At first glace I thought this was a joke. This 'overwriting of existing files' is how Zip, tar, Arch, 7zip and really any archive works.
The problem is real but is at a higher level. It is a classic lack of validating user input. Usually filtering out relative path names is enough (the path foo/bar/../../../../../../../etc/rhosts is not a valid location.). Combined with bad operational practices your application is overwriting/etc/passwd and/etc/shadow while processing my_little_brony_avatar.zip.
User facing applications, probably running as root, that don't limit their archive unpack to some safe sub-path can overwrite anything. Even if your application is installed to some place (e.g./opt/vendorname,) locked down to a user and even running with (IMHO bad) SELinux types it can unpack a file and overwrite a library, plugin, configuration file or even the binary for the app itself.
The article may be a wake up call for the clueless. How many developers never thought about how unpacking an archive actually works?
For the rest it is a sensational piece based on the idea that open doors do in fact let people walk through them. That is how doors work. It is up to you to close the door and lock it.
I expect a follow up report about how unpacking a zip file downloaded from your email client can overwrite critical files on your desktop. Maybe call it "Mail Slip." Reserve a domain and a $5/mo AWS host. Use an icon with feral dogs instead of cats this time.
1. Humans can engineer random mutations to create a viable population. I'd bet a lot of those variations are just going to be immune factors (we can also engineer mono-culture like bananas, apples and lab mice if needed.) The world of genetic engineering post CRISPR is never going to be the same again.
2. Humans, unlike every other species, has both the capacity and intention to craft a custom environment to ensure continence if not flourishing of a revived species (insert rants about the Zoo here.) Darwin built an ecology out of imported species on Ascension Island over a hundred years before Jurassic Park was filmed.
3. There is limited time, space and ability to 'save' everything. We can save and store what we can. The common (incorrect) statement is that there are three widely used crops that feed the world but around 50,000 edible species of plants. Even if you could ensure a solid founder population with only 10 diverse seeds that's a half-million storage containers you have to manage. This is not even touching on how to preserve the gametes, blastulas or embryos of the animal kingdom.
As for the question of should one only has to consider the fossil record. If you do not learn how to bring the extinct back then the best you can hope is that someone somewhere stepped in the wrong sand pit and it currently leaving a really nice impression as they petrify.
I expect that once field ready PCR is available some kind of public Merkel tree of DNA codes should be assembled. (Insert DNAcoin cryptocurrency joke here.) Just the deltas need to be kept like in this "Git repository of code" the same way we do with human DNA records. It's a literal tree of life. Then the race is on to scan in everything you can before it dies.
After that it is just a matter of making tools that can turn the DNA back into living stuff. Now you have an instant backup of the planet's ecosystem, from bacteria and virii and molds to your neighbor Steve and his dog. Throw it in a can attached to a light sail. Stop worrying about the death of the Sun.
Start worrying about competing with other species that had the same idea and are about to show up on your doorstep.
A biohacker can't inject a rock bigger than my house into his junk and claim to be 'thinking with the other head' while doing his taxes on his dick-puter. Via the wikfi.
Honestly, I expect facebook to come out with Jewelry that lets you rate the reputation of your meal with this. Then you'll finally be living in one of the Black Mirror episodes. The Nosedive episode, not the San Junipero episode (where the civilization ends by everyone become uploads living life in a retirement village that looks like American TV from the 60s, 70s and 80s until the first major power outage.)
Can one fit a bluetooth adapter and some of that motion power tech? If your can get dental implants with this thing you'd have a Beowulf cluster of teeth powered by blab. With Bluteeth(tm), you could move your datacenter into the sales people's mouths and never pay a power bill again. Rent might be a big pricey if they demand a commission on their oral real estate. But then you could actually get something done in a meeting like serve web pages through your molars as you chew on the free donuts.
Or, may be they are not really fools and, like a few rulers of the past, the “legacy” stuff they make is merely there to impress their contemporaries. In short, yes, just more bloody advertising.
You could always sell copies to doomsday prepers and people dreaming of becoming backyarders.
On the other hand it might take a few cycles of civilization collapsing and being rebuilt before we get a good test of how to build and what to include.
But then on the third hand I'm hoping that humanity isn't actually the race that spawns the Motes with a great need for working, reliable civilization bootstrap systems.
How is this 2015 patent different from shapshifto.io, an operating business doing this since 2014? It is just because they don't mention blockchains or smart contracts anywhere?
I guess not using a blockchain is innovative financial technology now?
Furthermore I have a dim view to say the least of people like you who tell others to 'give up and give in' to having their privacy and their lives invaded by shitty corporations and shitty governments who want to stick their little brown noses in people's private business
Nobody has to tell anybody else to 'give up and give in'. The listening device on my phone will records your conversations just fine.
Privacy is still a Thing, it's worth protecting and fighting for, and it's criminal so far as I'm concerned to tell people otherwise.
People have always traded for convenience. We traded away our community for a semblance of privacy. Originally privacy was never a thing. When people lived in small bands and villages you knew everyone's business. Privacy and the expectation of it briefly became a thing when society got spread out enough with enough people that it wasn't worth it given the technological limitations. Now those limits are going away and privacy is going away again. This time the town gossips are news agencies with agendas and corporations operating without morals or only ethics of blind profit.
I'll look down my nose at you and everyone like you, but do NOT go around telling people to be like you.
You can choose to not do business with or permit access to people who carry a 'smart' device of any kind. But in the first world that means limited yourself. Depending on the market you will not doing business with a lot of people. They will simply find someone with your skills but who doesn't care about cellphone surveillance (cell-veillance?).
They will look down their noses at you and wonder 'what bad things have you done that you must hide?' You become the 'rude weirdo' that asks people to put their phones in radio-bags before hanging out with you at lunch.
But if you want a return to that brief period of personal privacy you'll have to start a cultural and legal revolution. Eventually all new "private" buildings with come with these fixed smart hubs. First to provide 911 assistance or as a selling point for a luxury home. Then as part of parole terms for the poor criminals. Like those who don't double-plus-good-think in our brave new world of corporate group-think.
