The full write-up can be found here and should be fairly readable for users of this forum.

Some quotes that I thought were interesting:

With a heap corruption as a primitive, two FILE structures malloc()ated in the heap, and 21 fixed bits in the glibc’s addresses, we believe that this signal handler race condition is exploitable on amd64 (probably not in ~6-8 hours, but hopefully in less than a week). Only time will tell.

So 64-bit systems seem to be a bit more resistant to this it seems? But I can’t be completely sure given how much I’ve read about this yet.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd’s privileged code, which is not sandboxed and runs with full privileges. We have not investigated any other libc or operating system; but OpenBSD is notably not vulnerable, because its SIGALRM handler calls syslog_r(), an async-signal-safer version of syslog() that was invented by OpenBSD in 2001.

It seems that non glibc-based systems also could be vulnerable, but they have not yet tried to demonstrate it yet (or have tried and not been successful).

And OpenBSD wins again it seems.

I would vote for docker as well. The last time I had to inherit a system that ran on virtual machines, it was quite a pain to figure out how the software was installed, what was where in the file system, and where all the configuration was coming from. Replicating that setup took months of preparation.

By contrast, with Docker, all your setup is documented. The commands that were used to install our software into the virtual machines and were long gone are present right there in the Docker file. And building the code? An even bigger win for Docker. In the VM project, the build environment for the C++ portion of our codebase was configured by about a dozen environment variables, none of which were documented. If it were built in Docker, all the necessary environment variables would have been right there in the build environment. Not to mention the build commands themselves would be there too, whereas with VMs, we would often have developers build locally and then copy it into the VM, which was terrible for reproducibility and onboarding new developers.

That said, this all comes down to execution - a well-managed VM system can easily be much better than a poorly managed Docker system. But in general, I feel that Docker tends to be easier to work with than a VM. While Docker is far from flawless, there are a lot more things that can make life harder with VMs, at least from my experience.

From my reading, it sounded like there was some controversy around whether it was ready to be merged it not. It sounded like some people felt that it wasn’t ready, but Linus decided to overrule them and merge it, saying it was ready enough and that merging it would help them improve it more rapidly.

Don’t worry everyone, I’m here to help:

Mail

Garbage

Outlook

Hot Garbage

Outlook (new)

Shit-tier garbage

Glad to be of service! Until next time…

This is quite cool. I always find it interesting to see how optimization algorithms play games and to see how their habits can change how we would approach the game.

I notice that the AI does some unnatural moves. Humans would usually try to find the safest area on the screen and leave generous amounts of space in their dodges, whereas the AI here seems happy to make minimal motions and cut dodges as closely as possible.

I also wonder if the AI has any concept of time or ability to predict the future. If not, I imagine it could get cornered easily if it dodges into an area where all of its escape routes are about to get closed off.

I assume you’re trying to imply in your comment that people are not going to use it if it’s not easy.

It’s unfortunate, but sometimes, having nice things can be a little hard. If people want to use the easiest thing under the sun, then they’ll just have to accept the downsides that come with it. Sometimes, that means private companies will use private photos of people’s underage children in AI training models that can generate deepfake pornography. What can you do? Convenience comes at a cost sometimes.

I’m not saying I agree with this of course, but that’s just how things are in the world where all rules must follow the dollar.

Well of course, that’s true of any and all publicly accessible data. At least with self-hosting, your private channels still don’t get mined against your wishes

There is no way to make a network request faster than a function call.

Apologies in advance if this it too pedantic, but this isn’t necessarily true. If you’re talking about an operation call that takes ~seconds to run, then the network overhead is negligible. And if you need specialized hardware for it, then it definitely could be delegate it out to a separate machine over the network. Examples could include requiring a GPU, more RAM, or even a faster CPU if your main application is running on more power-efficient CPUs.

I’m not saying that this is true in every case - they are definitely niche cases. But I definitely wouldn’t say that network requests are never faster than local function calls.

Honest question here: what would stop me from starting a video, then pausing it and walking away from my computer for several hours so youtube plays ads to no one?

Now repeat but with several tabs.

And bonus points if the videos simply happen to be mine and I were to enable monetization on them.

Hmmm…

Agreed on all points. I think some of the issues that you’re facing are things that would be resolved if Ocaml were more popular. But some others would be harder to fix without making breaking changes to the language as I mentioned earlier. If I had to put it as succinctly as possible, I’d say that the language just needs a lot more polish which would probably happen if it were more mainstream. But not all languages have to be mainstream, and maybe Ocaml’s purpose in the world is, as you put it, to inspire other languages. It is definitely extremely good at that!

No one has said Ocaml yet, so I will. It’s not a perfect language, but it has a lot of cool ideas and concepts. It’s a functional language, but allows you to write imperative code when you want to. Algebraic data types and type matching are built natively into the language and work very nicely. It’s type inference capabilities are very powerful (though that can backfire at times), and the |> operator is really, really fun to use. It also has very powerful module/functor capabilities, though they go a bit over my head since I haven’t had a chance to play with them. Also, Opam is a very powerful package manager and it’s pretty easy to wrap/bind external libraries with it.

I’d love to see some improvements to the language - the syntax is a bit confusing and ugly at times (but this unfortunately can’t be fixed without breaking the language of course) - but overall I think I’d have a lot more fun programming in Ocaml than what I do in my day job.

Right - they say that they’re just going to use it to defend their “property rights”. In practice, they’re going to use it for a whole lot more than just that…

Of course! I hope you didn’t read my comment as hostile. I read yours as sort of a devil’s advocate type of argument and was just trying to point out the logical flaws in it. I’m glad that you didn’t hesitate to voice a contrary opinion. The points that you raise are interesting… and it’s always good to consider both sides of the argument, even because it just helps us hone our own arguments. You could certainly argue that this is just another enforcement mechanism. It’s just that it comes with a lot of unintended consequences, which most people will overlook, and they’ll inevitably be used in ways that we didn’t anticipate, long after the fact that these kinds of mechanisms become commonplace.

