If you want to see or try CRiSP, visit http://www.crispeditor.co.uk and try one of the longest established and functional editors on the web! Or subscribe to http://crtags.blogspot.com for a blog on technical articles and joy of computing (sometimes!).
02:20 Footguns
> What if a signal or interrupt is delivered after the call to foo()?
There's Well... the fact that it's a warning says that it's dangerous, but supported thing, isn't it? And I can change the code to make sure there are no warnings:
Better now?
> Why would the compiler allocate this on the stack?
You mean: without explicit The really funny thing: just a tiny modification of that code makes it compileable with -O2, too.
Thus modern compilers don't really propagate all undefined behaviors blindly. No, they are more-or-less testing C and C++ developers patience.
02:20 Rust for Linux redux
Pretty sure it's already not a ring for lots of other reasons. But it's hard to tell, since you don't define "the system" (what values, what operators?) Do that, then remind yourself of the definition of a "ring", and let us know what you conclude....
"If it's not, I can not reason about it"
It might be nice if rings and fields were good models for the types we use in programming languages, but often they aren't. Fortunately, it turns out it *is* possible to reason about things that aren't rings or fields.... 02:20 NUMA policy and memory types
It may also make sense to look at this a bit like swap or for caching, a program may prefer closer memory but would also use a more distant node in a sort of LRU manner. 02:20 GitHub is my copilot
However, so far copyleft has been of much more help than legislation. If legislation is to fix this, then bring the legislation first, and render the copyleft unnecessary, but don't do it the other way around.
Note that copyright (copyleft) can't really in any way avoid proprietary software per se. It just prevents that, whatever free software is made, it remains free for future recipients. In theory, it should avoid someone in a position of power to make use of it for locking users, but that requires the copyright + 'derived work' mechanism. Imagine MS releasing a version of Office made from Libreoffice + some closed source importer/exporter to a proprietary docxx format. We would all effectively move to the new format, and all the effort put on having a free office suite would be used against that goal.
Even if this could sound ridiculous today, there you have Edge...
But back to the main point, I still fail to see how minimizing the 'derived work' concept would help free software. Definitely not for users. 02:20 Rust for Linux redux How often, though? All integers types are rings in modern CPUs (except when compilers add special facilities to make them non-rings). By design. Floating-point numbers are not rings, but that inevitable: ℝ can not be represented in a finite computer, all representations are approximate.
ℤ₂³² or ℤ₂⁶⁴ sure as hell can e represented in a computer and that's exactly what happens: all moderns computers have integers which are rings and thus don't have separate same-sized instructions for signed and unsigned addition or multiplication.
And no, there are no need to ask for the definition, just open any math book.
> Fortunately, it turns out it *is* possible to reason about things that aren't rings or fields....
Sure, if you are not interested in writing the correct code, then you don't need these pesky math theories.
This reminds me of one funny guy I meet once who claimed that statically-typed languages are really-really bad at many programs, because they, you know, require definition of tasks where you have no contradictions. And when I brought the well-known sketch he claimed that yes, this is exactly what he talked about: real expert have no need for math or logic! He can always solve the task. Like, you know, experts which developed the infamous Boeing 737 MAX. Thease are real experts. They make stockholders rich. Which is important. Whileas stupid guys who want rings and other stupid things just make thing that work and where's the value in that, hmm?
Sadly later he deleted an account and left the forum thus depriving us of healthy dose of laughs... but the sad thing: he left the form, not Earth... means he is still out there solving tasks and delivering solutions... and people are using them...
02:20 GitHub is my copilot
Regardless, this is all academic. The definition of "derivative work" is what it is. We can't change it now (except by legislation, but that's not happening).
* Side note: Microsoft can already do this anyway because Apache OpenOffice is under a permissive license that allows it. I'm not sure of the compatibility status of LibreOffice vs. OpenOffice, but it might not matter. You could first develop the plugin for OpenOffice and then, as a separate step, make minor compatibility adjustments as needed. This is probably fair use and might not even be subject to copyright protection in the first place because it would be purely functional (compare and contrast Oracle v. Google, Baker v. Selden, etc.). 02:20 Copyleft-next and the kernel
02:20 Planning the CentOS 8 endgame
> Surprising users seldom goes well, even if it's an overall positive surprise.
Yeah. Just yeah. 02:20 Announcing Arti, a pure-Rust Tor implementation (Tor blog)
C++ is safe, you're just "holding it wrong". Well, too bad a couple lines of code "held wrong" are enough for a vulnerability or elusive concurrency crash.
Standard committee-level discussions matter, but how that translates into what happens in the trenches matters even more.
02:20 Syncing all the things 02:20 Footguns 02:20 Rust for Linux redux
It has been working for decades is just not something that justifies any expectation for that program to continue running. That kind of attitude reminds me a whole lot of Tony Hoare's Fortran compiler:
02:20 Footguns Seriously? POSIX guarantees it's availability, Windows doesn't need (it doesn't support signals), MS-DOS & embedded are handled with Maybe, but that's the thing: it works on almost everything. Thus simple rule things are disallowed if they couldn't ever work doesn't cover it.
> That's up to you. If you want, make it -Werror=uninitialized instead.
Maybe, but safer option would be to switch to something that doesn't change it's rules every year.
> But I'm not enough of a compiler expert to be able to assess what the performance impact would be if this were allowed. I suspect it would be severe.
Most likely. This would break almost all optimizations based on these noalias rules which power a lot of optimizations.
But the story here is: what's the point of something being speedy if said something is no longer correct?
If there were some kind of dialogue between C/C++ compiler developers and users of said compilers then maybe they would have come to an agreement. But there are none.
02:20 Rust for Linux redux Wow. Did you come from an alternate universe? Where Linux dominates the desktop with such attitude?
In the universe where I live it's market share is about 2-3% for last two decades. Precisely because of that toxic attitude.
Linus kernel, on the other hand, which is religious about that... it's ubiquitous. Coupled with non-CADT software it powers phones, robots, routers and almost anything you can imagine... except desktop.
If program worked then it must continue to work! Compiler, operation system and so on are, for the majority of people, are only enablers their raison d'être is the need to have tools to run certain program or programs, they are useless on their own.
Sometimes said program doesn't even have sources and then quality of the compiler doesn't matter, of course, but if source is there then the last thing user wants to hear this is incorrect program, you have to fix it. Excuse me? How is it incorrect when I used it before and it worked? And I can still use it... except if I use Except in C/C++ land that obvious idea transformed into something completely crazy: if new version of compiler couldn't compile that old code... it's not acceptable. But if it turns it into pile of goo... that's fine and not a problem.
Frankly: that's the opposite stance from what I would consider sane.
> That kind of attitude reminds me a whole lot of Tony Hoare's Fortran compiler: https://youtu.be/YYkOWzrO3xg?t=1014
Yup. Exactly. That Fortran compiler which was useless because people couldn't use it with their programs.
C/C++ compiler developers were sure they have invented a way out: create a cabal, make sure C and C++ users couldn't leave... and voila: you can do anything you want to them. Except people are leaving: C++ popularity is already 2x less than it was 10-15 years ago. So far it doesn't look as if C is losing developers very actively, but I think it's because C is mostly used in embedded industry which is very conservative. 6 years of Rust for them is more-or-less enough to notice but not enough to even start thinking about switching. Maybe in next 10 years they would slowly start investigating.
Many of them would be amazed by Rust's speed. Since they are using 02:20 Planning the CentOS 8 endgame 02:20 GitHub is my copilot
> Binary-only distibution, closed protocols, device lock ("tivoization"), etc.
The only way to eliminate those would be to essentially enshrine the four freedoms and some other things in legislation. I feel like the proprietary software vendors have the power to prevent that from happening.
void foo(int* i) {
i[1] = 42;
}
int bar() {
int i = 0, j = 0;
foo(&i);
return j;
}
int main() {
printf("%d\n", bar());
}
> It might be nice if rings and fields were good models for the types we use in programming languages, but often they aren't.
There's sigaltstack for that. Or, if that's MS-DOS, cli and sti.
Interesting, I didn't know about that. Anyway, it's a platform-dependent mechanism which isn't guaranteed to be available, and even on Linux it's only used when SA_ONSTACK is used. So I still believe it's reasonable to make that undefined.
Well... the fact that it's a warning says that it's dangerous, but supported thing, isn't it?
That's up to you. If you want, make it -Werror=uninitialized instead.
Better now?
I don't consider it reasonable to make assumptions about how the compiler lays out the memory for local variables.
That said, I'll grant you that reasonable people can differ about something like this:
void foo(int *i, int o) {
i[o] = 42;
}
int bar() {
int i = 0, j = 0;
foo(&i, &j - &i);
return j;
}
int main() {
printf("%d\n", bar());
}
But I'm not enough of a compiler expert to be able to assess what the performance impact would be if this were allowed. I suspect it would be severe.
https://youtu.be/YYkOWzrO3xg?t=1014
> Anyway, it's a platform-dependent mechanism which isn't guaranteed to be available
> It has been working for decades is just not something that justifies any expectation for that program to continue running.
broken new compiler.
Hide
01:33 Physicists Move Closer To Defeating Errors In Quantum Computation
sciencehabit shares a report from Science Magazine: Physicists at Google have taken an important step toward protecting delicate information in their nascent quantum computer from errors that can obliterate it. The researchers can't yet compensate for all types of errors -- a necessary step toward building a full-fledged quantum computer -- but others say they're poised to achieve that goal. Working with chains of up to 11 data qubits, Google researchers have now been able to preserve a logical qubit for a time that increases exponentially with the number of physical qubits, they report today in Nature. By spreading a single qubit's state over up to 11 data qubits, they reduced the chances of an error after 50 microseconds from 40% to 0.2%. Other groups have demonstrated similar error corrections schemes, but the new work is the first to demonstrate the exponential suppression of errors, says Julian Kelly, a physicist at Google and senior author on the paper. Such exponential suppression suggests developers may eventually be able to maintain a logical qubit indefinitely by spreading it over about 1000 physical qubits.
00:52 Apple removes Fakespot' app from iOS App Store following Amazon request
Comments
00:52 Trexo Robotics (YC W19) Is Hiring Mobile and Robotics Interns
Comments
00:52 Qodana: Code Quality Monitoring Platform
Comments
00:52 Archaeologists flabbergasted to find Cerne Giant's origins are medieval
Comments
00:52 Fat Dactyls
Comments
00:52 The Computer Scientist Training AI to Think with Analogies
Comments
00:52 Last Mile Redis
Comments
00:03 Google Maps Accused of Offering 'Potentially Fatal' Hiking Routes
Hikers looking to summit Scotland's highest mountain and other peaks in the area are being sent up "potentially fatal" routes by Google Maps, the region's mountaineering organizations have warned. CNN reports: The John Muir Trust said Thursday that growing numbers of people using Google Maps to navigate up Ben Nevis risk being directed via a route that is "highly dangerous, even for experienced climbers." Ben Nevis, a popular tourist destination, is the highest mountain in the British Isles, standing at 1,345 meters (4,413 feet). Although thousands summit it annually, climbing the peak is not without risks and deaths have been recorded on the mountain as recently as this year. "The problem is that Google Maps directs some visitors to the Upper Falls car park, presumably because it is the closest car park to the summit," John Muir Trust's Nevis Conservation Officer Nathan Berrie said in a statement. "But this is NOT the correct route and we often come across groups of inexperienced walkers heading towards Steall Falls or up the south slopes of Ben Nevis believing it is the route to the summit," Berrie added. Mountaineering Scotland also warned that a route suggested by Google Maps was "potentially fatal."
"For those new to hill walking, it would seem perfectly logical to check out Google Maps for information on how to get to your chosen mountain," Heather Morning, Mountaineering Scotland's mountain safety adviser explained in a statement.
"But when you input Ben Nevis and click on the 'car' icon, up pops a map of your route, taking you to the car park at the head of Glen Nevis, followed by a dotted line appearing to show a route to the summit." Morning said that "even the most experienced mountaineer would have difficulty following this route. The line goes through very steep, rocky, and pathless terrain where even in good visibility it would be challenging to find a safe line. Add in low cloud and rain and the suggested Google line is potentially fatal." She also added that Google Maps suggested other routes which would direct users towards "life threatening terrain" when they sought to navigate the country's other high peaks, including the 1,062-meter An Teallach. "For An Teallach in the northwest, a 'walking' route was input into the search engine and the line offered would take people over a cliff," she warned. A spokesperson for Google said the company was looking into the complaints. "We built Google Maps with safety and reliability in mind, and are working quickly to investigate the routing issue on Ben Nevis and surrounding areas," the spokesperson said in an email. "In addition to using authoritative data and high definition imagery to update the map, we encourage local organizations to provide geographic information about roads and routes through our Geo Data Upload tool."
23:51 Here's the new car Formula 1 hopes will improve racing in 2022
F1's lead engineer Rob Smedley explains how and why the cars are changing.
23:51 California's ambitious fiber-Internet plan approved unanimously by legislature
CA to build middle-mile network open to all ISPs and give $2B in last-mile grants.
23:51 HTML holes provide a glimpse of Steam Deck's initial preorder numbers
Valve patches hole after a frantic morning of Steam error messages.
23:51 Expert panel says new $56K Alzheimer's drug is unprovenand worth $8,400 max
A Biogen rep said assessing its drug requires "innovative thinking."
23:51 An Alabama lawmaker just wants NASA to fly SLS, doesn't care about payloads
"The mission for which is to be determined by the NASA Administrator."
23:51 Disable the Windows print spooler to prevent hacks, Microsoft tells customers
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
23:51 Apple Watch lead Kevin Lynch shifts focus to car development
Evan Doll will take over some responsibilities leading health product strategy.
23:51 Finger wrap could one day let you power up wearables while you sleep
This thin, flexible strip generates small amounts of electricity from finger sweat.
Hide
22:33 US Seeing 'Pandemic of the Unvaccinated' As Cases Rise In Every State
Covid cases are rising in all 50 US states as the Delta variant spreads coast to coast, news outlets reported on Friday , and with less than half the US population fully vaccinated, public health chiefs warned of an "extraordinary surge." Rochelle Walensky, director of the Centers for Disease Control and Prevention (CDC), said at a White House briefing: "This is becoming a pandemic of the unvaccinated." The Guardian reports: Walensky said the US was seeing an average of 26,000 new coronavirus cases a day -- a seven-day average that is 70% higher than last week. Hospitalizations and deaths are also seeing increases -- about 36% and 26%, respectively, with Walensky noting this was another "critical moment" in the outbreak. "We are seeing outbreaks of cases in parts of the country that have low vaccination coverage because unvaccinated people are at risk. Communities that are fully vaccinated are generally faring well," she said.