That leaves, what? Linux Format: the 400 Lbs Gorilla of Linux reading material, with a price to match, Linux Magazine and distro-focused publications like Full Circle?
Many of the columns, such as David Taylor's work the shell, are timeless and quite useful.
There is value even the Letters to the Editors where smart or at least smart ass people suggested better or alternative ways to implement the various little projects detailed in LJ.
I also enjoyed the Linux Kernel Mailing List (LKML) summaries and discovered Reuven Lerner's python series through the magazine.
While the sudo manpages get short shrift, the Sudo release notes are one of the best examples of open-source release notes.
They are
published in a convenient "permanent" location
provided in multiple formats (direct email, mailing lists, usenet, webpages, version control strings, package logs)
searchable format (text)
ordered reverse chronologically (newest first when reading top to bottom)
available in common languages
clearly written in short, technical language
mentioning new features including searchable strings or examples
providing references, links and IDs of relevant tickets, bugs and background information
So, for example, if you needed to do something like figure out when the includedir option was added? Google it, get that page, find the version on that page and you are done.
Note that I use the present tense form in this. The legacy of the written word applies to Shakespeare as equally as it applied to your public Git commit messages. Or release notes. Once you publish your release notes they are always providing that information. They are providing information right now, just possibly to new people.
And please, don't just make your release notes a compilation of your commit messages. Unless they are really really good.
One important differences between physics and natural philosophy is the assumptions of universality and non-uniqueness.
The claim is that you have no privileged point of view to the universe. In space or in time. This is so you can test something in a lab and the test is equally valid everywhere. Given the rest of physics, if your lab were orbiting a super-massive black hole powering the furthest quasar billions of years ago on the other side of the Universe it should have the same result.
Science Fiction has already asked both the question "what is this isn't true?" and "what if it were aliens?". Vernor Vinge wrote A Fire Upon the Deep almost a quarter a century ago. A key plot point in part of that novel is that some physics is not natural.
You'll have to read the book to find out what that is, though.
Whole civilizations are born, grow into interstellar civilizations and then die because of these "hard" limitations in their physics. All the while just next door are people doing impossible things because they are not so limited. The effects are even done to hide the appearance of jaggies like ShanghaiBill brought up.
The only real way to is get the ground truth. We just have to get off this flying ball of rock and go see for ourselves. Anybody up of that, though? Getting up a gravity well is pretty hard. (At least on Earth.)
A good programming editor has the ability to make 'whitespace' characters visible somehow. IMHO, lack of that feature is one of the criterion for being good or being suitable for programming. (Yes, you can also write War and Peace in notepad.exe if you really have to.)
Jakub's Mastering Git book discusses briefly that git is less a version control system in itself and more a tool for building version control systems.
Alternative user interfaces like Zit, Cogit and Yap show that there is some merit to this view.
Git's content-addressable data store with locally computable global identifiers can form the basis of a generic storage engine. Microsoft has created what appears to be another file system out of git. There are many other filesystem implementations.
The git wrapper and workflows used by the Linux project can be seen as just the demonstration of one implementation. Collaboration and hosting sites like GitHub and GitLab show that you can turn a git repository into a project management tool. People have even built code review tools out of git (Critic, git-issues, etc.)
I wonder if Microsoft could implement something like etckeeper for the registry? (It would be nice to be able to run git blame after corruption by some vendor's installer.)
I do find it odd that Microsoft is switching to git so the team can put Windows into a single, giant repository while trying to modularize the product. One would think that the prior Perforce based system would have suited the modularization goal. That was forcing multiple repositories on the developers to meet the scale of the codebase. Perhaps the intent is to centralize then reorganize and break out into logical modules again? (It could be a control freak VCS team that is jumping at the chance to become the gatekeepers.)
The article does mention that "the company wanted to develop a single engineering system ('1ES'), spanning not just version control, but bug tracking, building, and more, that could span the entire company. " This makes the next version of Team Foundation Server sound a lot like GitHub Enterprise from Microsoft. Should Microsoft offer this 1ES environment for sale? It could certainly add a twist to the corporate on-premise or could-based git hosting market.
The lack of patent encumbered algorithms in MP3 means two things:
1. The MP3 gstreamer codecs can move from the non-free repositories to free for Linux distributions. So no more complaints from software like Amarok about missing MP3 support libraries on your Linux desktops. That's one less step to setup Mint, Ubuntu, Fedora or openSuse. Even though there are plenty of reasons (CAD software, WMA support, etc) to seek out the non-official or non-free package sources I expect less use.
2. Corporate users will be able to download, integrate and use the MP3 format in their projects with only a cursory approval from legal. I used to see quite a few video game projects use.ogg files and fmod for their sound. I expect to see more of them ship with MP3s instead.
Audio snobs won't stop arguing about the format of the week or FLAC verses DSD or the best bit rates on PCM encoded WAV files.
Mere consumers shall continue on with our plebeian fidelity sound as always.
Online buyers will continue to download low bit rate MP3s to squeeze a few more hundred tunes onto their Zune. Everyone you know will still play studio damaged music through tiny earbuds.
Do you have a cat in your house? How well does hang-drying handle pet dander?
The answer pet owners want to know is how does this sonic dryer fare at removing kitty's mess of fibers.
Don't think that pet hair can lodge itself into cloth pretty well? It's amazing what is floating around the air or well hidden in the pattern on a sofa at a pet owner's house during springtime. I don't need to save 35 minutes on a 55 minute cycle once if I have to spend 5 minutes every day lint rolling everything I wear for decades.
At least I can go do something else while the clothes are in the dryer.
Having such a huge wealth of public domain images all together on one seemingly well-designed search engine will be great for finding substitutions.
The images and videoes are searchable by tags. They have really good descriptions that break into keywords well. Lots of images of hardware, astrophotographs, locations, mission patches, buildings and people.
This is a huge resource of labeled images for supervised machine learning. A massive gift to anyone wanting to do image processing.
Just because the standard for a title where you live is low enough to admit anyone who self-identifies does not mean that other people place a lot of value in their definition of that title.
