-
airavata
3 days ago
|
link
| on:
Intel Publishes Microcode Security Patches, No Benchmarking Or Comparison Allowed
Do we need Right-to-{benchmark,test,review} laws or will the free market fix this?
-
The people paying for those laws are definitely doing that. The people not paying for laws rarely get to do so. They also keep voting for people that sell laws. So, things don’t change.
-
-
It’s funny, because I googled “why women pants no pocket” to figure out why this is the case and the first result says that it’s because men who dominate the fashion industry don’t want women to have pockets.
Why don’t all the women who want pockets get together, start a company to make highly-pocketed pants, tap this unmet demand and make billions? You know, scratch your own itch and all.
-
Since when it’s that easy to start a company? Not any kind of company, a factory of mass production.
That’s a very immaterial look at the subject.
Our status quo is patriarchal. Besides an 8h job, which pay less compared with men, women are the ones that do the housekeeping and child care. Now women should simply start a factory to make these billions.
-
Oh come on. There are plenty of women who own and operate their own businesses. And women are having kids later and marrying later, meaning more free time to start a company.
And you don’t have to start with a giant production. In fact, men don’t start that way either. You start small and grow.
And the wage gap has been debunked so many times that it’s absurd to even bring it up.
-
Oh come on. There are plenty of women who own and operate their own businesses. And women are having kids later and marrying later, meaning more free time to start a company.
And you don’t have to start with a giant production. In fact, men don’t start that way either. You start small and grow.
The logic you are using is women should sacrifice even more of their time to solve, in local scale, a global scale systemic problem.
And the wage gap has been debunked so many times that it’s absurd to even bring it up.
It’s not absurd to bring it up at all, because it’s real:
Gender gap per country, The Global Gender Gap Report 2017, World Economic Forum, page 8
-
The logic you are using is women should sacrifice even more of their time to solve, in local scale, a global scale systemic problem.
Well, yes. That’s how businesses on average work. This is also how local change tends to go…ye olde “make a cup of tea instead of boiling the ocean”.
-
The logic you are using is women should sacrifice even more of their time to solve, in local scale, a global scale systemic problem.
Are women unable to solve their own problems? Why do you need men to solve it for you? Why do you think that men have some amount of free time that women don’t? The lack of availability of a product you want is not a systemic problem. Men are not keeping you from making this product in any way.
Regardless, women can use market pressure to solve the problem, if the demand is as high as some say it is. If a small business proves the demand for these jeans, the global retailers will quickly follow suit. Seems simple enough.
It’s not absurd to bring it up at all, because it’s real
I took a look at the report. The plot on page 8 does not show a wage gap, rather it is a chart showing the Global Gender Gap Index, an index which takes into account many more factors than income/wage. The index that you should have pointed me to was The Economic Opportunity and Participation subindex, described on page 5. From the name, we can already tell is is too broad to determine whether or not there is a wage gap for people doing the same job at the same level of experience. If we look at the definition of this subindex, we find that we are actually interested in the remuneration gap. However, the term “remuneration” and variations thereof are only mentioned in 3 places in the article, and there is no data on this gap specifically.
If we look at the page on the United States, we find a section called Wage Equality for Similar Work, which may be what we are looking for. This data comes from the WEF Executive Opinion Survey, 2017.
From the intro:
the Executive Opinion Survey is the longest-running and most extensive survey of its kind, capturing the opinions of business leaders around the world on a broad range of topics for which statistics are unreliable, outdated, or nonexistent for many countries.
So we see that this data is merely the opinion of the people who run these companies, and is not hard data (this much was admitted in the Gender Gap Index as well). If you want to be sure of this, here is link to the survey itself, which shows that it is only a survey of opinions. Check out question 11.18.
So I don’t think this report contains proof that men and women doing the same work at the same level of experience earn a different amount of money.
While it is true that the average man earns more than the average woman globally, this is explained by many factors, some of which are listed on the wikipedia page. Here is an article that explains how these various factors affect the pay gap. There are many others like it.
-
It is a systemic problem, because historically women have been restricted from economically dominant positions, for being women. The factors (discrimination, motherhood penalty and gender roles) in the Wikipedia article that you linked are examples of this systemic problem. But, I could’ve been more clear is that I’m not saying that women can’t solve their own problems, but that the first post “Why don’t all the women who want pockets get together…” has an intonation that completely disregards the responsibility of men and patriarchy in this. And put the whole responsibility on women.
