Want a context-free language, easily parseable, with plenty of computer-driven tooling, without this irritating English ambiguity? Lojban is learnable today: https://mw.lojban.org/papri/la...
In all seriousness, it is mind-blowing to me that our tribe of computer scientists continue to expend so much effort deriving meaning from English utterances. If we only wanted to encode meaning in a computer-manageable way, we could have been doing it decades ago.
The reason is precisely as Google has stated it. Domain fronting is a hack and arguably a symptom of a security weak point; neither should be relied upon in the long run.
SuperKendall disagrees with RMS. Groundbreaking and new. More on this, including video, at 11. But first, our lead story: Should laws prohibit Facebook from carrying out their technically-legal but morally-dubious business strategy? Let's go to Jim with details. Jim?
Jim: Thanks Linda. Facebook would like us to ask whether they should be forgiven in exchange for improving their stewardship of our personal data. However, should we trust Facebook to reform themselves, or should we legislate instead to force Facebook to act? That's the main question here.
Linda: Sounds complex, Jim. What are the main arguments in favor of legislation?
Jim: Well, Linda, in our current state, not only can businesses store enormous amounts of personally-identifying information, or "PII", without any accountability, but they can also sell those databases to other businesses, as Facebook does, or they can become targets for hackers, like anybody from Target to Equifax to the Nova Scotian government.
Linda: Sounds dangerous, Jim. Can the government protect us?
Jim: Not likely, Linda. The government can store PII too, and while our current government doesn't use PII against citizens very often, only using it to gerrymander and influence voting patterns, other governments around the world use PII to violate human rights. These protestors in favor of legislation argue that we can bind the government's use of PII, so that no organization, GO or NGO, can build up a database like this.
Linda: I don't know, Jim; I like my Facebook account.
Jim: So do I, Linda. Whatever we do from here, though, we can't deny that Facebook has changed our lives, and our lives now depend on changing Facebook. Back to you.
In case people don't see exactly how clever your comment is, ChromeOS is a Gentoo-based Linux distro with a prebuilt frozen userland and Google administration. It really does come down to trust of Google, once that information isn't being obscured.
Googlers cannot make most production changes without committing. Googlers *cannot* commit without code review. I had had a major code change (deprecating usage of a discontinued Python library) when I worked at Google, which sat open for years (and was probably still open when I left!) because the code owner refused to mark it as reviewed.
I'm not saying that I saw the behavior described by this engineer, but I can completely believe that not being able to get code reviews could lead to performance problems.
In his books, Pirsig develops the concept of morality as equivalent to rules of nature. To Pirsig, a helium molecule is moral when it obeys the requirements of chemistry: Rising in air, not burning at room temperature, fusing in stellar furnaces. We could view physics, chemistry, astronomy, etc. as sciences for empirically learning the morality of the universe.
I'm also reminded of Madoka, of course, but that's a completely different line of thought.
Because this is how you get The Patriots. Just wait; before long, they'll be posting memes, funding private armies, and injecting senators with nanomachines.
Nobody is racing, Scott Aaronson did not make a monetary wager this time around (and was also rudely misquoted), Blum is a respected mathematician who has been working in this subfield for years, most mathematicians expect that P != NP and also that the proof will be very difficult and not found by accidental observation like in Blum's paper, chess is within EXPTIME and not "out of the realm of possibility", and Traveling Salesman instances can actually be solved in pretty good time due to a TSP-specific heuristic.
I think that Weird Al endorsed Bernie, but I'm not sure. I can't find anybody calling him a Nazi, although his song lyrics have referenced Nazis often enough that it complicates searching.
I like corner cases. Who has called Jill Stein, who almost certainly did not vote Democrat, a Nazi? I've found several nasty rants excoriating her, but nobody notable calling her a Nazi.
I have known exactly one person, one time, in all my years here, to have bought a bicycle online as a box of parts. Everybody else buys from bicycle shops, usually preassembled. Frankly, after watching this person (who I roomed with at the time) assemble their machine, I would be willing to consider a $15 assembly fee for my next bicycle! It is non-trivial compared to doing maintenance on an already-assembled-and-tuned bicycle.
Washington's sales tax is 6.5%, and Vancouver, WA's is 1.9%, so that $200 bicycle starts with a minimum sales tax of $16.80 if you go across the river. Going into California is trickier because there's no bicycle shop immediately across that border, and their 7.5% state sales tax alone guarantees that you're not getting a better deal there. And Idaho is right out, because it's so far away; Oregonians are mostly on the western side of the state. The Idaho tax would be $12 minimum at a 6% rate, and you probably won't make up the difference by driving 6hrs across the Oregon desert.