Depending on where you work there is a very clear line for being an engineer. In many cases Engineer is a protected title with legal obligations.
Only passing the PE as an EIT can you actually call yourself an Engineer in Texas. Even software developers in Texas, USA have to site before the Board of Professional Engineers and pass the Exam to call themselves an Engineer.
You can't just walk in with your freshly minted Software 'Engineering' degree from an ABET certified college program. You have to be a Texas Engineer in Training (EIT) to register to take the PE exam. That is usually having worked under a PE mentor in the capacity you are training for.
This title caries with it a lot of ethical and legal requirements that most "coders" or "programmers" would not be able to meet just based on the code they write. But such titles carry with it the authority to tell management where they can stick it when they ask for faster, cheaper by cutting corners that are not Salespeople Features.
The biggest lie, just based on the number of empty GitHub Projects is probably "I can do this."
Unexpected encounters with dirty code will make it very difficult to make a sane prediction.
Dirty code is defined as ' overly complex or highly coupled.' As a programer you are expected to deliver X number of features by Y date. Unless one of those features is 'simple and loosely coupled code' what does that have to do with predicting anything? For performance you don't predict. Experiments are the only thing you have that work: test and change and re-test and un-change and re-test, endlessly. Anything else is voodoo programming, not to insult the pracitioners of Santaria, Vodou or Hoodoo.
How about predicting the schedule? I recall that Steve McConnell once joked that to get better at estimating we need to get better at estimating. (This may have been someone else.) Greg Wilson showed we can do this in programming, and Computer Science in general. We only have to do scientific experimentation with various methods. We throw away what doesn't work (instead of writing pulpy business books to bilk people out of money.) But you'll still have to run a lot of tests to do that, too.
It is not uncommon to see "quick" refactorings eventually taking several months to complete. In these instances, the damage to the credibility and political capital of the responsible team will range from severe to terminal. If only we had a tool to help us identify and measure this risk.
It is my opinion that any refactoring that cannot be done by an automatic program isn't refactoring. The original definition of refactoring is just 'factoring' or re-organizing the code. It is not a re-writing as in an 'several months' effort.
Misuse of a sexy, trendy name from the 90s does not change this. All re-writing suffers the risk of second-system syndrome and not in the throw-one-away sense of prototyping. Do you have a button to press in your IDE to make the change? Do you have in mind a short sed statement, simple awk program, EMACS macros or a on-hand shell scriptlet to do the transformation? If not then you cannot get away from re-thinking the problem. This will require re-design of the solution and re-implementation of the feature. Each of these carries time risk at least as high as the original work.
What if the problem is overly complex or highly coupled? The code may merely be an expression of this. In this case only a paradigm or perspective change by the customer, developer or user can untangle the problem. The computer cannot help you do anything but automate making a mess if the problem is a mess. Changing perspective is often an unbound-in-time problem for human beings. Good luck with estimating completion dates for that.
In fact, we have many ways of measuring and controlling the degree and depth of coupling and complexity of our code. Software metrics can be used to count the occurrences of specific features in our code. The values of these counts do correlate with code quality.
In fact, Greg Wilson showed in his presentation that almost every metric on the market when analyzed showed no better and usually equal predictive power as simple counts of Lines of Code.
The situation in programming is almost as if more code equals more bugs while less code equals less bugs.
It is funny to note that one of the original - and never met - goals of the original President Eisenhower Federal Highway system was to replace bad city-planned roads to reduce congestion. The ironic fact the system increases congestion it by creating choke points to get on and off it is lost by many.
The real root of the problem is that people are either unwilling or unable to live within a short distance to their workplace. Many large cities were not designed to handle the volume of commuters that we have had for at least 20 years. People live in the suburbs (for a variety of reasons; some due to economics, others due to a desire to live in areas with lower population density), and commute to the city centers to work.
The highway system in the United States is rather unusual. Most countries would design a system to maximize the utility. Lots of high density living near high density employment plus walking, cycling and mass transit. Then minimizing problems like traffic jams by using turnabouts and parallel paths. Instead, the United States highway system was built for the military instead. It was created by the Federal-Aid Highway Act of 1956, popularly known as the National Interstate and Defense Highways Act (Public Law 84-627).
Originally this system got raw material from one side of the country to another to manufacture planes, guns, ammo and ships. It was also envisioned as a great lever on the economy. But the immediate social cost of this high-speed bypass was destroying little towns that grew up on existing roads like Highway 66, a road that already crossed the entire country.
But the system was funded at a time when Nuclear War was the next big thing just around the corner. One intention or clear effect is spreading living out into the new suburbs and exurbs to reduce the impact of a nuclear strike on the core of a city. In fact the roads around every major city aren't designed to avoid traffic jams but instead to ensure:
the importance of the Interstate System to evacuation of cities in time of national emergency.
-- the Clay Commission.
This was the time when everyone was told on the brand new TVs that success means 'a steady job, a home out of town, a car, two kids and husband+wife.' That is when they weren't practicing duck and cover.
Where these yahoos intended to put these people fleeting the burning inner cities during war? The imaginary copious amounts of farmland that planners though should be able to support them. Yes, this was during a time when farming was already well on it's way to consolidating into agribusiness.
No, people didn't decide that suddenly the suburbs were the peak of civilization (even if we parody that in the movies.) The citizens of the United States bought a big pile of propaganda. The sad fact is that the people who wrote that propaganda actually believed it was to help them.
The problem can only be solved by reducing the need for people to commute. There are a lot of ways to do this:
Tell that to three generations of management that believe in face-to-face time. Google and other Stack-ranking "Internet Native" companies design their HR system to terminate remote workers or flex workers as fast as they can hire them. Sixty years of white flight, black flight, Mexican-ization, gentrification, urban blights, drug wars, gang wars, the real estate collapse and protectionist nimby laws the problems haven't been solved by staying at home. In places like Irving, California, that are built on the Internet, things got much worse. The demographics keep changing but the work culture and laws didn't.
But where I can directly 'employ' a child to go to school and get a report on how well they are doing, a transparency report on what portion of my money is making to the child vs overhead?
