1. 2

    This is pretty neat. It goes to show that to make an effective AI, you don’t have to have it know everything or do everything; if you take a step back and narrow the focus and come up with some simple rules (in this case relying on the fact that medical experts can understand jargon) then you can still make something that’s quite powerful. Although not AI in the true sense of the word, the boids algorithm is another example of this. If you wanted to simulate a flock of birds as they move through the air, you could probably come up with a way to do it that takes into account speed, line of sight, how many others are in proximity, etc. And yet boids is only three rules and does a pretty damn good job.

    1. 2

      Yes! I have wanted something like this for a while. It would be perfect for blogs, or any situation where you need to make a page but then sometimes add some custom HTML too. Embedding Markdown inside of Haml just seems like the wrong direction; the strategy outlined here makes much more sense.

      1. 2

        Every Browser has it’s own CSS Reset

        But that’s exactly why you should use a reset. I could be wrong, but I don’t believe there’s a standard on the default CSS that browsers ought to ship with, and so you can’t assume they’re all using the same base. Using a full CSS reset places every browser on the same playing field to ensure that your app/site looks the same in every browser. It does make your CSS structure a tiny bit more complicated, but instead of throwing the baby out with the bath water and removing the full reset, you should focus on simplifying your project’s CSS.

        And now that I’m on this subject, my experience from working on lots of projects is that it hardly makes sense to start a new project by defining styles for global elements in this fashion, anyway. Any assumptions you make up front about what you’ll need for your entire app/site will most likely be wrong. Projects grow and what you need for one page may be completely different than what you need for another. Instead, you should start by styling h1’s, h2’s, p’s, etc. for certain areas of your app, and then only later identify and extract the common pieces to mixins or utility classes or however you want to do that.

        1. 4

          Omg, what a great find. I remember receiving Incredible Machine 2 on a CD for Christmas when I was around seven or so and as soon as my siblings and I loaded it up, we could not stop. I especially loved the splash screen. I always wondered who Jeff Tunnell was – I imagined him as this pleasant guy with a mustache, super smart with a quirky, fun side to him. So it’s kind of amazing to hear from him and to read that he had made other games before this and that they were so different. I’m really glad that it was such a hit!

          1. 1

            My only regret today was to realize that in more than 30 years, we have not been able to come up with something better for our kids

            What about Scratch?

            1. 6

              I got a good laugh out of this, thanks. Did not expect the plot twist. 11/10

              1. 2

                Glad you enjoyed!

              1. 1

                First of all, wow, this is awesome - it really demonstrates the power of computer vision - and second:

                Kevin, back in middle school, noticed this phenomenon and built ShinyTouch

                Uhh, what? That’s astounding. I realize all of y’all are MIT students, so clearly all of you are incredibly talented, but I just noticed this and had to point it out. I wish I’d been smart enough in middle school to make such a thing. But I didn’t have Wikipedia yet or most of what’s available online now :)

                1. 3

                  What a brilliant idea. Not only do these kids understand the community aspect of GitHub and opensource in general (seriously, this is better than most GitHub projects I’ve come across), but whereas Oculus opened the door for existing techies like you and me to get into VR, they’ve opened the door for ordinary kids and given them a goldmine to kickstart their entire careers. (I mean, I wish this was around when I was 15.) Expect big things to happen because of this.

                  1. 1

                    This company, with some 3000 employees I think, is more unified than I’ve seen with most 5-person companies.

                    All I saw was “blah blah blah” until I read this. That’s pretty damn impressive.