Anthony Fauci, the nation's top infectious diseases official, said there had been an "extraordinary surge" in the Delta variant of Covid-19 -- which is more transmissible -- around the world, including in the US. Jeff Zients, the coordinator of the White House coronavirus team, confirmed that unvaccinated Americans "account for virtually all recent Covid-19 hospitalizations and deaths." Four states that are currently seeing high increases in Covid-19 cases have accounted for over 40% of the total Covid cases seen in the country this past week, Zients said. One in five cases occurred in Florida, in which about 50% of the state is fully vaccinated.
22:33 LG's Rollable OLED TV On Sale In US For a Whopping $100,000
An anonymous reader quotes a report from CNET: LG's futuristic rollable TV has arrived. The LG Signature OLED R TV is now available in the US for $100,000 -- costing roughly 50 times more than your average 4K OLED TV. But this isn't your average TV. It has a thin, flexible 65-inch OLED screen. The "wow factor" is the TV's ability to roll down into its housing unit when you're not watching a movie or playing a video game in 4K. It also comes with a sound system with Dolby Atmos and Sound Pro, and has Google Assistant and Amazon Alexa built-in for voice control. The TV has three viewing modes: LG calls them "full view," "zero view" and "line view." In full view, the TV is completely unrolled from the base. In zero view, it's wrapped back up, letting you take advantage of just the Dolby Atmos speaker. In line view, part of the TV is unrolled, roughly a quarter of the screen. This unrolled section could show a clock, the weather or photos. If you're interested in purchasing this TV, LG requires you to contact a representative in your region via their website.
22:33 Netflix Datamine Could Suggest a Partnership With PlayStation
Earlier this week, Netflix announced that it is planning an expansion into video games and has hired a former EA and Facebook executive to lead the effort. Now, according to a recent datamine, the streaming giant may be forming a partnership with PlayStation to bring some of the biggest PlayStation brands to Netflix. IGN reports: Reported by VGC, dataminer Steve Moser appears to have uncovered PlayStation brand imagery and content in the Netflix app code. Moser shared the information via a tweet, including images of both the Ghost of Tsushima box art and some PS5 controllers. It's unclear exactly what this means for Netflix, but if there is a burgeoning partnership between Netflix and PlayStation, it could see Ghost of Tsushima content come to the streaming service in some form.
Moser suggests that the gaming section of Netflix currently has the codename 'Shark', and the placement of PlayStation IP within that suggests a collaborative approach. This wouldn't be the first major deal between Sony and Netflix, as the two companies agreed a deal earlier this year that means movies from Sony Pictures Entertainment will come to Netflix first after their theatrical run. [...] Given that many first-party PlayStation games are narrative-driven adventure games with a focus on cinematic stories, it makes sense to try and adopt games like Ghost of Tsushima and the last of us into movies and TV. Whilst PlayStation already has a games streaming service, PlayStation Now, it could also potentially be looking to push gaming content beyond the PlayStation console ecosystem, as Microsoft has done with Xbox Game Pass.
21:43 Google now lets you delete the last 15 mins of search history (but only on iOS)
There's no word on an Android launch window beyond 'later this year.'
21:43 We asked, you told us: Readers can't make up their minds about Nothing
Readers want to see what Carl Pei's new company has in store before picking a side.
21:43 Daily Authority: Next Nord camera 📸
OnePlus detailed the Nord 2's camera system, Valve announced the Steam Deck running SteamOS for $399, and more tech news today!
21:43 Poll: Would you buy the Steam Deck or OLED Nintendo Switch?
Both devices have their strengths and weaknesses, but which one do you prefer?
21:43 Samsung Galaxy S22: What we want to see
We've got a ways to go before we see this series of phones launch, but we've got a wishlist already.
21:43 Save 53% on the Logitech G502 Hero, and more of the best mouse deals
The Logitech G502 high-performance gaming mouse is only $37.99 right now its lowest price ever on Amazon.
21:43 OnePlus Nord N10 getting its first (and last) Android upgrade
Considering the phone shipped in December with the then outdated Android 10, it's hard to be too excited here.
21:43 It's World Emoji Day and Google updated nearly 1,000 Emoji to celebrate 🎉
Some Emoji will just be cuter, but there are a few that will simply be more accurate.
21:43 Evidence suggests Netflix and Sony could partner for game streaming service
At this point, a Netflix gaming service is inevitable. But if Sony is on board, it would get way more interesting.
Hide
21:03 Say Hi To Microsoft's Own Linux: CBL-Mariner
An anonymous reader quotes a report from ZDNet, written by Steven J. Vaughan-Nichols: Microsoft now has its very own, honest-to-goodness general-purpose Linux distribution: Common Base Linux, (CBL)-Mariner. And, just like any Linux distro, you can download it and run it yourself. Microsoft didn't make a big fuss about releasing CBL-Mariner. It quietly released the code on GitHub and anyone can use it. Indeed, Juan Manuel Rey, a Microsoft Senior Program Manager for Azure VMware, recently published a guide on how to build an ISO CBL-Mariner image. Before this, if you were a Linux expert, with a spot of work you could run it, but now, thanks to Rey, anyone with a bit of Linux skill can do it.
CBL-Mariner is not a Linux desktop. Like Azure Sphere, Microsoft's first specialized Linux distro, which is used for securing edge computing services, it's a server-side Linux. This Microsoft-branded Linux is an internal Linux distribution. It's meant for Microsoft's cloud infrastructure and edge products and services. Its main job is to provide a consistent Linux platform for these devices and services. Just like Fedora is to Red Hat, it keeps Microsoft on Linux's cutting edge. CBL-Mariner is built around the idea that you only need a small common core set of packages to address the needs of cloud and edge services. If you need more, CBL-Mariner also makes it easy to layer on additional packages on top of its common core. Once that's done, its simple build system easily enables you to create RPM packages from SPEC and source files. Or, you can also use it to create ISOs or Virtual hard disk (VHD) images.
As you'd expect the basic CBL-Mariner is a very lightweight Linux. You can use it as a container or a container host. With its limited size also comes a minimal attack surface. This also makes it easy to deploy security patches to it via RPM. Its designers make a particular point of delivering the latest security patches and fixes to its users. For more about its security features see CBL-Mariner's GitHub security features list. Like any other Linux distro, CBL-Mariner is built on the shoulders of giants. Microsoft credits VMware's Photon OS Project, a secure Linux, The Fedora Project, Linux from Scratch -- a guide to building Linux from source, the OpenMamba distro, and, yes, even GNU and the Free Software Foundation (FSF). To try it for yourself, you'll build it on Ubuntu 18.04. Frankly, I'd be surprised if you couldn't build it on any Ubuntu Linux distro from 18.04 on up. I did it on my Ubuntu 20.04.2 desktop. You'll also need the latest version of the Go language and Docker.
21:03 China's Xiaomi Overtakes Apple In the Global Smartphone Market
Chinese smartphone maker Xiaomi was the second-largest smartphone maker in the second quarter, overtaking Apple, according to analyst firm Canalys. CNBC reports: Xiaomi had a 17% share of global smartphone shipments, ahead of Apple's 14% and behind Samsung's 19%. "Xiaomi is growing its overseas business rapidly," Canalys research manager Ben Stanton said in a press release, noting shipments increased 300% year on year in Latin America and 50% in Western Europe. The Chinese smartphone maker posted year-on-year smartphone shipment growth of 83% versus 15% for Samsung and 1% for Apple. Stanton noted, however, that Xiaomi phones are still skewed toward the mass market, with the average selling price of its handsets 75% cheaper than Apple's.
20:52 High Fidelity Image Generation Using Diffusion Models
Comments
20:52 Is Rust Used Safely by Software Developers?
Comments
20:52 How Dangerous Are Solar Storms?
Comments
20:52 Linear Circuit Design Handbook (2008)
Comments
20:52 Four lessons from a year building tools for machine learning
Comments
20:52 Show HN: A CLI tool to generate Cistercian numerals
Comments
20:52 Red: A programming language inspired by REBOL
Comments
20:52 Defense Motion: Bitcoin is not money within the meaning of 18 U.S..C. § 1960 [pdf]
Comments
20:52 Facebook axes CrowdTangle team over data suggesting right-wing success
Comments
20:52 Great Question (YC W21) Is Hiring a Head of Product Marketing
Comments
20:52 Greenland suspends oil exploration because of climate change
Comments
20:52 Researchers are studying the cooking traditions of the FARC
Comments
20:52 Only Train Once: A One-Shot Neural Network Training and Pruning Framework
Comments
20:52 Paxos vs. Raft: Have we reached consensus on distributed consensus?
Comments
20:52 Hooking Candiru: Another mercenary spyware vendor comes into focus
Comments
20:52 We will win the war for general-purpose computing
Comments
20:52 Voice clone of Anthony Bourdain prompts synthetic media ethics questions
Comments
19:33 Japan Has Shattered the Internet Speed Record at 319 Terabits per Second
We're in for an information revolution.Engineers in Japan just shattered the world record for the fastest internet speed, achieving a data transmission rate of 319 Terabits per second (Tb/s), according to a paper presented at the International Conference on Optical Fiber Communications in June. From a report: The new record was made on a line of fibers more than 1,864 miles (3,000 km) long. And, crucially, it is compatible with modern-day cable infrastructure. This could literally change everything.
Note well: we can't stress enough how fast this transmission speed is. It's nearly double the previous record of 178 Tb/s, which was set in 2020. And it's seven times the speed of the earlier record of 44.2 Tb/s, set with an experimental photonic chip. NASA itself uses a comparatively primitive speed of 400 Gb/s, and the new record soars impossibly high above what ordinary consumers can use (the fastest of which maxes out at 10 Gb/s for home internet connections).
19:01 Hubble is back, thanks to backup hardware
Next up is getting the scientific instruments back out of safe mode.
19:01 Xiaomi passes Apple to become the #2 smartphone vendor
Plus, the whole market sees growth from an economic bounce back from COVID.
19:01 Delta stole its pilot's messaging app, should pay $1 billion, lawsuit alleges
Pilot says he developed app on his own time with $100k of his own money.
19:01 Counterfeiters are hungry for a piece of Apple's $16B AirPod market
Counterfeit earbud seizures at the border are up 63% so far this year.
Hide
18:03 Biden Battles Russian Hacking Groups With Restrictions on IT Firms
The United States on Friday took a new stab at Russia's cybersecurity industry, restricting trade with four information technology firms and two other entities over "aggressive and harmful" activities -- including digital espionage -- that Washington blames on the Russian government. From a report: A Commerce Department posting said the six entities were sanctioned by the U.S. Treasury Department in April, which targeted companies in the technology sector that support Russian intelligence services. Their addition to the Commerce Department's blacklist means U.S. companies cannot sell to them without licenses, which are seldom granted. The announcement follows April's sanctions, which were aimed at punishing Moscow for hacking, interfering in last year's U.S. election, poisoning Kremlin critic Alexei Navalny and other alleged malign actions - allegations the Kremlin denies. They come as the United States is responding to a drumbeat of digital intrusions blamed on Russian government-backed spies and a spate of increasingly disruptive ransomware outbreaks blamed on Russian cybercriminals.
18:03 Illinois Is The 1st State To Tell Police They Can't Lie To Minors In Interrogations
Illinois Gov. JB Pritzker signed a new bill into law Thursday barring police from lying to underage kids during interrogations. From a report: Commonly used interrogation tactics, such as promising leniency or insinuating that incriminating evidence exists, are banned when questioning suspects younger than 18 under the new law, which goes into effect Jan. 1. According to the Innocence Project, an organization focused on exonerating wrongly convicted people, those types of interrogation methods have been shown to lead to false confessions. They've also played a role in about 30% of all wrongful convictions later overturned by DNA. Illinois once was called the "False Confession Capital of the United States," the organization said, because of a number of high-profile exonerations of people who falsely confessed to crimes they didn't commit. "In Illinois alone, there have been 100 wrongful convictions predicated on false confessions, including 31 involving people under 18 years of age," said Lauren Kaeseberg, legal director at the Illinois Innocence Project.
16:52 Tesla's new patent involves using table salt to mine lithium
Comments
16:52 Illinois first state to tell police they can't lie to minors in interrogations
Comments
16:52 Mitmproxy 7.0
Comments
16:52 Time has run out on Time Capsules
Comments
16:52 Physically Based Rendering in Filament
Comments
16:52 Cuba jamming ham radio frequencies
Comments
16:52 Time(1) and CPU Frequency Scaling
Comments
16:52 Find Someone to play chess with in London
Comments
16:52 Component Graph System (2017)
Comments
16:52 Launch HN: MergeQueue (YC S21) - Automate rebasing and merging for your codebase
Comments
16:52 The Print Shop Club: Create Apple II Print Shop Printouts in the Browser
Comments
16:52 Google Drive Bans Misleading Content
Comments
16:52 Classified Challenger tank specs leaked online for videogame
Comments
16:52 State Dept. To Pay Up to $10M for Information on Foreign Cyberattacks
Comments
16:52 Walmart releases more affordable analog insulin
Comments
16:52 Hubble telescope has new lease on life after computer swap appears to fix glitch
Comments
16:33 NASA Revives Ailing Hubble Space Telescope With Switch To Backup Computer
The Hubble Space Telescope has powered on once again. NASA was able to successfully switch to a backup computer on the observatory on Friday following weeks of computer problems. From a report: On June 13, Hubble shut down after a payload computer from the 1980s that handles the telescope's science instruments suffered a glitch. Now, over a month since Hubble ran into issues, which the Hubble team thinks were caused by the spacecraft's Power Control Unit (PCU), NASA switched to backup hardware and was able to switch the scope back on. With Hubble back online with this backup hardware, the Hubble team is keeping a close watch to make sure that everything works correctly, according to a statement from NASA.
16:33 Automattic, Owner of Tumblr and WordPress, Buys Podcast App Pocket Casts
Pocket Casts has a new owner. Automattic, which runs WordPress.com and recently purchased Tumblr, announced today that it's acquired Pocket Casts, the well-regarded podcast app. The blog post announcing the purchase didn't offer much in the way of a preview, but it did tease potential future integrations. From a report: "As part of Automattic, Pocket Casts will continue to provide you with the features needed to enjoy your favorite podcasts (or find something new)," the post states. "We will explore building deep integrations with WordPress.com and Pocket Casts, making it easier to distribute and listen to podcasts." Pocket Casts launched in 2010 and sold to NPR and a group of other public media groups eight years later. It's been well-received, particularly from sites like The Verge, because it's available across platforms. It started monetizing through a program called Pocket Casts Plus, which charges users a monthly subscription fee for features like desktop app access and a standalone Apple Watch app, in 2019.