If there isn't I think there should be. Can you offer a family more money, food and opportunity to put their child into a small village school than the local miners or child laborers?
If so then you can effectively buy happiness for these kids. Or at least a shot at a childhood while raising the pay of miners who's "tiny slave labor" market now has to compete with the charity.
I think there's a missed marketing opportunity here for Apple. All they are doing is pulling their money away from a toxic situation like child labor which hurts their reputation with people who buy luxury electronics in various shades of grey and white. They could be touting how some of your money for your iThing is being spent on teaching children who would have instead slaved away to build your toy.
The free to play web-browser based game Kingdom of Loathing had a web-based IRC chat system long before Slack, Matrix, Gitter, Mattermost, et cetera.
Access to KoL chat requires passing a basic English exam. Several questions are aimed at common grammatical errors (to vs too, their and there and they're).
There is less low quality trolling and a lot less bot spam.
But even with a basic language test you will still have worthless discourse. The spelling might be a bit better, though.
I think the reason they didn't mention compilers, and OSes for that matter is that they limited themselves to things that are actually useful for the end user, not what lie behind it.
At one point compilers and OSes were the things used by the end-user. The very definition of an operating system is a kernel, standard library and compiler. This means that for most of its history Microsoft did not actually sell a actual computer operating system by definition. But for many users their computer is just their favorite application. To your accountant the computer is just a means to access email, quickbooks and irs.gov. To your kids the computer is the thing that provides access to disney.com.
The biggest change has been in the users, not so much in what was provided. The typical target user has not been academics or geeks in decades. Applications are targeted at children with no technical skills, busy parents with no technical skills and professionals with absolutely no technical skills. They interface to the computer in their pocket through rote, learned application-centric tasks. Like thumb pressing a share button to tweet a picture of their cat.
Video games are a major component of the history of computing and it is important to include something to represent this industry.
The popular media may want to whitewash history but major improvements in computing like operating systems, networking and personal computers follow two very end-user focused applications of processing power. One is pornography. The other is video games. Ken Thompson developed little project called UNIX based on a system to play a game called Space Travel on a PDP-7. That design seems to have done pretty well. The success of AOL hinged upon their dominance of the online "dating" scene, not so much their free coasters. Modern machine learning algorithms are designed with kernels that run efficiently on PC video cards. The same cards which had their expensive research and development paid for by at home video game enthusiasts craving a few more pixels or FPS.
But to your system administrator you are all equally end-users. Compiler in hand or not.
"The pillars of your bright new world were built by people whose minds are so arcane and alien to you that you will never be able to comprehend exactly how much you rely on the hobbies of dead legends."
-- Lesrahpem "LINUX INSIDE!" (paraphrased) 2009 September 22 03:44 AM
Let's remember that the drug wasn't there before. That's the price the society pays for a dynamic drug market.
No, the epipen was cheaper before Mylan CEO Heather Bresch decided to jack the price to +$600. Of which the company claims to only make $50, a really nice profit for something some people need. That is ignoring the insanity of that $550 overhead. An epipen is a single use stick needle. It delivers a $5 dose of a drug needed to stop anaphylactic shock. Outside the United States these pens are below $10.
You invent something; it's prohibitively expensive for a bit, then the price drops.
Nice theory but reality is different. The dark side to supply and demand is that if you need something, you don't have a choice to buy it. Whatever price I chose to sell it to you is what you have to pay. You want to stay healthy so you need Medicine. Since medicine is something you need, you'll pay whatever price or suffer. If I can make enough profit I can even afford to make sure nobody else competes with me. Either I can create a premium brand like the iPhone or just break the kneecaps of anybody who competes with me like solar roofs versus the local power monopoly.
The best business is to charge people for nothing, like sham medicine. The second best business is to take something that was cheap and already exists then resell it for really high profits.
And because of the first problem the FDA regulate markets like medical products very carefully. You may have to pay more since providing something real is more expensive than just cheating you out of your money. But you shouldn't be getting sham products.
The FDA doesn't regulate the cost to consumers, though. The would require a different, non-existent government organization in the USA. Something like a single payer medicine program.
Where do you see the configuration management market going in the next year or two?
Orchestration is the hot topic right now for automation verses last year's configuration management tools. Ansible is more orchestration than configuration management. Puppet and Chef require tools like mCollective to pickup the orchestration piece. RedHat now runs Tower. And Tower now ships as part of the RedHat Ceph storage product. RedHat's Satellite product is based on the Foreman which includes Salt, Puppet, Chef and Ansible support.
But where is this market heading? Are we likely to see consolidation? Integrations? Or even a flood of config management system tied products from vendors?
You sir, sound like an idiot. If you were 'so talented' you'd have had no problem finding a job. In fact your story smells like such bullshit I had to check my shoes to make sure I didn't walk in anything before I sat down.
Then you need to check your eyesight. You missed the cowardly brain matter leaking from you anonymous ears.
The story is so common and well-known in the United States that it even has a name: hard luck story.
The skills for doing a job and getting a job are different for everyone but a corporate recruiter.
Thus RubberDogBone was probably busy doing the job when working and not dedicating large amounts of time to finding the next one. Deep experts tend to be like this by definition. They gave up other time and tasks to dedicate to learning and performing one thing. It's also why going to conferences and user groups in an important part of professional work.
The skills for doing a job are tied to the application(s) and industry worked in. The skills of getting such a job are those for establishing and maintaining a large network of people. These people get you job referrals and job offers by getting past the HR filter. In instances where you are well known they can create jobs to get your limited skills for themselves. At the least they connect available jobs with available potential employees.
This is exactly like dating. There is a hidden information problem with lots of questions. Can you do the job? Can you fit in with the existing team or deal with the family? Are you wiling to work for the money available? The tools to resolve the problem are limited to writing about, talking to and meeting people. All of these fall into the trap of trust and reliability. Was this person just lucky at their last job or relationship? Are they bullshitting about their ability? Is this person just a presidential-class conman or con-woman?
In both cases lots of new tools have been developed to work around the problem. You have dating sites, prostitution and Churches on one side. On the other you have Linked-in, personal consulting and out-sourcing firms like Capgemini.
