of money and the main driver being competing against Microsoft: Hence was born OpenDoc, both the technology and the consortium, consisting primarily of Apple, IBM, and WordPerfect, all companies that didn’t like Microsoft very much. All poured loads of money into the initiative. The hardware wasn't there: The Copland team was wary of OpenDoc. I looked at those people as bad guys at the time, but in reality they were right to be afraid. It’s hard to remember now, but back in 1996 memory (as in RAM) was a big issue. The average Mac had about 2 megabytes of memory. OpenDoc wouldn’t run on a machine with less than 4 megs, and realistically, 8 megs was probably what you wanted. Second system effect?: The OpenDoc human interface team had taken it upon themselves to correct the perceived flaws of the Mac as a modal, application-centric user experience, and instead adopted a document-centric model for OpenDoc apps. ... It was a noble and interesting idea, but in retrospect it was a reach, not important to the real goals of OpenDoc, and it scared a lot of people including the developers we were trying to woo. No "Business Model": It didn’t create a new economy around tiny bits of application code, and the document-centric model was never allowed to bloom as we had hoped, to the point where it would differentiate the Mac user experience. A solution looking for a problem: There are lots of reasons for OpenDoc’s failure, but ultimatel
(read more)
Over the last few years, I've worked on open-source distributed systems in Go at Google. As a result, I've thought a lot about dependency management, systems configuration, programming languages, and compilers.Again and again, I saw the same fundamental data structure underpinning these technologies: the directed acyclic graph. The most frustrating part was modeling graph-based configuration in languages that optimized for hierarchical data structures. That's why I created Virgo.Virgo is a graph-based configuration language. It has two main features: edge definitions and vertex definitions. The vgo configuration file then parses into an adjacency list. You can achieve similar results by adding additional conventions and restrictions on YAML or JSON. Much like YAML optimized for human readability, Virgo optimizes natural graph readability, editability, and representation. // config.vgo a -> b, c, d -> e <- f, gA graphical representation of the Virgo graphVirgo is open to proposals and language changes. Please open up an issue to start a discussion at https://github.com/r2d4/virgo.Graphs are everywhere in configuration management. One graph that engineers may be familiar with is the Makefile target graph. The make tool topologically sorts the targets that it resolves, which lets i
(read more)
Ask HN: Freelancer? Seeking freelancer? (August 2021) 17 points by whoishiring 2 hours ago | hide | past | favorite | 34 comments Please lead with either SEEKING WORK or SEEKING FREELANCER, your location, and whether remote work is a possibility.Bonsai (YC W16) (https://www.hellobonsai.com) offers freelance contracts, proposals, invoices, etc. SEEKING WORK | REMOTE | Software/System ArchitectLocation: Toronto, Ontario, CanadaMost recent system/software architecture design: Online professional conference system with UI styling based on the dynamic CSS concept of the CSS Zen Garden (http://www.csszengarden.com/), successfully separating concerns of programmers from the UI designer. This methodology optimizes the work of both parties, reducing the amount of communication and rework required in the implementation of an agile project. Technologies: System Design: UML, design patterns, database design, UX/UI design, real-time, communication protocols Languages: Java, JavaScript, Typescript, C/C++, Python, C#, HTML5, XML, CSS, SVG Database: PostgreSQL/PostGIS, DynamoDB, MySQL, Oracle, DB2, MongoDB O/S: Linux, OSX, Windows, AIX, Solaris, HPUX Cloud: AWS (S3, EC2, EB, RDS, Lambda, SQS, SNS, Route 53) UI Frameworks: React, Vue, Angular, GWT, MeteorJS, Bootstrap Industries: IIoT, electronics manufacturing, embedded systems and devices, NGO, military, advertising, financial, warehousing, transportation, medicalRésumé/CV: https://drive.google.com/file/d/0B-MYilVVi1sVZUxFOUdpUFprblkLinkedIn: https://www.linkedin.com/in/paulwujek/GitHub: https://github.com/pwujekEmail: [email protected] Seeking part time job in ML| France (UTC +1) | RemoteTechnologies: Python, Sklearn, Pytorch, Tensorflow, Pandas...Hi, i am a french engineering student, currently following a double master in applied mathematics and computer science (Focus on Data Science). Open to many things and perfectly fluent in english. I wou
(read more)
Ask HN: Who wants to be hired? (August 2021) 33 points by whoishiring 58 minutes ago | hide | past | favorite | 29 comments Share your information if you are looking for work. Please use this format: Location: Remote: Willing to relocate: Technologies: Résumé/CV: Email: Readers: please only email these addresses to discuss work opportunities.Searchers: try https://seisvelas.github.io/hn-candidates-search/. Location: european, living in chinaRemote: yesWilling to relocate: not at this time. maybe in the futureTechnologies: Linux, frontend and backend webdevelopment, prototyping.Résumé/CV: on request (20 years experience with web development, team lead, CTO)Email: see profile.I am open to remote part time contract opportunities (up to 30 hours/week short or long term) as a senior developer, teamlead, CTO, trainer or mentorI am also able to build up a development team for you here in china, to help you enter the chinese market or take advantage of chinese resources. Fifteen years experience in corporate communications and public policy. Interested in helping mid-stage start-ups navigate policy issues.- Location: Seattle and Washington DC- Remote: Yes- Willing to relocate: Maybe- Technologies:lobbying, media relations, coalition building, political strategy- Résumé/CV: https://www.linkedin.com/in/kylemahoney- Email:kylemahoney (at) gmail.com SEEKING WORK | US, Chicago - but remote only for nowSite: https://scottmakes.techPortfolio: https://scottmakes.tech/portfolioContact: https://scottmakes.tech/contact/ || [email protected] ----------------------------------------------------------- Location: US/Chicago Remote: Yes Relocate: In this economy? Frontend: Responsive HTML/CSS, JavaScript, TypeScript, React Backend: NodeJS, PHP Mobile: React Native, Swift, SwiftUI CMS: NextJS, Wordpress, Gatsby, Jekyll, Static Site Ge
(read more)
This is about more than just making a product that looks nice and works well. Because our product lets people build their own apps, we need both to create an app builder that's intuitive and easy to use, and give our users beautiful, well-designed components for them to build their apps from too. You should have a strong aesthetic, and especially experience building complex, data-powered products. You should feel comfortable creating visual designs, working in design systems, and also thinking about product from a much higher level.
(read more)
Launch HN: Tavus (YC S21) – AI-generated personalized videos for sales outreach 34 points by rishabhdhar 5 hours ago | hide | past | favorite | 53 comments Hi HN - Hassaan, Quinn & Rishabh here and we're the founders of Tavus (https://tavus.io/). We generate personalized videos that realistically imitate your gestures and voice. See a short demo at https://video.tavus.io/video?id=2302 and play with it at https://tavus.io/playground/.Companies like Loom and Vidyard have proven the value of personalized videos for sales, onboarding, marketing
(read more)
Major social media platforms fail to take down more than 80% of anti-Semitic posts on their platforms, a new report claims. The Center for Countering Digital Hatred (CCDH) said it reported more than 700 posts containing "anti-Jewish hatred", which had collectively been viewed 7.3 million times. The research covered Facebook, Instagram, TikTok, Twitter and YouTube.Facebook was the worst performer, CCDH said, failing to act on 89% of posts. In its report, called "Failure to Act", CCDH accused several of the tech giants of being "safe places to spread racism and propaganda against Jews". One in sixUsing the reporting tools offered by each platform, its researchers collected 714 posts between May and June - examples it claimed "clearly violated" the social media firms' own policies. It said they included Holocaust denial, and conspiracy theories with false claims about Jews "controlling" governments and banks, or orchestrating world events.They were reported through "ordinary user accounts", rather than one identifying itself as involved with the CCDH. "We found that the platforms acted on fewer than one in six reported examples of anti-Semitism," it said. Each social network had a different sample size of the 714 total posts tracked: Facebook acted on 14 out of 129 posts reported to it (10.9%) Twitter removed 15 of 137 (11%) TikTok removed 22 of 119 (18.5%) Instagram acted on 52 of 277 (18.8%) YouTube took down 11 of 52 (21.2%) On average, the CCDH said 84% of the reported posts were not acted upon. Groups and tagsIt also "tagged" the posts it collected as belonging to certain categories, in the judgement of the researchers. It said that those it tagged as Holocaust denial remained online 80% of the time, while for neo-Nazi content it was 71%. CCDH was also critical of some of the companies for allowing discussion forums for anti-Semitic content to exist, despite any action taken on individual posts. On Facebook, it said that Facebook groups from which it sourced many of its sample posts, with titles such as "Exposing the new world order" and "Exposing Zionism", were still active. On Instagram, TikTok, and Twitter, it criticises the allowed use of hashtags such as "fakejews, #rothschild and #soros, which it says are commonly used to spread anti-Semitic content. And it particularly called out TikTok for banning only 5% of accounts that sent abuse directly to J
(read more)
Machine Learning Operations (MLOps) has come to be an important push for enterprises in 2021 and beyond – and there are clear reasons why this paradigm shift in Enterprise AI is upon us. Most enterprises who have begun data science and machine learning programs over the last several years have had difficulties putting even their promising machine learning models and proof of concept exercises into action, by deploying them meaningfully in production environments. I use the term “meaningfully” here, because the nuances around deployment make all the difference and form the soul of the subject matter around MLOps. In this post, I wish to discuss what ails enterprise AI today, sources of the gaps between production and proof-of-concept, expectations from MLOps implementations and the current state of the discourse on MLOps. Note and Acknowledgement: I have also discussed several ideas and patterns I've seen from experiences I've had in the industry, not necessarily in one company or job, but going back all the way to projects and programs I've been in over the last seven to ten years. I don't mention clients or employers here as a matter of principle, but I would like to acknowledge mentors and clients for their time and energy and occasionally their guidance as well, in the synthesis of some of these ideas. It is a more boundaryless world than before, and great conversations are to be had regardless of one's location. I find a lot of the content and conversations regarding data science on Twitter and LinkedIn quite illuminating - and together with work and clients, the twain have constituted a great environment in which to discuss and develop ideas. What