I know the index is not only wage, but I wasn’t mentioning only wage in my previous posts. I agree with you this study is not the proof. But, it covers more countries than any other study that I’ve seen, especially Global South, which have a completely different reality than Global North countries, and why the “if you want to change this, you should just open a company that does the way you want” argument lack materialism.
-
-
-
-
-
-
Little’s law strikes again!
-
His stance is laid out more clearly later in the thread.
People should basically always feel like they can update their kernel and simply not have to worry about it.
I refuse to introduce “you can only update the kernel if you also update that other program” kind of limitations. If the kernel used to work for you, the rule is that it continues to work for you.
And I seriously will refuse to take code from people who do not understand and honor this very simple rule.
-
-
What a difference between his first post and this one. In the first one he comes off like a colossally toxic asshat. I know this is no surprise to anyway, but still. That kind of behavior is not OK. Period.
This post on the other hand is clear headed and explanatory. It lays out the rules and why it’s important to follow them.
Maybe Linus just needs a 1h send buffer? :)
-
-
It’s not “I am offended”, but rather probably 95% of people would be offended if they would hear something like this headed their way. Linus probably forgot how it’s like to hear this level of toxic communication because nobody speaks with him like that. I know his “ideology” behind his behavior (he talked about this several times), but honestly saying such “sh**” to people is low, and most people are above that, that’s why he stands out.
-
Personally this power relationship is why I’m against BDFLs once a project reaches a certain size.
-
-
-
Toxic means that it is in some way damaging to a relationship between two individuals, groups, etc. In this case it is indeed toxic because it seeks to gain in some goal at the cost of the relationship with the submitters. Toxic isn’t strictly bad, sometimes a goal is so important that you need to break the relationship, however you should always choose the least toxic strategy that will ensure success. After all who knows when you’re going to need those people’s help in the future.
In summary, dark_grimoire seems to have a correct understanding of toxic, and mytrile does not which I assume is why they are being downvoted.
-
-
-
It would be severly limiting
It’s already limiting though – many people silently stop contributing when they receive messages like this or never consider contributing in the first place. This means the negative impact is hidden. Since it’s hidden, it becomes much easier to defend the status quo when an alternative might result in a better kernel.
-
By the same logic, the positive impact is also hidden. Because it is conceivable that without these messages, the kernel might have imploded upon itself, and the prevention of said implosion is doubtlessly positive.
If you are going to argue with hidden stuff then it goes both ways.
-
Do you really believe that it’s not possible to enforce rules and maintain high standards without calling people idiots, their contributions garbage, and so on?
I can certainly believe the parent comment, as it’s something I hear regularly, from people who decide not to get involved in projects/make further contributions/pursue opportunities at companies/etc because of things like this. FWIW, one of my friends can be found in the kernel CREDITS, and decided to walk away because of the LKML.
-
it is conceivable that without these messages, the kernel might have imploded upon itself
As a counterpoint, I’ve worked on a project that has a similar code size, customer reach, and zero-tolerance stance on security and stability bugs as the Linux kernel: Chromium. Chromium does not have anywhere near the level of abusive discourse on its mailing list as the LKML, and it has not imploded on itself as you have suggested. So the burden of proof is on the abusive language to show it is needed and not the other way around.
-
-
-
I disagree. I am not offended by his behavior, I find it to be unacceptable by virtue of the fact that I feel human beings should treat each other with a modicum of respect. Linus’s communications very often do not meet that standard. Hence from my book they do not represent an acceptable way to treat people, especially people volunteering to donate time to an open source project.
-
-
-
-
-
-
Does the author have some issue with capital letters?
-
-
Eridius
11 months ago
|
link
| on:
A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa
This seems way overblown. Everything you can do with this, you can do with normal audio, the only difference is the user can’t hear you speak to Siri/Alexa, though they absolutely can hear the response. So the only real benefit gained here is you aren’t advertising that you’re attempting to control Siri/Alexa.
And of course there’s some outright FUD in the article. No, someone can’t just walk by you in the crowd and cause your phone to unknowingly visit a malicious site. If your phone is locked, Siri requires you to unlock your phone before doing most things (and the ones she doesn’t do this for are pretty harmless). And if you’re phone is unlocked, that’s because you’re using it, and you’re going to see the Siri interface come up, see the transcript of what the attacker said, see Siri’s response, and have a chance to interrupt it at any point, just as if you were speaking to Siri yourself.