However, large layoffs like this are different from just losing a job like RubberDogBone did. In large layoffs the employment vultures circle. The most desirable employees get picked off early. The rest are filtered through so those with the top amount of connections get hired out. Stereo-typically in IT, a lot of employees are going to have limited social networks outside of work. Now those networks are gone. With a sudden glut of potential employees the market saturates in an area for a while. The suddenly unemployed and underemployed won't have the resources to go to conferences or spend time networking with peers. That network is gone so their duration of unemployment will be long as they compete on even ground with every conman and crook in the general labor market to get past HR.
Company unions aren't the solution to this. They start out fine. But because humans must run them it just devolves into another kind of business you have to get hired into. Unions "solve" the hiring problem with a worse old boys network than the original company. Taken to an extreme you cannot find work in some industries unless you are either already skilled or you are related to someone who does the work. Trade guilds are slightly better - being industry wide - but again depend on corruptible fail-able and limited humans to do the work. Maybe in the future machine run guilds could prevent this but I don't trust the people programming the machines. They are still human.
With dislreports and other aggregation tests, the bloat for download and upload may not be symmetric. So the resulting score might not be as good as it looks.
Paying for a commercial connection? Test for this kind of performance daily and scream as soon as it drops. Otherwise why bother to pay so much?
In the United States and other jurisdictions a home 'customer' user is not expected to run a "server" on their paid for Internet connection. Downloads may be finely tuned to low bloat. But upload may have significant bufferbloat, caps and gradual dropout. For financial reasons, of course.
This upload problem may get to be much worse in the future. More and more services push data from "client" devices in the home or office. Camera phone videos, twitch streams, shared google docs and your home automation spyware upend the upload/download assumptions of last-hop telcos. P2P is impacted now. The highly asymmetric buffering of uploads is detectable using protocols like bittorrent that don't have client-server separation.
Slashdot Mirror
At first glace I thought this was a joke. This 'overwriting of existing files' is how Zip, tar, Arch, 7zip and really any archive works.
The problem is real but is at a higher level. It is a classic lack of validating user input. Usually filtering out relative path names is enough (the path foo/bar/../../../../../../../etc/rhosts is not a valid location.). Combined with bad operational practices your application is overwriting /etc/passwd and /etc/shadow while processing my_little_brony_avatar.zip.
User facing applications, probably running as root, that don't limit their archive unpack to some safe sub-path can overwrite anything. Even if your application is installed to some place (e.g. /opt/vendorname,) locked down to a user and even running with (IMHO bad) SELinux types it can unpack a file and overwrite a library, plugin, configuration file or even the binary for the app itself.
The article may be a wake up call for the clueless. How many developers never thought about how unpacking an archive actually works?
For the rest it is a sensational piece based on the idea that open doors do in fact let people walk through them. That is how doors work. It is up to you to close the door and lock it.
I expect a follow up report about how unpacking a zip file downloaded from your email client can overwrite critical files on your desktop. Maybe call it "Mail Slip." Reserve a domain and a $5/mo AWS host. Use an icon with feral dogs instead of cats this time.
As for the question of should one only has to consider the fossil record. If you do not learn how to bring the extinct back then the best you can hope is that someone somewhere stepped in the wrong sand pit and it currently leaving a really nice impression as they petrify.
I expect that once field ready PCR is available some kind of public Merkel tree of DNA codes should be assembled. (Insert DNAcoin cryptocurrency joke here.) Just the deltas need to be kept like in this "Git repository of code" the same way we do with human DNA records. It's a literal tree of life. Then the race is on to scan in everything you can before it dies.
After that it is just a matter of making tools that can turn the DNA back into living stuff. Now you have an instant backup of the planet's ecosystem, from bacteria and virii and molds to your neighbor Steve and his dog. Throw it in a can attached to a light sail. Stop worrying about the death of the Sun.
Start worrying about competing with other species that had the same idea and are about to show up on your doorstep.
A biohacker can't inject a rock bigger than my house into his junk and claim to be 'thinking with the other head' while doing his taxes on his dick-puter. Via the wikfi.
Honestly, I expect facebook to come out with Jewelry that lets you rate the reputation of your meal with this. Then you'll finally be living in one of the Black Mirror episodes. The Nosedive episode, not the San Junipero episode (where the civilization ends by everyone become uploads living life in a retirement village that looks like American TV from the 60s, 70s and 80s until the first major power outage.)
Can one fit a bluetooth adapter and some of that motion power tech? If your can get dental implants with this thing you'd have a Beowulf cluster of teeth powered by blab. With Bluteeth(tm), you could move your datacenter into the sales people's mouths and never pay a power bill again. Rent might be a big pricey if they demand a commission on their oral real estate. But then you could actually get something done in a meeting like serve web pages through your molars as you chew on the free donuts.
Don't overlook the fact that comments are HTML formatted.
At least keeps one in practice for writing real web sites.
And for April first implement radio controls so you can toggle categories.
But lock it so that you can only turn on Funny. Or enable only Troll when set for +5 only.
You could always sell copies to doomsday prepers and people dreaming of becoming backyarders.
On the other hand it might take a few cycles of civilization collapsing and being rebuilt before we get a good test of how to build and what to include.
But then on the third hand I'm hoping that humanity isn't actually the race that spawns the Motes with a great need for working, reliable civilization bootstrap systems.
How is this 2015 patent different from shapshifto.io, an operating business doing this since 2014? It is just because they don't mention blockchains or smart contracts anywhere?
I guess not using a blockchain is innovative financial technology now?
Nobody has to tell anybody else to 'give up and give in'. The listening device on my phone will records your conversations just fine.
People have always traded for convenience. We traded away our community for a semblance of privacy. Originally privacy was never a thing. When people lived in small bands and villages you knew everyone's business. Privacy and the expectation of it briefly became a thing when society got spread out enough with enough people that it wasn't worth it given the technological limitations. Now those limits are going away and privacy is going away again. This time the town gossips are news agencies with agendas and corporations operating without morals or only ethics of blind profit.