16:20 Rust for Linux redux
16:20 Rust for Linux redux
I don't know where you get the idea from that this is a fundamental principle of anything. In any case, I disagree.
The problem with this kind of reasoning is that real machines don't have tri-valued bits. If the optimizer can prove that no matter which value a variable contains, the result of the expression must be X, it has no business whatsoever returning Y, much less without bloody well telling the programmer about it.
Alternate reasoning: Yes, assuming X==undefined, then X||!X is also undefined in the strict maths sense. However, the compiler doesn't not-evaluate / optimize this expression to X, it not-evaluates / optimizes it away to zero and doesn't bother to tell you.
It actually makes a lot of sense to reason about syntax errors. You intuit what the programmer might have meant (which frequently is much more complicated than "there's a missing closing brace here" at the very end of your ten-k-lines file when the real reason is a misplaced quote in line 42), then you fail the compilation anyway.
The fact that it is impossible to do the same thing (or at least emit a warning) with obviously-specious cannot-happen-in-a-real-computer "UB" reflects on the idiocy of the C standardization people and/or the compiler writers. Nothing to do with any fundamental principle.
16:20 GitHub is my copilot
16:20 Rust for Linux redux
The way llvm arrives at the answer of (be || !be)=false is by extending the usual system with two elements: poison and undef, defined in a way that the resulting system is not a ring anymore. (be || !be)=false proves that. If their system is not a ring how do they reason about *any* expression transformation ? Because the usual reasoning of "I am a ring and ring theory tells me it is valid" is not applicable anymore.
A sane way to reason about uninitialised variables is that it takes some value from the usual system, you just don't know which. In that case your system is still a ring and thus get all the nice (and expected) things ring theory guarantees, like (be || !be)=true. Yes, you can't reason about what printf will give you for it, but you also don't throw away the mathematical underpinnings of everything.
16:20 Nguyen: CVE-2021-22555: Turning \x00\x00 into 10000$
16:20 GitHub is my copilot
16:20 GitHub is my copilot
16:20 Footguns
As you wanted: no casts, no const. Am I safe now?
That example may have no casts or const but it is still really crummy C code. I'm not sure exactly what this is supposed to illustrate, let alone prove.
16:20 Rust for Linux redux
The thing is, it doesn't actually think that. If "be" is undef, the result of the whole thing is also undef, which is perfectly fine.
The problem is that one of the next steps decides undef ≃ zero because undef ∈ UB and UB means "the compiler can do anything it bloody well wants to", including not telling anybody about it.¹
I consider all of these assumptions to be deeply flawed.
(1) I know that it will do so in this case if you turn on warnings, but there are plenty of situations where it won't.
16:20 Rust for Linux redux
It's clear that the user must not use uninitialized values.
It's also clear that the compiler knows that the value being uninitialized, otherwise it wouldn't be able to do some of those optimizations we're talking about.
But instead of helping the programmer by rejecting that use the compiler goes off and does optimizations that result in all kinds of possible situations including security issues.
Yeah sure, the human wasn't perfect. But the compiler is punishing you for it instead of helping you.
Same argument with the pointer comparison example khim used. Someone said: you must not use invalid pointers. Sure, I guess we all know that. But sometimes we do, unintentionally. And the compiler knows that the pointer must be invalid now as it does its crazy optimizations instead of helping the user fix their mistake.
In the face of UB I often feel completely helpless. I know I make mistakes, and the compiler isn't helping me. At all. If compiler devs cannot create a helpful compiler "because the spec", then the language is broken and ill-suited for creating bug-free programs.
I would love to able to switch to Rust (for other reasons, too), but unfortunately my main work is Qt-based, and I'd have to throw all of that away. I will definitely not write new programs in C++ anymore.
16:20 Rust for Linux redux
> And the compiler knows that the pointer must be invalid now as it does its crazy optimizations instead of helping the user fix their mistake.
Nah. Compiler doesn't know that. Semantic of the That's why clang doesn't do that. Instead it adds noalias attributes to these pointers. Remember these? The ones which were rejected in 1988 because they made almost impossible to write real programs in that language? Well... compiler developers haven't given up. They called these pointer provenance and built the whole house of cards on top of that.
Because And why Except it does matter. All modern compilers miscompile certain valid programs (that's the reason pointer provenance wasn't added to the standard... you can read about this in the proposal). What's really funny: Rust actually does have a working, mathematically proven, noalias. It paid high price for it, but it's actually mathematically-proven one.
And the couldn't pass it to LLVM because LLVM starts producing wrong code (more about it here).
There are actually some research which is supposed to fix that issue (e.g. here), but the fact that said research was only started after many years of abuse... says volumes.
> I would love to able to switch to Rust (for other reasons, too), but unfortunately my main work is Qt-based, and I'd have to throw all of that away.
You have to wait for now. GUI in Rust is actually a very hot topic and active area of research and they show very promising results... but it's most definitely not at stage where they can offer replacement for Qt yet.
16:20 Rust for Linux redux They do look. And try to propagate it as far as they can. Because this, apparently, should help with optimizations.
Their efforts are thwarted by SPEC. Six out of nine benchmarks may be miscompiled because they trigger undefined behavior. And SPEC refuses to change them (yes, C/C++ compiler developers are showing this level of hopelessness, they actually wanted to claim that decades old benchmarks must be fixed to adhere to their ideas of UB treatment).
The same can be said about GLibC (some optimizations break it) and few other well-known libraries.
This limits their efforts to some degree. But they usually try to invent something that would keep really well-known pieces of software untouched (although It works perfectly. More and more developers are contemplating switch to C#, Go, Java, Rust or any other language just to avoid this madness.
Not sure if that was the intent, but it was obvious to anyone but C/C++ compiler developers that this would happen: if you make the language unsuitable for any purpose then you, in effect, are forcing developers to look elsewhere.
16:20 Rust for Linux redux
I only know a little about Verilog so I could be mistaken, but it seems the problem is that Verilog is really two languages - one for simulation, one for hardware - which have enough overlap that you can write code that compiles as both, but enough differences that any non-trivial code is unlikely to behave the same. That creates some awkward compromises, and a lot of those compromises are found in X.
Sometimes X might represent a "do not care" value, like when you're defining a truth table with N input bits and you know some of the 2^N input states are impossible so you don't care what the corresponding output bits are, and (for hardware) the compiler can choose whether the outputs are 0 or 1 based on which will allow a more efficient logic gate implementation. When compiling for simulation, the language tries to be helpful by propagating the X instead of arbitrarily replacing it with 0 or 1, so that you can detect situations where your code might have different behaviour once it's compiled for hardware with different arbitrary choices.
In many cases Verilog tries to eliminate Xs when it's safe, e.g. if b = X then "0 & b" is 0, and "1 | b" is 1, because those are valid whether b is actually 0 or 1. But it doesn't have a sophisticated representation of values, so "~b" has to simply give the value X (with no extra data to indicate its relationship to the original X signal), and therefore "b | ~b" gives X. (Apparently some Verilog implementations are more sophisticated though, and could simulate the block with b=0 and b=1 and observe the output is the same in both cases, so it could eliminate the X.)
In other cases Verilog tries to hide Xs when it doesn't seem safe at all, like with "if (X)" being simulated as false. I'm not sure if there's any coherent design principle behind those choices.
But you can also get X from e.g. timing violations, which might correspond in hardware to a metastable value that is neither 0 nor 1. Or you can get X if a wire is being driven to 0 and 1 simultaneously, which in hardware is probably some illegal voltage (or hopefully the synthesis tool will detect and prohibit that to avoid damaging your chip). In hardware the signal might be interpreted differently at different points in the circuit, or might change unpredictably during a clock cycle, and 'b | ~b' may well give 0 because you've already left the bounds of digital logic. But Verilog treats that as the same X as the "do not care" values, so it might fail to propagate the X when it really should.
So I think there's partly the fundamental difficulty of creating an accurate digital approximation of analog hardware, and partly Verilog's overly simplistic implementation of X for simulation. (Verilog was designed in the 1980s, and to me it feels like it hasn't moved on much since then - the recent SystemVerilog brought it up to the level of maybe C89 - so "overly simplistic" applies to a lot of it). That means it doesn't really prove much about modern C/C++ compilers modelling 'unknown' values, because they're modelling something that is still digital and deterministic (and therefore much easier than hardware), and also they're able to use much more sophisticated mathematical tools to manipulate those values in a more complex (but provably safe) way, based on the last few decades of compiler research. 16:20 Rust for Linux redux
Really? Also in the case the value of be is undefined? Undefined in the sense that it is not an unknown to be deduced from the values of other variables, but it truly has no value. 16:20 Rust for Linux redux But everything have some value when your program is executed on CPU.
That is the fundamental disconnect between C/C++ compiler developers and users of said developers.
The people who are writing an actual program are not interested in appeasing C/C++ $DEITY. They just want to have working program which they can either sell or use.
C/C++ compiler developers are not interested in working programs. They fulfill various KPI (some want to some certain improvements on benchmarks to earn their bonus, some want to publish article and get the grant, etc), but actual C/C++ developers are, basically, an obstacle for them.
This perverse state of the affairs if what caused this crisis.
Only creation of Rust revealed the truth. And not directly but because Rust developers used LLVM to build Rust and tried to just find out what specs there are for that creature... yet found nothing. Nothing mathematically sound at least.
Note that most attempts to show that C/C++ compilers language models are unsound (as in: they can produce anything at all as their output and it's a miracle that they sometimes produce working code) come from Rust developers, not C/C++ developers.
C/C++ compiler developers started talking about provenance more than 20 years ago yet only after creation of Rust and an attempt to actually use that much-talked-about for mathematically defined target it was revealed that their models are totally unusable (before that happened they were rejected two times by C committee, but it was perceived as nit-picking of committee, not symptom of something more sinister).
This tells us volumes about the C/C++ developers goals and their priorities, isn't it?
16:20 Footguns But it's syntactically valid and works on most C compilers with optimizations disabled, isn't it?
> I'm not sure exactly what this is supposed to illustrate, let alone prove.
The point was: that hypothetical proposed You couldn't just say anything syntactically valid and working in And if you start creating spec... and trying to keep it sane... you end up, eventually with a spec for D, C# or Rust... not with a spec for a friendly C
16:20 GitHub is my copilot Copyright, maybe, but I don't see how they could indemnify against patent infringement. If you infringe on a patent, it doesn't matter where the infringing code came from... it only matters that you're using it.
16:20 Rust for Linux redux
Yes, of course the memory of (current) real machines contains either zeroes or ones, regardless if the variable occupying the memory bits has been initialized or not. But Vipketsh was introducing "strict maths" into the discussion, and my point was that it is useless to think in terms of school algebra, and rings and fields if your input is undefined.
I understand the frustration some people (including you) have with the C++ standard and compilers, but that was not my point. 16:20 GitHub is my copilot
I think this whole argumentation of how [reducing the notion of derived work is actually good for free software] is totally nuts.
Or maybe I misunderstood something.
Copyright is not what enables the concept of proprietary software, or not alone. For end users there are arguably more annoying and immediate aspects of propietary software, which don't depend on copyright law: Binary-only distibution, closed protocols, device lock ("tivoization"), etc.
Last week I had to fix my son's bed frame, bought about 10 years ago. I ended up screwing and bolting in manners not foreseen by the original designer, but hey, they didn't seem to think about children that actually jump and play on the bed (despite of mum's disagreement).
Luckily the bed frame was not codified in binary opcodes. 16:20 Derived works 16:20 Planning the CentOS 8 endgame
"Branch" would have been a better choice of word. These RHEL branches (or at least some of them) will be eligible for EUS, and so get "hotfixes" that don't go into Stream (just as current EUS branches aren't in CentOS Linux). The same issues will of course get fixed in Stream, although possibly in a different way. (Again same as EUS in the pre-Stream model.) 16:20 Nguyen: CVE-2021-22555: Turning \x00\x00 into 10000$ 16:20 Rust for Linux redux Except my input is not undefined. It's unspecified. There are no such thing as undefined input in C standard.
Sure, behavior (not input!) is undefined but without special maximum destruction module added into the compiler specifically to attempt to make sure people would start abandoning C and C++ LLVM developers had to do significant amount of work to make sure they can reliably break math. It doesn't happen just by accident. You have to introduce special poison value, you have to define rules of doing calculations with it which turn well-behaving programs into misbehaving, etc.
It's a lot of work.
The best interpretation which comes to mind: C/C++ compiler developers are, actually, true altruists and wouldn't mind if everyone would stop using these toxic languages and switch to something else but they are constrained by their managers and couldn't just flat out say that. That is why they turned huge bodies of C code into a land mines just waiting to explode (their words, not mine).
And while I appreciate the effort... and admit that it may prove to be the best one to achieve that goal... I would have preferred if they would have picked some other approach. Yes, at this point people are ready to understand that they have to abandon C (they still do feeble attempts to save it, but it's obvious they are deemed to fail), but was it really impossible to achieve the same without introducing so many security holes and without making people feel so miserable?
Maybe the answer is no, maybe it's really the best way... but still... somehow it doesn't feel like it was the only choice.
16:20 Rust for Linux redux 16:20 GitHub is my copilot
They had to filter C macros though. There are limits.
16:20 I have removed all my GitHub repos
Yes there is: the version 3 of the GPL.
16:20 Development quote of the week
That basically makes all the code with source available MIT licensed-ish. But the code for windows and all other closed source things where they stop the bot from even reading the source are still closed source.
We still end up with closed source tools, but we have now lost the GPL and other copyleft tools which could force them to contribute back.
Maybe if you license everything under MIT right now you don't really care, but I think the GPL has some value, and I'd like to keep it around in the future. 16:20 So what's the point here? 16:20 Footguns
> The point was: that hypothetical proposed -std=safe11 or -std=friendly-c C dialect is impossible to create without creating another full-blown language spec.
Oh, and coming back to your previous example: 16:20 Planning the CentOS 8 endgame
> I have also found that many times it hides real bugs. It's probably too much to ask, but still would be good if compiler authors look a bit at how "undefined" values played out in practice elsewhere.
> Undefined in the sense that it is not an unknown to be deduced from the values of other variables, but it truly has no value.