(read more)
Hi HN,I’m Marcus, I’m the co-founder of Heimdal together with Erik (www.heimdalccu.com). We remove atmospheric carbon dioxide and trap it in materials that are used to make cement. More CO2 is trapped in our process than is re-emitted in cement production.Concrete is responsible for 8% of global CO2 emissions. Cement is usually made from mined limestone, which is one of the largest natural stores of carbon dioxide. Using that to make cement is a bit like burning oil. The world is addicted to concrete, so this problem is not going away. We make synthetic limestone using atmospheric CO2, such that when it is used to make cement, the process is carbon neutral.We were both master's students in engineering at Oxford University in the UK. I decided to write my dissertation on direct air capture of CO2. While looking through existing solutions it struck me that none were sufficient. They all operated a circular process that left them with gaseous CO2 that needed to be stored somewhere. A circular process is one that uses a sorbent to trap atmospheric CO2 but then re-releases the trapped CO2 as a pure gas stream to regenerate the sorbent for re-use. We don't have enough high-quality cheap stores of CO2 to justify such an approach. Storage must be permanent and safe. We realized that by taking a linear approach, we both make the process of capturing CO2 profitable and avoid the problem of where to store the CO2. We make sorbents for trapping CO2 in the form of mineral carbonates,
(read more)
Quoting Wikipedia on the classic social science text, "Exit, Voice, and Loyalty": The basic concept is as follows: members of an organization, whether a business, a nation or any other form of human grouping, have essentially two possible responses when they perceive that the organization is demonstrating a decrease in quality or benefit to the member: they can exit (withdraw from the relationship); or, they can voice (attempt to repair or improve the relationship through communication of the complaint, grievance or proposal for change). For example, the citizens of a country may respond to increasing political repression in two ways: emigrate or protest. Similarly, employees can choose to quit their unpleasant job, or express their concerns in an effort to improve the situation. Disgruntled customers can choose to shop elsewhere, or they ask for the manager. Exit and voice are also two possible strategies for a software user, who might be one person, or an organization of multiple people. If the user would like the software to change, or would like it to stop changing, they can employ either "exit" or "voice". Voice: A user can file bugs, complain, and request that the software developer make the user's desired changes. Exit: Or the user can switch to using some other piece of software which is more to their liking, paying various switching costs, like learning to use the new software. Open source provides a third option: fork For open source software, there's a third option. Both the user and the original software developer have the same power to change the software. So if the original developer refuses to make some change, the user can find some other person with programming skill, and ask (or pay) them to make the change instead. Let's call this ability "fork". That's a bit of a misnomer, because this sense of "forking" doesn't have to be acrimonious or even public. A user might make some private change to the software which they know wouldn't be accepted into the main version, while still making other changes as part of the main community. The ability to fork has implications for "exit" and "voice". Exit is less important for open source In different situations - not just in software - "exit" can be easier or harder. For example, someone working in a small town will have fewer job opportunities than someone working in a big city, so exiting a bad job is harder. Since exit is essentially one's only option if voice fails, people will do things to make exit easier - like taking a job in a big city where there are many other jobs. In software, one of the key influences on the ability to "exit" is portability. Portable software can be used on different platforms or with different dependencies and portable data formats can be read by different programs. For example, if a piece of software "FooSoft" depends on non-portable features of a proprietary library "libprop", the piece of software can't easily stop using the proprietary library. FooSoft and its users are reliant on "voice" to make sure that libprop changes only in good ways. If FooSoft instead only depends on such portable, widely available
(read more)
Wed, May 27, 2020There are not a lot of very strong empirical results in the field of programming languages. This is probably because there’s a huge amount of variables to control for, and most of the subjects available to researchers are CS undergraduates. However, I have recently found a result replicated across numerous codebases, which as far as I can tell makes it one of the most robust findings in the field: If you have a very large (millions of lines of code) codebase, written in a memory-unsafe programming language (such as C or C++), you can expect at least 65% of your security vulnerabilities to be caused by memory unsafety. This result has been reproduced across: Android (cite): “Our data shows that issues like use-after-free, double-free, and heap buffer overflows generally constitute more than 65% of High & Critical security bugs in Chrome and Android.” Android’s bluetooth and media components (cite): “Use-after-free (UAF), integer overflows, and out of bounds (OOB) reads/writes comprise 90% of vulnerabilities with OOB being the most common.” iOS and macOS (cite): “Across the entirety of iOS 12 Apple has fixed 261 CVEs, 173 of which were memory unsafety. That’s 66.3% of all vulnerabilities.” and “Across the entirety of Mojave Apple has fixed 298 CVEs, 213 of which were memory unsafety. That’s 71.5% of all vulnerabilities.” Chrome (cite): “The Chromium project finds that around 70% of our serious security bugs are memory safety problems.” Microsoft (cite): “~70% of the vulnerabilities Microsoft assigns a CVE each year continue to be memory safety issues” Firefox’s CSS subsystem (cite): “If we’d had a time machine and could have written this component in Rust from the start, 51 (73.9%) of these bugs would not have been possible.” Ubuntu’s Linux kernel (cite): “65% of CVEs behind the last six months of Ubuntu security updates to the Linux kernel have been memory unsafety.” And these numbers are in line with what we’ve seen in 0days that have been discovered being exploited. This observation has been reproduced across numerous very large code bases, built by different companies, started at different points in time, and using different development methodologies. I’m not aware of any counter-examples. The one thing they have in common is being written in a memory-unsafe programming language: C or C++. Based on this evidence, I’m prepared to conclude that using memory-unsafe programming languages is bad for security. This would be an exciting result! Empirically demonstrated technical interventions to improve software are rare. And memory-unsafety vulnerabilities are one of the only kind that we know how to completely eliminate, by choosing memory-safe languages. However, it’s critical we approach this question as rational empiricists, and see if the evidence really merits the conclusion that memory-unsafe programming languages are bad for security. Let’s consider the Venn diagram of vulnerabilities: There are vulnerabilities that can exist only in memory-unsafe languages (e.g. buffer overflows or use-after-frees) There are vulnerabilities that can exist in any
(read more)
In the October 1999 Communications of the ACM Lutz Prechelt had an interesting article entitled Comparing Java vs. C/C++ Efficiency Issues to Interpersonal Issues which asked 38 programmers to implement versions of a program in C, C++, or Java. The conclusions showed that Java was 3 or 4 times slower than C or C++, but that the variance between programmers was larger than the variance between languages, suggesting that one might want to spend more time on training programmers rather than arguing over language choice. (Or, suggesting that you should hire the good programmers and avoid the bad ones.) The variance for Java was lower than for C or C++. (Cynics could say that Java forces y
(read more)
This project keeps the Linux Kernel Module Programming Guide reasonably up to date, with working examples for recent 5.x kernel versions. The guide has been around since 2001 and most copies of it on the web only describe old 2.6.x kernels. The book can be freely accessed via https://sysprog21.github.io/lkmpg/ The original guide may be found at Linux Documentation Project. License The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software License. Use of this work is governed by a copyleft license that can be found in the LICENSE file. The complementary sample code is licensed under GNU GPL version 2, as same
(read more)
In an effort to take advantage of an old Rodenstock newspaper enlargement lens that was only being used as a paperweight, photographer Tim Hamilton has constructed an enormous “ultra-large-format” projection camera that he has used to capture unique photos and videos. Hamilton says that the reason he built the device was to make use of the old enlargement lens that he had in his possession. “Before I got the lens, it was being used as a paperweight, and the old photojournalists who worked at the newspaper before the digital transition were saddened by that. So someone handed it to me,” he says. “They are fairly rare and expensive lenses and it’s been begging to be made into
(read more)
Photo: Craig F. Walker/The Boston Globe via Getty Images On Thursday night, with the equivalent of a five-alarm siren, the Washington Post and New York Times, along with other media outlets, blared the major bullet points of an internal CDC slide presentation explaining a recent shift in mask guidance: The Delta variant was “as contagious as chicken pox,” according to the presentation, and “may be spread by vaccinated people as easily as the unvaccinated,” as the Times put it. “The war has changed,” the
(read more)
Background Note: I’ve started writing this article about one year ago (September 2020), but I dropped it at some point. Its final version is way less ambitious than my original plans for it, mostly because I forgot some of things that were on mind back then. Still, better than nothing. A long time ago (in 2011) I wrote about my frustrations with Linux that led me to abandon the OS after having spent quite a lot of time on it. After this article I made one failed attempt to convert to Windows and eventually I settled on macOS for almost a decade. While I was reasonably happy with macOS for most of the time, it never felt like home and I kept longing to revisit Linux. I was also miss
(read more)
The Bike Shed August 15, 2012Volume 10, issue 8   PDF Quality happens only when someone is responsible for it. Poul-Henning Kamp Thirteen years ago, Eric Raymond's book The Cathedral and the Bazaar (O'Reilly Media, 2001) redefined our vocabulary and all but promised an end to the waterfall model and big software companies, thanks to the new grass-roots open source software development movement. I found the book thought provoking, but it did not convince me. On the other hand, being deeply involved in open source, I couldn't help but think that it would be nice if he was right. The book I brought to the beach house this summer is also thought provoking, much more so than Raym