-
Whether it’s obvious to a user that something just happened is a huge factor in how practical an exploit is. I do think this research points out an important threat.
Also, but perhaps less fundamentally: Whether a phone needs to be unlocked to perform these commands depends on the user’s security settings. Not everybody even uses a passcode.
-
-
-
-
I understand that emotionally, but it’s everybody’s problem, you know? Personally I think that people who do understand this stuff have an obligation to help people who don’t to figure out what they should be doing. But even for those who don’t believe that, a compromised phone will often lead to a compromised email account, which will be used to send spam and phishing to others.
But it’s certainly a topic where it’s possible for reasonable people to disagree.
-
-
-
-
If it’s not ‘direct damage’ for me to click an ad and not buy anything, why is it ‘direct damage’ for my computer to do it?
Why should users pay for ad network’s broken algorithms and business model?
This is a bad decision underlaid by bad logic.
-
-
I was hoping for an interesting story like the the one surrounding the Silk Road shutdown but it seems like the guy just made some simple mistakes that led to his downfall.
-
tedu
1 year ago
|
link
| on:
An intelligent robot could be scrapped after escaping from a lab a second time
Seems a little extreme.
-
I thought that at first, but continuing to build/operate something that runs into traffic is putting other peoples lives at risk.
-
-
‘Lock the doors’ is a reasonable reaction the first time it escaped the lab.
If your mitigations aren’t enough to stop it getting out a second time, your lab is unsuitable and you are putting nearby civilians at risk by continuing.
-
-
Agree. I’m not buying the story in general. The basic gist of “this company is so great that its products outsmart their creators” reads like an advertisement.
My guess is that the whole thing is either
a) completely made up, or
b) an employee did a practical joke, PR heard of an “escaping” robot, tried to get some publicity out of it, and now it’s too late for everyone to backtrack.
-
If your dog is heavy, careless, ill-trained and dangerous, and you let it get out, animal control will do it for you.
-
-
-
-
-
-
-
I maintain this somewhat popular list, but I don’t think I will include this, because executing the Turing machine requires manual clicking.
-
-
I’ve always preferred the right-left rule.
-
If it looks like a duck and quacks like a duck…
The creator of the video lacks the words to accurately describe his sentiments. Of course the game is 3D, you can see all 3 dimensions, can’t you?
If he wants to make some statement that the engine doesn’t do what he thinks it should, he can make that claim, but he can’t just start throwing out these accusations without accurately defining what 3D means to him. If he had taken the time to do that, it would become apparent just how meaningless his claims are.
-
I think the author was trying to say, “It wasn’t pure 3D or wasn’t as 3D as games are now”. I don’t think it mattered at the time, it was still better than most textured games and was still better than most fully 3D wireframe games. I’m also not sure what the revelation is, these games have all been thoroughly documented for 20 years. I think the author probably just found out recently and thought many others would be suprised too. Unfortunately programmers geberally know and I’d guess a lot of gamers do too.
-
Yes, absolutely.
And it’s always fair to be discovering something for the first time; cf. https://xkcd.com/1053/ . The author just overestimated how much it would surprise others, or at least how much it would surprise Lobsters.
-
-
-
Class project– A semantic analyzer for TinyJava.
-
Still working on my orthogonal Vim clone. Made a lot of progress over the last week and may be able to start using it as a crappy editor to edit itself soon (gotta eat my own dog food at some point).
I got distracted yesterday by trying to write a script that randomly plays music from my Spotify or SoundCloud playlists. Mopidy supposedly allows you to do this, but the mopidy-soundcloud plugin is broken right now. I’ll finish the script (using pyspotify and soundcloud-python) sometime today and will throw the hacky mess on GitHub for anyone who doesn’t want to have to write it themself :)
-
-
-
orthogonal Vim clone
Have you seen this? https://github.com/martanne/vis
-
-
-
They (jokingly?) mention it at the end but I felt like through the whole reading I was internally screaming “bike”. Probably the most “optimized” long-term investment you could make. Fun way to go about all this though.
-
I have a combined app for travel in Berlin. It compares public transport, taxi, multiple car-sharing options (based on the closest car), bike-sharing, walking and bike.
Bike is always the fastest. I call it the “troll app” now.
A neat hack is a foldable Bike: if you run into bad weather, you can still choose a Taxi or a car-share and just put it in the trunk.
