The associated git repo is here https://github.com/pervognsen/bitwise - been following his project a little, quite interesting stuff. Getting hands dirty with the lowest level parts of the stack.


      I worked in Identity Management for a University at one point in my life. There are several things wrong going on here.

      Looks like he had a peaceful termination (contract just ended) so the systems locked him out slowly. That seems right, but the fact that this was irreversible is insane. Contractors came and went at the University, as well as associate professors, adjuncts, etc. We had a pretty complex system for ensuring no person got two accounts. If anyone left, the account is always disabled and always kept.

      Even if they are just a student and graduated 8 years ago, so long as HR gets the same SSN and DOB as their old student account, we just reactivated their old student account (although it would have had student removed and alumni added) and add a staff or faculty role to it. If a new account had the same name and birthday of another account, but different SSN, it’d get flagged for us to look at it manually (we had rules for similar names, reversed months/days on birthdays and other rules to try to catch things). Sometimes we’d find someone got two accounts by accident and we’d have to go through the painful process of trying to merge them.

      If someone was fired, we used a “kill bit,” which would lock them out of nearly everything in less than an hour. It was something we were very careful with, because if that happened, you lost your SIDs and all your roles on most of the systems. That was a bitch to reverse if we needed to, but it was still doable (although you’d probably be requesting all the permissions you needed for about a week).

      We used Novell’s IDM to push things downstream, but all the actual identity management integrations and services we wrote ourselves, and we’d always be able to reverse a situation like this in less than a day.

      I’m glad the author left that shop. Big companies have so much garbage like this; probably a bunch of off-the-shelf garbage where they handle none of the integration work and have no real IDM team to deal with accounts. There was no reason for this to happen. They should have paid him for those weeks off. He’d have a good case if he went to a labor lawyer. The company would probably just settle.


        I’d really like to write more D. In my particular case, I couldn’t have a GC in play (self-imposed memory constraints), but there’s a lot about it that’s attractive to me. I don’t have any desire to choose Go over it - power of the language is considerably greater from my limited experience.

        That said, Go does have a big package community behind it like Rust.


          I’m glad to see that they recommend SafeStack in conjunction with SSP. I’m extra glad we’re doing that for base applications in HardenedBSD. Some ports have SafeStack enabled as well. :)

          1. 5

            The US does own many more firearms than other notoriously more-polite societies (Japan, say) though.

            The obvious conclusion here is that there’s no real reason to think that the fun Sci-Fi Writer had any real insight into or facts to support his take on the topics of armed civilians, trust, and what makes for a livable society – at the end of the day it’s just a pithy turn of phrase.


              and even if you’re uninterested in the rest of the article, the answer is from a quote

              “This time is different” - Sir John Templeton


                In short, my experience is that if a feature is not present in the language, D is powerful enough that the feature can be implemented in a library.

                This is D’s killer feature in my opinion. Its metaprogramming is really flexible, almost lisp-like. One of my favourite things with D is to bend it to my will and make it do what I want. I don’t often get this sense of freedom with other programming languages.


                  After your suggestion I added the AI tag. Later user suggestions lead to an automatic removal again.

                  I think a case can be made for either variant: On one hand the story itself does not involve AI. On the other hand AI surely is a field where blind trust in the results can throw people into similar or worse situations.


                    Formal equivalence verification tools are not magic… but they’ll often get you farther than just throwing up your hands and saying “halting problem”! Here’s one that works pretty well with small chunks of fairly well-behaved C or Java. Won’t solve OP’s Javascript problems, though, for all the reasons you mention.


                      I’ve skimmed through an earlier version and have started on this one, this is a wonderful resource filling a yawning chasm of approachable tutorials on SAT/SMT. The scholarly literature is huge on SAT/SMT and while there are books they tend to grad student level exposition. I’m feeling like this is going to be a precursor to a nostarch text relatively soon enough given the increasing interest in the subject.


                        what you can do in one you can do in another

                        If I’m already using a tool that can do what I need it to do, why would I invest in a new tool? And I don’t mean to reduce things to “it’s all JavaScript so you don’t need a library”. React, Angular, Ember, Vue, etc., are compelling to me to the degree that they enable a developer/organization to deliver useful software. But if React and Vue are compelling to the same degree, I’m not sure there’s anything to talk about.


                          dude, read it however you want, but pointing out that ICE is less than 20 years old, when securing a border is a foundational issue, seems like a perfect way to intimate that this is an agency uninterested in actual security and was formed expressly to fulfill a hyper partisan, actually racist agenda. Like, did we not have border security or immigration services or customs enforcement prior to 2002/3? Why then? What was it? Also, given that it was formed so recently, it can be unformed, it can be dismantled that much easier.


                            Reminds me of 80s Mac games - they had a tastefulness and crispness in graphics that other home computers at the time lacked, helped by the monochrome yet high-res constraints.


                                It’s not perfect, but there are ways to improve the last point, so that we have more control over badly behaving CAs.

                                For non-decentralized naming systems, the (abstract) DNSSEC chain of trust looks (roughly) like this:

                                Government -> ICANN -> Registrar -> DNS Provider -> Local Validating Resolver -> Browser

                                HTTPS certificate authorities “validate” control over a domain by checking DNS records (either TXT or via an email). Their chain of trust looks like this:

                                Government -> ICANN -> Registrar -> DNS Provider -> ~650 CAs [1] -> Browser

                                The best way to exercise more control over them is to cut them out of the trust chain entirely. Or switch to a decentralized naming system … which also relies on DNS (and thus DNSSEC) for compatibility reasons:

                                Blockchain -> Lightclient w/ DNSSEC auto-signer -> Browser

                                But even as implemented, that’s better than human meaningful, secure, and a single point of failure (DNSSEC).

                                In terms of the security model, DNS is still a single point of failure. If you don’t like managing PKI you can always outsource it to someone … just like you do with HTTPS certificates.


                                  Three, older languages missing from this are Eiffel w/ SCOOP, X10, and Chapel.


                                    What would you like to change?

                                    1. 6

                                      The Vue community hangs out on Discord, a chat designed for gamer communities. If you hit a roadblock the chat is probably your best bet since the official forums are a desolate land, and don’t you dare ask a question on Github.

                                      Chats are messy, but the main problem is that chat content can’t be indexed by search engines. The same questions (and its related discussions) are doomed to be repeated again and again and again.

                                      This trend of using chats for questions is plaguing open source projects and I think it needs to end. There is no collective learning anymore.

                                      This is a very good point that extends outside of this javascript community. The GH crowd seems to be very into tools like Gitter, Discord and Slack, which don’t provide the same persistent knowledge-base, are user-hostile, aren’t FOSS (if you care about that) and demand your attention – on both the contributor and user side. Reading through a chat or searching through the logs and trying to gain context from a past conversation doesn’t provide comparable value to a wiki, website, or even just reasonable documentation.


                                        OpenDNS doesn’t support DNSSEC, and prevents doing the validation yourself if you wanted to do so, by stripping required records before forwarding a response to you. 1

                                        Their business model used to rely on NXDOMAIN hijacking, which DNSSEC prevents. They stopped doing that a while ago, but I just checked and they are still stripping out DNSSEC records 🤯!

                                        I really wish I hadn’t gotten sick, I was going to help work on a standard for DNS filtering. At any rate, these are bad actors in the DNS ecosystem.


                                          It may not be, but then again, not everybody in the U.S. owns a firearm.