(read more)
This project aims to simplify creation of basic Arduino programs by just editing a UI on Android. Instead of the usual Arduino development cycle: You have just to create your program via the Android UI and send it Arduino via Serial. In order to make the setup work you have to do two things Build and deploy the generic program to your Arduino board in order to do that Include the ArdUI.zip (./arduino-library/generated/c/ArdUI.zip) library (You can include the Library zip can in Arduino IDE via: Sketch -> Include Library -> Add .ZIP Library.) Upload GenericProgram.ino to your Arduino board. That's it! All subsequent changes to the Arduino Program can be done with Android UI now. Technical details Below is a technical description for whats happening under the hood The workflow go as described here a Protobuf file is used to describe the serialization/deserialization of data between Kotlin objects, byte streams and C structures. the Protbuf file used here to describe the data format is located at ./proto/common.proto The Android application allows to create a program in UI which is translated to data classes generated by the Protobuf generator. This data is serialized and sent to Arduino via the Serial. The C program in Arduino deserializes the received bytes and construct the set of instructions to run. The fact that Protobuf is supported for an array of languages allowed us to write programs in Kotlin (for Android), C (for Arduino) and JS (for a NodeJS app) Web interface A NodeJS application is provided too in case you don't have access to an Android phone. The interface is pretty simple and basic; you have 2 text fields: For setup instructions For loop instructions This is the syntax to use for writing instructions: pinmode [input|output|input_pullup] digitalwrite pin [low|high] analogwrite pin value sleep duration Press upload button and it should work. More details can be found Here How bindings are generated? Java bindings This is generated using the wire library, the gradle plugin seemed like the easiest way, all you need is for this case is to include wire { sourcePath { srcDir '../../proto' } kotlin{} } in your build.gradle file, and it will keep your generated stub up to date with the protobuf spec. C bindings The C binding is generated with nanopb library; it is a small code-size Protocol Buffers implementation in ansi C. It is especially suitable for use in microcontrollers, but fits any memory restricted system. C bindings are generated for our project with the following steps: clone the repository locally git clone https://github.com/nanopb/nanopb.git generate the bindings from .proto files: NANOPB=path/to/nanopb ${NANOPB}/generator/nanopb_generator.py \ -D ./arduino-library/generated/c \ -I ./proto \ common.proto copy the utility nanopb files: cp ${NANOPB}/pb_common.h \ ${NANOPB}/pb_common.c \ ${NANOPB}/pb_decode.h \ ${NANOPB}/pb_decode.c \ ${NANOPB}/pb.h \ ./arduino-library/generated/c zip -j ./arduino-library/generated/c/ArdUI.zip ./arduino-library/generated/c/*.h ./arduino-library/generated/c/*.c You can include the Library z
(read more)
%PDF-1.2 %���� 2 0 obj << /Length 4723 /Filter /FlateDecode >> stream H��W�n��}�W  n�����^mv��`�"��鑸�^4�|}NU�6��1$��Y]]u�ԩv����7�fwxǛ�D. �ٸ( R��_���Wo~��6�wū;������mku��]�����w��_��x�kz�����m��m$��l� �`�G��д}~_Ve�Lf���|[����۪Oe�HFRu#���ܱ�7?Y�:�q�� ��Z8v�N���,'��=��?t�>�6��b�ql`���W�T�óx�OC�_�F�>w�?v���Ǻ|�m'�û�
(read more)
Resources Download Source CodeSummary # Terminal rails new template --skip-javascript bin/rails g scaffold products name color "price:decimal{8,2}" sku bundle add faker bundle add hotwire-rails bin/rails hotwire:install# db/seeds.rb 100.times do Product.create( name: Faker::Lorem.word, color: Faker::Color.hex_color, price: Faker::Commerce.price, sku: Faker::Number.number(10) ) end# views/products/index.html.erb <% @products.each do |product| %> <%= content_tag :tr, id: dom_id(product) do %> <%= product.name %> <%= product.color %> <%= product.price %>
(read more)
To combat thieves, Home Depot is introducing power tools that won't work if they're stolen. Home Depot executive Scott Glenn spoke to Insider about the company's efforts to stymie shoplifters. He said the goal is to stop thieves without looking like an "armed encampment." Loading Something is loading. Home Depot has a clear message for professional shoplifters: Stay away.The home-improvement chain is unveiling power tools that won't work unless they're properly scanned and activated at the register via Bluetooth technology. If a thief managed to smuggle a power drill out of the store without paying, the drill simply wouldn't turn on.Scott Glenn, Home Depot's vice president of asset protection, told Insider about the company's fight against organized retail crime. He made a point to distinguish between "professional shoplifters" and disorganized solo thieves. The pros, he said, frequently are connected to a larger network that can, in some cases, function as a sophisticated "shadow business.""There are very organized groups where the leaders at the top are recruiting people that are drug-dependent, homeless, or down on their luck and offering them incentives and providing shopping lists to go out and bring back certain products," Glenn said. "At the top levels of these hierarchies, there are absolutely good administrators that understand the return on their money." The trade publication Loss Prevention Media defines organized retail crime as "any organized criminal, conspiratorial attack on the retail establishment" that involves "two or more persons engaged in illegally or fraudulently obtaining retail merchandise, tender, confidential data, and customer personally identifiable information for the sole purpose of converting it into criminal financial gain."Organized retail crime costs retailers an average of $719,548 per $1 billion in sales, a 2020 survey from the National Retail Federation found — a nearly 60% increase from 2015.E-commerce is changing the game for professional shoplifting consortiums. While some brick-and-mortar pawn shops and flea markets still "fence" stolen goods, illegal operations have increasingly been able to disguise their crimes among legitimate online resellers.Read more: Compare
(read more)
Where I currently work we are all in on event-driven architecture. For our DLQs, we have alerts on when the queue is growing in size or if messages are in the queue too long. When those alerts come in, we manually move the messages back to the normal queue for reprocessing and if they get DLQed again after that we will look into the reason it is failing.One of the benefits of this architecture for us is the ability to easily share information between services. We utilize SNS and SQS for a pub/sub architecture so if we need to expose more information we can just publish another type of message to the topic or if we need to consume some information then we can just listen to the relevant topic.There are two big issues that I've run into while at this company. One is tracking down where events are coming from can be a big pain, especially as we are replacing services but keeping message formats the same. The other big issue is setting up lower environments (dev,qa,etc) can be difficult because you pretty much need the entire ecosystem in order for the environment to be usable, which requires buy-in from all teams in the organization I guess it's still harder to track down event emitters, but have you tried using bitbucket or GitHub code search to search all of your repos at once? Yea, I have use GitHub search in a pinch and sometimes it is helpful enough to show me exactly where to look. Unfortunately, though, there are several events we emit that are many layers of string concatenation, so GitHub search may narrow it down to 4 or so places and I have to manually go from there. "Everything looks like a red thumb when you're holding a golden hammer."Events are a part of a greater whole. It's a tool that you can use to solve certain data flows, but not all data flows. When you start taking more liberty with the word "eventually," you are almost certainly in a realm where event-driven makes the most sense. CQRS is a pretty good example of using many architectures (including event-driven) under a single greater architectural umbrella, and the thought patterns it introduces you to are incredibly useful. But no architecture is gospel, not even close.Any "pure" architecture is the tail wagging the dog. The problem comes first, the solution comes second, the architecture comes third. Monolith is easier to handle. With microservices, any network connection could break, you need a lot more code to handle all that complexity and orchestration. Not sure if there are any communities. My general advice is to invest as much as possible in a good logging solution, traceability, and just general things to make debugging easier. Come up with a way to replay events easily. You'll thank yours
(read more)
→ Listen to this story on Racket.“You just learn one thing, and that’s the browser,” quipped Bill Gates while showcasing the then-upcoming Windows 98.The empire that Microsoft had built piecemeal—software languages here, DOS and Windows there, Office and a software ecosystem tying it all together—was suddenly threatened by the web. The earliest web apps promised you could run anything, anywhere. A browser, not the latest operating system, was all you’d need.Ignoring the web wasn’t possible. Microsoft’s infamous Embrace, Extend, Extinguish philosophy would have to work instead.So they acquired Hotmail, one of the first web apps, and built the web so deeply into Windows 98 the US Government would accuse Microsoft of using Internet Explore to maintain a monopoly.Gates correctly recognized that browsers were the last app we’d learn how to use, that so much of the software to come would be browser-based SaaS.Yet somehow, it seems unlikely he’d have imagined that decades later, a browser would be all you’d need to run Windows 98—or at least a facsimile its most memorable features.Rebuilding the past.We run everything in the browser today: Slack, and Figma, and Superhuman, and Airtable, and Google Docs, and so many of the other tools that make today’s work happen.So why not run Windows in the browser, too?That was—in part—the idea that got ctrlz and their fellow students to painstakingly recreate the Windows of the ’90’s in the browser with Windows 96. It’s a passion project that lets you relive some of your formative computing memories—and it started with a chance encounter.“Back around 2016, I saw the Ubuntu online tour,” wrote ctrlz, before coming across the Windows 93 online desktop the following year. “I was fascinated with the concept of running a web desktop inside the browser”—even if these earlier attempts were largely non-functioning demos. So they set out to build their own. Unlike so many of the other web desktops—including Microsoft’s own Live Mesh—ctrlz’s project wouldn’t try to imagine what the future could look like, rethink how a desktop could look if it lived in the browser. It’d recreate computing’s past, in a brand new way.And so, hand-me-down MacBook Pro in hand, ctrlz started coding first a Windows XP-style web desktop built with static images in 2017, then a Windows 10-style UI in 2018. But newer didn’t make it better. “I wasn't happy with the way it looked,” said ctrlz, “so I eventually settled for a 9x interface in early 2019, when I decided to go ahead and make something of it.”Soon enough, they and a team of students had recreated the operating system they’d first used on aging school computers—rebuilt using the latest web tech.“I'm compelled to say ‘Magic’,” replied ctrlz when asked how they got so many things to work in their browser-OS, “but really, it’s a combination of WebAssembly and also intense problem solving.” It took a month to build the file system, something ctrlz is most proud of, while UTF-4096, another team member, is still working to build an AirDrop-style peer-to-p