This is *still* cheaper than paying the sales taxes of our neighboring states, and probably won't aggravate many into ordering online.
Will the poor be affected? Not really; the law only applies to new bicycles, and the poor buy used. There is a massive economy in secondhand bicycles; I am a dozen blocks from a secondhand bicycle shop, not because I happen to live in a particular neighborhood, but because it's hard not to be a dozen blocks from a secondhand bicycle shop in the Willamette Valley.
Is this an unfair amount? Well, the same law in the same package also applies a tax to new motor vehicles, and it's 0.5% of retail price. A $20k car comes with a tax of $100. Nobody seems to be complaining about that!
I suspect that bicyclists are irritated that this tax is brand-new, smells like a sales tax, doesn't exist anywhere else, and seems disproportionate. I'd like to remind them that the extensive and amazing bicycle paths that cities like Eugene and Portland have are not free for the cities to maintain.
Indeed, I run a small business https://matador.cloud/ which sells Tahoe-LAFS grids. And I'm not the only one; https://leastauthority.com/ is another. I take pride and solace in how I cannot read my users' uploaded files.
Okay, so this might be a bit of a ramble. Hi, I'm one of the developers of Monte https://monte.rtfd.org/, a new programming language based on E. E http://erights.org/ is a language from the 90s. Crockford worked on E. E's TermL mini-language became JSON. Another person who worked on E was Mark Miller. Miller's thesis project was formalizing and describing systems built with E. Crockford and Miller both are part of the committees that steer JS.
Now, to bring it all together: Object capability security is a security discipline based on the principle of least authority and perfect encapsulation. It allows us to build secure distributed computations with pretty good security properties; wf-stringe can prove that certain data cannot be exfiltrated, that certain I/O cannot happen, and that certain computations are arbitrarily safe to evaluate. It's not perfect, but it's a massive improvement on the state of things.
E and Monte, as well as a few other languages like Caja, Pony, and Waterken, are object-capability languages. Just like languages without manual memory management cannot misbehave in certain ways, these languages also promise that they cannot fail in certain desirable security-related ways.
Crockford, Miller, and others have been deliberately steering JS towards more capability-safe constructions. The object model has been tightened up, and tools like weakmaps, promises, and "template strings" (we call them quasiliterals in the literature) have been added. However, JS is still defined by its weak points, and those points are weak indeed.
Obviously, my bias is towards Monte. It's my preferred language and I want it to be popular. But, more importantly, I want the ideas that went into Monte to be popular. So, in that spirit, I'm going to give you a short list of questions. I want you to think, "How can I do that in my favorite language? Why would I want it?" Monte is meant to be the next Blub http://wiki.c2.com/?BlubParadox, the next language that is mediocre but built on a good foundation, and part of that is trying to see how Monte answers questions like:
The encapsulation problem: How do I produce an object which perfectly encapsulates a value; i.e. the object refers to a value but referring to the object is not sufficient to gain reference to the value?
The concurrency problem: How do I run two interacting plans of code at once?
The privacy problem: How do I prove, (in)formally, that a value cannot be exfiltrated from my program except through designated channels?
The confused deputy problem: What ambient authority is assigned to a "deputy", a program which can be fooled into misusing that authority?
...I've gotta stop writing blog posts on not-my-blog.
My beloved Monte https://monte.rtfd.org/ beat PHP to this by a wide stretch. While it's true that PHP is a big established language, that doesn't mean that they get to claim sudden leaps in innovation which didn't happen. I've tweeted at the author of the blog post https://twitter.com/corbinsimpson/status/834175224736157696 with timestamped commits from the Monte codebase.
Y'know, Ethereum's VM and their contract language, Solidity, are not especially great for this kind of verified contract work. It would have been great to see lessons learned from the E programming language and the object-capability security model in this whole misadventure. But no, they just took "smart contracts" and tried to interpret that in isolation without any of the literature that comes with it. Disappointing.
I spent four damn years trying to have a dialog with Mojang and Bukkit about how to write good code and have a community that wants good code. The MC community literally does not want anybody participating if they have any sense of QA or planning for the future.
Remember, these are people that wrote their own cryptographic transport *three times* and called it good after nobody could post an exploit for it within a week. MC is not even willing to use standard things like TLS.
You picked a poor example, as PyPy is also state-of-the-art, PhD-powered, and loaded with just as much performance-enhancing optimizing code as V8. Additionally, JavaScript can easily be rejected on the demerits of being a poor language.
Haha, you actually think that just going into the Control Panel is sufficient to get the resolution set on a Windows installation? Oh no. No no no, no, that's not all, my friend.
