Even Consumer Reports can't tell if a piece of software is secure. In fact, nobody can tell you whether it is secure. They can only find vulnerabilities, and if they have access to the code, whether code quality is good, which may or may not correlate with security.
I think this is a case where the market breaks down, because no matter what the consumer does, they have no information to judge a product's security with.
Maybe software engineering will become a profession like most other engineering disciplines, with certifications to prove you understand security and other best practices. We'll probably need a huge disaster to happen before people to start noticing the problem and asking for it though.
The second reason is that we have abandoned academic (i.e. provable) software design. Again, there are a few exceptions, P3KI for example has a formal proof (disclaimer: I know the guys behind it) as do a small number of other projects. But most "security practices" are basically made-up. Maybe they are good, maybe not, you don't know because they're based on intuition, not proof or facts.
You actually can't prove something is secure. In fact, most crypto is provably insecure, because with enough resources, everything can be decoded, and you can't prove the attacker will never have that kind of resources.
Why update when your system works properly? I don't think I've ever had a major update on any OS that kept everything in working order (whether it was Windows, OSX, Linux or Android). They always manage to break something in the update and I have to spend hours tracking down a fix, assuming one even exists.
Still you can make the case once a website which does have millions of users there should be a better alternative. Of course at that point you'd be crazy to rewrite a large Python app in C/C++ because the odds are the C/C++ version would end up mishandling under documented features of the Python version.
Well, the official stance from the Python devs is to rewrite the performance-critical parts in C and call it from Python using Swig. Alternatively you could compile the C library run it under a separate process, then use inter-process communication or RPCs.
on larger projects or complex CPUs the compiler usually wins. For example, most modern CPUs are superscalar, pipelined, do out-of-order execution and have large caches. It's pretty difficult for a human to optimize code for those things better than a good compiler can.
Do you have anything to back that up? Like an experiment? Or maybe a project that converted from assembly to C and gotten faster?
I'm with you on most of your points, but I'd like to point out that if you're optimizing before you even wrote the software, then you're doing it wrong. Measure, and then optimize. Hashing things might be slow, but maybe in the 3 hours that would have spent rewriting that routine, you could instead discover that the function gets called 3 times a second and it literally doesn't matter.
People always say this - programmer time is expensive, compute power cheap, efficiency doesn't matter.
However look at Reddit. They originally wrote in Lisp, and then rewrote it in Python. And it's still slow enough it goes down regularly.
C/C++ is fast as hell. And if you're serving a website to vast numbers of people that means you need less hardware to do it.
What you say is true, however, you are missing the big picture. Reddit didn't start out with millions of users. It started out with maybe a dozen, with no promise that it'll ever grow beyond that. If they wrote the entire thing in C and took 2 more years to launch, maybe it would've never gotten big. Maybe it would've never launched at all. The creators couldn't support themselves indefinitely, and their investors might not have the patience for it.
Another problem is, anything written in C is harder to change. The site might do things faster, but is it doing the right things? Maybe your users want image sharing capability. Can you wait 2 more years for the feature and risk letting sites like Imgur come into existence, maybe even take a bunch of your users away?
Protectionism is not a new idea (it has been around for millennia), and it has never worked out well. You can't create prosperity by shutting out the rest of the world.
It's not a binary choice. You can be somewhere in between, limiting the amount of disruption to your industries to a rate at which they can adapt to while allowing the inflow of new ideas and cheaper products. Without any protectionist measures, you may be increasing the total wealth, but not necessarily prosperity, especially if the new wealth is all concentrated in the hands of the very few.
Since you currently live in China, you should know that China is a great example of limited protectionism, including limited currency exchange, limited foreign ownership in domestic enterprise and a non-free internet. All of which has enabled domestic industries to survive against more capable foreign competition. Because of this, they were able to gain much more from globalization than the US, which practiced unfettered free trade.
That isn't actually true, if they could manage to safely store and operate keys they could actually keep backdoor without compromising the end users security to anyone else...
And you're going to prevent criminals from running their own strong encryption software... how exactly? Ban all compilers, assemblers, interpreters and hex editors? Require all software to be developed under government scrutiny? Arrest everyone who buys a book on cryptography?
Is there a reason that the posters complaining that their edits were reverted never give the name of the WP article and the edit they proposed?
Because people remember their emotions much better than facts. For me personally, it's been 10 years since I tried contributing and gotten my edits reverted without explanation. I don't remember what it was I tried to fix, but I do remember it was an incredibly frustrating experience. I wouldn't contribute now even if they paid me.