(read more)
2 What are you doing this week? ☶ ask programming authored by caius 1 hour ago | 2 comments What are you doing this week? Feel free to share! Keep in mind it’s OK to do nothing at all, too. caius 1 hour ago | link Holiday. 😄
(read more)
The most highly valued Leonardo Codex of the last few years, whose original was purchased in 1994 by Bill Gates for $ 30,000,000 This work faithfully reproduces the original codex. The English translation is reproduced together with the original text, making it suitable not only for scientific study and research, but also for immediate consultation. The leicester codex, also known as the "Hammer" codex from the name of the american millionaire who owned it before Bill Gates, was compiled bet
(read more)
A large blaze at Victoria’s “big battery” project has been brought under control by firefighters after burning for more than three days, allowing investigators to begin examining the site.A Tesla battery bank caught fire while it was being set up in Moorabool on Friday morning, and then spread to a second battery.The fire burned throughout the weekend and into a fourth day, before it was declared under control just after 3pm on Monday.Fire crews will remain at the site for the next 24 hours “as a precaution in case of reignition” and will take temperature readings every two hours, the Country Fire Authority said.Investigations into how the fire started will soon begin with multiple
(read more)
FREEAccount InformationConnect to more than 1,000 banks in Europe and access banking dataGreat coverageWe provide connections to 1,000 banks in Europe. Live across 31 countries, including EU and UK.Fast & powerfulWe’re connected to PSD2 bank APIs. Service uptime and data quality ensured by European banks.Totally freeOur Account Information service is completely free of charge. No usage fees or commitments.Get bank data with consent using real bank APIsAccess account holder’s name, bank account numbers, transactions and account balances. For personal and business accounts.View API documentationBuilt for developersConnecting to major European bank APIs is time consuming. We aggregate these
(read more)
One of the goals of the Psycopg 3 project is to make easy to port code developed from Psycopg 2. For this reason the creation of a Django backend (the module you specify in the settings as your database ENGINE) was a project with a double goal: A Django driver is a way to make Psycopg 3 useful from the start, with the possibility of dropping it in a project transparently and have available, when needed the new features offered (for instance the superior COPY support). The difficulty of introducing Psycopg 3 in the Django codebase and the type of changes required are indicative of the type of problems that could be found porting other proj
(read more)
The first time I opened Peter Singer’s “Animal Liberation,” I was dining alone at the Palm, trying to enjoy a rib-eye steak cooked medium-rare. If this sounds like a good recipe for cognitive dissonance (if not indigestion), that was sort of the idea. Preposterous as it might seem, to supporters of animal rights, what I was doing was tantamount to reading “Uncle Tom’s Cabin” on a plantation in the Deep South in 1852. Singer and the swelling ranks of his followers ask us to imagine a future in which people will look back on my meal, and this steakhouse, as relics of an equally backward age. Eating animals, wearing animals, experimenting on animals, kill
(read more)
This post is a summary of content from papers covering the topic, it's mostly quotes from the papers from 1983, 1993 and 1997 with some edition, references to the present and future depend on the paper but should be easy to deduce. See the Sources section at the end. Introduction In 1981, the emergence of the government-industry project in Japan known as Fifth Generation Computer Systems (FGCS) was unexpected and dramatic. The Ministry of International Trade and Industry (MITI) and some of its scientists at Electrotechnical Laboratory (ETL) planned a project of remarkable scope, projecting both technical daring and major impact upon the economy and society. This project captured the imagination of the Japanese people (e.g. a book in Japanese by Junichiro Uemae recounting its birth was titled The Japanese Dream). It also captured the attention of the governments and computer industries of the USA and Europe, who were already wary of Japanese takeovers of important industries. A book by Feigenbaum and McCorduck, The Fifth Generation, was a widely-read manifestation of this concern. The Japanese plan was grand but it was unrealistic, and was immediately seen to be so by the MITI planners and ETL scientists who took charge of the project. A revised planning document was issued in May 1982 that set more realistic objectives for the Fifth Generation Project. Previous Four Generations First generation: ENIAC, invented in 1946, and others that used vacuum tubes. Second generation: IBM 1401, introduced in 1959, and others that used transistors. Third generation: IBM S/360, introduced in 1964, and others that used integrated circuits. Fourth generation: IBM E Series, introduced in 1979, and others that used very large-scale integrated circuits, VLSI which have massively increased computational capacity but are still based on the Von Neumann architecture and require specific and precise commands to perform a task. FGCS was conceived as a computer that can infer from an incomplete instruction, by making use of the knowledge it has accumulated in its database. FGCS was based on an architecture distinct from that of the previous four generations of computers which had be
(read more)
Not only did Valve announce Steam Deck in July but the overall Linux gaming marketshare according to the Steam Survey also hit a multi-year high. According to the Steam Survey numbers out today for July 2021, Steam on Linux hit a 1.0% marketshare, or a +0.14% increase over the month prior. This is the highest we have seen the Steam on Linux marketshare in a number of years and well off the lows prior to introducing Steam Play (Proton) since which point there has been the gradual increase in marketshare. Back when Steam on Linux first debuted there was around a 2% marketshare for Linux before gradually declining. Back when Steam first debuted for Linux, the overall Steam customer base was also much smaller than it is today. While many believe the Steam Survey is inaccurate or biased (or just buggy towards prompting Linux users to participate in the survey), these initial numbers for July are positive in hitting the 1.0% mark after largely floating around the 0.8~0.9% mark for most of the past three years. The Steam Deck isn't shipping until the end of the year so we'll see how the number fluctuates to that point. It could be that some have decided to re-try Linux gaming following Valve's announcement in July or could also just be a combination fo factors given the summer mon
(read more)
Happiness Engineer As a Happiness Engineer, you love helping people. Transforming publishing on the web is no small task. Our goal is to build relationships based on trust, resulting in happy, passionate, loyal customers and colleagues. We do this by listening to our customers’ needs and guiding them to the fullest use of the products we offer. We are looking for people with the right mix of compassion, writing skills, and technical knowledge to get the job done. Are you interested in learning more about how our team works? Check out what Happiness Engineers have to say about their work. In general, a typical day involves: Being an active member of a global team that provides 24/7 support via live chat, tickets, one-on-one screen share sessions, and forums.  Helping people use Automattic’s products, including WordPress.com, WooCommerce, Jetpack, Tumblr, and more. Troubleshooting, investigating, and creating detailed bug reports. Building a community of support by sharing knowledge and helping team members around the world. Being a Happiness Engineer requires: Mid to high proficiency with WordPress, HTML, and CSS. Experience providing technical support to customers, particularly via live chat, tickets, telephone, or forums. Excellent written and communication skills, with a knack for taking technical language and making it understandable for the general public. A passion for solving challenging problems and proposing elegant solutions. Solid ability to identify and accurately document technical issues. An intense intellectual curiosity and an eagerness to share knowledge with others. Patience, grace, and a sense of humor. Happiness Engineers must be fluent and eloquent in written English. If you know additional languages, please be sure to tell us. An ideal candidate: Has created three or more WordPress websites. Has experience installing and configuring WordPress plugins and themes. Is adept at troubleshooting technical issues. Has experience creating bug reports. Has experience providing technical support to customers via telephone, tickets, live chat, or forums. HOW TO APPLY Write a cover letter to let us know what you can contribute to the t
(read more)
In a recent HN thread I came across the following comment: For tech-heavy programming/operations how-to or bugfix content, Stack Overflow killed those for me. I can absolutely relate to this. There are many things I didn’t write about because a complete SO answer, with several alternatives, already existed. But I’ve realized that there is room for technical content that describes solutions based on experience with tools or with a very specific use-case. This type of content is not for the same target audience as SO. It’s for a more experienced dev who is looking to solve a very specific issue. The more experienced dev is less likely to post the question in the first place and more likely to hack a solution of their own. It would also be too niche for Stack Overflow because it takes a lot of time to research and is often dependant on context. Here are some examples. Solutions that are pieced together to fit a very specific use-case There are often situations where Stack Overflow answers offer only individual pieces of the solution and you must then piece them together to fit your use-case. With experience, you’re better able to put those pieces together. For example, my blog has had thousands of hits on a 5+ year old post describing how to set up Active Directory and database login in parallel on Rails. When I wrote it there were several answers on Stack Overflow on how to set up LDAP login but none of them covered my entire use case. Solutions or things you learned because you’re able to read the source or the docs Reading the docs and the source code are learned skills. If you’re able to do that, and you come up with solutions, or learn interesting things, then that’s worth writing about. For example, I copied the compatibility list for mysql2 gem versions and MySQL server that was only found on the bottom of the rdoc page of the mysql gem in point list form that I had missed at least three times previously. Solutions you came up with because you are skilled enough to override or extend part of a library With experience, you can come up with solutions that modify libraries. This is helpful because it means not havi
