Unfortunately, Rust doesn't have any way of constraining the side effects of unsafe code, and most nontrivial Rust programs end up using unsafe in at least some places.
They have their own crawler, but they also use a bunch of third-party APIs. I think one of them is Bing, but the others are mostly domain-specific searches, so if you search for something in a particular field you'll often get results from searches of those search engines' databases directly.
I'd be really interested in what kind of searches are getting bad results for you. I've heard this claimed by a few people, but I switched to DDG almost a decade ago and haven't had problems. Their !b and !g shortcuts let you retry a search with Bing or Google, but whenever I do I rarely find anything more useful. I do often see pages with large numbers of results on Google when I provide a search term that DDG doesn't show any results for, but they're always completely unrelated pages full of ads (even when I search for a phrase in quotes, Google will happily show me pages that don't contain that phrase at all).
There have been lots of proposed defences against side channels that work in the same way: add entropy to the data. Unfortunately, there are lots of well-known statistical techniques that filter entropy out and you just end up making the attacks require more samples. I suspect that the same is true for this, and you can both filter out the noise and even use the fact that only some users are adding noise to narrow down who those users are.
That used to be an argument, but in the last couple of years the major AV vendors have all shipped serious vulnerabilities. My favourite was in the Symantec product, which decided that the best place to put code that decoded images and scanned them was in the kernel. It would do this as soon as an image appeared in the filesystem, so if you went to a web page and your browser cached the image locally, or if you received an email with an image attachment and your mail client stored it to disk, the scanner would run. This sounds almost useful, and would have been if the thing dealing with the untrusted (and assumed to be at least potentially malicious) data had been in an unprivileged process with read-only access to the data and the ability to write a single bit of state outside. Unfortunately, it wasn't, and when someone found a vulnerability in the image decoder, it became possible to run arbitrary code in kernel space simply by persuading the user to store an image on their disk (which a lot of programs did automatically in response to network events).
I think you're probably better off with the vulnerabilities that Windows ships with than those, minus a small chance that you'll be protected from exploits, plus the ones that these clowns introduce.
This one bugs me, because the group that he met is almost certainly going to be going slower than him (one person can walk faster than eight people with a load of cats and kittens), but there will also be other people in front of him moving at his speed or faster and behind him moving at his speed or slower (or, in both cases, simply not fast / slow enough that they'll meet before reaching St. Ives), so you have no information about how many people are going to St. Ives other than at least one.
2 is anything greater than or equal to 1.5 or less than 2.5. 2.5 rounds to 3 (in classical mathematics. IEEE floating-point rounding modes are an entirely different category of crazy). So the limit of 2x2 is greater than or equal to 3, less than 5.
2. The machine is not faster if you include the time to type in the numbers.
This makes several assumptions. The first is that the numbers are not already in the computer. The second is that you're solving the problem precisely once, not 10,000 or more times with different data. Neither of these are true for the vast majority of problems that I've encountered in my working life (sure, being able to add up things in my head when I'm shopping is a useful life skill, but it's not something that most employers care about).
A machine can easily do 2+2. Do you think that shouldn't be taught?
A modern machine can add any two 64-bit integers just as easily as it can do 2+2 and it can add a very long column of arbitrary-precision integers in less time than than it takes me to say 'two plus two is four' in my head. You rapidly hit diminishing returns with such things.
At school, we started learning to solve differential equations by gradually applying simple rules. After a lot of practice, I was probably an order of magnitude faster than at the start. I was still several orders of magnitude slower than a computer solving the same problem and that distance has only increased as numerical computing systems have been optimised and processors have become faster. At the same time, I learned how to translate real-world problems into differential equations. One of these skills has been useful, the other has not, yet at school we spent far more time on the other.
When I'm hiring people, I don't want to know if they can solve a problem, I want to know if they can solve a category of problems. Showing your working demonstrates that you can apply a technique. If you make a small error, then it tells me that you might need a bit more practice, but can learn to apply the technique. Getting the right answer with no working tells me that you might know a general technique, or you might have made a lucky guess, or you might have a very fast mental optimisation that happens to work in that case but is wrong in the general case, or that you made two errors that happened to cancel each other out, or...
If you write down 42 as an answer, the marker doesn't know if you guessed, if you just copied the answer out of the mark book, or if you actually worked it out. If you show the calculations then it's easier to tell these apart.