> That example may have no casts or
>> The GPL doesn't exist because copyright is good, it exists because software being copyrightable is what enables the concept of proprietary software in the first place.
The legal issue would be yours, not the kernel's.
> But Vipketsh was introducing "strict maths" into the discussion, and my point was that it is useless to think in terms of school algebra, and rings and fields if your input is undefined.
I don't think it does. What if a signal or interrupt is delivered after the call to foo()? It would invoke a signal handler which is probably going to clobber the memory where foo's stack frame used to be.
That may or may not be true, but either way, your example doesn't demonstrate that. Every compiler these days has warnings to prevent that sort of thing.
> const int this_is_zero = 0;
> But I know it's on stack and stack is not const!
Why would the compiler allocate this on the stack? It's not using any local variables or function parameters, so it might as well allocate it statically on a read-only page.
>- https://access.redhat.com/documentation/en-us/red_hat_ent...
> - https://access.redhat.com/documentation/en-us/red_hat_ent...
I think that what amacater meant to say is that unlike on Debian there isn't any tool that works flawlessly to upgrade from Centos 6 to Centos 7
And just like him, being a long time Debian user at home and RHEL/CentOS user at work, my experience leads me to concur with him.
Hide
15:03 China Dispatches Officials To Inspect Didi's Data Security
China has dispatched a team of officials to conduct on-site inspections at Didi as part of a probe into the ride-hailing giant. From a report: Officials from the Cyberspace Administration of China, Ministry of Public Security, Ministry of State Security, Ministry of Natural Resources, as well as the tax, transport and antitrust regulators are beginning an investigation into Didi's data security, according to a statement released by the cyberspace watchdog Friday. Days after Didi's initial public offering in the U.S. on June 30, the CAC announced the probe into Didi and ordered app stores to remove its services within China. The probe into Cheng Wei's ride-hailing firm set off renewed scrutiny over China's tech giants, which had already been under pressure from antitrust regulators over alleged abuses in areas like pricing and forced exclusivity, and expanded Beijing's tech crackdown to include greater oversight over data and foreign IPOs.
15:03 WHO Warns of 'Chaos' if Individuals Mix Covid Vaccines
The World Health Organization's chief scientist has advised individuals against mixing and matching Covid-19 vaccines from different manufacturers, saying such decisions should be left to public health authorities. From a report: "It's a little bit of a dangerous trend here," Soumya Swaminathan told an online briefing on Monday after a question about booster shots. "It will be a chaotic situation in countries if citizens start deciding when and who will be taking a second, a third and a fourth dose." Swaminathan had called mixing a âoedata-free zoneâ but later clarified her remarks in an overnight tweet. "Individuals should not decide for themselves, public health agencies can, based on available data," she said in the tweet. "Data from mix and match studies of different vaccines are awaited -- immunogenicity and safety both need to be evaluated."
14:11 Rocket Report: SpaceX tests FAA again in Texas, India pushes Vikas engine
"Welcome to the dawn of the new space age."
Hide
13:51 Error'd: Innocents Abroad
This week's opening Error'd submission required a bit of translation for
the monoglots among us, but it was worth the work. Not speaking even
een beetje of Dutch, I was forced to use Google's own translation
service to see what it was that had so worried our friend
Sebas. And it's a doozy.
"...seek help - Child abuse images are illegal" warns
Google's AI, inferring lewd Low Countries Linux links.
For his part, Sebas takes it in stride,
"Just hoping I'm not flagged now."
I'm afraid to ask
what the Goog makes of tcl.
Meanwhile, neighboring Daniel N. endured a slew of wtfery on
the road to delivering us this archetypical Error'd. These are our
raison d'être.
"Ironically, submitting directly to your website yields a 500 error!" he exclaims for WTF#1.
"Apologies for the fuzzy photo, I'm prohibited from taking screenshots on my work PC!" he continues for WTF#2.
(But apparently not prohibited from car-shopping, eh Daniel? Don't worry, your secret is safe with us.)
Presenting below the WTF FTW, I give you:
A bit farther Norse, minor international fiancier Peter G. frets " I hope Wise.com's funds transfer division is better with numbers than this explanation of VAT implies." Are you marketing Mercedes or mackerel, Peter?
Fishing for an explanation of his unusual bill, Steve S. submits a priceless quote. "No, I did not find this detected anomaly to be helpful."
Enfin, presumably pseudonymous Tom Sawyer casts in his own two cents on another crudely translated Error'd exemplified. "Just a little QA would be helpful," he mutters sotto voce.
Enjoy your weekend.
13:33 Netflix Plans To Offer Video Games In Push Beyond Films, TV
An anonymous reader quotes a report from Bloomberg: Netflix, marking its first big move beyond TV shows and films, is planning an expansion into video games and has hired a formerElectronic Arts and Facebook executive to lead the effort. Mike Verdu will join Netflix as vice president of game development, reporting to Chief Operating Officer Greg Peters, the company said on Wednesday. Verdu was previously Facebook's vice president in charge of working with developers to bring games and other content to Oculus virtual-reality headsets. The idea is to offer video games on Netflix's streaming platform within the next year, according to a person familiar with the situation. The games will appear alongside current fare as a new programming genre -- similar to what Netflix did with documentaries or stand-up specials. The company doesn't currently plan to charge extra for the content, said the person, who asked not to be identified because the deliberations are private.
12:52 The Quiet Mysticism of Almanacs
Comments
12:52 Google tries out error correction on its quantum processor
Comments
12:52 Why Postgres sequences can skip 32 unexpectedly
Comments
12:52 Public API Lists
Comments
12:52 UPchieve (YC W21) Is Hiring a Mobile Engineer (Remote)
Comments
12:52 Beyond Fermi's Paradox XVI: What Is the Dark Forest Hypothesis?
Comments
Hide
10:33 Brain Signals Converted Into Words 'Speak' For Person With Paralysis
sciencehabit shares a report from Science Magazine: A man unable to speak after a stroke has produced sentences through a system that reads electrical signals from speech production areas of his brain, researchers report this week. The approach has previously been used in non-disabled volunteers to reconstruct spoken or imagined sentences, but this is the first demonstration of its potential in the type of patient it's intended to help. The participant had a stroke more than 10 years ago that left him with anarthria -- an inability to control the muscles involved in speech. Researchers used a computational model known as a deep-learning algorithm to interpret patterns of brain activity in the sensorimotor cortex, a brain region involved in producing speech, and 'decoded' sentences he attempted to read aloud.
In the new study, [the researchers] temporarily removed a portion of the participant's skull and laid a thin sheet of electrodes smaller than a credit card directly over his sensorimotor cortex. To "train" a computer algorithm to associate brain activity patterns with the onset of speech and with particular words, the team needed reliable information about what the man intended to say and when. So the researchers repeatedly presented one of 50 words on a screen and asked the man to attempt to say it on cue. Once the algorithm was trained with data from the individual word task, the man tried to read sentences built from the same set of 50 words, such as "Bring my glasses, please." To improve the algorithm's guesses, the researchers added a processing component called a natural language model, which uses common word sequences to predict the likely next word in a sentence. With that approach, the system only got about 25% of the words in a sentence wrong, they report today in The New England Journal of Medicine. With the new approach, the man could produce sentences at a rate of up to 18 words per minute.
09:43 OnePlus Buds Pro will offer fast charging, adaptive noise cancellation
OnePlus says you can also expect adaptive noise cancellation and up to 38 hours of juice via the case.
09:43 Amazfit's pricey Zepp Z smartwatch is finally launching in India
We thought the Zepp Z was overpriced for what you actually got, but pricing isn't better in India either.
09:43 Unlocked Samsung Galaxy Note 10 devices gain July security patch in the US
If you're an Android Auto user, you'll want to grab this new patch.
09:43 Here's how much you'll be spending on Poco F3 GT in India (Updated: Launch date)
Poco's upcoming gaming phone will have a pretty competitive price in India, and it'll launch a day after the Nord 2.
Hide
09:30 Here are the finalists to be included in Emoji 14.0 this September
The draft list for the next round of new emoji was announced today, two days ahead of World Emoji Day on July 17th. Contenders include a melting smiley face, a low battery, a disco ball, and several new hand shapes like heart hands and index finger pointing at viewer for courting your sweeties or taunting your enemies.
The release of new emoji was delayed this year because of the pandemic, and proposal submissions were on pause until April. This list won't be finalized by the Unicode Consortium until September, but in general, most candidates shown in the draft make it through. The final versions should roll out to different devices and platforms starting in late 2021 through 2022.
09:30 Xiaomi overtakes Apple as number two smartphone vendor for first time
Xiaomi is now the second largest smartphone vendor based on worldwide shipments in the second quarter of 2021, according to a new report from Canalys. The Chinese company captured 17 percent of global market share, according to the research firm, just behind Samsung's 19 percent but ahead of Apple's 14 percent.
BBK's Oppo and Vivo rounded out the list of top five vendors at 10 percent apiece. All five companies grew their shipments year on year, but what's notable is just how much Xiaomi has managed to increase its volume it shipped 83 percent more phones than in Q2 2020, whereas Samsung grew shipments 15 percent and Apple by just one percent.
We've moved up one more spot! Just in from @Canalys, we are now the 2nd largest smartphone...
09:30 Google Meet is getting a wider rollout on Google Glass
Google Meet videoconferencing is adding fuller support for Google Glass, the company's frequently overlooked augmented reality headset. Yesterday, Google announced an open beta of Meet on Glass for the Glass Enterprise Edition 2. Users with Google Workspace can sign up to test the service following a closed beta announced last year.
As The Verge's Sean Hollister laid out last year, Meet on Glass works differently from normal online videoconferencing. When a Google Glass wearer connects, other participants get a first-person view from the headset camera. Google pitches it as a collaborative remote troubleshooting tool for the business-focused Glass Enterprise Edition, replacing less hands-free options like capturing a video with your...
09:30 Samsung's Galaxy Chromebook Go is available now for $299
Samsung's new entry-level Chrome OS laptop, the $299 Galaxy Chromebook Go, is available to purchase now at Samsung's website and other retailers. While only the Wi-Fi model is available Thursday, Samsung plans to offer an LTE model in the coming weeks, which should be a nice extra perk for web browsing on the go.
The Galaxy Chromebook Go's modest price seems to be reflected in its features. It's got a 14-inch 1366 x 768 HD display, a definite step down from the 4K OLED panel that shipped on the $549 Galaxy Chromebook 2. It's also working with an Intel Celeron N4500 processor and 4GB of RAM, which probably won't set the world on fire, but should be enough for casual Chrome use.
09:30 Google adds option to instantly delete your last 15 minutes of search history
Google is launching a new privacy feature for search that lets you instantly delete your last 15 minutes of search history on mobile, the company announced on Thursday. The new option was first revealed alongside several other search and Chrome improvements at I/O 2021 and is now rolling out to everyone.
The option to delete your last 15 minutes of search history is currently only available in Google's iOS app and is headed to Android later this year. On desktop, your options for deleting searches are limited to setting your history to auto-delete every three, 18, or 36 months (18 months is the default for new accounts), or deleting searches by hand. You can see what the new option looks like in the iOS app below:
09:30 Nguyen: CVE-2021-22555: Turning \x00\x00 into 10000$
For those who appreciate detailed descriptions of how to exploit a kernel
vulnerability, this
report on a netfilter bug by Andy Nguyen should certainly satisfy.
CVE-2021-22555 is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution. It was used to break the kubernetes pod isolation of the kCTF cluster and won 10000$ for charity (where Google will match and double the donation to 20000$).
09:30 Security updates for Thursday
Security updates have been issued by Debian (firefox-esr and php7.0), Fedora (firefox, mingw-djvulibre, and seamonkey), Gentoo (fluidsynth, openscad, and urllib3), openSUSE (ffmpeg, nodejs12, and sqlite3), Red Hat (firefox), and SUSE (ffmpeg, kernel, nodejs10, nodejs12, nodejs14, and sqlite3).
09:30 [$] GitHub is my copilot
Your editor has worked in the computing field for rather longer than he
cares to admit; for all of that time it has been said that a day will come
when all that tedious programming work will no longer be necessary.
Instead, we'll just say what we want and the computer will figure it out.
Arguably, the announcement of GitHub
Copilot takes us another step in that direction. On the way, though,
it raises some interesting questions about copyright and free-software
licensing.
Hide
09:30 Testing the New 3DMark CPU Benchmark: For the Boids
A couple of weeks ago, UL (formerly Futuremark) released the latest test in its ongoing 3DMark gaming benchmark suite, CPU Profile. The premise behind this new CPU-specific test is a simulation to measure how processor performance scales with cores and threads. Normally 3DMark tests are designed to measure overall gaming performance - and thus are largely a GPU benchmark - however this one is a little different since it focuses more specifically on CPU performance. So we wanted to take a look at UL's latest test to get a better idea of what exactly it is testing, what exactly it is trying to accomplish, and just how useful it might be.
08:52 A haunting new documentary about Anthony Bourdain
Comments
08:52 Developing the first ICs to orbit Earth
Comments
08:52 Thriving in a Crowded and Changing World: C++ 2006-2020 [pdf]
Comments
08:52 ArchiveBox/ArchiveBox: open-source self-hosted web archiving
Comments
08:52 CoinTracker (YC W18) is hiring its first Technical Recruiter (remote)
Comments
08:52 What Is the Axiom of Choice?
Comments
08:52 Show HN: I made an interactive anti-procrastination video course
Comments
08:52 Open Source Insulin
Comments
08:52 Remote code execution in cdnjs of Cloudflare
Comments
Hide
07:30 Fifteen Percent of US Air Force F-35s Don't Have Working Engines
Areyoukiddingme shares a report from The Drive: Atotal of 46 F-35 stealth fighters are currently without functioning engines due to an ongoing problem with the heat-protective coating on their turbine rotor blades becoming worn out faster than was expected. With the engine maintenance center now facing a backlog on repair work, frontline F-35 fleets have been hit, with the U.S. Air Force's fleet facing the most significant availability shortfall. At a hearing before the U.S. House Committee on Armed Services' Subcommittee on Tactical Air and Land Forces yesterday, Air Force Lieutenant General Eric T. Fick, director of the F-35 Joint Program Office, confirmed that 41 U.S. Air Force F-35s, as well as one Joint Strike Fighter belonging to the U.S. Marine Corps, another from the U.S. Navy, and three that had been delivered to foreign air forces were grounded without engines. Those figures were as of July 8. The exact breakdown of how many of each F-35 variant lack engines is unclear. The Air Force and the Navy only fly the F-35A and F-35C, respectively, but the Marines operate both F-35Bs and F-35Cs and various models are in service with other military forces around the world. With regards to the Air Force specifically, as of May 8 this year, the service had received 283 F-35As, which means that around a little under 15 percent of the service's Joint Strike Fighters can't be flown due to this engine shortage.