(read more)
Colour palettes are a mystery in and of itself. Fluent Design, Material Design, Tailwind or even Bootstrap have them, and the colours have colour labels. I always wondered where these numbers are coming from until I recently had enlightenment. All palettes follow the same order from lighter to darker colours, with the regular colour somewhere in the middle range. Here are some examples of the most popular Frameworks. Material Colour System Bootstrap Colour System Tailswind Colour System Origins of the values of the numbers As far as I know, the first design system that introduces the numbers attached to the colours was Material Design. For a long time, I wondered where these values come from until it clicked yesterday. The lightest colour uses a 50 or 100, the darkest colour range s
(read more)
Guido van RossumSep 2, 2019·1 min readMy series of blog posts about PEG parsing keeps expanding. Instead of updating each part to link to all other parts, here’s the table of content:PEG ParsersBuilding a PEG ParserGenerating a PEG ParserVisualizing PEG ParsingLeft-recursive PEG GrammarsAdding Actions to a PEG GrammarA Meta-Grammar for PEG ParsersImplementing PEG FeaturesPEG at the Core Developer SprintA video of a talk I gave about this topic at North Bay Python is up on YouTube: Writing a PEG parser for fun and profitUpdate: April 2, 2020. In case you are wondering what’s happening, we now have PEP 617 up, which proposes to replace the current parser in CPython with a PEG-based parser.License for this article, the series, and the code shown: CC BY-NC-SA 4.0
(read more)
In the [previous post I talked about how to generate input strings from any given context-free grammar. While that algorithm is quite useful for fuzzing, one of the problems with that algorithm is that the strings produced from that grammar is skewed toward shallow strings. For example, consider this grammar: Important: Pyodide takes time to initialize. Initialization completion is indicated by a red border around Run all button. To generate inputs, let us load the limit fuzzer from the previous post. The Fuzzer The generated strings (which generate random integers) are as follows As you can see, there are more single digits in the output than longer integers. Almost half of the generated strings are single character. If we modify our grammar as below and run it again you will notice a lot more three digit wide binary numbers are produced. In fact, now, more than one third of the generated strings are likely to be three digits. This is because of the way the grammar is written. That is, there are three possible expansions of the nonterminal, and our fuzzer chooses one of the expansions with equ
(read more)
Giving consumers better access to, and control of, their financial data is a major trend in fintech.A whole set of challengers are now dedicated to the ‘open banking’ mission, including Moneyhub, Yolt and Tink (which was recently bought by Visa for €1.8bn). These companies allow users to ‘open up’ and share their bank data with other parties, charging their clients for the privilege. But open banking has so far seen slow adoption. Active users in the UK reached 3m in January 2021, well behind previous predictions of 33m by 2022. This has reignited a debate about whether startups should be making money from open banking services.The conversation has also extended to ‘open finance’ — which extends data-sharing capabilities beyond just banks to include pension funds, saving accounts and other assets. But unlike open banking, access to open finance data is currently unregulated, prompting further questions about consumer protection.What will lead to the mass adoption of open banking? And will the rise of free open banking providers disrupt the space?Sifted spoke to the experts to find out.To pay or not to pay Fintechs like Plaid, TrueLayer and Tink have founded their businesses on providing access to regulated banking data for a fee, servicing a vast array of finance apps like Freetrade, Plum and Emma.Under current banking regulation, raw data must be provided for free to consumers via an official application programming interface (or API). As a result, the apps pick up the cost on behalf of their users.But not everyone believes raw bank data should come at a price to third parties. Back in December, Latvia-based
(read more)
Pegasus affairIsrael Tries to Limit Fallout from the Pegasus Spyware ScandalIsrael has been trying to limit the damage the Pegasus spyware scandal is threatening to do to France-Israel relations. The Moroccan intelligence service used the software, made by an Israeli company with close ties to Israel’s defense and intelligence establishments, to spy on dozens of French officials, including fourteen current and former cabinet ministers, among them President Emmanuel Macron and former prime minister Edouard Phillipe. It would not be unreasonable for the French intelligence services to assume that there was a measure of Israeli spying on France involved here, with or without the knowledge of the Moroccans. Macron, in a phone conversation with Israel’s prime minister Naftali Bennett, pointedly asked for an explanation.Benny Gantz, Israel’s Defense Minister and a former Chief of Staff, on Wednesday visited Paris on a damage-control mission. His goal: To try to pacify the angry French authorities following the revelations that a sophisticated piece of spyware, produced by an Israeli spyware firm, was sold to Morocco with the approval of the Israeli Ministry of Defense. The Moroccan intelligence service used the software to spy on opposition figures, journalists, and civil society activists in Morocco – but also on dozens of French officials, including fourteen current and former cabinet minist
(read more)
2. Inspectional ReadingInspectional reading actually has two sub-types- systematic skimming, and superficial reading. The main question this level of reading is trying to answer is “What is the book/article about?2.1 Systematic SkimmingThis can be applied to almost everything you read so I will take an example of an article here.First, you look at the title of the article and if it’s appealing, you open it.  Then you scroll through the article and read the sub-heads to see what the article is all about. If it seems interesting, you scroll back to the top and read the first 30-50 words of
(read more)
Network segmenting firewall, DHCP, DNS with Unbound, domain blocking and much more OpenBSD: 6.9 · Published: 2020-11-05 · Updated: 2021-07-21 · Version: 1.9.4 Introduction In this guide we're going to take a look at how we can use cheap and "low end" hardware to build an amazing OpenBSD router with firewalling capabilities, segmented local area networks, DNS with domain blocking, DHCP and more.We will use a setup in which the router segments the local area network (LAN) into three separate networ
(read more)
%PDF-1.4 %���� 48 0 obj <> endobj xref 48 21 0000000016 00000 n 0000001123 00000 n 0000001240 00000 n 0000001594 00000 n 0000002165 00000 n 0000003349 00000 n 0000003384 00000 n 0000003642 00000 n 0000004267 00000 n 0000004378 00000 n 0000006156 00000 n 0000006664 00000 n 0000006945 00000 n 0000007458 00000 n 0000008003 00000 n 0000008270 00000 n 0000008860 00000 n 0000011509 00000 n 0000042014 00000 n 0000068782 00000 n 0000000716 00000 n trailer <<669E4A580B49C149A780A59D02D26DBD>]>> startxref 0 %%EOF 68 0 obj <>stream x�b```b``vd`e`�|� Ȁ�@16
(read more)
A prevailing assumption, among firms and regulators alike, is that misconduct problems can be discovered only after they occur: a ‘detect and correct’ mindset. But we’re beginning to see the emergence of a ‘predict and prevent’ approach to managing conduct risk in organizations.  In her landmark study into the causes of the 1986 space shuttle Challenger disaster, sociologist Diane Vaughan expected to find that NASA managers and engineers had violated established rules and processes. Instead, she found that the disastrous launch decision was arrived at through “conformity to cultural beliefs, organizational rules and norms, and NASA
(read more)
At the risk of alienating most of the readership of this magazine, here is a confession. I hated Python for a very long time. My issue was not with the language per se, even though the indentation rules have put me off for a while. No, the reason I kept myself away from Python was the unfortunate contact with some (too many for my taste) hubris-filled Python developers. Well, that, and the no man’s land that was the transition between Python 2 and 3. That was, of course, unfortunate. But after a few years, pragmatism naturally brought me back to Python again; not so much the language per se, which I now neither like nor dislike, but the sheer amount of libraries available (and their excellent quality). Another big contributing factor to this renewed interest in Python was the long aw
(read more)
August 2021 The mental minefield of capex and opex In my parent's childhood it was more common for milk to be delivered weekly (or twice weekly) by a milkman than to go to a shop to buy it. Milk was a subscription service and that made a lot of sense, especially as the milkman also sold eggs, bread and other staples. Unusually, where I live there is still a milkman. The bottles are made of glass. When they are empty they are rinsed and then left out for the milkman to collect next time and so are reused. The only (recyclable) wa
(read more)
Muboard is a tiny utility that runs a mathematics display board as a web page. Muboard lets you quickly scribble mathematics snippets using Markdown and LaTeX while presenting your desktop screen to others during real-world or virtual meetings. Contents Get Started Distributable Boards Features Why? Channels License Support Get Started To get started with using Muboard, click here and start typing Markdown + LaTeX input at the text field at the bottom. Here is an example screenshot that shows how Muboard with some content looks like: Distributable Boards Muboard can be used to create distributable boards. To try it out, copy and paste the code below into an HTML file with .html extension: <!DOCTYPE html> # The Möbius function For any positive integer $ n $, the Möb
(read more)
I have nothing to say here about pregnant women. My title refers to the words “pregnant women,” a phrase not henceforth to be uttered in Harvard’s Department of Human Evolutionary Biology. The permissible phrase is “pregnant people,” so as to include, for example, trans men carrying unborn babies.  If you think I am writing parody or have launched on some outlandish extrapolation from a more plausible scenario, I am not. Harvard’s Dr. Carole Hooven was interviewed by Fox News; the Daily Mail reprised that interview in this report, and the story was subsequently picked up by the NY Post. Hooven, Lecturer on Human Evolutionary Biology at Harvard, argued for retaining use of terms such as “male,” “female,” and “pregnant women” as having scientific meaning. An indi
(read more)