When you're teaching maths, you're not teaching people to get the right answer to a problem, you're teaching them to be able to get the right answer to all problems in a category. Seeing the answer lets the marker know if they've succeeded in the first objective, showing the working lets them know they've succeeded in the second.
I wouldn't complain about that exam for any snowflake reasons, I'd complain about it because it's completely ignoring the last 60 years of exam theory research if given as stated. The most obvious problems with it:
The question difficulty needs calibrating. There are well-known tools (facility and omit rates) for doing this, but you need a very large population of exam sitters to properly calibrate an exam where every question is optional. This means that if candidate 1 answers questions 2, 3, 4, and 5 all correctly, but candidate 2 answers questions 6, 7, 8, and 9 all correctly then you almost certainly don't have enough information to be able to compare them at all, unless either you have a few tens of thousands of students sitting the exam, or you have a bank of questions that you're reusing and are doing pre-testing to calibrate them.
The ordering with respect to cohort means that your reliability is low. A single outlier at the top end will move everyone's marks down a lot. The lack of such an outlier will move everyone's grade up a lot. If your exam is meant to actually measure anything useful and not just be a dick-waving contest, then you'll need to do some normalisation and not use the scheme that you've proposed.
Your discrimination is likely to be all over the place. Most exams are intended to have high discrimination at specific places. For example, in admissions testing you have deselection tests that have high discrimination somewhere in the bottom half and selection tests that have high discrimination nearer the top. The first means that there's a big jump between the definite-reject and the possible-accept candidates, the second means that there's a big jump between the definite-accept and possible-accept students. For most graded exams, you want high discrimination between grade boundaries: if someone gets a B, you want to be confident that they're definitely worse than students who get an A and better than ones that get a C, but you don't care much about their ordering with respect to other students that get a B. This structure makes it almost impossible to design an exam for high discrimination.
If you want a snowflake reason, then your exam structure is likely to penalise women if it is being administered to teenage or undergraduate-age students, because they tend to be more negatively affected by time pressure than boys of the same age (this effect reduces with age).
TL;DR: It sounds like you like exams that don't measure anything useful, because you do well in them.
I'm not sure Microsoft gets respect for that. They acted entirely in their own self interest. they wanted to sell an OS and make the hardware a commodity so that they could be the suppliers of the only non-interchangeable component. They aggressively locked out competitors in this space (e.g. intentionally breaking MS Windows on DR-DOS). It just happened that there was a beneficial side effect to their anti-competitive behaviour.
Modern Microsoft has a few more things that might deserve respect. They've been much better at engaging with open source projects, for example contributing to LLVM and Clang, open sourcing their.NET runtime (MIT license + patent grant), contributing Linux and FreeBSD patches for Hyper-V, and so on.
Firefox is (now, currently) the best browser available
There are a lot of good things about Firefox, but they're still way behind the curve on security. Other browsers moved to aggressive sandboxing of individual tabs 10 years ago. Firefox now kind-of does, but only in the latest release and no one had done any serious adversarial analysis of it.
DuckDuckGo has their own crawler, but they also get results from other APIs and aggregate them. I'm not sure what proportion of their results come from each source, but if you add !g or !b to a DDG search then it will redirect you to Google or Bing. When I've done this, I've usually seen quite different results, so they're not simply forwarding the searches.
They also partner with a load of small domain-specific searches and will present their results for terms in relevant fields.
Lennart Poettering has been a RedHat employee for a long time. They didn't just adopt it, they paid him to write it. He's also responsible for PulseAudio, and I think was working for RedHat then as well.
He's also responsible for Avahi, which is at least only mediocre rather than actively harmful.
I'd broaden it a bit to include companies that have spend significant amounts on tech-related R&D. If you're just buying COTS bits of technology and assembling them then you're not a tech company. If you're building a lot of it from scratch and have a competitive advantage because of this, then at least parts of your organisation are.
Seems like steps 1 and 2 are in the wrong order. eBay bought PayPal when they were quite popular, made them the standard payment processor for one of the largest online stores, and then sold them when they had increased their value significantly. Doing things that increase a company's value before you buy them is not a great way of making money.
This is basically how Apple Pay works and how credit cards with chips work for in-person payments. The merchant provides the amount and the recipient. The card (or iOS device) provides an HMAC that authorises this single payment. The code is sent to the bank, who then authorises the transaction. I believe that Google Pay works the same way since the rewrite (though Apple's version stores the keys in memory that is readable only by the secure element and does the EMV handshake on the secure element, whereas Google stores the keys in protected storage on phones that support it but does the EMV handshake on the application processor allowing a compromised OS to steal it).