                    1. 2

                      Ah… man… that’s too bad. Although I haven’t been paying too much attention to Eve, I still thought Chris and company were headed down a really solid track. As others have noted, the amount of research that went into the language—the number of prototypes that the team went through before arriving on the current version—is damn impressive. The whole experiment been super valuable, I think, in discovering how we use computers and reframing how we can making programming better. I guess maybe they were too out of left field. This is the sort of thing that university funding is good for, although academic studies rarely result in things that people can actually use, so it’s incredible that they even made it this far. I hope someone else can pick up the torch :(

                      1. 4

                        It’s nice to see these kinds of posts. I had no clue how much work went into this new release (aside from the work on reducing memory usage they’ve done over the past several years – not sure if that is related or not though) and as if the noticeable improvements in speed weren’t enough, I’m even more impressed now after having read this post. Super smart move by Mozilla for sure.

                        1. 1

                          Agreed completely. These days I become more and more cynical that the big players have too much momentum for the smaller players to really make progress. But stories like these show that with the right idea, strategy, team, and dedication, awesome things can still happen. I’m rooting for you Mozilla! Thanks for the amazing browser :)

                        1. 1

                          This is hands-down my favorite pattern in Ruby, and I use it all the time. I tend to take it further and do two things:

                          1. Make the entire class constant a callable, meaning that the method it exposes is always called call.
                          2. Name the class like I’d name a function.

                          What this means is:

                          1. You don’t have to live in the Kingdom of Nouns anymore.
                          2. You don’t have to think of a clever name for the method that does the work.
                          3. Because the class is a callable, you can treat it like a lambda and use the .() syntax. That makes it look even more like you’re calling a function.

                          What that means in practice is that when you want to kick off this class, you will end up saying something like

                          CalculatePayroll.(payroll)
                          

                          instead of

                          PayrollCalculator.calculate(payroll)
                          
                          1. 2

                            When we asked parents what they imagined the target age group for the app to be, we got responses that estimated ages 9, 10 and up

                            First off, I agree that it’s crazy to expect 5-year-olds to be able to read and write code. But I think that what they’ve done here – starting with something visual and then progressively introducing text – is a very smart idea. I could see it working on older kids and even adults. So I’m just going to pretend that’s their audience :)

                            It felt somewhat silly

                            I think this is the key point of the article. There are many, many, many tiny bits of knowledge that we, over time, have accumulated as developers. Some of those are small ideas, but some of those are big ones! And if you’re learning programming for the first time, you have to make a mental leap to gain understanding of these big ideas.

                            And to make a mental leap, you have to start from somewhere – somewhere you know, somewhere you’re familiar with. The problem is that new programmers don’t have much to start from – everything is unfamiliar. Shoving a bunch of text in front of them won’t help, even if they can read just fine. For one, a computer language isn’t just text – it’s a bunch of characters that follow a complex set of rules. Certainly some people will be able to internalize those rules better than others, but none of that matters if you’re teaching fundamental programming concepts. Second, programming isn’t learning how to write in a language – that’s merely a means to an end. There’s a reason why Engrish shirts are funny. The people that make the shirts just like how English looks, but they clearly have no idea what they’re saying. Learning syntax is certainly important to programming, just as learning music theory is important to learning to play a musical instrument. But until that happens, you need to bridge the gap.

                            Text isn’t the only way to convey ideas, and we need to be conscious of that when we teach people programming. It shouldn’t be silly to think like this, but we’re so used to our text editors and how programming is “supposed” to look like that we don’t seriously consider any alternatives.

                            1. 4

                              Oof… this was heavy. I got lost somewhere around the point where he introduces the decision table. :(

                              1. 3

                                On a side note, decision tables were what John Nagle recommended for smart contracts. Easy for lay people to understand and for computers to analyze.

                                1. 1

                                  Have you got a link to that anywhere, sounds interesting and my search engine Fu is failing me.

                                  1. 2

                                    I did some digging and this appears to be the comment in question

                                      1. 2

                                        Good find, I could only find other posts from @nickpsecurity repeating his statement :) Thanks!

                                      2. 1

                                        I dont have one to his comments but here’s Decision Tables:

                                        https://en.m.wikipedia.org/wiki/Decision_table

                                        Also, Googling model-checking decision tables will give you at least one paper on using automated solvers with them.