Video-conferencing firm Zoom has agreed to pay $86m (£61.9m) to settle a class action privacy lawsuit in the US.The lawsuit alleged that Zoom had invaded the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn.It also accused Zoom of misstating that it offers end-to-end encryption and for failing to prevent hackers from "zoombombing" sessions.The firm denied any wrongdoing, but has agreed to boost its security practices.The preliminary settlement, which also includes a provision that Zoom will give its staff specialised training in data handling and privacy, is still subject to approval by US District Judge Lucy Koh in San Jose, California.A Zoom spokesman said: "The privacy and security of our users are top priorities for Zoom, and we take seriously t
(read more)
A few weeks ago the messaging service WhatsApp sued the Indian government over new legislation that could undermine its end-to-end encryption (E2EE) software. The legislation requires, among other things, that social media and messaging companies must include the ability to “trace” the source of harmful viral content. This tracing capability has been a major issue in India due to several cases of misinformation content that led to brutal mob attacks. The ostensible goal of the new legislation is to make it possible for police to track down those who originate or disseminate this content. Put simply, what the authorities want is a means to identify a piece of content (say, a video or a meme) that has gone to a large group of people, and then trace the content back to the Wha
(read more)
Is it fair for a judge to increase a defendant’s prison time on the basis of an algorithmic score that predicts the likelihood that he will commit future crimes? Many states now say yes, even when the algorithms they use for this purpose have a high error rate, a secret design, and a demonstrable racial bias. The former federal judge Katherine Forrest, in her short but incisive When Machines Can Be Judge, Jury, and Executioner, says this is both unfair and irrational.1One might think that the very notion of a defendant having his prison time determined not just by the crime of which he was convicted, but also by a prediction that he will commit other crimes in the future, would be troubling on its face. Such “incapacitation”—depriving the defendant of the capacity to commi
(read more)
I got bit by the TypeScript bug hard a few years ago. Having the compiler to lean on has made me much more productive and confident in my work.But I know a lot of people don’t feel this way. We don’t always get autonomy in what tools we use, so sometimes people are forced onto TypeScript against their preferences. And people can often get stuck feeling like they have to fight against the compiler, or at least continually contend with its nagging.Most people understand that TypeScript adjusts some tradeoffs in the effort we apply to a project. In normal JS, you can get something up and running quickly, but may have to spend much more time addressing bugs or edge cases. Where with TS, you put in more work up front, and have to do less fiddling with small things, as the compiler will catc
(read more)
It wasn’t always a misnomer. At one point, Red Delicious apples were among the most highly coveted apple varieties in the United States — and they had a flavor to match. In 2018, however, we saw the end of the Red Delicious apple’s long reign. Gala apples, with their mottled hues and mild sweetness, took the lead, marking the first time in more than 50 years that any apple’s sales surpassed those of the Red Delicious. It’s a no-brainer: Given the wide array of apple cultivars to choose from nowadays — and with even more varieties emerging every year — who would opt for the tough skin and mealy flesh of a Red Delicious (or what Yankee senior food editor Amy Traverso calls “a mouthful of roughage”)? But did you know there’s an identifiable reason for the downfall
(read more)
This is a fascinating question. The other answers here are all speculative, and in some cases flat-out incorrect. Instead of writing my opinion here, I actually did some research and found original sources that discuss why delete and put are not part of the HTML5 form standard. As it turns out, these methods were included in several, early HTML5 drafts (!), but were later removed in the subsequent drafts. Mozilla had actually implemented this in a Firefox beta, too. What was the rationale for removing these methods from the draft? The W3C discussed this topic in bug report 10671. Mike Amundsen argued in favor of this support: Executing PUT and DELETE to modify resources on the origin server is straight-forward for modern Web browsers using the XmlHttpRequest object. For unscripted browse
(read more)
Try shadowing.Shadowing is basically just playing audio and repeating what you hear as soon as you hear it. You can do it by just watching Netflix/youtube. The ideal setup is a pair of headphones and microphone that plays your own voice back into your headphones to help you hear yourself.Focused shadowing sessions will increase your awareness of sounds that differ in your current spoken voice and your goal.One more thing: Watch out for 'small' mistakes in your writing. No space between a period and the next sentence. Pronoun 'I' not being capitalized. Spelling mistakes. They tend not to cause communication problems but may label you as having weak English because of them.
(read more)
Although the main interface between applications and a Vitess database is through the MySQL protocol, Vitess is a large and complex distributed system, and all the communication between the different services in a Vitess cluster is performed through GRPC.Because of this, all service boundaries and messages between Vitess' systems are specified using Protocol Buffers. The history of Vitess' integration with Protocol Buffers is rather involved: We have been using and keeping up to date with the Go Protocol Buffers package since its earliest releases, up until May last year, when Google released a new Go API for Protocol Buffers, which is not backwards compatible with the previous Go package.There are several reasons why we didn’t jump at the chance of upgrading to the new API right away: the upgrade is non-trivial, particularly for a project as large as Vitess; it does not provide any tangible benefits to us, since our use of Protocol Buffers is quite basic, and we don’t use reflection anywhere in our codebase; and most importantly: it implies a very significant performance regression.Although the new (un)marshaling code in ProtoBuf APIv2 is not measurably slower than the one in APIv1 (it is, in fact, mostly equivalent), Vitess hasn’t been using the APIv1 codecs for a while. Earlier this year, we introduced the Gogo ProtoBuf compiler to our codebase, with really impressive performance results.For those who are not aware of it, Gogo ProtoBuf is a fork of the original ProtoBuf APIv1 that includes a custom code generator with optional support for many performance related features. The most notable of them, and the one we enabled for Vitess, is the generation of fully unr
(read more)
How to write really slow Rust code How I tried to port Lisp code to Rust and managed to get a much slower program... and how to fix that! Written on 31 Jul 2021, 10:50 AM Photo by Sam Moqadam on Unsplash I have recently published a blog post that, as I had expected (actually, hoped for, as that would attract people to contribute to the “study”), generated quite some polemic on the Internet! The post was about an old study by Lutz Prechelt comparing Java to C/C++, as well as a few follow-up papers that added other languages to the comparison, including Common Lisp and a few scripting languages. I decided to try and see if the results in those papers, which ran their studies 21 years ago, still stand or if things changed completely since then. I couldn’t get a bunch of students, let alone professional programmers, to write programs for my “study” in multiple languages, so I did the next best thing and ported the arguably most common approach to the problem (based on code by Peter Norvig, no less) to other languages: Java, Rust, and later also Julia and Dart. The results were shocking: Rust was one of the slowest languages! It had the lowest memory usage, but also the highest LOC (lines-of-code) if I included only the implementations of the same algorithm. Today, I want to appease angry Rust fans and other concerned parties by showing exactly why my Rust code was so slow, and how with a few small fixes, it can outperform the other languages in the “competition”, at least in performance (and as I found out, for certain kinds of inputs only). Thanks to the Rust fans who took a lot of their free time to show me just why my Rust code was so slow and how
(read more)
The rise of never-ending job interviewsSome companies are asking candidates to attend multiple interviews. But too many rounds could be a red flag – and even drive candidates away.EEvery jobseeker welcomes an invitation to a second interview, because it signals a company’s interest. A third interview might feel even more positive, or even be the precursor to an offer. But what happens when the process drags on to a fourth, fifth or sixth round – and it’s not even clear how close you are to the ‘final’ interview?  That’s a question Mike Conley, 49, grappled with earlier this year. The software engineer, based in Indiana, US, had been seeking a new role after losing his job during the pandemic. Five companies told him they had to delay hiring because of Covid-19 – but only after he’d done the final round of interviews. Another three invited him for several rounds of interviews until it was time to make an offer, at which point they decided to promote internally. Then, he made it through three rounds of interviews for a director-level position at a company he really liked, only to receive an email to co-ordinate six more rounds.  “When I responded to the internal HR, I even asked, ‘Are these the final rounds?’,” he says. “The answer I got back was: ‘We don’t know yet’.”  That’s when Conley made the tough decision to pull out. He shared his experience in a LinkedIn post that’s touched a nerve with fellow job-seekers, who’ve viewed it 2.6 million times as of this writing. Conley says he’s received about 4,000 public comments of support, and “four times that in private comments” from those who feared being tracked by current or prospective employers.  “So many people told me that, when they found out it was going to be six or seven interviews, they pulled out, so it was a bigger thing than I ever thought it was,” he says. Of course, Conley never expected his post would go viral, “but I thought that for people who had been on similar paths, it was good to put it out there and let them know that they’re not alone”.  In fact, the internet is awash with similar stories jobseekers who’ve become frustrated wit
(read more)
Dekel Entrepreneur. R&D consultant. Geek. Aug 1 ・5 min read Intro & Background If you have some experience with React, you probably came across styled-components. In the last few years, the concept of css-in-js became more popular, and there are multiple libraries that are available for us to use. styled-components is one of them, but you can also find Emotion, Radium, JSS, and more. In this post I'm not going to cover the pros and cons of traditional stylesheet files vs. styled-components, and instead - I'm going to focus on tagged template literals - the "magic" that let us use the styled-components syntax. styled-component basics - a quick reminder Let's take the following simple syntax for example: The StyledDiv in the example above is actually a React component that returns a div block with the css of color: red; font-weight: bold;. Well... kind of. Actually - it's a bit more complicated than that.