So, people complain about the turf wars by a few editors with power over their tiny pond? So what? Let me introduce you to the species we call "humans", where such things happen all the time, in every social environment you can imagine, from politics to mega-corporations to open-source development teams to your local homeowner's association board.
So after dealing with it all day in all those other environments, you expect people to put up with it for a volunteer cause? There are plenty of other good causes one can devote themselves to that wouldn't take their time and expertise for granted the way Wikipedia does.
This is a problem with the platform. If enough people complain, they could fix it. On the other hand, if everyone ignores it, then Wikipedia will simply alienate more and more infrequent contributors until nobody but those possessive editors remain.
I'm saying that the assumption he is motivated by rationality and science is wrong, nothing more.
And why is it relevant to the discussion? You obviously posted it as a response to GP, but I don't see GP saying Damore was motivated by rationality.
And to your other point, despite what you may wish for personally, the term SJW means an attention seeker who creates an imaginary grand conspiracy against their gender / race / political position, or is a rabid follower of such a person. You've gone as far as trying to redefine the term in your sig. If you're not an SJW in denial, then who is?
An important part of our culture is lively debate.
This was a quote from the Google CEO. When he says this, are you supposed to call him out on it or just nod and pretend it was just some bullshit so he can say he "supports free speech"?
That's typical SJW thinking. "He is a bad person, therefore he is wrong and his arguments are bad". And for the hard-core ones, throw in "everyone who hadn't joined the lynch mob against him is oppressing me".
Lets see. Average car $ in America is $35K. Nissan leaf base is 30K.
Now is that the average of all cars sold or just compact hatchbacks? SUV's and trucks are going to be much more expensive and a Leaf is not a viable replacement.
For someone who's actually poor, they're going to be looking cars such as a Toyota Corolla hatchback, which is $19k new. They're also not going to be buying new cars very much. Last I checked, the EV tax credit doesn't apply to used cars.
I'm betting they will fix the battery production bottleneck.
I don't think that's being questioned really. They're not going to let this one problem drive them into bankruptcy, so it'll be fixed eventually. The question is whether it reveals the existence of a systemic problem that will continue to drive back delivery dates until Tesla becomes insolvent.
Given that they were planning to ramp up production, the recent layoffs don't make much sense. When you have production problems, the last thing you want to do is have fewer people working on it. In other words, I think Musk is worried that the revenue from Model 3 wouldn't come in soon enough to keep the company afloat. Remember that a lot of Tesla's cash is actually from the half a million preorders, each of which provides $1000 ($500 million total). Even when they deliver on those cars, Tesla won't see all that much additional cash.
Looking at their Q3 statement, they've not grown their revenue one bit since Q3 last year. Meanwhile, they spent $300 million in R&D, $600 million in administration, and $1 billion in infrastructure. To fund all this, they borrowed another $2.1 billion. Of course, if investors continue to believe in Tesla, they'll have no problems keeping it afloat by issuing even more loans. But eventually that's not going to work anymore.
So if we assume no more loans and no more huge infrastructure investment, the $500 million gross profit from car & solar sales will cover half of their costs, leaving them $500 million in the red each quarter. Looking forward, they're ramping down Model S and X production, so there'll be even less revenue. Meanwhile, their costs have grown quite a bit since Q2, by about $80 million R&D + admin costs and $200 million cost of sales. So the $3 billion cash they have on hand will last another 6 quarters max, and possibly as little as 4.
Overall I wouldn't say they're close to insolvent, but their sales revenue and gross profit are both going the wrong way, and very quickly at that.
Depends on the perspective. You're coming from the car owner's perspective, so simpler and less maintenance is better. But from a business's perspective (since this is a story about Tesla the business), a simple design means it's easier for competitors to build and sell the same thing.
A Model 3 isn't all that different from a Leaf, so when Nissan comes out with a new version that doesn't look like a squished lump of clay, it's going to take a big chunk out of Tesla's market share.
Meanwhile, crude oil went from $46 to $52, an 11% increase. Unlike what the article suggests, Whole Foods is actually cutting prices, just not relative to the dollar.
Slashdot Mirror
Even Consumer Reports can't tell if a piece of software is secure. In fact, nobody can tell you whether it is secure. They can only find vulnerabilities, and if they have access to the code, whether code quality is good, which may or may not correlate with security.
I think this is a case where the market breaks down, because no matter what the consumer does, they have no information to judge a product's security with.