Some US banks provide an ad-hoc version of this, where you can generate a credit card number that's valid for a short period and only for a single transaction of a fixed amount, but I've never seen one with a UI that doesn't suck.
Note that very large clients don't pay anything like the list price per customer. This has always been the case with Microsoft products, offering big discounts on site licenses for large companies.
The best way to do insurance of any kind is to have as many people chip in as possible.
It's not always that clear cut. For things that are likely to be claims for some significant subset of your population and the probability is similar for the general population, it's often better to budget for paying them than to go through the overhead of an insurance company. For example, my employer runs its own travel insurance scheme, where they just pay a bunch of common and cheap things directly from a pot of money and only go to the underwriter for less common things.
For high-cost, low-risk things, you want to get a large pool to spread the risk. For low-cost, high-risk things, the overhead of insurance is high and you're better off doing whatever minimises the per-claim overheads. If you've got the sort of thing where 20% of your employees are going to claim for it, and that's close to the average for the population, then you're probably better off just paying out of your local pool, because you don't reduce the risk noticeably by using a large pool, but you do increase the overheads.
For anyone not reading the US press, for the 20-30 years prior to the current government, the increase in NHS funding has, more or less, kept pace with inflation. It could have done with a little bit more, but that was just about enough to keep it operating. The current government has increased NHS funding by less than this (while shouting that they've increased it by a larger number of pounds than anyone else before). At the same time, they've cut funding for training nurses and have helped create a hostile climate for EU nationals (a fairly large proportion of junior doctors are non-UK EU nationals), leading to skill shortages for both nurses and doctors. This has, unsurprisingly, led to a serious drop in NHS quality over the past few years.
I'm quite happy for US citizens to subsidise my heath care, but I'm not convinced that 'if we implement socialised health care then our costs will go down but citizens of other countries will go up' is actually a compelling counterargument for the average US taxpayer.
Lots of companies have replicated non-core business functions to reduce cost
Including Amazon. AWS began with someone noticing that they needed a load of computers to cover their peak demand, but most of the time they were below that peak and wondering if they could sell some of their excess capacity. It was never intended to be a large part of their business, just a way of reducing the costs of operating their store. It turned out to be quite profitable...
Slashdot Mirror
Unfortunately, Rust doesn't have any way of constraining the side effects of unsafe code, and most nontrivial Rust programs end up using unsafe in at least some places.
They have their own crawler, but they also use a bunch of third-party APIs. I think one of them is Bing, but the others are mostly domain-specific searches, so if you search for something in a particular field you'll often get results from searches of those search engines' databases directly.
I'd be really interested in what kind of searches are getting bad results for you. I've heard this claimed by a few people, but I switched to DDG almost a decade ago and haven't had problems. Their !b and !g shortcuts let you retry a search with Bing or Google, but whenever I do I rarely find anything more useful. I do often see pages with large numbers of results on Google when I provide a search term that DDG doesn't show any results for, but they're always completely unrelated pages full of ads (even when I search for a phrase in quotes, Google will happily show me pages that don't contain that phrase at all).
There have been lots of proposed defences against side channels that work in the same way: add entropy to the data. Unfortunately, there are lots of well-known statistical techniques that filter entropy out and you just end up making the attacks require more samples. I suspect that the same is true for this, and you can both filter out the noise and even use the fact that only some users are adding noise to narrow down who those users are.
That used to be an argument, but in the last couple of years the major AV vendors have all shipped serious vulnerabilities. My favourite was in the Symantec product, which decided that the best place to put code that decoded images and scanned them was in the kernel. It would do this as soon as an image appeared in the filesystem, so if you went to a web page and your browser cached the image locally, or if you received an email with an image attachment and your mail client stored it to disk, the scanner would run. This sounds almost useful, and would have been if the thing dealing with the untrusted (and assumed to be at least potentially malicious) data had been in an unprivileged process with read-only access to the data and the ability to write a single bit of state outside. Unfortunately, it wasn't, and when someone found a vulnerability in the image decoder, it became possible to run arbitrary code in kernel space simply by persuading the user to store an image on their disk (which a lot of programs did automatically in response to network events).
I think you're probably better off with the vulnerabilities that Windows ships with than those, minus a small chance that you'll be protected from exploits, plus the ones that these clowns introduce.