(read more)
A major part of our mission as a company is to empower people. So naturally, at Qbix, we give a lot of thought to the best ways of doing that. This post describes a compensation model that we have designed, which clearly rewards people for their contributions, and actually drives everyone to compete in how much they can contribute to a product’s bottom line. We call it the Qbix Compensation Model. Feel free to use it at your own company, and share it with others. What Usually Happens Say you’ve got an app or website that’s generating some revenues, and you’d like to grow them. As the owner and biggest stakeholder, you have to keep obsessing and coming up with a list of ideas to try raise a budget to pay your employees (developers, designers) to build it set up a system to measure the impact of these new features launch the features and A/B test their impact finally, pay everyone on time and hope the features justified the expense When you have a project, especially an open source project, major contributions can come from anywhere. Wouldn’t it be nice if people with the right skills could come and help you grow your revenues? Wouldn’t it be great if they’d be excited to keep doing it? They just might, if you could compensate them for it. Behold: Qbix Compensation Model So you’ve got a product that’s already generating $X / week in profit after expenses. It’s pretty good, but you’ve got a lot of room for improvement. A developer comes along and offers to build a feature that could potentially double or triple your revenue. Maybe they can improve your user engagement, retention, or viral coefficient. Maybe they can design some cute digital goods or useful features that can be purchased in the app. If your project is open source and you actually publish your metrics online, the right person might just come along to help you improve them. The key idea behind the QCM is that your product’s revenue is the bottom line that you obtain from multiplying all the little factors that go into it. Double day-7 user retention from 20% to 40%, for instance, and you may just triple your revenue. Introduce a popular in-app purchas, and suddenly yo
(read more)
Aug 01, 2021Brings together two of the fastest growing global fintech companies to advance shared mission of economic empowerment and financial inclusion SAN FRANCISCO and MELBOURNE, AUSTRALIA – August 1, 2021 (PDT) – Square, Inc. (NYSE: SQ) and Afterpay Limited (ASX: APT) today announced that they have entered into a Scheme Implementation Deed under which Square has agreed to acquire all of the issued shares in Afterpay by way of a recommended court-approved Scheme of Arrangement. The transaction has an implied value of approximately US$29 billion (A$39 billion) based on the closing price of Square common stock on July 30, 2021, and is expected to be paid in all stock. The acquisition aims to enable the companies to better deliver compelling financial products and services that expand access to more consumers and drive incremental revenue for merchants of all sizes. The closing of the transaction is expected in the first quarter of calendar year 2022, subject to the satisfaction of certain closing conditions outlined below. “Square and Afterpay have a shared purpose. We built our business to make the financial system more fair, accessible, and inclusive, and Afterpay has built a trusted brand aligned with those principles,” said Jack Dorsey, Co-Founder and CEO of Square. “Together, we can better connect our Cash App and Seller ecosystems to deliver even more compelling products and services for merchants and consumers, putting the power back in their hands.” Afterpay, the pioneering global ‘buy now, pay later’ (BNPL) platform, will accelerate Square’s strategic priorities for its Seller and Cash App ecosystems. Square plans to integrate Afterpay into its existing Seller and Cash App business units, enable even the smallest of merchants to offer BNPL at checkout, give Afterpay consumers the ability to manage their installment payments directly in Cash App, and give Cash App customers the ability to discover merchants and BNPL offers directly within the app. “Buy now, pay later has been a powerful growth tool for sellers globally,” said Alyssa Henry, Lead of Square’s Seller business. “We are thrilled to not only add this product to o
(read more)
Why did this happen? Please make sure your browser supports JavaScript and cookies and that you are not blocking them from loading. For more information you can review our Terms of Service and Cookie Policy. Need Help? For inquiries related to this message please contact our support team and provide the reference ID below. Block reference ID:
(read more)
Executive Summary On July 9th, 2021 a wiper attack paralyzed the Iranian train system. The attackers taunted the Iranian government as hacked displays instructed passengers to direct their complaints to the phone number of the Iranian Supreme Leader Khamenei’s office. SentinelLabs researchers were able to reconstruct the majority of the attack chain, which includes an interesting never-before-seen wiper. OPSEC mistakes let us know that the attackers refer to this wiper as ‘Meteor’, prompting us to name the campaign MeteorEx
(read more)
For over two decades, “APPLE IS DOOMED” was a common refrain in Internet discussions. Originally, it was meant in a literal sense, but once Apple was well on the road to becoming the tech titan it is today, the saying was parroted back, soaked in irony, as a rebuff to naysayers. But lurking behind those rebuffs was the very real concern that Apple was too dependent on the iPhone and that someday the world would move on, causing Apple’s business to come crashing down. That dire prophecy seemed like it might be coming true toward the end of the last decade when Apple revised financial guidance due to lower iPhones sales in China. Apple first seemed to be running out of steam starting in Q1 2016 (see “Apple’s Q1 2016 Sets Records, but Just Barely,” 26 January 2016). The next quarter began the rockiest period of Tim Cook’s Apple (see “In Q2 2016, Apple Sees First Revenue Decline in 13 Years,” 26 April 2016) dotted with ups (see “Apple Sees Apparent Return to Growth with Q1 2017’s Record Results,” 31 January 2017) and downs (“iPhone Sales Kept Sinking in Apple’s Q2 2019,” 30 April 2019). The cascading crises of 2020—with retail store closures, a shuttered Apple headquarters, and broken supply chains—were the ultimate test of Tim Cook’s leadership. In short, Apple not only survived, it’s once again shattering records (see “Apple’s Q3 2021: Still Making Money Hand Over Fist,” 27 July 2021). Mac sales are stronger than ever, and have been setting records for the past four quarters. After a nearly decade-long slump, iPad sales are higher than they’ve ever been apart from their 2012 peak. The iPhone 12 continues to be a smash hit near the end of its product cycle. Services and Wearables both continue stratospheric growth. Tim Cook has transformed Apple into a truly antifragile company that actually improves under adversity. Fragile, Robust, and Antifragile To understand antifragility, we need to delve into a bit of philosophy, specifically that of Nicholas Nassim Taleb, author of the Incerto series, the most notable entries being The Black Swan and Antifragile. Taleb’s central thesis is that bad things happen unexpectedly—the so-called “black swan events”—and he proposes that society needs to build systems that can survive or even grow stronger after unexpected setbacks. Taleb puts systems into three categori
(read more)
No one likes vegans, except other vegans, though sometimes even that is debatable. There are the white vegans focused solely on animal rights who go after Indigenous folks. There is the issue of Moby, who cannot shut up about being vegan despite the fact that we’ve all asked him to shut up for being a creep. One can’t say anything about how the stereotypes don’t tell the whole story while the online discourse is running amok with it, because then one is a wet blanket. The internet is no place for historical accuracy, and most don’t believe veganism worthy of a second thought, much less critical thought. When one gets into the history, the idea of not harming animals in order to eat is a much more diverse one. For my first restaurant review in the Village Voice, I decided to take the 5 train all the way up to the Bronx to try out Vegan’s Delight, which has now been open for nearly three decades. Among fast food and pharmacy chains, it’s an ital grocer—referring to the Rastafarian diet established in Jamaica, which is a mainly vegetarian but often vegan diet, save maybe for some fresh-caught fish. The food itself was delicious and filling, and faux shrimp made of soy could be found in the grocery section. That fake shrimp was made possible by Buddhist innovation in the realm of meatless meat that began in China centuries ago. May Wah Vegetarian Market, now Lily’s Vegan Pantry, founded in New York City in 1994, sells a ton of vegan seafood and other products, and—as Clarissa Wei reported for Goldthread—began because the founder, Lee Mee Ng, “struggled to find the kind of fake meat she grew up eating in Taiwan as a practicing Buddhist.” If, in New Yo
(read more)
In my lifetime I’ve tried a dozen todo apps. In the beginning they all seem different, novel and special. Slick UI, shortcuts, tags, subtasks, the list goes on and on. But all our stories were the same: I start using the new app, then after awhile I stop using it. Up until the last week I thought the problem was in myself (you probably think so too). After all, David Allen seems to have figured this shit out. Also there are people leaving long 5 star reviews on every major todo list app, they discuss them on forums, recommend them to friends. But then I read Andy Matuschak’s notes, and it really resonated with me. What if I’m a left-handed person in the world of right-handed tools? All popular todo apps out there have the same problems: Willpower needed to make decisions is a limited resource. And most TODO apps are lazy and don’t consider the impact on your willpower. You want to postpone a task? Please enter the exact date to postpone this to. Which project to add this to? Tags? Subtasks? The amount of things one can customize is really large, but making all this decisions has a cost. Long lists are overwhelming. TODO apps are all about lists. And these lists tend to get large when the tasks inflow exceeds the tasks outflow (i.e. every modern knowledge worker’s queue). Looking at the ever-growing list of things that need to get done is not inspiring to say the least. As the lists get longer, there’s less