Maybe software engineering will become a profession like most other engineering disciplines, with certifications to prove you understand security and other best practices. We'll probably need a huge disaster to happen before people to start noticing the problem and asking for it though.
Ah, the "no true Agile" fallacy.
The second reason is that we have abandoned academic (i.e. provable) software design. Again, there are a few exceptions, P3KI for example has a formal proof (disclaimer: I know the guys behind it) as do a small number of other projects. But most "security practices" are basically made-up. Maybe they are good, maybe not, you don't know because they're based on intuition, not proof or facts.
You actually can't prove something is secure. In fact, most crypto is provably insecure, because with enough resources, everything can be decoded, and you can't prove the attacker will never have that kind of resources.
Why update when your system works properly? I don't think I've ever had a major update on any OS that kept everything in working order (whether it was Windows, OSX, Linux or Android). They always manage to break something in the update and I have to spend hours tracking down a fix, assuming one even exists.
Nice paywall.
Still you can make the case once a website which does have millions of users there should be a better alternative. Of course at that point you'd be crazy to rewrite a large Python app in C/C++ because the odds are the C/C++ version would end up mishandling under documented features of the Python version.
Well, the official stance from the Python devs is to rewrite the performance-critical parts in C and call it from Python using Swig. Alternatively you could compile the C library run it under a separate process, then use inter-process communication or RPCs.
on larger projects or complex CPUs the compiler usually wins. For example, most modern CPUs are superscalar, pipelined, do out-of-order execution and have large caches. It's pretty difficult for a human to optimize code for those things better than a good compiler can.
Do you have anything to back that up? Like an experiment? Or maybe a project that converted from assembly to C and gotten faster?
Is there a thing that runs on a computer that couldn't be converted to assembly?
When one person suffers from a delusion, it is called insanity. When many people suffer from a delusion, it is called a fact.
So flat earth is now a fact?
I'm with you on most of your points, but I'd like to point out that if you're optimizing before you even wrote the software, then you're doing it wrong. Measure, and then optimize. Hashing things might be slow, but maybe in the 3 hours that would have spent rewriting that routine, you could instead discover that the function gets called 3 times a second and it literally doesn't matter.
People always say this - programmer time is expensive, compute power cheap, efficiency doesn't matter.
However look at Reddit. They originally wrote in Lisp, and then rewrote it in Python. And it's still slow enough it goes down regularly.
C/C++ is fast as hell. And if you're serving a website to vast numbers of people that means you need less hardware to do it.
What you say is true, however, you are missing the big picture. Reddit didn't start out with millions of users. It started out with maybe a dozen, with no promise that it'll ever grow beyond that. If they wrote the entire thing in C and took 2 more years to launch, maybe it would've never gotten big. Maybe it would've never launched at all. The creators couldn't support themselves indefinitely, and their investors might not have the patience for it.
Another problem is, anything written in C is harder to change. The site might do things faster, but is it doing the right things? Maybe your users want image sharing capability. Can you wait 2 more years for the feature and risk letting sites like Imgur come into existence, maybe even take a bunch of your users away?
Protectionism is not a new idea (it has been around for millennia), and it has never worked out well. You can't create prosperity by shutting out the rest of the world.
It's not a binary choice. You can be somewhere in between, limiting the amount of disruption to your industries to a rate at which they can adapt to while allowing the inflow of new ideas and cheaper products. Without any protectionist measures, you may be increasing the total wealth, but not necessarily prosperity, especially if the new wealth is all concentrated in the hands of the very few.
Since you currently live in China, you should know that China is a great example of limited protectionism, including limited currency exchange, limited foreign ownership in domestic enterprise and a non-free internet. All of which has enabled domestic industries to survive against more capable foreign competition. Because of this, they were able to gain much more from globalization than the US, which practiced unfettered free trade.
That isn't actually true, if they could manage to safely store and operate keys they could actually keep backdoor without compromising the end users security to anyone else...
And you're going to prevent criminals from running their own strong encryption software... how exactly? Ban all compilers, assemblers, interpreters and hex editors? Require all software to be developed under government scrutiny? Arrest everyone who buys a book on cryptography?
Is there a reason that the posters complaining that their edits were reverted never give the name of the WP article and the edit they proposed?
Because people remember their emotions much better than facts. For me personally, it's been 10 years since I tried contributing and gotten my edits reverted without explanation. I don't remember what it was I tried to fix, but I do remember it was an incredibly frustrating experience. I wouldn't contribute now even if they paid me.