Regarding the reduced cost of lending: sure, in theory they could lower the prices. In practicality, will it? Any time we see cost-reducing developments, it usually ends up resulting in higher profits for the vendors moreso than better competition and lower prices for consumers. Look at how car manufacturers are just letting electric vehicles sit in their lots because they refuse to accept what buyers are willing to pay. The corporate types really, really hate to lower prices on anything for any reason. So I would be surprised to see something like that happen, even though it’s still theoretically possible…

All your points are sound. The issue that I have with this is that remote disable functionality is not necessary to achieve any of these aims. Before they were connected to the internet, people were still able to rent/lease autos and the world managed to survive just fine. There were other ways for lenders to get remunerated for breaking lease terms - they could issue an additional charge, get a court order for repossession, etc. Remote disable was never needed or warranted.

So let’s start by considering the due process here. Before, there was some sort of process involved in the repossession act. With remote disable however, the lender can act as judge, jury and executioner so to speak - that party can unilaterally disable the device with no oversight. And if the lender is in the wrong, there is likely no recourse. Another potential issue here is that the lender can change the terms at any time - it can arbitrarily decide that it doesn’t like what you’re doing with the device, decide you’re in breach, and hit that remote kill switch. A lot of these things could technically happen before too, but the barriers have been dramatically lowered now.

On top of this, there are great privacy concerns as well. What kinds of additional information does the lender have? What right do they have to things like our location, our habits, when we use it, and all of the other personal details that they can infer from programs like this?

There are probably lots of other issues here, but another part of the problem is that we can’t even start to imagine what kinds of nefarious behaviors they can execute with this new information and power. We are well into the age where our devices are becoming our enemies instead of our advocates. I shudder to think what the world would look like 20 years from now if this kind of behavior isn’t stopped.

He’s right. These people are so fantastically wealthy, but it’s not enough. They still need more, more more. And meanwhile, actual people, real human beings are going hungry, without heat, without a home. Not only do laid off employees suffer, but their families and their children too. All so that millionaires can continue promoting themselves to being billionaires and even more.

I don’t know of anything realistically that can be done about it (in the short term at least). But it just needs to be shouted louder and louder until there’s enough public sentiment that real change can start to happen. Greed needs to be shamed louder and louder. We know all the institutional power that the wealthiest people in the world have to suppress economic equality in every country and throughout the globe, but if our voices grow loud enough, eventually it will be too loud to ignore.

Excessive wealth and greed is a mark of shame. Let’s just keep repeating it and hopefully we’ll eventually have enough power to reverse it.

I could be wrong on this, but I think Kelvin is basically required for thermodynamic measurements. Entropy measurements, for example, depend on ratios between temperatures relative to absolute zero. You could still manage using centigrade of course, but you would have to offset all of your temperature measurements by 273.15

Probably a lot of other physical applications that also depend on having an absolute zero reference, but that’s the only one I can think of for now.

My advice would be to learn C first (or at least develop a good understanding of it). It’s extremely important to understand how memory works in C so that you can understand pointers in C++; and also important to understand how functions work so you can understand classes and methods in C++. I would go through The C Programming Language. It’s fairly concise and while you don’t have to go through it cover to cover, you should at least understand the chapters on structs, pointers and functions (up to chapter 6, I believe).

(Note that the wikipedia link that I posted above has a link to the full text of the book in pdf format.)

The reason why I think it’s important to understand C is because when you learn C++, then you’ll understand how the language abstracts over a lot of the lower-level functionality in C. new in C++ supplants malloc in C for example, and your understanding of functions in C will map to more complicated concepts like constructors, destructors, copies, methods, and operators in C++. At this point, I would probably start learning how classes in C++ work. They’re basically structs with private member variables and methods defined in the scope of the class. learncpp.com, is the best reference that I’m aware of (it’s very thorough, which makes for a pretty slow read, but you’ll understand it very well). I would probably start with chapter 14 (introduction to classes), and then go back to the earlier chapters to fill in the gaps, but this is more dependent on how you think you learn best.

Be aware though, that if you don’t have existing experience with OO development, then C++ is (in my opinion) not a great language to start learning it, because a lot of it is hacked on top of C and implemented in arcane ways in order to maintain compatibility with C. The first language I learned was Java, and it was really helpful to have that as a background for when I learned C/C++. I’m only familiar with Javascript on a procedural programming level, so I’m not aware of its OO functionality or how well that will translate to C++, but hopefully it works out.

Good luck!

There was a quaint old time, shortly after Google was founded, where people mused about privacy over the internet. It was forgotten about as the profits started rolling in and pretty much all other companies started following along. That was the time when we started transitioning into a period of massive data surveillance. Glad to see that the conversation is starting to pick up again in some areas, though it’s definitely being actively suppressed in many others.

GDPR desperately needed on the other side of the pond…

Agreed overall, you will still be competent switching from one language to another, but intricacies and nuance matter a lot here. You may have enough knowledge to solve problems, but will you have enough knowledge to avoid creating new ones too? Like performance issues, or memory leaks, or other unwanted behavior? C++ is a great example here: someone that’s smart but inexperienced might just be dangerous enough to start writing classes with dumb pointers without overriding the copy constructors, and this is just a recipe for disaster.

I think it would take more than a few months to develop the kinds of experience that you need to be aware of these issues and avoid them. And while C++ is a very easy example to point out here, pretty much all languages have their share of footguns to be aware of, and it just takes time to learn them. A “deep knowledge” of a language is not just about being faster and more productive; it’s also about not creating more issues than the ones your solving.