-
-
It goes under the weird name of “Ally”. https://www.allyapp.com/
-
-
-
-
Also, he talks about high cost for the bike (not sure what kind of bike he wants to buy, I heard from my US colleagues that people only buy expensive all-terrain bikes over there) but he totally skips over the fact that it also gives him exercise so it can save him both time and money by needing to go to the gym less.
-
My commute happens to also be exactly 2.5 miles, also on mostly-flat terrain. I’ve gotten the bike ride down to 20 minutes, and I’m not particularly in-shape. I also find it enjoyable how it gives me some thinking time to bracket my day; I don’t personally get that kind of pleasure from taking a car.
He could certainly do this ride with a $150 road bike, though I’d recommend spending a little more for something with higher-quality parts, but only to someone who knows how to tell the difference. For a first-time cyclist I’d suggest spending as little as possible and expecting it to be a learning experience as to what’s worth spending more on next time.
He says he got his cost down to about $8 a day, at which price the bicycle would break even in four weeks. It will need occasional maintenance, but not nearly that often.
I’m sure it’s true that some people buy mountain bikes because they don’t know any better and reason that if it costs more, it must be more useful, even for their commute. Road bikes are definitely common, though, and the SF bay area - where this author is based - is one of the least bike-unfriendly areas of the country.
Not everybody is physically capable of riding a bicycle, and it’s worth pointing that out, but it’s not clear whether that’s the case for this author. If so, his analysis certainly covers the remaining options.
-
-
Indeed. That’s what I was waiting for: a bicycle. A 2.5 mile ride on what looks to be nearly flat road should be a piece of cake on even an inexpensive used bike. No need for more than three speeds (maybe even just a single speed if he’s got the legs). At $10/trip (equivalent to Uber Pool) fifty days would cover a very nice used bike or inexpensive new one.
Personally, bicycle commuting been great for my fitness and outlook.
-
-
-
Shouldn’t 1 byte per char be enough?
-
Was this written because of the guy claiming you should never use greater than (>) symbols?
-
It’s written in reaction to it. (see this comment)
-
It is a little cheap, making fun of an article describing an actual problem (and choosing a bit of a weird title) the original article. I mean that original blog post was illustrating how you can mess up comparison operators while checking for values in ranges. And “normalizing” the expressions to only use < and <= operators can help there. Of course how you normalize them is arbitrary, and there might be other solutions (interval objects/representations, etc.).
-
It’s not just that article. The level of discussion around programming is pretty shallow. Every popular article is about syntax or “community” or Some Weird Trick. We could talk about order theory all day (it’s a topic I am trying to get better at) or we can talk about why syntax means we should write “a < b” because it’s “more simple” or something.
My goal is to bring the level of discourse up by talking about things which really matter, like #noline45.
-
well, I just think your other writing is doing a better job at this.
but back on topic, what do you say to the fact that
curl http://brianmckenna.org/blog/line45 | sed '45!d'gives<div id="disqus_thread">Please enable JavaScript to view the comments powered by Disqus.</div>
-
-
-
-
-
-
What is the original story that this one makes fun of?
-
there are a few! which one are you referring to, the history of nigerian 419 scams, the one where startup employees have to gin up the cash to exercise their options within 90 days of leaving a company, or lose out on a lot of valuable equity, or the one where rich white dudes accumulated most of the power in silicon valley, and make it difficult for others to join them?
-
-
No original story, just a common situation where employees leaving a startup typically have 90 days to exercise or forfeit their stock options. Exercising the options requires a lot of cash to buy the shares and pay the taxes. Taxes are generally calculated when the employee buys the shares - even if shares are totally illiquid due to the company being non-public, restricted shares, blackout periods, etc., so it is often the case that employees cannot take a short loan, buy the shares, and sell some percentage of shares to cover the tax bill. The unlucky employee can either put a lot of cash on the table or forfeit their options.
-
Okay, I tried to read the Wikipedia page and was not enlightened.
What is a stock option precisely? It sounds like something negotiated for which is part of a renumeration package (alongside your salary and other benefits) which gives the employee the right to purchase.. a certain number of stocks in the company? Any number? I don’t know heck about stock markets; can they not just do that anyway? What benefit do they get from having these options?
-
Yep, you’ve got the basics. That link I gave has a nice intro. The key part is that the exercise price will be lower than the current price of the shares, so the engineer will immediately be making a profit when they exercise them. Stock options are often “golden handcuffs”: a lucrative reason to stick around at the company because your options “vest” and become exerciseable over time.