                                  1. 2

                                    This is disappointing.

                                    With an automated, zero-cost CA, there are very few legitimate cases for wildcard certificates, and the risks increase with their use.

                                    I don’t understand why LE couldn’t simply allow for higher thresholds on certificate issuance, and instead support certificates that are actually a worthwhile goal: free S/MIME that doesn’t involve suckling at the Comodo teat.

                                    1. 8

                                      The biggest use case for wildcard certs is SaaS. If I have 10,000 SaaS customers with hosted domains like customer.example.com, LE wouldn’t want to issue (and renew!) that many certs. It also may exceed their rate limiter.

                                      1. 3

                                        Yes, this is exactly why I can’t use LE for my business right now.

                                        1. 2

                                          LE creates SAN certificates, which let you group together multiple domains under one certificate. So you can use LE for a SaaS product like this if you’re clever about automatically grouping domains together. See: https://letsencrypt.org/docs/rate-limits/

                                          1. 5

                                            I know that LE can support up to 100 domains in the same certificate with SAN certificates. But I feel like the complexity implied by grouping domains together is not worth the few hundred bucks of a wildcard certificate.

                                            1. 2

                                              I’ve not known many companies that want to publish their full customer list so publicly :)

                                        2. 4

                                          What are the risks for wildcard certificates?

                                          1. 2

                                            I do like the option when it’s there. For example when SNI is not available and you are running low on IPs.

                                            1. 0

                                              The main concern is phishing.

                                              If you look at your URL bar and see a green lock next to https://www.paypal.com.mysite.biz/login.php, you’re a lot more likely to log in.

                                              1. [Comment removed by author]

                                                1. 3

                                                  I agree. If you can prove you own the domain, shouldn’t you be able to call your domain whatever you want and get a certificate for it?

                                                  So the real risk, it seems to me, is in the way you show that proof. If the CA asks for this proof in a way that’s not secure, that to me would be a problem.

                                                2. 7

                                                  You may be interested to know that browsers limit wildcard certs to one level deep, for this reason.

                                                  1. 2

                                                    What does this risk have to do with phishing?

                                                    In any event, the CAs aren’t the right place to solve phishing, services like SafeBrowsing are.

                                                3. 1

                                                  I like supporting wildcards but I do wish they’d dramatically increase the rate limits and decrease the suspension time. Getting banned for a week after a fuckup or bug is nuts.

                                                  1. 1

                                                    Agreed 100%.

                                                1. 2

                                                  This is a nice resource, but like a lot of online books I’ve found, this claims to be written for beginners, but fails to really cater to them. Take a look at the introduction, for example. A beginner is not going to care about why the language was invented or who invented it. They are not going to care about abstraction even – they don’t even know what that is or why it’s even a concern. They are not going to want to set up their editor and they are not going to care about code style. There is a bunch of boilerplate here before the “real” code is presented. Someone who is truly new to programming will be completely overwhelmed by all of this information up front. They want to be able to get going immediately so they have a sense of satisfaction. Of course, all of this depends on learning style – some people like reading everything, even if they don’t understand every word that’s written. But I think that speaks to a short-sightedness – there are certainly other kinds of people that learn differently. So this is a good attempt at aggregating basic information about Ruby, but I am not sure how effective it will be in truly getting beginners to learn Ruby, stay with it, and use it well.

                                                  1. 4

                                                    This is great to hear! I’ve been using Let’s Encrypt for a client’s site and it’s been awesome to use.

                                                    1. 1

                                                      Which OS and client?

                                                      1. 1

                                                        Well, the certificates are generated on the server, which is a Linux machine. I’m using the certbot tool to generate the certificates, which admittedly isn’t an ideal choice considering it’s a web app, but it’s the first thing I found, it was easy to get started with, and I didn’t have a whole lot of time to write something that talked to the ACME API directly. That’s for a future update :)

                                                    1. 1

                                                      This seems like a super elaborate but largely unnoticeable prank. “Hey, Jimmy, notice anything different about your cat?” “No.” “Well, you’re in for a surprise! I created a device that creates a portal to another dimension, and then I took your cat and replaced every atom in her body with a different atom that I stole from that dimension.” “Oh… okay?”