This one bugs me, because the group that he met is almost certainly going to be going slower than him (one person can walk faster than eight people with a load of cats and kittens), but there will also be other people in front of him moving at his speed or faster and behind him moving at his speed or slower (or, in both cases, simply not fast / slow enough that they'll meet before reaching St. Ives), so you have no information about how many people are going to St. Ives other than at least one.
They're sheep, sick is their natural state and stating it explicitly would be redundant.
2 is anything greater than or equal to 1.5 or less than 2.5. 2.5 rounds to 3 (in classical mathematics. IEEE floating-point rounding modes are an entirely different category of crazy). So the limit of 2x2 is greater than or equal to 3, less than 5.
2. The machine is not faster if you include the time to type in the numbers.
This makes several assumptions. The first is that the numbers are not already in the computer. The second is that you're solving the problem precisely once, not 10,000 or more times with different data. Neither of these are true for the vast majority of problems that I've encountered in my working life (sure, being able to add up things in my head when I'm shopping is a useful life skill, but it's not something that most employers care about).
A machine can easily do 2+2. Do you think that shouldn't be taught?
A modern machine can add any two 64-bit integers just as easily as it can do 2+2 and it can add a very long column of arbitrary-precision integers in less time than than it takes me to say 'two plus two is four' in my head. You rapidly hit diminishing returns with such things.
At school, we started learning to solve differential equations by gradually applying simple rules. After a lot of practice, I was probably an order of magnitude faster than at the start. I was still several orders of magnitude slower than a computer solving the same problem and that distance has only increased as numerical computing systems have been optimised and processors have become faster. At the same time, I learned how to translate real-world problems into differential equations. One of these skills has been useful, the other has not, yet at school we spent far more time on the other.
When I'm hiring people, I don't want to know if they can solve a problem, I want to know if they can solve a category of problems. Showing your working demonstrates that you can apply a technique. If you make a small error, then it tells me that you might need a bit more practice, but can learn to apply the technique. Getting the right answer with no working tells me that you might know a general technique, or you might have made a lucky guess, or you might have a very fast mental optimisation that happens to work in that case but is wrong in the general case, or that you made two errors that happened to cancel each other out, or...
If you write down 42 as an answer, the marker doesn't know if you guessed, if you just copied the answer out of the mark book, or if you actually worked it out. If you show the calculations then it's easier to tell these apart.
When you're teaching maths, you're not teaching people to get the right answer to a problem, you're teaching them to be able to get the right answer to all problems in a category. Seeing the answer lets the marker know if they've succeeded in the first objective, showing the working lets them know they've succeeded in the second.
I wouldn't complain about that exam for any snowflake reasons, I'd complain about it because it's completely ignoring the last 60 years of exam theory research if given as stated. The most obvious problems with it:
The question difficulty needs calibrating. There are well-known tools (facility and omit rates) for doing this, but you need a very large population of exam sitters to properly calibrate an exam where every question is optional. This means that if candidate 1 answers questions 2, 3, 4, and 5 all correctly, but candidate 2 answers questions 6, 7, 8, and 9 all correctly then you almost certainly don't have enough information to be able to compare them at all, unless either you have a few tens of thousands of students sitting the exam, or you have a bank of questions that you're reusing and are doing pre-testing to calibrate them.
The ordering with respect to cohort means that your reliability is low. A single outlier at the top end will move everyone's marks down a lot. The lack of such an outlier will move everyone's grade up a lot. If your exam is meant to actually measure anything useful and not just be a dick-waving contest, then you'll need to do some normalisation and not use the scheme that you've proposed.
Your discrimination is likely to be all over the place. Most exams are intended to have high discrimination at specific places. For example, in admissions testing you have deselection tests that have high discrimination somewhere in the bottom half and selection tests that have high discrimination nearer the top. The first means that there's a big jump between the definite-reject and the possible-accept candidates, the second means that there's a big jump between the definite-accept and possible-accept students. For most graded exams, you want high discrimination between grade boundaries: if someone gets a B, you want to be confident that they're definitely worse than students who get an A and better than ones that get a C, but you don't care much about their ordering with respect to other students that get a B. This structure makes it almost impossible to design an exam for high discrimination.
If you want a snowflake reason, then your exam structure is likely to penalise women if it is being administered to teenage or undergraduate-age students, because they tend to be more negatively affected by time pressure than boys of the same age (this effect reduces with age).