06:20 I have removed all my GitHub repos
The point is that they don't have to source it from your server directly. It is open source, nothing is stopping them from using a proxy to clone it.
06:20 entrapment ?
Compared to the pushes for dragnets across all private comms, a targeted attack that uses devices introduced via a known standover man & drug dealer is exactly the sort of thing that the police should be doing.
06:20 I have removed all my GitHub repos
That "copilot" is bringing twenty-year-old security flaws back is another aspect. ML is only as good as its training data.
06:20 I have removed all my GitHub repos
Is your code in Debian, or any other distro? The Internet Archive? What about the randoms on /r/datahoarders, do you think any of them made a copy?
There's no such thing as "It's public except for person X." If you put it on the internet, then anyone who wants to see it can probably get a copy by some means or another. Ordinarily, you would use copyright law to combat such unauthorized copying, but FOSS licenses are explicitly designed to allow and even encourage it.
06:20 EPEL-next
I wish things were so simple. I have a CS8 box that uses xapian-core-devel from EPEL; that box is now failing to update due to this issue. This is just the sort of thing that makes CS8 a bit scary for a lot of people.
06:20 Footguns
One pointer is valid and the other isn't because of the semantics of reallocating memory. I think that part is reasonable, pointers are unrelated and one, from the point of view of the user, has been freed. However, the runtime can use the fact that their value may be the same: malloc will often have arenas of fixed size regions (depending on implementation, of course); your allocated memory may come from an area bigger than the size you requested or, as in your example, be the same size. You may also be trying to shrink, so the contents of the new region can fit the old region anyway. Explicitly allowing the value of the pointer to be the same is what allows this, avoiding looking for another chunk of memory and copying the contents of your previous buffer to a new one. And in this case the performance win could be significant, a lot of processing goes just into copies in some workloads.
06:20 Footguns
Yet nothing in the standards mandate it. How hard could it be to make them warn about it as part of the spec?
06:20 entrapment ?
06:20 Rust for Linux redux
06:20 Kuhn: It Matters Who Owns Your Copylefted Copyrights
06:20 Kuhn: It Matters Who Owns Your Copylefted Copyrights
06:20 Footguns
> I think that part is reasonable, pointers are unrelated and one, from the point of view of the user, has been freed.
Except there are no such thing in C as pointers that are equal yet one is valid and the other is not. Except for one case where you have no right to even attempt to compare them.
Here is the full exhaustive list from latest draft (identical to C18):
Two pointers compare equal if and only if both are null pointers, both are pointers to the same object(including a pointer to an object and a subobject at its beginning) or function, both are pointers to one past the last element of the same array object, or one is a pointer to one past the end of one array object and the other is a pointer to the start of a different array object that happens to immediately follow the first array object in the address space¹¹¹)
Some Clang developers even tried to claim that after call to I don't care about what runtime does. It's not really important here. I only care about what standard says:
See? The fact that I can compare these two pointers and they can be identical is spelled there explicitly. It's part of the standard text, not something I may want to see there. And then, when standard talks about pointer equality it explains what that does mean: it means that they either point to the same object or, alternatively, both of them are pointers to one past the end. One additional possibility is not really allowed because it would trigger UB which would make explicit permission to compare these two pointers invalid.
06:20 GitHub is my copilot
Until then, the model is as good as the code it consumes. 06:20 Footguns That's another interesting question: what kind of workload can that optimization make faster? What application? What benchmark?
Yes, I think you may try to invent some kind of benchmark which would become faster, but then, it's much easier to invent something which would become slower if you do crazy turn-pointers-into-indexes-then-call- Basically AFAICS this change does exactly and precisely two things:
Thankfully this particular optimization can be easily disable in clang with -fno-builtin-realloc thus it's effect is easy to benchmark.
I sincerely hope it wasn't done with an explicit goal to make C developers life miserable (this would imply C compiler developers are real sadists which is disturbing discovery if true), but I couldn't see any other reason for that optimization to exist. Maybe I don't understand something.
06:20 Announcing Arti, a pure-Rust Tor implementation (Tor blog)
> When I'm writing software I'll decide what libraries and what versions of libraries I want to depend on.
Distros sometimes (often?) need to build and run a package against different library versions than its upstream supports (for various reasons).
06:20 Rust for Linux redux
Yes. I expect the number system (set of values and operators) to be at least a ring, preferably a field. (be || !be) turning into false means that the system is not a ring. If it's not, I can not reason about it and hence can not understand the code. Is it really so much to ask that arithmetic works the way we all learned it in primary school ?
In the world of HW development the predominant language, Verilog, has the infamous four value system: each bit can be from the set {0,1,Z,X}, where "X" is intended to model "undefined" (as in the value is undefined, not in the sense of C's "undefined behaviour" -- it's behaviour is fully defined[1]). From experience in this world it is abundantly clear that the behvaiour of "undefined" has a tendency to result is non-working HW simulations and many weeks wasted hacking around the fact that the synthesis tool (compiler) changed expressions to propagate the X differently. I have also found that many times it hides real bugs. It's probably too much to ask, but still would be good if compiler authors look a bit at how "undefined" values played out in practice elsewhere.
[1] For example (be || !be)=X if be=X. On the other hand (X ? a : b) is a/b if a=0/b=0 or a=1/b=1 and X otherwise. However if(X) is always false. In many ways it is similar to the idea that clang has. It doesn't work very well for verilog, I doubt it will work well for clang.
06:20 Announcing Arti, a pure-Rust Tor implementation (Tor blog)
Sure, you need pyFoo == 1.33.1 (or whatever)
Meanwhile, pyFoo includes a big pile of native C (or Rust, or whatever) code that itself has other dependencies.
How are those dependencies and sub-dependencies handled? (The answer: Quite badly, as in "It only works on a specific Ubuntu point release." Go ahead, ask me how I know this)
These language-specific repositories are great, until they inevitably have to reach outside the language ecosystem. Then it's hack upon hack until suddenly the distro system library/dependency model doesn't look so bad after all. 06:20 Derived works 06:20 entrapment ?
https://www.abc.net.au/news/2021-06-15/no-one-in-america-...
So it appears that police are now cooperating internationally to evade local privacy laws. 06:20 GitHub is my copilot
That sounds like an important point to me. In particular, I don't see how it will get any better than the code it consumes.
The article identifies the valid problem that a lot of programming is "cranking out boilerplate code" and "copying and pasting code". The old-fashioned solution is to write libraries that can hide the boilerplate and frequently-copied-and-pasted code behind a well-designed easy-to-use API that can be reused by many projects. The library developer is likely to spend a relatively large amount of time thinking about their chosen area, and they provide a central point for collaborative testing and bug reporting and patching, which all helps to improve the quality of their code. The newer solution is to copy-and-paste from Stack Overflow, which has voting and comments and the ability to edit other people's posts, and it's far from ideal or consistent but at least those features are sometimes successful at letting the community improve the quality of answers to popular questions.
Copilot seems to lose all of those mechanisms that create a bias towards higher-quality code. Some of the code it consumes and produces will be good, some will be bad, but there's no way to tell the difference unless you're already an expert and/or spend a lot of time thinking about it (which is unlikely since you're using Copilot to save you from all that effort), and if you do spot any problems then there's no way to submit corrections to save other people from the same issues. Presumably most of the code generated by Copilot will be, on average, similar quality to the average input codebases; but then the natural state of any codebase is to fall in quality unless you actively fight against it, so the Copilot-generated projects will be worse than average, and then they'll be used as inputs for the next generation of Copilot, exacerbating the problem.
The old-fashioned solution of writing libraries is evidently not a good approach either, because it's often so painful to import libraries (especially if you're on Linux and the distros don't package it, or the API has changed and they packaged an old version, or if it's using an open source license that's incompatible with your project's, or if it's using a different build system, or if it has a bug you need to fix right now and can't wait for upstream, etc) and it's not worth bothering unless the library contains a very substantial amount of functionality that you'll use. There are good reasons why copy-and-paste is such a popular way to import small chunks of third-party code. But the solution should be to make it easier to put useful high-quality code into reusable libraries, and easier for people to find and use those libraries, not to encourage a form of copy-and-paste with even fewer quality controls. 06:20 Announcing Arti, a pure-Rust Tor implementation (Tor blog)
Rust libraries that wrap a C library usually come with a "build script" (build.rs) that is capable of downloading, configuring, building and linking the C library. This works very well in practice, and is not a hack at all. The cc library (https://crates.io/crates/cc) gives you a nice API to help with this. A lot of these Rust libraries also give you the option of using the system version of the library if you want.
If the C code itself has dependencies that aren't available on the system then that would get complicated. I haven't encountered this problem in my Rust work. If I did, I guess I'd probably choose a different library.
> suddenly the distro system library/dependency model doesn't look so bad after all.
No, the model where distros package all libraries simply doesn't work at all for me, and lots of other developers, for the reasons I mentioned. 06:20 Footguns
- inundate projects with oodles of warnings which they'll promptly disable anyways; and
But you'd have to ask the implementers for specifics if you want more. All I can say is that suggestions to do such things are not taken lightly on the implementer side at ISO C++ meetings.
Personally, I'd be fine with a warning level to such heights if just to show people how little they actually understand about C and C++ behaviors. Instead, we get monster threads like this one one a semiregular basis. 06:20 I have removed all my GitHub repos That's true; I can't prevent GitHub from slurping my code into its ML system. But I can express my disagreement with it, and I can stop using GitHub to ever so slightly reduce the network effect that makes it attractive in the first place.
06:20 Derived works
If you're doing that, I'd dare to say you've got a driver no one is interested in using because you're going to have to look at some code or documentation (that probably contains some code) at some point.
Anyways, `EXPORT_SYMBOL_GPL` isn't about "you saw the code, now you're tainted". It's about "if you use this symbol, it is our opinion that you are relying on Linux so much that you must be derivative". There's no need for anyone to have seen the Linux code for that to take effect. 06:20 EPEL-next 06:20 How would this work for books?
Normally, end state after they've converged is one where the discriminator can no longer tell the difference because the generator creates code which is so realistic.
Here we would have to invert things, with the discriminator driving the generator away from copyrighted training code. In this case, it's easiest path forward is to generate varying degrees of random spew that could never be considered copyrighted code.
One thing that's missed in all of this: there's zero evidence that *any* neural network understands the high-level structure of the code (or story text) that it's reading. It's only *assumed.* Meaning, there's absolutely no guarantee that the code it generates is any good. It will only be trying to pass off some randomly mixed combination of the training material to try and extend a pattern.
Until we can mechanically produce an objective score for code quality (fuzzing?), it's impossible to guide a neural network towards it. 06:20 GitHub is my copilot
And I would say that (and the expressivity of the model itself) will be a huge determinant of how useful it - ever - is. 06:20 GitHub is my copilot
I've never gotten the problem with Stack Overflow copying/pasting to solve low-level questions of "how do I use this function" and "what does this error mean and how do I fix it?". Even changing the culture to have more bits of reusable code seems unlikely to help. If we create millions more Lego bricks, people will still ask how to use the bricks they chose to create their version of a Millennium Falcon. 06:20 Planning the CentOS 8 endgame
I feel like I don't understand the word "fork" as it is being used here, could you elaborate? Is it just that the contents of the CentOS Stream repo are copied to the RHEL point release repo, and then the release happens immediately, or is there more development going on (as usually implied by the word "fork") after copying CentOS Stream to RHEL? 06:20 Development quote of the week 06:20 GitHub is my copilot 06:20 How would this work for books?Two objects may be adjacent in memory because they are adjacent elements of a larger array or adjacent membersof a structure with no padding between them, or because the implementation chose to place them so, even though they are unrelated. If prior invalid pointer operations (such as accesses outside array bounds) produced undefined behavior, subsequent comparisons also produce undefined behavior.
> However, the runtime can use the fact that their value may be the same
The
*That* would be game changer.
Is good code the norm today? I don't think so... perhaps in the future.
> And in this case the performance win could be significant, a lot of processing goes just into copies in some workloads.
Especially that there were already some backdoored packages found in, for example, NPM and PyPI, so the threat is very real.
Suppose that I'm converting my proprietary code to a Linux driver using Copilot or a similar system. Suppose that Copilot generates code that refers to symbols declared with EXPORT_SYMBOL_GPL. In that case the kernel would be preventing my code from loading based on a flawed premise that my code is a derived work of the kernel and should be licensed under GPL. How can my code be a derived work if I haven't even looked at the kernel sources? Could be an interesting discussion in LKML.
- compilers would become much slower in order to track and issue diagnostics for such things.
Hide
04:52 (All) DNS Resource Records
Comments
04:52 The Future of Computers: The Neighborhood and the Nursing Home
Comments
04:52 Restoring your privacy costs money, which makes it a marker of class
Comments
04:52 Public Suffix List
Comments
04:52 Let's Talk Collapse
Comments
04:52 Facebook drops funding for interface that reads the brain
Comments
04:52 New Generation Artificial Heart Implanted in Patient at Duke - First in U.S.
Comments
04:52 The Alexander: Why did you build such a long piano?
Comments
Hide
04:30 NASA: Moon 'Wobble' In Orbit May Lead To Record Flooding On Earth
An anonymous reader quotes a report from CBS News: Every coast in the U.S. is facing rapidly increasing high tide floods. NASA says this is due to a "wobble" in the moon's orbit working in tandem with climate change-fueled rising sea levels. The new study from NASA and the University of Hawaii, published recently in the journal Nature Climate Change, warns that upcoming changes in the moon's orbit could lead to record flooding on Earth in the next decade. Through mapping the National Oceanic and Atmospheric Administration's (NOAA) sea-level rise scenarios, flooding thresholds and astronomical cycles, researchers found flooding in American coastal cities could be several multiples worse in the 2030s, when the next moon "wobble" is expected to begin. They expect the flooding to significantly damage infrastructure and displace communities.