                                                      What does this actually do? I’m assuming perhaps it thwarts hackers from gaining access to the kernel by exploiting vulnerabilities that expose memory locations (such as Heartbleed), similar to how GameBoys and other game systems are hacked through memory for emulation purposes. Is this accurate?

                                                      1. 1

                                                        Yeah, I feel the same way. It’s a neat trick, I assume it helps security in some way, but I have no idea how or why I should care.

                                                        The only thing I can think of is that it partially defeats vulnerabilities that depend on overwriting kernel code in specific locations, but it seems like it’s solving a symptom, and not the real problem.

                                                        1. [Comment removed by author]

                                                          1. 1

                                                            Full disclosure: I’m going to be annoying and nitpick one word: impossible. ;)

                                                            Nothing is impossible when it comes to manipulating weird machines.

                                                            The purpose of exploit mitigations is to drive up the economic cost of the attacker. The more costly it is, the fewer potential attackers there will be.

                                                      1. 2

                                                        Sounds like an epic undertaking here, but if they already know that microservices work best when you already have small teams, then they’re on the right track.

                                                        I’ve been using Kubernetes + Google Cloud Platform for a client site I’ve been working on, and while there are still some rough patches and not everything is as easy as it could be, it’s a step above anything that Amazon has released so far. I admittedly gambled a bit when choosing it, but posts like this validate the hunch that I got when I first came across it – that it was and will continue to be a game changer as Docker gains more and more popularity.

                                                        Using protocol buffers for communication between microservices definitely gets points from me, too.

                                                        1. 2

                                                          Very interesting. For the curious, this seems to make use of naturalWidth and naturalHeight which are properties of the img element and represent the actual width and height of the image (source: https://developer.mozilla.org/en-US/docs/Web/API/HTMLImageElement). The 96/300 bit is there, I presume, because the images he chose were saved as 96dpi. I’m guessing you’d want to change this if the dpi was actually different.

                                                          1. 3

                                                            But if you know the dpi upfront surely you also know the image size?

                                                            I don’t understand the advantage in that case.

                                                            1. 1

                                                              Images don’t really have a DPI, they are just a raster of pixels x wide and y tall. This demo is designed as something to show the people wanting to know how to ensure they can print 300dpi images from sources they have embedded in HTML. I had a handful of people ask a very similar question in a timespan of 1 week, so I made a demo to have ready for the next person who asks :D

                                                              1. 2

                                                                Most image formats have EXIF or similar metadata - much more than just a raster.

                                                                It’s common IIRC to include ‘resolution’ which browsers could (no idea if they do) use when printing.

                                                            2. 2

                                                              dpi != ppi: dpi is dots per inch and means printed resolution of ink dots per inch of paper. It has no immediate relevance for the display of an image on a screen, which depends on pixel per inch, or ppi, of the LCD and the software doing the displaying. So, you can save the dpi information in the file for printing, but it will not be used by browsers. The hack presented here “fixes” that by instructing the browser to scale the image down.

                                                              All modern browsers use a 96 ppi resolution as the basis for calculating widths: make an element have a width of 1in, it will be displayed as 96 logical CSS pixels. The 96/300 is there to display the image with a density of 300 ppi. So, if I have an image that has a natural width of 300 px, it will always be as wide as an element with width: 1in.

                                                              Personally, I think one should instead use the <picture> element to let the browser choose an appropriate image to download. This way no bandwidth is wasted transferring huge images that are scaled down to a third of their width anyway.

                                                              1. 2

                                                                Omg, you’re totally right about dpi vs ppi. I knew I was having a brain fart. Thanks for clearing this up.