(read more)
Exclusive Google Cloud’s global sales president has assumed temporary control of operations in Europe, the Middle East and Africa (EMEA) following the exit of Chris Ciauri some 20 months after he took the job. "Chris Ciauri has decided to leave Google to pursue external opportunities. We are very grateful for his leadership during his time with us, and we wish him all the best for his future endeavours," said a Google Cloud spokesperson. "Our Global President for Google Cloud Sales, Rob Enslin, will step in as interim lead until we appoint a new leader for EMEA," they added. Ciauri quit his post at Salesforce in September 2019 after 10 years as executive veep president and GM EMEA, and set about trying to build a regional team to lead Google's Workplace and Cloud Platform business where it's playing catch-up with AWS and Microsoft. In 2020, Ciauri hired a bunch of experienced sales heads from Salesforce, Microsoft and SAP. These included Pip White to run Google Cloud in the UK and Ireland; Daniel Holz as boss of DACH and Northern Europe; Samuel Bonamigo as bigwig for Southern Europe; and Laurence Lafont as veep for EMEA industries (excluding France). These execs then in turn recruited to swell their own ranks. Sources who discussed the situation on the condition of anonymity said the regional hiring spree added to overheads and the expectations of senior leaders in Santa Clara. "Google opened up the cheque book and he [Ciauri] went and signed up some big hitters to run different country operations. Google Cloud is doing really well in the US," said one. Cloud builders hoover up 60% of ALL servers sold in 2020 as enterprise bit barns left to sweat So Jeff Bezos is stepping back from Amazon to play with his space rockets. Who's this Andy Jassy chap? Google Docs users, you are on notice: Code rewrite may break browser extensions Open-source developers under corporate pressure to adopt less-permissive licenses, Percona CEO says Google Cloud EMEA also grew fast in calendar 2020, and clearly remains an important part of parent Alphabet' s central plans, but it expanded slower than the rest of the company's other two major regions in the US and Asia Pacific. In and among the numbers, total revenue at Google Cloud grew 46.4 per cent year-on-year to $13.059bn. The US arm posted a higher than the average lift at 49.6 per cent to $6.137bn and Asia Pacific was up 55.63 per cent to $2.35bn. In EMEA, revenue went up 41.7 per cent to $3.917bn, accounting for 30 per cent of group sales versus 31 per cent in 2019. Ciauri hardly presided over a sales flop, and the company also notched up some customer wins under his leadership, including Deutsche Bank, Nokia, Orange, Lloyds Banking Group, Group Renault and Swedish bank SEB. However one source told us: "It was a bit like fantasy football, and when you open up the cheque book, expectations rise." Google Cloud reported an operating loss of $5.6bn in 2020, compared to an operating loss of $4.645bn in the prior year. The company did not publish the regional breakdown. In its 10K SEC filing [PDF] for the annual results, Google states: "The increase in
(read more)
There’s an air of desperation among tech employers this summer. Software talent, it seems, is in such high demand that companies are morphing how they hire. And workers are the ones with the power.Good and experienced tech workers are being treated like local celebrities — hounded by recruiters, courted by managers, and bestowed a bevy of options before choosing their next boss.“It makes you feel like you’re amazing, when really ... you’re just another software engineer that’s looking for a job,” said Henry Chesnutt, who just moved back to San Diego from San Francisco to work at the rapidly growing tech startup Flock Freight.The job outlook for workers like Chesnutt has been good for much of the past decade. But now, a multitude of factors is driving competition for talent to a level not seen in nearly 20 years, some recruiters say. “This is the most competitive market I can remember in my professional career, with many people comparing it to the dot-com market of the late ‘90s,” said Jim Bartolomea, vice president of Global Talent at tech titan ServiceNow, which employs a huge chunk of the software talent in San Diego.Last month, employers posted more than 365,000 job openings for IT workers, the highest monthly total since September 2019, according to IT trade group CompTIA. The positions highest in demand include software developers, IT support specialists, systems engineers and architects. The demand has been attributed to all sorts of things. During the pandemic, businesses that had been slow to adopt enterprise software began rapidly catching up. A tidal wave of productivity software, conferencing and collaboration tools, and e-commerce tech flooded the world. The same was true for consumer tech, with video game development, entertainment tech and social platforms booming. Many of these jobs are going unfilled, as competition for new hires ramps up. Simultaneously, remote work became the status quo in the tech industry. Suddenly, software talent could pick and choose from a massive pool of job opportunities. All while existing talent is beginning to stray. Roughly a third of more than 2,800 IT professionals said they plan to look for a new job in the next few months, according to a recent Robert Half International survey.Aaron Bartholomew, a lead backend developer at tech company Trust & Will, just went through a two-month job search in which he held the power in the employer-worker exchange. “I realized pretty quick that I was the one with the upper hand,” Bartholomew said. “All these companies were moving incredibly fast to try and close on me.”Software interviews have a reputation for being slow, painful processes that involve tests of logic, design and computer science knowledge. Years ago, Chesnutt was tested for five straight hours on algorithms during an interview with YouTube. But now, these technical interviews are often being waived, said Chesnutt and Bartholomew, who both experienced this step dropped for the sake of urgency. Recruiters are increasingly using what Chesnutt sees as pressure tactics, such as “exploding offers,” which are job of
(read more)
Posted 09 Feb 2020 | Share: Entity-Component-System (ECS) is a type of game architecture that focuses on composing entities with data only components, and processing logic separately in systems. Though, while working on my own little game engine, I noticed that a lot of the methods presented for implementing ECS frameworks are not trivial. Often using this type of architecture people become obsessed with speed and efficiency, and don’t get me wrong, this is a goal. But it shouldn’t be your primary goal, especially making small games. In trying to get the best performance you often end up making something overcomplicated, which just isn’t
(read more)
The title of this alone speaks volumes greater than the exposition that’s to follow, and I’m sure that some of my peers are already bounding from the sheds with pitchforks and torches in hand, but I’ve never been one to not voice a concern even when the house is burning down. Yet again, we in the Linux users community find ourselves at an interesting juncture. Microsoft has as of 14 January 2020 officially EOL’d Windows 7. As with XP before it, this will likely be a major issue for the immediate future considering how prevalent its use is in the desktop market (Gartner estimates still have Windows penetration at greater than 90%). As expected, most of the podcasts and reportin
(read more)
EnvironmentPlanet or Plastic?The plastic pollution crisis has been widely blamed on a handful of Asian countries, but new research shows just how much the U.S. contributes.When the Environmental Protection Agency released its plan earlier this month for addressing marine litter, it named five Asian nations—China, Indonesia, the Philippines, Thailand, and Vietnam—as responsible for more than half of the plastic waste flowing into the oceans every year.“The United States has some of the most beautiful beaches and oceans in the world, and the coastlines are incredible,” President Trump says in enlarged type on the plan’s first page. “As president, I will continue to do everything I
(read more)
Have you ever noticed that Jira (and most if not all) SWE work tracking systems allow assigning only one person to a given task? The whole industry (at least where I've seen it) runs around the assumption that at the bottom “one task == one person”. The more I think about it through the years, the more confident I am that it's a very unproductive thing to do, and we should default to two people working at the same time on a given task. In complex domains, sometimes potentially even three. Probably at some point you have experienced how quickly things can get done, especially in case of emergencies (like “OMG, something is wrong in production”) where multiple people with different s
(read more)
Better font rendering for Windows. Latest beta 2021.1-RC1 (Recommended) Official site MacType official site: http://www.mactype.net What's new? Win10 compatible CET compatible Updated FreeType Support for color fonts 😎 New installer Lots of bug fixes Updates for multi-monitor support Tray app can intercept explorer in Service Mode now Tweaks for diacritics Updates to EasyHook Lower CPU in Tray Mode Better DirectWrite support thanks to しらいと[http://silight.hatenablog.jp] Separate DirectWrite parameter adjustment Traditional Chinese localization greatly improved thanks to GT Wang English localization improved Added Korea localization, thanks to 조현희 MultiLang system
(read more)
One of the things that’s plagued me since I’ve been doing creative coding is managing the code I use to create images and animations (or whatever else). Of course, standard source control management comes into it in a big way. I’ve been using git for ages. I remember having arguments with coworkers who refused to see how git was better than SVN (at least they had moved off of CVS). So yeah, you put your code in a repo and you check in your changes, etc. But most source control workflows are really made for building applications. You decide on a feature, you make a branch, you do the work over a few hours or days or whatever, and you merge your code in. Or the same for a bug.
(read more)