While the study highlights the dire situation facing coastal cities, the lunar wobble is actually a natural occurrence, first reported in 1728. The moon's orbit is responsible for periods of both higher and lower tides about every 18.6 years, and they aren't dangerous in their own right. "In half of the Moon's 18.6-year cycle, Earth's regular daily tides are suppressed: High tides are lower than normal, and low tides are higher than normal," NASA explains. "In the other half of the cycle, tides are amplified: High tides get higher, and low tides get lower. Global sea-level rise pushes high tides in only one direction -- higher. So half of the 18.6-year lunar cycle counteracts the effect of sea-level rise on high tides, and the other half increases the effect." But this time around, scientists are more concerned. With sea-level rise due to climate change, the next high tide floods are expected to be more intense and more frequent than ever before, exacerbating already grim predictions. The study says these floods will exceed flooding thresholds around the country more often, and can also occur in clusters lasting more than a month. "During curtain alignments, floods could happen as frequently as every day or every other day," the report adds. "Almost all U.S. mainland coastlines, Hawaii and Guam are expected to face these effects."
03:00 Intel Is In Talks To Buy GlobalFoundries For About $30 Billion
New submitter labloke11 shares a report from The Wall Street Journal: Intel is exploring a deal to buy GlobalFoundries (source paywalled; alternative source), according to people familiar with the matter, in a move that would turbocharge the semiconductor giant's plans to make more chips for other tech companies and rate as its largest acquisition ever. A deal could value GlobalFoundries at around $30 billion, the people said. It isn't guaranteed one will come together, and GlobalFoundries could proceed with a planned initial public offering. GlobalFoundries is owned by Mubadala Investment Co., an investment arm of the Abu Dhabi government, but based in the U.S. Any talks don't appear to include GlobalFoundries itself as a spokeswoman for the company said it isn't in discussions with Intel.
Intel's new Chief Executive, Pat Gelsinger, in March said the company would launch a major push to become a chip manufacturer for others, a market dominated by Taiwan Semiconductor Manufacturing Co. Intel, with a market value of around $225 billion, this year pledged more than $20 billion in investments to expand chip-making facilities in the U.S. and Mr. Gelsinger has said more commitments domestically and abroad are in the works.
01:30 China Is Pulling Ahead In Global Quantum Race, New Studies Suggest
An anonymous reader writes: When a team of Chinese scientists beamed entangled photons from the nation's Micius satellite to conduct the world's first quantum-secured video call in 2017, experts declared that China had taken the lead in quantum communications. New research suggests that lead has extended to quantum computing as well. In three preprint papers posted on arXiv.org last month, physicists at the University of Science and Technology of China (USTC) reported critical advances in both quantum communication and quantum computing. In one of the studies, researchers used nanometer-scale semiconductors called quantum dots to reliably transmit single photons -- an essential resource for any quantum network -- over 300 kilometers of fiber, well over 100 times farther than previous attempts. In another, scientists improved their photonic quantum computer from 76 detected photons to 113, a dramatic upgrade to its "quantum advantage," or how much faster it is than classical computers at one specific task. The third paper introduced Zuchongzhi, made of 66 superconducting qubits, and performed a problem with 56 of them -- a figure similar to the 53 qubits used in Google's quantum computer Sycamore, which set a performance record in 2019.
All three achievements are world-leading, but Zuchongzhi in particular has scientists talking because it is the first corroboration of Google's landmark 2019 result. "I'm very pleased that someone has reproduced the experiment and shown that it works properly," says John Martinis, a former Google researcher who led the effort to build Sycamore. "That's really good for the field, that superconducting qubits are a stable platform where you can really build these machines." Quantum computers and quantum communication are nascent technologies. None of this research is likely to be of practical use for many years to come. But the geopolitical stakes of quantum technology are high: full-fledged quantum networks could provide unhackable channels of communication, and a powerful quantum computer could theoretically break much of the encryption currently used to secure e-mails and Internet transactions.
01:30 Chrome Will Soon Let You Turn On An HTTPS-First Mode
On Wednesday, Google announced it will soon offer an HTTPS-first option in Chrome, which will try to upgrade page loads to HTTPS. "If you flip this option on, the browser will also show a full-page warning when you try to load up a site that doesn't support HTTPS," adds The Verge. From the report: HTTPS is a more secure version of HTTP (yes, the "S" stands for "secure"), and many of the websites you visit every day likely already support it. Since HTTPS encrypts your traffic, it's a helpful privacy tool for when you're using public Wi-Fi or to keep your ISP from snooping on the contents of your browsing. Google has been encouraging HTTPS adoption with moves like marking insecure sites with a "Not secure" label in the URL bar and using https:// in the address bar by default when you're typing in a URL. For now, this HTTPS-First Mode will be just an option, but the company says it will "explore" making the mode the default in the future. The HTTPS-First Mode will be available starting with Chrome 94, according to Google. Currently, that release is set for September 21st. And HTTP connections will still be supported, the company says. Google is also "re-examining" the lock icon in the URL bar. Google explains in a blog post: "As we approach an HTTPS-first future, we're also re-examining the lock icon that browsers typically show when a site loads over HTTPS. In particular, our research indicates that users often associate this icon with a site being trustworthy, when in fact it's only the connection that's secure. In a recent study, we found that only 11% of participants could correctly identify the meaning of the lock icon."
The company plans to swap the lock icon with a downward-facing arrow starting with Chrome 93. Though, the "Not Secure" label will still be shown for sites that aren't secure.
01:30 Facebook Engineer Abused Access To User Data To Track Woman That Left Him After a Fight, New Book Says
A Facebook engineer abused employee access to user data to track down a woman who had left him after they fought, a new book said. Business Insider reports: Between January 2014 and August 2015, the company fired 52 employees over exploiting user data for personal means, said an advance copy of "An Ugly Truth: Inside Facebook's Battle for Domination" that Insider obtained. The engineer, who is unnamed, tapped into the data to "confront" a woman with whom he had been vacationing in Europe after she left the hotel room they had been sharing, the book said. He was able to figure out her location at a different hotel.
Another Facebook engineer used his employee access to dig up information on a woman with whom he had gone on a date after she stopped responding to his messages. In the company's systems, he had access to "years of private conversations with friends over Facebook messenger, events attended, photographs uploaded (including those she had deleted), and posts she had commented or clicked on," the book said. Through the Facebook app the woman had installed on her phone, the book said, the engineer was also able to see her location in real time. Facebook employees were granted user data access in order to "cut away the red tape that slowed down engineers," the book said.
"There was nothing but the goodwill of the employees themselves to stop them from abusing their access to users' private information," wrote Sheera Frenkel and Cecilia Kang, the book's authors. They added that most of the employees who abused their employee privileges to access user data only looked up information, although a few didn't stop there. Most of the engineers who took advantage of access to user data were "men who looked up the Facebook profiles of women they were interested in," the book said. Facebook told Insider it fired employees found to have accessed user data for nonbusiness purposes.
00:52 On the evilness of feature branching
Comments
00:52 The Elements of Product Design
Comments
00:52 Algorithms for Cartographic Visualization (2012) [pdf]
Comments
00:52 Unexamined Life: The too many faces of Edward Said
Comments
00:52 Paradox Game Converters Collected on GitHub
Comments
00:52 Motion (YC W20) is hiring a lead fullstack engineer to change how we manage time
Comments
00:52 Learn Something Old Every Day
Comments
00:52 Canada to donate 17.7M AstraZeneca doses
Comments
00:52 How to unlearn a disease
Comments
00:52 My take on the study from MIT that predicts societal collapse
Comments
00:52 Intel in talks to buy GlobalFoundries for about $30B
Comments
Hide
00:51 CodeSOD: Just a Few Questions
Pete has had some terrible luck with the lead programmers he's worked with. He's had a few which are... well, they don't take feedback well. Like his current team lead, who absolutely doesn't let any of the other developers review or comment on his code. "Don't ask me questions, you should know this already," is a common refrain. Speaking of questions:
String q1 = form.getQ1()!=null?request.getParameter("question_" + form.getQ1().getId()):null;
String q2 = form.getQ2()!=null?request.getParameter("question_" + form.getQ2().getId()):null;
String q3 = form.getQ3()!=null?request.getParameter("question_" + form.getQ3().getId()):null;
String q4 = form.getQ4()!=null?request.getParameter("question_" + form.getQ4().getId()):null;
String q5 = form.getQ5()!=null?request.getParameter("question_" + form.getQ5().getId()):null;
String q6 = form.getQ6()!=null?request.getParameter("question_" + form.getQ6().getId()):null;
String q7 = form.getQ7()!=null?request.getParameter("question_" + form.getQ7().getId()):null;
String q8 = form.getQ8()!=null?request.getParameter("question_" + form.getQ8().getId()):null;
String q9 = form.getQ9()!=null?request.getParameter("question_" + form.getQ9().getId()):null;
String q10 = form.getQ10()!=null?request.getParameter("question_" + form.getQ10().getId()):null;
String q11 = form.getQ11()!=null?request.getParameter("question_" + form.getQ11().getId()):null;
String q12 = form.getQ12()!=null?request.getParameter("question_" + form.getQ12().getId()):null;
String q13 = form.getQ13()!=null?request.getParameter("question_" + form.getQ13().getId()):null;
String q14 = form.getQ14()!=null?request.getParameter("question_" + form.getQ14().getId()):null;
String q15 = form.getQ15()!=null?request.getParameter("question_" + form.getQ15().getId()):null;
Pete adds: "Note, this is only 15 lines of a file of his 2000 line file. This pattern is repeated for about 1900 lines. I guess he never learned about loops or arrays."
Hide
00:00 TSMC Looking Into Expanding Chip Manufacturing In US, Building Fab In Japan
phalse phace shares a report from Reuters: During an analyst call for Taiwan Semiconductor Manufacturing Co Ltd's quarterly earnings, TSMC chairman Mark Liu signaled that they are looking into building new factories in the United States and Japan. "TSMC said it will expand production capacity in China and does not rule out the possibility of a 'second phase' expansion at its $12 billion factory in the U.S. state of Arizona." Furthermore, "the CEO on Thursday revealed TSMC is currently conducting 'due diligence' on whether to build a fab in Japan, which would mark a strategically important geographic expansion for the chipmaker. Any Japan fab will be for "specialty technology" -- a term that usually refers to mature node chips that serve specific or niche markets, Liu said, adding that there is no final decision yet."
00:00 A New Tool Shows How Google Results Vary Around the World
Search Atlas makes it easy to see how Google offers different responses to the same query on versions of its search engine offered in different parts of the world. From a report: The research project reveals how Google's service can reflect or amplify cultural differences or government preferences -- such as whether Beijing's Tiananmen Square should be seen first as a sunny tourist attraction or the site of a lethal military crackdown on protesters. Divergent results like that show how the idea of search engines as neutral is a myth, says Rodrigo Ochigame, a PhD student in science, technology, and society at MIT and cocreator of Search Atlas. "Any attempt to quantify relevance necessarily encodes moral and political priorities," Ochigame says. Ochigame built Search Atlas with Katherine Ye, a computer science PhD student at Carnegie Mellon University and a research fellow at the nonprofit Center for Arts, Design, and Social Research.
Just like Google's homepage, the main feature of Search Atlas is a blank box. But instead of returning a single column of results, the site displays three lists of links, from different geographic versions of Google Search selected from the more than 100 the company offers. Search Atlas automatically translates a query to the default languages of each localized edition using Google Translate. Ochigame and Ye say the design reveals "information borders" created by the way Google's search technology ranks web pages, presenting different slices of reality to people in different locations or using different languages.
23:41 Sea walls might just make floods someone else's problem, study suggests
As sea levels rise, our defenses against flood damage might not work as planned
23:41 US cracks down on Fulfilled by Amazon, citing sale of 400,000+ hazardous items
Amazon shipped hair dryers with electrocution risk and CO detectors that don't work.
23:41 For years, a backdoor in popular KiwiSDR product gave root to project developer
Users are rattled after learning their devices and networks were exposed.
23:41 Review: Loki's surprising twists paid off with a major cliffhanger finale
Marvel also announced a second season for the series in post-credits snippet
Hide
22:30 US Cracks Down On 'Fulfilled By Amazon,' Citing Sale of 400K Hazardous Items
An anonymous reader quotes a report from Ars Technica: The US Consumer Product Safety Commission (CPSC) yesterday filed a complaint against Amazon over the sale of hundreds of thousands of hazardous products, including carbon monoxide detectors that fail to detect carbon monoxide, hair dryers without required protection from shock and electrocution, and flammable sleepwear meant for children. The CPSC said it sued Amazon to "force [the] recall" of the dangerous products. While Amazon has halted sales of most of them already and issued refunds, the CPSC said it isn't satisfied with how Amazon notified customers and said the industry giant must do more to ensure that the faulty products are destroyed. The dangerous products were offered by third parties using the "Fulfilled by Amazon" (FBA) program, in which Amazon stores products in its warehouses, ships them to customers, and takes a sizable cut from the proceeds. The CPSC's administrative complaint alleges that Amazon hasn't taken enough responsibility for dangerous third-party products that it ships via FBA.
The complaint didn't mention any specific incidents of injury but said the evidence supporting the charges includes "lawsuits concerning incidents or injuries involving various consumer products identified in the Complaint." It also said that CPSC staff tested the products and found that they don't meet safety requirements. Products that don't meet these requirements pose a substantial risk of injury or death to consumers, the agency said. The CPSC said its complaint "seeks to force Amazon, as a distributor of the products, to stop selling these products, work with CPSC staff on a recall of the products, and to directly notify consumers who purchased them about the recall and offer them a full refund." In a statement provided to Ars, Amazon said it has already removed the "vast majority" of the products from its online store, notified customers, and provided refunds. Amazon alleged that the CPSC hasn't provided enough information about the remaining products. Amazon's full statement reads: "Customer safety is a top priority and we take prompt action to protect customers when we are aware of a safety concern. As the CPSC's own complaint acknowledges, for the vast majority of the products in question, Amazon already immediately removed the products from our store, notified customers about potential safety concerns, advised customers to destroy the products, and provided customers with full refunds. For the remaining few products in question, the CPSC did not provide Amazon with enough information for us to take action and despite our requests, CPSC has remained unresponsive. Amazon has an industry-leading recalls program and we have further offered to expand our capabilities to handle recalls for all products sold in our store, regardless of whether those products were sold or fulfilled by Amazon or third-party sellers. We are unclear as to why the CPSC has rejected that offer or why they have filed a complaint seeking to force us to take actions almost entirely duplicative of those we've already taken."