So, let's take as an example my TV. I have a computer attached via HDMI to the TV. It picks a 4:3 resolution and the entire picture is shrunken; it doesn't fill the entire screen. Annoying.
You go into Control Panel. Or perhaps you're a "power user" and you decide to directly right-click the Desktop and get at the Resolution settings. Either one. You scroll through the list of modes. There are three dozen. You try them all individually. None of them correctly fill the entire screen without letterboxing, and all of them look somewhat shrunken still.
You pull out the TV's manual, sighing. Flipping through the pages, you finally find the one that lists the rather arcane timing numbers for the TV. Sure enough, the widescreen mode that this particular TV would like is not listed. You go back to your Control Panel, and decide that it's time to go into the driver-specific settings, promising yourself a cold one later.
Scrolling through the entire driver's settings panels, you eventually find information on over/underscan. For some unknown reason, the system has decided that your TV needs its scan adjusted by 8%. Setting it back to 0% unshrinks the display. Excellent. However, the mode is still wrong.
You continue to hunt through the driver's configuration, finding two spots where resolution can be chosen from a dropdown but no way to enter in manual timings. Rolling your eyes, you go through each of the three dozen possible configurations again, manually noting how close each one comes to filling the display and how badly the fonts are misrendered. Finally you come to one that nearly works, and resign yourself to having a slight letterbox on the top and bottom of your screen.
Meanwhile, that Linux laptop you have correctly finds the resolution on the first try, without any configuration needed. Your Linux workstation has the same problems as the Windows machine, but with a couple minutes of xrandr and Google, you've found a way to turn those arcane timing numbers in the TV's manual into a mode, and saved a shell script to do it for you should the need arise.
tl;dr: How do you change your screen resolution for Linux with Xorg? You don't need to, usually! If you do, xrandr. That's all.
I can confirm that that was the plot of an actual episode. In the end, they let the twins go, because the cops knew that they couldn't possibly make the charges stick.
Slashdot Mirror
Want a context-free language, easily parseable, with plenty of computer-driven tooling, without this irritating English ambiguity? Lojban is learnable today: https://mw.lojban.org/papri/la...
In all seriousness, it is mind-blowing to me that our tribe of computer scientists continue to expend so much effort deriving meaning from English utterances. If we only wanted to encode meaning in a computer-manageable way, we could have been doing it decades ago.
Lucky 10000: They've had one for over a century: https://en.wikipedia.org/wiki/...
...specifically, the routing numbers for Michael Cohen's checking account~
But seriously, did any money have to change hands, or is this just Trump showing his admiration for Xi's continuing march towards tyranny?
https://xkcd.com/1172/
The reason is precisely as Google has stated it. Domain fronting is a hack and arguably a symptom of a security weak point; neither should be relied upon in the long run.
SuperKendall disagrees with RMS. Groundbreaking and new. More on this, including video, at 11. But first, our lead story: Should laws prohibit Facebook from carrying out their technically-legal but morally-dubious business strategy? Let's go to Jim with details. Jim?
Jim: Thanks Linda. Facebook would like us to ask whether they should be forgiven in exchange for improving their stewardship of our personal data. However, should we trust Facebook to reform themselves, or should we legislate instead to force Facebook to act? That's the main question here.
Linda: Sounds complex, Jim. What are the main arguments in favor of legislation?
Jim: Well, Linda, in our current state, not only can businesses store enormous amounts of personally-identifying information, or "PII", without any accountability, but they can also sell those databases to other businesses, as Facebook does, or they can become targets for hackers, like anybody from Target to Equifax to the Nova Scotian government.
Linda: Sounds dangerous, Jim. Can the government protect us?
Jim: Not likely, Linda. The government can store PII too, and while our current government doesn't use PII against citizens very often, only using it to gerrymander and influence voting patterns, other governments around the world use PII to violate human rights. These protestors in favor of legislation argue that we can bind the government's use of PII, so that no organization, GO or NGO, can build up a database like this.
Linda: I don't know, Jim; I like my Facebook account.
Jim: So do I, Linda. Whatever we do from here, though, we can't deny that Facebook has changed our lives, and our lives now depend on changing Facebook. Back to you.
In case people don't see exactly how clever your comment is, ChromeOS is a Gentoo-based Linux distro with a prebuilt frozen userland and Google administration. It really does come down to trust of Google, once that information isn't being obscured.
Googlers cannot make most production changes without committing. Googlers *cannot* commit without code review. I had had a major code change (deprecating usage of a discontinued Python library) when I worked at Google, which sat open for years (and was probably still open when I left!) because the code owner refused to mark it as reviewed.
I'm not saying that I saw the behavior described by this engineer, but I can completely believe that not being able to get code reviews could lead to performance problems.