You can choose to not do business with or permit access to people who carry a 'smart' device of any kind. But in the first world that means limited yourself. Depending on the market you will not doing business with a lot of people. They will simply find someone with your skills but who doesn't care about cellphone surveillance (cell-veillance?).
They will look down their noses at you and wonder 'what bad things have you done that you must hide?' You become the 'rude weirdo' that asks people to put their phones in radio-bags before hanging out with you at lunch.
But if you want a return to that brief period of personal privacy you'll have to start a cultural and legal revolution. Eventually all new "private" buildings with come with these fixed smart hubs. First to provide 911 assistance or as a selling point for a luxury home. Then as part of parole terms for the poor criminals. Like those who don't double-plus-good-think in our brave new world of corporate group-think.
That leaves, what? Linux Format: the 400 Lbs Gorilla of Linux reading material, with a price to match, Linux Magazine and distro-focused publications like Full Circle?
I do hope they get a chance to make a final run of the back edition PDF collection.
Many of the columns, such as David Taylor's work the shell, are timeless and quite useful.
There is value even the Letters to the Editors where smart or at least smart ass people suggested better or alternative ways to implement the various little projects detailed in LJ.
I also enjoyed the Linux Kernel Mailing List (LKML) summaries and discovered Reuven Lerner's python series through the magazine.
And there are always the Geek Guides.
While the sudo manpages get short shrift, the Sudo release notes are one of the best examples of open-source release notes.
They are
So, for example, if you needed to do something like figure out when the includedir option was added? Google it, get that page, find the version on that page and you are done.
Note that I use the present tense form in this. The legacy of the written word applies to Shakespeare as equally as it applied to your public Git commit messages. Or release notes. Once you publish your release notes they are always providing that information. They are providing information right now, just possibly to new people.
And please, don't just make your release notes a compilation of your commit messages. Unless they are really really good.
One important differences between physics and natural philosophy is the assumptions of universality and non-uniqueness.
The claim is that you have no privileged point of view to the universe. In space or in time. This is so you can test something in a lab and the test is equally valid everywhere. Given the rest of physics, if your lab were orbiting a super-massive black hole powering the furthest quasar billions of years ago on the other side of the Universe it should have the same result.
Science Fiction has already asked both the question "what is this isn't true?" and "what if it were aliens?". Vernor Vinge wrote A Fire Upon the Deep almost a quarter a century ago. A key plot point in part of that novel is that some physics is not natural. You'll have to read the book to find out what that is, though.
Whole civilizations are born, grow into interstellar civilizations and then die because of these "hard" limitations in their physics. All the while just next door are people doing impossible things because they are not so limited. The effects are even done to hide the appearance of jaggies like ShanghaiBill brought up.
The only real way to is get the ground truth. We just have to get off this flying ball of rock and go see for ourselves. Anybody up of that, though? Getting up a gravity well is pretty hard. (At least on Earth.)
A good programming editor has the ability to make 'whitespace' characters visible somehow. IMHO, lack of that feature is one of the criterion for being good or being suitable for programming. (Yes, you can also write War and Peace in notepad.exe if you really have to.)
VIM has 'set list'.
Sublime shows whitespace on selected text.
Atom has the editor.toggle-invisible setting (and lots of packages to add menu option for it.)
Visual Studio has CTRL + R, CTRL + W Menu: Edit -> Advanced -> View White Space
In EMACS you have to write a little lisp code.
At the end of the day this is about as annoying as finding the missing semicolon in ALGOL-style code.
Jakub's Mastering Git book discusses briefly that git is less a version control system in itself and more a tool for building version control systems.
Alternative user interfaces like Zit, Cogit and Yap show that there is some merit to this view.
Git's content-addressable data store with locally computable global identifiers can form the basis of a generic storage engine. Microsoft has created what appears to be another file system out of git. There are many other filesystem implementations.
The git wrapper and workflows used by the Linux project can be seen as just the demonstration of one implementation. Collaboration and hosting sites like GitHub and GitLab show that you can turn a git repository into a project management tool. People have even built code review tools out of git (Critic, git-issues, etc.)
I wonder if Microsoft could implement something like etckeeper for the registry? (It would be nice to be able to run git blame after corruption by some vendor's installer.)
I do find it odd that Microsoft is switching to git so the team can put Windows into a single, giant repository while trying to modularize the product. One would think that the prior Perforce based system would have suited the modularization goal. That was forcing multiple repositories on the developers to meet the scale of the codebase. Perhaps the intent is to centralize then reorganize and break out into logical modules again? (It could be a control freak VCS team that is jumping at the chance to become the gatekeepers.)
The article does mention that "the company wanted to develop a single engineering system ('1ES'), spanning not just version control, but bug tracking, building, and more, that could span the entire company. " This makes the next version of Team Foundation Server sound a lot like GitHub Enterprise from Microsoft. Should Microsoft offer this 1ES environment for sale? It could certainly add a twist to the corporate on-premise or could-based git hosting market.
The lack of patent encumbered algorithms in MP3 means two things:
Audio snobs won't stop arguing about the format of the week or FLAC verses DSD or the best bit rates on PCM encoded WAV files.
Mere consumers shall continue on with our plebeian fidelity sound as always.
Online buyers will continue to download low bit rate MP3s to squeeze a few more hundred tunes onto their Zune. Everyone you know will still play studio damaged music through tiny earbuds.
Do you have a cat in your house? How well does hang-drying handle pet dander?
The answer pet owners want to know is how does this sonic dryer fare at removing kitty's mess of fibers.
Don't think that pet hair can lodge itself into cloth pretty well? It's amazing what is floating around the air or well hidden in the pattern on a sofa at a pet owner's house during springtime. I don't need to save 35 minutes on a 55 minute cycle once if I have to spend 5 minutes every day lint rolling everything I wear for decades.
At least I can go do something else while the clothes are in the dryer.
The images and videoes are searchable by tags. They have really good descriptions that break into keywords well. Lots of images of hardware, astrophotographs, locations, mission patches, buildings and people.
This is a huge resource of labeled images for supervised machine learning. A massive gift to anyone wanting to do image processing.