22:30 Pilot Sues Delta For $1 Billion Claiming the Airline Stole Crew App
Delta Air Lines was sued for more than $1 billion by one of its own pilots, who claims he developed a text-messaging app for flight crews that the airline stole and used as the basis for its own app. Bloomberg reports: Captain Craig Alexander sued Atlanta-based Delta for trade-secrets theft in Georgia state court on Monday. He claims he spent $100,000 of his own money to develop his QrewLive app, which he pitched to the airline as a way to address crew communication snafus after disrupted flights. Delta turned him down but went on to launch its own identical tool, he claims. Delta "stole like a thief in the night" and defrauded its own loyal employee, Keenan Nix, a lawyer for Alexander, said Wednesday in an interview. He said Alexander, an 11-year veteran at the airline, was flying a Delta 757 "as we speak."
A five-hour power outage that resulted in hundreds of flight cancellations in August 2016 cost Delta more than $150 million. The pilot said in the suit he emailed Chief Executive Officer Ed Bastian at the time saying "he had a 'solution.'" Bastian allegedly responded promptly and referred Alexander to the company's new chief information officer. Bastian and the CIO, Rahul Samant, are both named in the suit, along with four other Delta executives. Alexander claims he had several positive meetings with the airline in 2015 and 2016 in which executives made clear they were interested in acquiring his app. But Delta eventually cut off discussions and then launched its own crew app in April 2018, called Flight Family Communications. "'FFC' is a carbon copy, knock-off of the role-based text messaging component of Craig's proprietary QrewLive communications platform," Alexander said in his suit.
The pilot noted in his suit that Bastian and Samant have both bragged to investors that the app has smoothed operations. In describing the damages he's seeking, Alexander said the value of the technology, "based solely upon operational cost savings to Delta, conservatively exceeds $1 billion." Alexander is also seeking punitive damages against Delta. "To add insult to theft and injury, Captain Craig Alexander must use his stolen QrewLive text messaging platform every day while he works for Delta," the suit claims. "Each time he looks at the FFC app, he is painfully reminded that Delta stole his proprietary trade secrets, used them to Delta's enormous financial benefit." "While we take the allegations specified in Mr. Alexander's complaint seriously, they are not an accurate or fair description of Delta's development of its internal crew messaging platform," said Morgan Durrant, a Delta spokesperson.
21:43 It's not just you Spotify is down
What's a streaming service without streaming?
21:43 OnePlus Nord 2 is pulling camera tech from the OnePlus 9 and Oppo Find X3 Pro
Camera hardware is half of the equation, but will OnePlus bring the other half?
21:43 Nintendo announced the pre-order date for the Switch OLED, and it's today
You can expect pre-orders to be difficult to nab, so get your F5 key ready.
21:43 Honor announces launch date of the Magic 3 series, hints at large camera sensor
This is very likely the phone the company previously hinted as coming with a Snapdragon 888 processor.
21:43 Microsoft reveals some Windows 365 pricing, isn't too far off from competitors
As one would expect, the pricing tiers are based on computer hardware: the more power you need, the more you'll pay.
21:43 Save 30% on the Roku Ultra, and more cheap Roku deals
Kohl's has a sale on some top Roku devices right now, including the chance to get the Roku Ultra for just $69.99.
21:43 Steam Deck revealed: Handheld gaming PC from Valve lets you game anywhere
Ever wished your Nintendo Switch had your entire Steam library? Boy, do we have news for you.
21:43 Samsung Galaxy S8 gets a new security update, but that's not supposed to happen
The Galaxy S8 is officially an unsupported device, but Samsung is just oh so extra.
21:43 Xiaomi becomes second-largest smartphone OEM, according to one analyst firm
Assuming other analysts confirm this, Apple would then become the third-largest globally.
21:43 Here's how to pre-order your Steam Deck (it's a bit complicated)
The fact that this will be complicated is good, as it might mean scalpers won't take them all.
21:43 Leaked Samsung Galaxy Watch 4 chipset info (Update: Storage info, too)
UPDATE: It looks like the Galaxy Watch 4 could come with more storage than any other Samsung wearable before it.
21:43 Save 43% on the Logitech G613 Lightspeed, and more wireless keyboard deals
The Logitech G613 Lightspeed is a great option for a wireless mechanical gaming keyboard and is 43% off right now.
Hide
21:00 Soldiers Angrily Speak Out about Being Blocked from Repairing Equipment by Contractors
Matt Stoller: Louis Rossmann is an important YouTube personality who talks about, among other things, the fact that big firms block their customers from repairing equipment so they can extract after-market profits with replacement parts. And he's very much noticed the Biden executive order, which calls for agencies to curtail this practice (as well as the FTC report on it). Rossmann did a series of videos on this order, one of which focused on the order calling for the Pentagon to stop contracting with firms that block soldiers from being able to repair equipment. He cited Elle Ekman's New York Times piece from 2019 on the problem. What's even more interesting than the video are the comments on it, from soldiers angry that they keep encountering this problem in the field. I pulled some of them and published them here.
21:00 Tech Workers Who Swore Off the Bay Area Are Coming Back
Critics said the pandemic would make the industry flee San Francisco and its southern neighbor, Silicon Valley. But tech can't seem to quit its gravitational center. New York Times: The pandemic was supposed to lead to a great tech diaspora. Freed of their offices and after-work klatches, the Bay Area's tech workers were said to be roaming America, searching for a better life in cities like Miami and Austin, Texas -- where the weather is warmer, the homes are cheaper and state income taxes don't exist. But dire warnings over the past year that tech was done with the Bay Area because of a high cost of living, homelessness, crowding and crime are looking overheated. Mr. Osuri [Editor's note: anecdote in the story who is the chief executive of Akash Network] is one of a growing number of industry workers already trickling back as a healthy local rate of coronavirus vaccinations makes fall return-to-office dates for many companies look likely.
Bumper-to-bumper traffic has returned to the region's bridges and freeways. Tech commuter buses are reappearing on the roads. Rents are spiking, especially in San Francisco neighborhoods where tech employees often live. And on Monday, Twitter reopened its office, becoming one of the first big tech companies to welcome more than skeleton crews of employees back to the workplace. Twitter employees wearing backpacks and puffy jackets on a cold San Francisco summer morning greeted old friends and explored a space redesigned to accommodate social-distancing measures.
20:52 California breaks 1 GW energy storage milestone
Comments
20:52 Show HN: Pay It Forward - P2P Crowdfunding for African Entrepreneurs
Comments
20:52 A Kind of Packaged Aging Process
Comments
20:52 K: War on Raze
Comments
20:52 Launch HN: Coinrule (YC S21) - Automated Trading Made Easy
Comments
20:52 Is This Prime?
Comments
20:52 Prison Memoirs of a Japanese Woman (1926)
Comments
20:52 Analyzing the legal implications of GitHub Copilot
Comments
20:52 Hello, Video Codec
Comments
20:52 Ophelia (YC W20) Is Hiring a Product Designer
Comments
20:52 Farm - an experiment in distributed peer-to-peer computing
Comments
20:52 California approves $35M plan for nation's first state-funded UBI
Comments
20:52 Zig, Skia, Clojure, Geometry and the Japanese TV Show: ICFP Contest 2021
Comments
20:52 Online ID / age verification: the death of online search
Comments
20:52 Soldiers speak out about being blocked from repairing equipment by contractors
Comments
20:20 Ownership and lifetimes
I may be misremembering, but didn't some platforms not provide a way to tell? That would require the compiler to emit manual checks for every possible overflowing operation in order to guarantee *a* behavior. This would also mean that optimizing to, e.g., FMA instructions is basically impossible because if the intermediate ops overflow, that needs to be handled as well.
But if there are no platforms that lack an "overflow happened" flag...meh.
20:20 Planning the CentOS 8 endgame
We see about a million EL 6 systems looking for EPEL updates every day -- that's twice the number of EL 8 systems (and half of EL 7).
20:20 I have removed all my GitHub repos
Given the legal uncertainty around Copilot, as well as my gut feeling that it's simply a really terrible idea, I've removed all my GitHub repos and moved everthing to a self-hosted Gitea instance. I've put stub repos up on GitHub that point to the real repos because (unfortunately) GitHub has become pretty important for discovering software projects.
I'll miss certain GitHub features, especially the CI/CD framework, but I've cobbled together a workable replacement for that with self-hosted Buildbot.
20:20 Footguns
> Because you're writing to a memory location that you previously declared to be const.
But I know it's on stack and stack is not const! > Why would you expect sane results when you do things that are so obviously not sane?
Because to me they look sane. The exact same way I know that if you overflow Why one thing would be supported, while other wouldn't be?
> And in fact this code requires a cast, which is a pretty clear signal by the compiler that you're doing something fishy.
Well... in C you couldn't eve call As you wanted: no casts, no And yes, I know, there are UB, too. But that's exactly the point: you can't optimize anything in C unless you would declare some subset of syntactically correct C improper and not allowed. And that is where all attempts to imagine The problem is: there are no C or C++ community. Just lots of people who don't really talk to each other. Even here: you don't even try to understand the point which these program illustrating. Instead you are attacking me as if I'm proposing to write code like that. Thus, as I have said: there would be no 20:20 Planning the CentOS 8 endgame 20:20 I have removed all my GitHub repos 20:20 I have removed all my GitHub repos 20:20 Planning the CentOS 8 endgame
Sooooo, I can't help with the rest very much, but I think I can probably provide clarity here (because the situation seems perfectly clear to me). What would you like to know? 20:20 Planning the CentOS 8 endgame 20:20 Security quotes of the week 20:20 Security quotes of the week
Then you just don't support it and put a notice for it. In this case, the safety of users is worth more than supporting their old versions by giving them a false sense of security. It's not uncommon even for non-critical products. 20:20 Security quotes of the week 20:20 Planning the CentOS 8 endgame
2021-31-12: CentOS 8.5 ceases to be updated. There is no CentOS 9 or ongoing.
A core of CentOS people (primarily IBM/Red Hat employees) continue to work on CentOS Streams 8 / 9 ... which form part of RHEL 8.6 ..., RHEL 9 and so on.
There are today a bunch of CentOS SIGs - some of which appear to overlap with Fedora SIGs - all of which are presumably based on CentOS 8 non-Streams. What happens to those, proportionately, smaller communities?
CentOS Streams is a more open process for contribution to what becomes Red Hat but what's in it for the wider community 20:20 Firefox 90 released 20:20 I have removed all my GitHub repos
In the EU text and data mining is legal for public data, this is pretty much unambiguous (copyright status of the model/output of the model is not 100% clear on the other hand yet, but Julia Reda makes excellent arguments as always) - whether it is hosted on Github, Gitlab, your own server in your basement that definitely won't get hacked and used to mount supply-chain attacks on your users, a mailing list, or any other forge. 20:20 Planning the CentOS 8 endgame
This is inaccurate. We have had great success with RHEL upgrade tools 6->7->8 (8->9 planned)
A lot of effort has gone into identifying the many changes that occur between the deltas of the major releases. There is a lot that happens in the rpm scriptlets in upstream Fedora packages but gets lost as Fedora only tracks N-2. So this tooling does a LOT of clean up and fixes to accommodate for all of that. There is much involved beyond updating RPMS, and these tools take care of it.
For CentOS Stream -> RHEL, the issue is it introduces the possibility of package downgrades, which are known to be very problematic, regardless of the distribution or package manager. Again, package manager scriptlets are typically not idempotent or reversible. For lots of user space packages, it might not be an issue. But for some, such as a significant version upgrade, the installation scriptlets might make significant changes that are not accounted for during the downgrade. And with critical packages such glibc, rpmdb, or openssl, there is potential for system corrupting results. We have seen this in support cases when users have tried to downgrade RHEL minor releases to revert back and resulted in very painful experiences.
Because CentOS Stream is forward looking RHEL, it raises concern that for some packages, it could result in package downgrade scenarios similar to a RHEL 8.4->8.3 downgrade. So we cannot in good faith say, "here's a tool to convert it for you." We are exploring this and would like to do it in the future and have done some proof of concept testing, but we need to monitor this more closely to understand if this can be done in a safe, supportable manner. It is absolutely NOT because we are ignoring it. There are simply dragons lurking below.
Hope this helps! 20:20 Footguns
Then why won't the compiler stop me? That is also a sane behavior in the face of such code, but we can't have that either apparently. 20:20 GitHub is my copilot
Oh great, HAL9000 read reams of PHP code and that is what turned him insane. 20:20 GitHub is my copilot
Do we need ERB approval to experiment on robots? Asking for a friend. ;) 20:20 GitHub is my copilot 20:20 Ownership and lifetimes
If you do not know which platform your code will run on, you can still be not sure what the result of x+100 is in case of overflow, but you can at least be sure what (x+100)&0 is. And you can be sure that if you do an assertion x+100>x to test for an overflow that the assertion is not optimized away. Ok, it can be optimized away of the compiler can prove that there is not overflow, but this is no problem. 20:20 Footguns
But that would cause old code to *gasp* Not Compile. No, we can't have that, because fixing this problem requires amending the standard so that programmers can tell the compiler what they mean.
Apparently, though, the compiler is by definition the all-knowing oracle which, by following The Holy Standard, is able to understand all by itself what a program may or may not mean. Thus actually telling it to behave differently is thus Abject Blasphemy, and amending the standard to afford such horrors would thus be Vile Heresy.
... or so it seems to me.
Prove me wrong. 20:20 Planning the CentOS 8 endgame
> 2021-31-12: CentOS 8.5 ceases to be updated. There is no CentOS 9 or ongoing.
So, this seems pedantic, but it's the Official CentOS Terminology: "CentOS 8.5" is actually "CentOS Linux 8.5" -- CentOS being the project and CentOS Linux being the distro. (Just like it's "RHEL 8.5", not "Red Hat 8.5").
CentOS never actually maintained distinct CentOS Linux point releases -- in RHEL, you can get support for (some -- search for "RHEL EUS") minor point releases. In CentOS Linux, it's always been the case that once a RHEL minor update has been rebuilt, it gets rolled into the distro. This may also sound pedantic, but it's also kind of important, and it's better therefore to say "CentOS Linux 8 ceases to be updated" rather than specifying a point version.
There won't be a CentOS Linux 9, but there will be a CentOS Stream 9.
> A core of CentOS people (primarily IBM/Red Hat employees) continue to work on CentOS Streams 8 / 9 ... which form part of RHEL 8.6 ..., RHEL 9 and so on.
I'm going to break this one down into several parts....
1. Red Hat is continuing to operate as a separate company that happens to be owned by IBM. Like, previously there were shareholders and now there is IBM. So, "IBM/Red Hat employees" is really less clear than just "Red Hat employees", because non-RH IBMers aren't involved.