As to the other part of your question - this is the distinction between public and private companies. A “private” company doesn’t have to give out or sell stock to anyone it doesn’t want to. A “public” comgoodpany’s stock is listed for sale on the stock market and anyone can buy it. Companies transition between the two with an “initial public offering” - which is also when it becomes possible for that engineer to easily sell their stock.
A lot can go wrong for that engineer with having the cash to exercise (in general or in the typical 90 days after leaving the company), private sale restrictions, lockup periods, AMT, and the sad fact that stocks don’t always go up. But a lot can go right - Google pays a great salary to devs and then nearly doubles it with stock options (RSUs)… assuming their share price keeps going up. (Microsoft’s stock price being flat from 2001 to 2012 did not do them any favors for employee retention.)
-
Right, thank you! I did miss that link in your first post. The key point I was missing was that the exercise price is indeed lower than the share price (or like, hopefully will be). Likewise, I didn’t realise that private companies actually had stock to give or sell at all (!).
-
-
-
-
-
This article would benefit greatly from an example of when making the unpopular decision was much better than the popular one, or vice versa.
Could anyone comment on that?
-
I’ll bite, though it’s the sort of thing that is basic walking the line between “unpopular but correct” and “stupid in hindsight”. That divide is probably why you won’t get a lot of replies until somebody breaks the ice.
A few examples from the last ten years:
Using custom C++ in a class on game development when everybody else was using C#, XNA, or some game framework. The downside of this was that debugging was a colossal pain in the neck, and our iteration time was kinda slow. We couldn’t show the professor anything for a month or two, but when things clicked, they clicked. The upside was that we had a deeply intimate understanding of the project, and some clever features (physics, particle systems, sound effects, massive numbers of mobs, etc.) were pretty much only easily possible on performance scale because we had such tight control over things. This was also before Unity got super popular (and it’s still kinda shit, it seems, for certain tasks).
Using vanilla Express for small projects, instead of $flavor of the week. This includes using in-memory objects to store information–basically feels like Mongo, but has better performance for the same resiliency guarantees :). No Sails, no HAPI, nothing too exciting. The bad part about this is that it doesn’t let me buzzword my resume, it doesn’t expose me to the crazy new trends in the JS ecosystem, and it doesn’t help me sit at the cool kids table at JS conferences. The good part is that it doesn’t expose me to the crazy new trends in the JS ecosystem, it makes it really straightforward to start a new project, and that it means that I have very little spooky action at a distance when sorting out my apps.
Using ES5 instead of ES20XX or whatever they call it these days. No stabby lambdas, no classes, no string interpolation (sadly), and so forth. The bad part is that if I suggest this to modern JS devs, they treat me like an anachronism or a masochist. The good part is that I can always test my shit really quickly in any semi-modern JS runtime environment, that I don’t need to bring in a whole clowncar of dependencies just to compile my code, and that my source looks utterly boring to anyone else inflicted with it (which is a feature, not a bug).
At a previous gig, using dedicated hardware instead of cloud hosting for data collection and analysis. The bad part was that we couldn’t pad our resumes with having deployed Amazon Lamdbashift on Riaksandra on a MesosMQ fabric, that we couldn’t trivially spin up/down new instances for testing (argh), and that we had to deal with stupid politics involved in provisioning systems. The good part was that we didn’t have much spare funding to do hosted stuff anyways, that the customers would only allow on-site hosting and doing that let us skip a lot of really terrible political battles, and that we could do reliable benchmarking of some things that wouldn’t be easily possible otherwise. Honestly, this is the one decision (not made by me) that I would reconsider.
At a previous gig, insisting on dropping support for all versions of IE < 10. The bad part of this was that, of course, we still had a couple snowflake customers we had to accommodate. The good part is that we simplified our development pipeline, that we were able to aggressively target some HTML5 features (Websockets, WebGL, web workers) that would’ve been a pain in the ass to shim, and that we were able to greatly ease our development burden.
Doing the unpopular thing isn’t always conservatism, though it can look like that: it’s doing the thing that fits your team and your project. And even then, you can still screw up.
-
From the article:
I guess the key there is “the way a cloud or hosting company does.” Users typically run browsers, which locally run remotely-fetched arbitrary code as a feature. I would argue that because of browsers, users should especially install the fixes.
The only time when a fix may not be applicable is on single-tenant configurations and when remotely-fetched arbitrary code isn’t run locally.
I was going to point this out too but you came first.
However this opens an entirely different vulnerability set, a Pandora box that no one dares to face.
Great read, thanks.