So, people complain about the turf wars by a few editors with power over their tiny pond? So what? Let me introduce you to the species we call "humans", where such things happen all the time, in every social environment you can imagine, from politics to mega-corporations to open-source development teams to your local homeowner's association board.
So after dealing with it all day in all those other environments, you expect people to put up with it for a volunteer cause? There are plenty of other good causes one can devote themselves to that wouldn't take their time and expertise for granted the way Wikipedia does.
This is a problem with the platform. If enough people complain, they could fix it. On the other hand, if everyone ignores it, then Wikipedia will simply alienate more and more infrequent contributors until nobody but those possessive editors remain.
I'm saying that the assumption he is motivated by rationality and science is wrong, nothing more.
And why is it relevant to the discussion? You obviously posted it as a response to GP, but I don't see GP saying Damore was motivated by rationality.
And to your other point, despite what you may wish for personally, the term SJW means an attention seeker who creates an imaginary grand conspiracy against their gender / race / political position, or is a rabid follower of such a person. You've gone as far as trying to redefine the term in your sig. If you're not an SJW in denial, then who is?
There are more than left wing or right wing in this country you know. Some of us are centrists.
Some of us also dislike hypocrisy no matter where it's coming from.
An important part of our culture is lively debate.
This was a quote from the Google CEO. When he says this, are you supposed to call him out on it or just nod and pretend it was just some bullshit so he can say he "supports free speech"?
That's typical SJW thinking. "He is a bad person, therefore he is wrong and his arguments are bad". And for the hard-core ones, throw in "everyone who hadn't joined the lynch mob against him is oppressing me".
Lets see. Average car $ in America is $35K. Nissan leaf base is 30K.
Now is that the average of all cars sold or just compact hatchbacks? SUV's and trucks are going to be much more expensive and a Leaf is not a viable replacement.
For someone who's actually poor, they're going to be looking cars such as a Toyota Corolla hatchback, which is $19k new. They're also not going to be buying new cars very much. Last I checked, the EV tax credit doesn't apply to used cars.
I'm betting they will fix the battery production bottleneck.
I don't think that's being questioned really. They're not going to let this one problem drive them into bankruptcy, so it'll be fixed eventually. The question is whether it reveals the existence of a systemic problem that will continue to drive back delivery dates until Tesla becomes insolvent.
Given that they were planning to ramp up production, the recent layoffs don't make much sense. When you have production problems, the last thing you want to do is have fewer people working on it. In other words, I think Musk is worried that the revenue from Model 3 wouldn't come in soon enough to keep the company afloat. Remember that a lot of Tesla's cash is actually from the half a million preorders, each of which provides $1000 ($500 million total). Even when they deliver on those cars, Tesla won't see all that much additional cash.
Looking at their Q3 statement, they've not grown their revenue one bit since Q3 last year. Meanwhile, they spent $300 million in R&D, $600 million in administration, and $1 billion in infrastructure. To fund all this, they borrowed another $2.1 billion. Of course, if investors continue to believe in Tesla, they'll have no problems keeping it afloat by issuing even more loans. But eventually that's not going to work anymore.
So if we assume no more loans and no more huge infrastructure investment, the $500 million gross profit from car & solar sales will cover half of their costs, leaving them $500 million in the red each quarter. Looking forward, they're ramping down Model S and X production, so there'll be even less revenue. Meanwhile, their costs have grown quite a bit since Q2, by about $80 million R&D + admin costs and $200 million cost of sales. So the $3 billion cash they have on hand will last another 6 quarters max, and possibly as little as 4.
Overall I wouldn't say they're close to insolvent, but their sales revenue and gross profit are both going the wrong way, and very quickly at that.
Well, their stock price just dropped like a rock. If you believe in Tesla will turn it around in 6 months, then you should start looking to buy.
But is simpler a bad thing?
Depends on the perspective. You're coming from the car owner's perspective, so simpler and less maintenance is better. But from a business's perspective (since this is a story about Tesla the business), a simple design means it's easier for competitors to build and sell the same thing.
A Model 3 isn't all that different from a Leaf, so when Nissan comes out with a new version that doesn't look like a squished lump of clay, it's going to take a big chunk out of Tesla's market share.
Meanwhile, crude oil went from $46 to $52, an 11% increase. Unlike what the article suggests, Whole Foods is actually cutting prices, just not relative to the dollar.