.u'i xu do tavla fo lo jbobau? .i jbobau ko!
https://mw.lojban.org/papri/la...
In his books, Pirsig develops the concept of morality as equivalent to rules of nature. To Pirsig, a helium molecule is moral when it obeys the requirements of chemistry: Rising in air, not burning at room temperature, fusing in stellar furnaces. We could view physics, chemistry, astronomy, etc. as sciences for empirically learning the morality of the universe.
I'm also reminded of Madoka, of course, but that's a completely different line of thought.
Because this is how you get The Patriots. Just wait; before long, they'll be posting memes, funding private armies, and injecting senators with nanomachines.
Nobody is racing, Scott Aaronson did not make a monetary wager this time around (and was also rudely misquoted), Blum is a respected mathematician who has been working in this subfield for years, most mathematicians expect that P != NP and also that the proof will be very difficult and not found by accidental observation like in Blum's paper, chess is within EXPTIME and not "out of the realm of possibility", and Traveling Salesman instances can actually be solved in pretty good time due to a TSP-specific heuristic.
I think that Weird Al endorsed Bernie, but I'm not sure. I can't find anybody calling him a Nazi, although his song lyrics have referenced Nazis often enough that it complicates searching.
I like corner cases. Who has called Jill Stein, who almost certainly did not vote Democrat, a Nazi? I've found several nasty rants excoriating her, but nobody notable calling her a Nazi.
This game is fun! Your turn.
I have known exactly one person, one time, in all my years here, to have bought a bicycle online as a box of parts. Everybody else buys from bicycle shops, usually preassembled. Frankly, after watching this person (who I roomed with at the time) assemble their machine, I would be willing to consider a $15 assembly fee for my next bicycle! It is non-trivial compared to doing maintenance on an already-assembled-and-tuned bicycle.
Washington's sales tax is 6.5%, and Vancouver, WA's is 1.9%, so that $200 bicycle starts with a minimum sales tax of $16.80 if you go across the river. Going into California is trickier because there's no bicycle shop immediately across that border, and their 7.5% state sales tax alone guarantees that you're not getting a better deal there. And Idaho is right out, because it's so far away; Oregonians are mostly on the western side of the state. The Idaho tax would be $12 minimum at a 6% rate, and you probably won't make up the difference by driving 6hrs across the Oregon desert.
This is *still* cheaper than paying the sales taxes of our neighboring states, and probably won't aggravate many into ordering online.
This is a non-issue.
Will the poor be affected? Not really; the law only applies to new bicycles, and the poor buy used. There is a massive economy in secondhand bicycles; I am a dozen blocks from a secondhand bicycle shop, not because I happen to live in a particular neighborhood, but because it's hard not to be a dozen blocks from a secondhand bicycle shop in the Willamette Valley.
Is this an unfair amount? Well, the same law in the same package also applies a tax to new motor vehicles, and it's 0.5% of retail price. A $20k car comes with a tax of $100. Nobody seems to be complaining about that!
I suspect that bicyclists are irritated that this tax is brand-new, smells like a sales tax, doesn't exist anywhere else, and seems disproportionate. I'd like to remind them that the extensive and amazing bicycle paths that cities like Eugene and Portland have are not free for the cities to maintain.
Make sure to read the law; it starts at page 187 of https://olis.leg.state.or.us/liz/2017R1/Downloads/ProposedAmendment/12431
Indeed, I run a small business https://matador.cloud/ which sells Tahoe-LAFS grids. And I'm not the only one; https://leastauthority.com/ is another. I take pride and solace in how I cannot read my users' uploaded files.
My relatives and I have been randomly selected for having beards. No joke.
If you're a white clean-shaven affluent-appearing gender-conforming middle-of-life kind of person, then maybe you will never experience this.
Okay, so this might be a bit of a ramble. Hi, I'm one of the developers of Monte https://monte.rtfd.org/, a new programming language based on E. E http://erights.org/ is a language from the 90s. Crockford worked on E. E's TermL mini-language became JSON. Another person who worked on E was Mark Miller. Miller's thesis project was formalizing and describing systems built with E. Crockford and Miller both are part of the committees that steer JS.
Now, to bring it all together: Object capability security is a security discipline based on the principle of least authority and perfect encapsulation. It allows us to build secure distributed computations with pretty good security properties; wf-stringe can prove that certain data cannot be exfiltrated, that certain I/O cannot happen, and that certain computations are arbitrarily safe to evaluate. It's not perfect, but it's a massive improvement on the state of things.