Depending on where you work there is a very clear line for being an engineer. In many cases Engineer is a protected title with legal obligations.
Only passing the PE as an EIT can you actually call yourself an Engineer in Texas. Even software developers in Texas, USA have to site before the Board of Professional Engineers and pass the Exam to call themselves an Engineer.
You can't just walk in with your freshly minted Software 'Engineering' degree from an ABET certified college program. You have to be a Texas Engineer in Training (EIT) to register to take the PE exam. That is usually having worked under a PE mentor in the capacity you are training for.
This is very similar to other protected titles in other counties like Registered Pharmacist in the UK.
This title caries with it a lot of ethical and legal requirements that most "coders" or "programmers" would not be able to meet just based on the code they write. But such titles carry with it the authority to tell management where they can stick it when they ask for faster, cheaper by cutting corners that are not Salespeople Features.
The biggest lie, just based on the number of empty GitHub Projects is probably "I can do this."
Dirty code is defined as ' overly complex or highly coupled.' As a programer you are expected to deliver X number of features by Y date. Unless one of those features is 'simple and loosely coupled code' what does that have to do with predicting anything? For performance you don't predict. Experiments are the only thing you have that work: test and change and re-test and un-change and re-test, endlessly. Anything else is voodoo programming, not to insult the pracitioners of Santaria, Vodou or Hoodoo.
How about predicting the schedule? I recall that Steve McConnell once joked that to get better at estimating we need to get better at estimating. (This may have been someone else.) Greg Wilson showed we can do this in programming, and Computer Science in general. We only have to do scientific experimentation with various methods. We throw away what doesn't work (instead of writing pulpy business books to bilk people out of money.) But you'll still have to run a lot of tests to do that, too.
It is my opinion that any refactoring that cannot be done by an automatic program isn't refactoring. The original definition of refactoring is just 'factoring' or re-organizing the code. It is not a re-writing as in an 'several months' effort.
Misuse of a sexy, trendy name from the 90s does not change this. All re-writing suffers the risk of second-system syndrome and not in the throw-one-away sense of prototyping. Do you have a button to press in your IDE to make the change? Do you have in mind a short sed statement, simple awk program, EMACS macros or a on-hand shell scriptlet to do the transformation? If not then you cannot get away from re-thinking the problem. This will require re-design of the solution and re-implementation of the feature. Each of these carries time risk at least as high as the original work.
What if the problem is overly complex or highly coupled? The code may merely be an expression of this. In this case only a paradigm or perspective change by the customer, developer or user can untangle the problem. The computer cannot help you do anything but automate making a mess if the problem is a mess. Changing perspective is often an unbound-in-time problem for human beings. Good luck with estimating completion dates for that.
In fact, Greg Wilson showed in his presentation that almost every metric on the market when analyzed showed no better and usually equal predictive power as simple counts of Lines of Code.
The situation in programming is almost as if more code equals more bugs while less code equals less bugs.
This seems obvious and
The highway system in the United States is rather unusual. Most countries would design a system to maximize the utility. Lots of high density living near high density employment plus walking, cycling and mass transit. Then minimizing problems like traffic jams by using turnabouts and parallel paths. Instead, the United States highway system was built for the military instead. It was created by the Federal-Aid Highway Act of 1956, popularly known as the National Interstate and Defense Highways Act (Public Law 84-627).
Originally this system got raw material from one side of the country to another to manufacture planes, guns, ammo and ships. It was also envisioned as a great lever on the economy. But the immediate social cost of this high-speed bypass was destroying little towns that grew up on existing roads like Highway 66, a road that already crossed the entire country.
But the system was funded at a time when Nuclear War was the next big thing just around the corner. One intention or clear effect is spreading living out into the new suburbs and exurbs to reduce the impact of a nuclear strike on the core of a city. In fact the roads around every major city aren't designed to avoid traffic jams but instead to ensure:
the importance of the Interstate System to evacuation of cities in time of national emergency.
-- the Clay Commission.
This was the time when everyone was told on the brand new TVs that success means 'a steady job, a home out of town, a car, two kids and husband+wife.' That is when they weren't practicing duck and cover.
Where these yahoos intended to put these people fleeting the burning inner cities during war? The imaginary copious amounts of farmland that planners though should be able to support them. Yes, this was during a time when farming was already well on it's way to consolidating into agribusiness.
No, people didn't decide that suddenly the suburbs were the peak of civilization (even if we parody that in the movies.) The citizens of the United States bought a big pile of propaganda. The sad fact is that the people who wrote that propaganda actually believed it was to help them.
Tell that to three generations of management that believe in face-to-face time. Google and other Stack-ranking "Internet Native" companies design their HR system to terminate remote workers or flex workers as fast as they can hire them. Sixty years of white flight, black flight, Mexican-ization, gentrification, urban blights, drug wars, gang wars, the real estate collapse and protectionist nimby laws the problems haven't been solved by staying at home. In places like Irving, California, that are built on the Internet, things got much worse. The demographics keep changing but the work culture and laws didn't.
Is there a charity that goes to at-risk places like these mining villages and towns then pays the family to put their children into school?
Something Like:
But where I can directly 'employ' a child to go to school and get a report on how well they are doing, a transparency report on what portion of my money is making to the child vs overhead?
If there isn't I think there should be. Can you offer a family more money, food and opportunity to put their child into a small village school than the local miners or child laborers?
If so then you can effectively buy happiness for these kids. Or at least a shot at a childhood while raising the pay of miners who's "tiny slave labor" market now has to compete with the charity.
I think there's a missed marketing opportunity here for Apple. All they are doing is pulling their money away from a toxic situation like child labor which hurts their reputation with people who buy luxury electronics in various shades of grey and white. They could be touting how some of your money for your iThing is being spent on teaching children who would have instead slaved away to build your toy.
Access to KoL chat requires passing a basic English exam. Several questions are aimed at common grammatical errors (to vs too, their and there and they're).
There is less low quality trolling and a lot less bot spam.
But even with a basic language test you will still have worthless discourse. The spelling might be a bit better, though.