TL;DR: It sounds like you like exams that don't measure anything useful, because you do well in them.
It's actually a trick question, he's working through lunch today.
I'm not sure Microsoft gets respect for that. They acted entirely in their own self interest. they wanted to sell an OS and make the hardware a commodity so that they could be the suppliers of the only non-interchangeable component. They aggressively locked out competitors in this space (e.g. intentionally breaking MS Windows on DR-DOS). It just happened that there was a beneficial side effect to their anti-competitive behaviour.
Modern Microsoft has a few more things that might deserve respect. They've been much better at engaging with open source projects, for example contributing to LLVM and Clang, open sourcing their .NET runtime (MIT license + patent grant), contributing Linux and FreeBSD patches for Hyper-V, and so on.
Firefox is (now, currently) the best browser available
There are a lot of good things about Firefox, but they're still way behind the curve on security. Other browsers moved to aggressive sandboxing of individual tabs 10 years ago. Firefox now kind-of does, but only in the latest release and no one had done any serious adversarial analysis of it.
DuckDuckGo has their own crawler, but they also get results from other APIs and aggregate them. I'm not sure what proportion of their results come from each source, but if you add !g or !b to a DDG search then it will redirect you to Google or Bing. When I've done this, I've usually seen quite different results, so they're not simply forwarding the searches.
They also partner with a load of small domain-specific searches and will present their results for terms in relevant fields.
Lennart Poettering has been a RedHat employee for a long time. They didn't just adopt it, they paid him to write it. He's also responsible for PulseAudio, and I think was working for RedHat then as well.
He's also responsible for Avahi, which is at least only mediocre rather than actively harmful.
I'd broaden it a bit to include companies that have spend significant amounts on tech-related R&D. If you're just buying COTS bits of technology and assembling them then you're not a tech company. If you're building a lot of it from scratch and have a competitive advantage because of this, then at least parts of your organisation are.
Seems like steps 1 and 2 are in the wrong order. eBay bought PayPal when they were quite popular, made them the standard payment processor for one of the largest online stores, and then sold them when they had increased their value significantly. Doing things that increase a company's value before you buy them is not a great way of making money.
Some US banks provide an ad-hoc version of this, where you can generate a credit card number that's valid for a short period and only for a single transaction of a fixed amount, but I've never seen one with a UI that doesn't suck.
I think O365 is too expensive for large clients
Note that very large clients don't pay anything like the list price per customer. This has always been the case with Microsoft products, offering big discounts on site licenses for large companies.
The best way to do insurance of any kind is to have as many people chip in as possible.
It's not always that clear cut. For things that are likely to be claims for some significant subset of your population and the probability is similar for the general population, it's often better to budget for paying them than to go through the overhead of an insurance company. For example, my employer runs its own travel insurance scheme, where they just pay a bunch of common and cheap things directly from a pot of money and only go to the underwriter for less common things.
For high-cost, low-risk things, you want to get a large pool to spread the risk. For low-cost, high-risk things, the overhead of insurance is high and you're better off doing whatever minimises the per-claim overheads. If you've got the sort of thing where 20% of your employees are going to claim for it, and that's close to the average for the population, then you're probably better off just paying out of your local pool, because you don't reduce the risk noticeably by using a large pool, but you do increase the overheads.
For anyone not reading the US press, for the 20-30 years prior to the current government, the increase in NHS funding has, more or less, kept pace with inflation. It could have done with a little bit more, but that was just about enough to keep it operating. The current government has increased NHS funding by less than this (while shouting that they've increased it by a larger number of pounds than anyone else before). At the same time, they've cut funding for training nurses and have helped create a hostile climate for EU nationals (a fairly large proportion of junior doctors are non-UK EU nationals), leading to skill shortages for both nurses and doctors. This has, unsurprisingly, led to a serious drop in NHS quality over the past few years.
I'm quite happy for US citizens to subsidise my heath care, but I'm not convinced that 'if we implement socialised health care then our costs will go down but citizens of other countries will go up' is actually a compelling counterargument for the average US taxpayer.
Lots of companies have replicated non-core business functions to reduce cost
Including Amazon. AWS began with someone noticing that they needed a load of computers to cover their peak demand, but most of the time they were below that peak and wondering if they could sell some of their excess capacity. It was never intended to be a large part of their business, just a way of reducing the costs of operating their store. It turned out to be quite profitable...