E and Monte, as well as a few other languages like Caja, Pony, and Waterken, are object-capability languages. Just like languages without manual memory management cannot misbehave in certain ways, these languages also promise that they cannot fail in certain desirable security-related ways.
Crockford, Miller, and others have been deliberately steering JS towards more capability-safe constructions. The object model has been tightened up, and tools like weakmaps, promises, and "template strings" (we call them quasiliterals in the literature) have been added. However, JS is still defined by its weak points, and those points are weak indeed.
Obviously, my bias is towards Monte. It's my preferred language and I want it to be popular. But, more importantly, I want the ideas that went into Monte to be popular. So, in that spirit, I'm going to give you a short list of questions. I want you to think, "How can I do that in my favorite language? Why would I want it?" Monte is meant to be the next Blub http://wiki.c2.com/?BlubParadox, the next language that is mediocre but built on a good foundation, and part of that is trying to see how Monte answers questions like:
My beloved Monte https://monte.rtfd.org/ beat PHP to this by a wide stretch. While it's true that PHP is a big established language, that doesn't mean that they get to claim sudden leaps in innovation which didn't happen. I've tweeted at the author of the blog post https://twitter.com/corbinsimpson/status/834175224736157696 with timestamped commits from the Monte codebase.
Hi! I'm going to test your claim.
Truman (D) -4
Ike (R) +4
JFK (D) +5
LBJ (D) -5
Nixon (R) +2
Ford (R) +0
Carter (D) -2
Reagan (R) -1
Bush Sr. (R) +11
Bill (D) -8
Dubya (R) -4
Obama (D) -2
Trump (R) -0.5
Dems: -16
GOP: 11.5
Result: You're a fucking idiot! Congratulations.
Y'know, Ethereum's VM and their contract language, Solidity, are not especially great for this kind of verified contract work. It would have been great to see lessons learned from the E programming language and the object-capability security model in this whole misadventure. But no, they just took "smart contracts" and tried to interpret that in isolation without any of the literature that comes with it. Disappointing.
I spent four damn years trying to have a dialog with Mojang and Bukkit about how to write good code and have a community that wants good code. The MC community literally does not want anybody participating if they have any sense of QA or planning for the future.
Remember, these are people that wrote their own cryptographic transport *three times* and called it good after nobody could post an exploit for it within a week. MC is not even willing to use standard things like TLS.
You picked a poor example, as PyPy is also state-of-the-art, PhD-powered, and loaded with just as much performance-enhancing optimizing code as V8. Additionally, JavaScript can easily be rejected on the demerits of being a poor language.
Haha, you actually think that just going into the Control Panel is sufficient to get the resolution set on a Windows installation? Oh no. No no no, no, that's not all, my friend.
So, let's take as an example my TV. I have a computer attached via HDMI to the TV. It picks a 4:3 resolution and the entire picture is shrunken; it doesn't fill the entire screen. Annoying.
You go into Control Panel. Or perhaps you're a "power user" and you decide to directly right-click the Desktop and get at the Resolution settings. Either one. You scroll through the list of modes. There are three dozen. You try them all individually. None of them correctly fill the entire screen without letterboxing, and all of them look somewhat shrunken still.
You pull out the TV's manual, sighing. Flipping through the pages, you finally find the one that lists the rather arcane timing numbers for the TV. Sure enough, the widescreen mode that this particular TV would like is not listed. You go back to your Control Panel, and decide that it's time to go into the driver-specific settings, promising yourself a cold one later.
Scrolling through the entire driver's settings panels, you eventually find information on over/underscan. For some unknown reason, the system has decided that your TV needs its scan adjusted by 8%. Setting it back to 0% unshrinks the display. Excellent. However, the mode is still wrong.
You continue to hunt through the driver's configuration, finding two spots where resolution can be chosen from a dropdown but no way to enter in manual timings. Rolling your eyes, you go through each of the three dozen possible configurations again, manually noting how close each one comes to filling the display and how badly the fonts are misrendered. Finally you come to one that nearly works, and resign yourself to having a slight letterbox on the top and bottom of your screen.
Meanwhile, that Linux laptop you have correctly finds the resolution on the first try, without any configuration needed. Your Linux workstation has the same problems as the Windows machine, but with a couple minutes of xrandr and Google, you've found a way to turn those arcane timing numbers in the TV's manual into a mode, and saved a shell script to do it for you should the need arise.
tl;dr: How do you change your screen resolution for Linux with Xorg? You don't need to, usually! If you do, xrandr. That's all.
I can confirm that that was the plot of an actual episode. In the end, they let the twins go, because the cops knew that they couldn't possibly make the charges stick.
...therefore, be a huge asshole to everyone.
(http://xkcd.com/1049/)