2. The folks who are paid to work on CentOS engineering by Red Hat are part of the "Community Platform Engineering" team. This is the same group of people who work as part of Red Hat's contribution to the community on Fedora infrastructure and release engineering. Notably, they're not part of packaging or software-that-goes-in-the-OS development teams. Those people will continue to work in that group on CentOS and Fedora infra and releng.
3. With previous versions of RHEL, once RHEL forked off from Fedora, development of RHEL happened all inside Red Hat with no transparency until beta release, then secret internal development again and then a final release. That development was done by hundreds of people working in RHEL engineering. Then, after the public release, maintenance and development work again happened all "inside". With CentOS Stream, those hundreds of people are now going to do that same development work as part of CentOS directly. (This plays into the SIG answer a bit below.)
4. Pedantic again, but: note "CentOS Stream" not "Streams". I didn't name it. :)
5. Anyway, yeah: package updates accepted for upcoming RHEL point releases will go into CentOS Stream as soon as they are ready rather than waiting for a point release. Then, RHEL point releases will be assembled as forks from CentOS Stream.
> [Rocky/Almalinux/Springdale take RHEL point releases and repackage as far as they can for as long as they can - one or more of which will probably vanish in due course as history repeats itself.]
Point releases and of course also the stream of errata that comes along.
> There are today a bunch of CentOS SIGs - some of which appear to overlap with Fedora SIGs - all of which are presumably based on CentOS 8 non-Streams. What happens to those, proportionately, smaller communities?
Generally, they'll continue. A lot of them were actually Red Hat's development teams taking off their Red Hats to get their work done in the public. With Stream, I think some of that will be more obvious but otherwise unchanged.
I'm very interested in, where there is overlap, building more cooperation between CentOS SIGs and equivalent Fedora groups. There's a new automotive IoT effort underway which I hope will provide a good model here.
> CentOS Streams is a more open process for contribution to what becomes Red Hat but what's in it for the wider community
It depends what you mean by "the wider community". I think more transparency around RHEL is generally great for the RHEL user community. And for many (I personally think MOST users, but we'll see) I think it's a straight-up improvement to have access to errata as they are produced rather than the CentOS Linux situation where updates basically pause for a month while a minor-update drop is figured out twice a year. For people who want a no-strings-attached free RHEL-like operating system, CentOS Stream can be a great option. And if you have a patch or something that might be appropriate for RHEL, you now have a path to collaborate with RHEL engineering that was previously only available to big customers via internal processes.
For people who really want to have direct influence into shaping the distro fundamentally, the answer is still Fedora.
> (and how do you keep RPMFusion / EPEL etc. able to work for everyone including Rocky/Almalinux - the world seems dependent on these third party repositories) ?
I think this problem is vastly over-worred-about. Everything that's going into CentOS Stream still has the same compatibility goals as RHEL itself, and the change in CentOS Stream won't be more than the change seen in minor RHEL releases (which, remember, are rolled into "classic" CentOS Linux).
In the old model, when a RHEL point release drops, there might be some minor incompatibilies with the previous point release necessitating updates in EPEL or third party repositories. But CentOS Linux doesn't update in lockstep, so what do you do? Wait until CentOS Linux updates, or rebuild immediately for the new RHEL minor release and now your packages won't install on CentOS Linux? This is the exact same problem as with CentOS Stream and RHEL except in reverse. The only real difference is that now we have people concerned about it so we're developing solutions (like EPEL Next).
...
Does any of this help? :) 20:20 Planning the CentOS 8 endgame 20:20 Footguns 20:20 GitHub is my copilot
Microsoft owns Github. Will they be willing to retrain Copilot, using large portions of the proprietary Microsoft code base as training data? That should help developers produce better Windows-compatible software, right, and if it's fair use to use any GPL chunks of software that might be emitted verbatim, shouldn't it be the same for their own code? And will they then specifically disclaim any proprietary interest in the output? They could lead by example if that's what they want to do.
20:20 Ownership and lifetimes If such platforms exist and need to be cared about (like you, I'm not sure if they did, or did not), an easy solution would be to make the behaviour of signed integer overflow unspecified, rather than undefined.
In the C language spec, there are four groups of behaviour (from strongest definition to weakest):
If signed integer overflow became unspecified, such that the result of a signed integer overflow could be any integer value, then we're in a much better place. The compiler can just use the machine instruction (assuming it doesn't trap), and we don't have the pain where the compiler goes "well, if this is signed overflow, then behaviour is undefined, ergo I can assume it's not, ergo I can optimise out a check"; instead, signed overflow has to produce an integer, but which integer is not known by the code author.
20:20 I have removed all my GitHub repos I somehow doubt GitHub would scrape repos they don't host. And if they do, I can block them.
20:20 Footguns
const isn't only there to set the relevant pages read-only, it also allows things like constant folding. So I think it's reasonable to make it UB when you try to write to a location that is marked const, whether or not it is static.
> Because to me they look sane. 20:20 Footguns 20:20 Ownership and lifetimes This is all well and good, but this requires some form of consensus.
And in C/C++ world discussions are just not happening. Why have the coveted pointer provenance proposals were not incorporated into standard in 15 years (and counting)?
Because not even C/C++ compiler writers can agree with each other. -std=friendly-c proposal had the exact some fate.
And when someone tries to resolve the issue by starting from scratch... the end result is D, Java, C# or Rust... never a friendly C...
Rust is just the first such new C language which is low-level enough to actually be usable for all kinds of usages. Starting from lowest-level just above assembler.
20:20 Footguns And that's how we end up with bazillion incompatible friendly C proposals which would never be implemented.
Because none of them would even reach written spec stage... and you need it before an actual implementation stage.
20:20 Announcing Arti, a pure-Rust Tor implementation (Tor blog) This is trivially true, since one of the goals of Rust is to make it difficult or impossible to express some kinds of bugs. Greater expressivity is desirable only to the extent the things you're expressing are themselves desirable. Adding lots of foot guns makes the language more expressive, but in a way that's likely to make the final output worse rather than better.
20:20 How would this work for books?
20:20 Planning the CentOS 8 endgame 20:20 Planning the CentOS 8 endgame
Other SIGs are also building for Stream already, you can see the full list on CBS, which where the actual builds happen: https://cbs.centos.org/koji/search?terms=*8s*&type=ta...
EPEL as-is works out of the box on Stream for the vast majority of packages. For the ones where that's not the case, there's EPEL Next: https://fedoraproject.org/wiki/EPEL_Next 20:20 Planning the CentOS 8 endgame
Thanks also for the clarification on downgrade being even more difficult - I think we're in ferocious agreement here :) 20:20 Planning the CentOS 8 endgame
(I'm the CentOS Community Manager, and chaired the meeting yesterday. Watch the centos-devel mailing list over the coming days for a draft of our detailed plan, including the above point.) 20:20 entrapment ? The anom stuff is sneaky and underhanded, but it isn't entrapment. Entrapment is inducing people to commit a crime they otherwise wouldn't have committed. Using a service like anom isn't illegal, at least in the USA, but the activities the criminals discussed there absolutely are. If I were to make an argument about this, it's that the FBI shouldn't have been able to monitor people's communications through anom without a warrant.
20:20 I have removed all my GitHub repos
Not if it's open source (or free software) you can't. Anyone can redistribute any FOSS code to anyone else, as long as they preserve license terms. If (as GitHub argues) feeding code into an ML model does not infringe copyright, then there is no legal mechanism to prevent GitHub from acquiring whatever FOSS code they want, by whatever means they want, and feeding it into the model. The only way around this is to move to proprietary licensing with a "thou shalt not redistribute to GitHub" term. But I doubt you actually want to do that. 20:20 How would this work for books? There are already automatic plagiarism detection programs. It would be easy enough to run one on the output of the assistant to catch any plagiarism. You could even build plagiarism detection into the assistant so it would never spit out something that was deemed to be plagiarism in the first place. The plagiarism detector would have access to the training library for the assistant, which is the logical library to use when looking for plagiarism in its output.
20:20 Planning the CentOS 8 endgame 20:20 How would this work for books?
https://towardsdatascience.com/the-most-important-supreme... 20:20 Planning the CentOS 8 endgame
I don't feel like there's any lack of clarity in what happens to the SIGs and where the overlap is with Fedora, but I would be glad to answer any questions you have about those topics. 20:20 How would this work for books? 20:20 GitHub is my copilot
Bring on the machines, I suppose. Can't stop them anyway. 20:20 Planning the CentOS 8 endgame 20:20 Signal 20:20 I have removed all my GitHub repos 20:20 Planning the CentOS 8 endgame
#include
So, the bottom line, IMO, is that Kaspersky was cheap and hired someone who shouldn't be writing this kind of software (at least not yet, I'm not really judging the person but their current skills, which can always grow).
[Rocky/Almalinux/Springdale take RHEL point releases and repackage as far as they can for as long as they can - one or more of which will probably vanish in due course as history repeats itself.]
(and how do you keep RPMFusion / EPEL etc. able to work for everyone including Rocky/Almalinux - the world seems dependent on these third party repositories) ?
[Although Fedora folk kindly contribute EPEL, it's not designed to work with vanilla Fedora or with Streams - either too fast moving or volatile - the clue is in the name.]
The W3C is working on a robots.txt spec to standardize opt-out, which non-charity-status orgs doing scraping are bound to observe: https://www.w3.org/community/tdmrep/
> I've always been amazed that there was no procedure for stable updates between
> major versions for CentOS and none for Red Hat until very recently: the advice
> was always "wipe and reinstall" On IRC, I was advised that there would be no
> way to move from CentOS Streams to RHEL.
- https://access.redhat.com/documentation/en-us/red_hat_ent...
- https://access.redhat.com/documentation/en-us/red_hat_ent...
> [Although Fedora folk kindly contribute EPEL, it's not designed to work with vanilla Fedora or with Streams - either too fast moving or volatile - the clue is in the name.]
On the other hand, he continues, systems like Copilot offer the prospect of training models with proprietary code and using the result without worries of being tainted.
Well, your example doesn't look sane to me 🤷🏻 ️
It does, unless you explicitly tell it not to by casting away const.
> Well, your example doesn't look sane to me 🤷🏻 ️
C++ can express abstractions that Rust (still) cannot.
Hopefully that will not be the case. I'm almost certain it won't if they stick to drivers where you can have most covered by a small development team.
Or simply put the message in a DNF plugin that is in a signed RPM. As a one-off, no need to develop an elaborate system.
Hide
19:30 An AI Model of Anthony Bourdain's Voice Says Lines He Never Uttered in New Documentary
A new documentary film has harnessed artificial intelligence to artificially voice quotes from its subject, the late Anthony Bourdain. From a report: Details of the dubious decision are outlined in a piece in The New Yorker, and raise a heap of uncomfortable questions about whether or not it's ethical to put words in the mouths of the deceased, whether or not they penned them during their life. The lines appear in filmmaker Morgan Neville's new documentary, Roadrunner, when an email from Bourdain is initially read by the recipient, but the audio then transitions into Bourdain's own voice.
19:30 US Offers $10 Million Reward for Info on State-Sponsored Hackers Disrupting Critical Infrastructure
The US State Department has announced today its intention to offer rewards of up to $10 million for any information that helps US authorities identify and locate threat actors "acting at the direction or under the control of a foreign government" that carry out malicious cyber activities against US critical infrastructure. From a report: Today's announcement comes after the US has seen an increase in cyber activity targeting its critical infrastructure sectors, including a spike in ransomware incidents. Some of these attacks, such as those on JBS Foods and Colonial Pipeline, impacted US food and fuel supply for days, even creating a small panic among the US population in certain areas. Many cyber-security companies and industry experts have blamed Russia, accusing the Kremlin of tolerating and allowing these gangs to operate from its borders on the condition they don't attack Russian organizations. Other gangs have been seen operating from China, Iran, and North Korea.
Through its announcement today, the State Department is looking for proof that these gangs are operating with some sort of help or guidance from local regimes. The reward is offered through the State Department's Rewards for Justice (RFJ) program, the same system through which the US previously offered a $5 million reward for info on North Korean state-sponsored hackers and a $10 million reward for information on any state-sponsored hackers meddling in US elections.
19:30 Valve Launches Steam Deck, a $400 PC Gaming Portable
A new challenger has emerged in the gaming hardware category. Game distribution giant Valve today announced the launch of Steam Deck, a $399 gaming portable designed to take PC games on the go. From a report: The handheld (which has echoes of several portable gaming rigs of years past) features a seven-inch screen and runs on a quad-core Zen 2 CPU, coupled with AMD RDNA 2 graphics and 16GB of RAM. Storage runs 64GB to 512GB, the latter of which bumps the price up to $649. The built-in storage can be augmented via microSD.
[...] Flanking the 1280 x 800 touchscreen are a pair of trackpads and thumb sticks. A built-in gyroscope also uses movement to control the gaming experience. There's a single USB-C port for charging, peripherals and connecting to a big screen, while a 40Wh battery promises between 7-8 hours of gameplay, by Valve's numbers.
18:51 Feeding the machine: We give an AI some headlines and see what it does
In part two of our series, we attempt to learn the ways of the machine.
18:51 Nintendo's OLED model Switch estimated to cost just $10 more to produce
Top-end model costs $50 more to buy; standard Switch price hasn't dropped in 4+ years.
18:51 OnePlus cancels the base-model OnePlus 9 Pro, will only sell a $1,069 version
OnePlus' choice to not sell $969 version effectively marks a $100 price increase.
18:51 Facebook advertisers are panicking after iOS cuts off key tracking data
Facebook's ads aren't as effective after iOS privacy changes, advertisers say.
18:51 TSMC signals global chip crunch may be easing
Semiconductor group says carmakers can expect upturn in supplies over coming weeks
18:51 Steam Deck is Valve's Switch-like portable PC, starting at $399 this December
Preorders kick off on July 16, but you'll need an older Steam account.
18:51 Nintendo's OLED Switch goes up for preorder todayhere's where to get one
Orders confirmed to start at 12pm PT/3pm ET. Here's what to know before you buy.
18:51 Facebook Pay extends its reach later this summer
August's expansion is Facebook Pay's first step out of the Facebook ecosystem.
18:51 LG's rollable TV costs 50 times as much as a normal OLED
Apart from the rolling feature, it's almost identical to an LG CX or C1.
18:51 Feds arrest CA homeopath for selling COVID pellets, fake CDC vaccine cards
Homeopath: "It is like an energy medicine... made from the disease particles themselves."