At one point compilers and OSes were the things used by the end-user. The very definition of an operating system is a kernel, standard library and compiler. This means that for most of its history Microsoft did not actually sell a actual computer operating system by definition. But for many users their computer is just their favorite application. To your accountant the computer is just a means to access email, quickbooks and irs.gov. To your kids the computer is the thing that provides access to disney.com.
The biggest change has been in the users, not so much in what was provided. The typical target user has not been academics or geeks in decades. Applications are targeted at children with no technical skills, busy parents with no technical skills and professionals with absolutely no technical skills. They interface to the computer in their pocket through rote, learned application-centric tasks. Like thumb pressing a share button to tweet a picture of their cat.
The popular media may want to whitewash history but major improvements in computing like operating systems, networking and personal computers follow two very end-user focused applications of processing power. One is pornography. The other is video games. Ken Thompson developed little project called UNIX based on a system to play a game called Space Travel on a PDP-7. That design seems to have done pretty well. The success of AOL hinged upon their dominance of the online "dating" scene, not so much their free coasters. Modern machine learning algorithms are designed with kernels that run efficiently on PC video cards. The same cards which had their expensive research and development paid for by at home video game enthusiasts craving a few more pixels or FPS.
But to your system administrator you are all equally end-users. Compiler in hand or not.
No, the epipen was cheaper before Mylan CEO Heather Bresch decided to jack the price to +$600. Of which the company claims to only make $50, a really nice profit for something some people need. That is ignoring the insanity of that $550 overhead. An epipen is a single use stick needle. It delivers a $5 dose of a drug needed to stop anaphylactic shock. Outside the United States these pens are below $10.
Nice theory but reality is different. The dark side to supply and demand is that if you need something, you don't have a choice to buy it. Whatever price I chose to sell it to you is what you have to pay. You want to stay healthy so you need Medicine. Since medicine is something you need, you'll pay whatever price or suffer. If I can make enough profit I can even afford to make sure nobody else competes with me. Either I can create a premium brand like the iPhone or just break the kneecaps of anybody who competes with me like solar roofs versus the local power monopoly.
The best business is to charge people for nothing, like sham medicine. The second best business is to take something that was cheap and already exists then resell it for really high profits.
And because of the first problem the FDA regulate markets like medical products very carefully. You may have to pay more since providing something real is more expensive than just cheating you out of your money. But you shouldn't be getting sham products.
The FDA doesn't regulate the cost to consumers, though. The would require a different, non-existent government organization in the USA. Something like a single payer medicine program.
Orchestration is the hot topic right now for automation verses last year's configuration management tools. Ansible is more orchestration than configuration management. Puppet and Chef require tools like mCollective to pickup the orchestration piece. RedHat now runs Tower. And Tower now ships as part of the RedHat Ceph storage product. RedHat's Satellite product is based on the Foreman which includes Salt, Puppet, Chef and Ansible support.
But where is this market heading? Are we likely to see consolidation? Integrations? Or even a flood of config management system tied products from vendors?
Then you need to check your eyesight. You missed the cowardly brain matter leaking from you anonymous ears.
The story is so common and well-known in the United States that it even has a name: hard luck story.
The skills for doing a job and getting a job are different for everyone but a corporate recruiter.
Thus RubberDogBone was probably busy doing the job when working and not dedicating large amounts of time to finding the next one. Deep experts tend to be like this by definition. They gave up other time and tasks to dedicate to learning and performing one thing. It's also why going to conferences and user groups in an important part of professional work.
The skills for doing a job are tied to the application(s) and industry worked in. The skills of getting such a job are those for establishing and maintaining a large network of people. These people get you job referrals and job offers by getting past the HR filter. In instances where you are well known they can create jobs to get your limited skills for themselves. At the least they connect available jobs with available potential employees.
This is exactly like dating. There is a hidden information problem with lots of questions. Can you do the job? Can you fit in with the existing team or deal with the family? Are you wiling to work for the money available? The tools to resolve the problem are limited to writing about, talking to and meeting people. All of these fall into the trap of trust and reliability. Was this person just lucky at their last job or relationship? Are they bullshitting about their ability? Is this person just a presidential-class conman or con-woman?
In both cases lots of new tools have been developed to work around the problem. You have dating sites, prostitution and Churches on one side. On the other you have Linked-in, personal consulting and out-sourcing firms like Capgemini.
However, large layoffs like this are different from just losing a job like RubberDogBone did. In large layoffs the employment vultures circle. The most desirable employees get picked off early. The rest are filtered through so those with the top amount of connections get hired out. Stereo-typically in IT, a lot of employees are going to have limited social networks outside of work. Now those networks are gone. With a sudden glut of potential employees the market saturates in an area for a while. The suddenly unemployed and underemployed won't have the resources to go to conferences or spend time networking with peers. That network is gone so their duration of unemployment will be long as they compete on even ground with every conman and crook in the general labor market to get past HR.
Company unions aren't the solution to this. They start out fine. But because humans must run them it just devolves into another kind of business you have to get hired into. Unions "solve" the hiring problem with a worse old boys network than the original company. Taken to an extreme you cannot find work in some industries unless you are either already skilled or you are related to someone who does the work. Trade guilds are slightly better - being industry wide - but again depend on corruptible fail-able and limited humans to do the work. Maybe in the future machine run guilds could prevent this but I don't trust the people programming the machines. They are still human.
With dislreports and other aggregation tests, the bloat for download and upload may not be symmetric. So the resulting score might not be as good as it looks.
Paying for a commercial connection? Test for this kind of performance daily and scream as soon as it drops. Otherwise why bother to pay so much?
In the United States and other jurisdictions a home 'customer' user is not expected to run a "server" on their paid for Internet connection. Downloads may be finely tuned to low bloat. But upload may have significant bufferbloat, caps and gradual dropout. For financial reasons, of course.
This upload problem may get to be much worse in the future. More and more services push data from "client" devices in the home or office. Camera phone videos, twitch streams, shared google docs and your home automation spyware upend the upload/download assumptions of last-hop telcos. P2P is impacted now. The highly asymmetric buffering of uploads is detectable using protocols like bittorrent that don't have client-server separation.