I had enough colleagues unable to type exactly what they asked me into whatever search engine they preferred to accept your statement. If you don’t know how to use a search engine go ask for another job.
“Hey pancake, how do I run all tests via gradle?”
Open your browser, head to Google and type “run all tests in gradle”
“And then we waited to see who, if anyone, would give a shit,” she said.
MacFarlane concluded, "Our elegant approach didn’t work, so we hired a Perl hacker to go dig up the personal details on all 38 accounts that had ever upvoted a Haskell post, and the only one we didn’t know was Seth Briars.
It just irritates the fuck out of me when people write an obvious swear word but either omit letters or “censor” them with eg. *, like that somehow makes it not swearing even though EVERYBODY KNOWS WHAT THAT FUCKING WORD IS.
Either don’t swear if you think it’s so bad, or just write the naughty words out instead of pretending “f*ck” isn’t a bad evil naughty word because you hid one letter like a fucking mentally deficient child.
inb4 they wait until his last day then roll back the changes because functional code/unauthorized changes are against company policy and actually they need that bug to slow down the user so they don’t click so fast the database crashes.
Worked on a project where devices just magically froze, but only during the month of February!
Turned out the people who had written the firmware had decided to do their own time math to save space and had put in an exception in the code for leap year values. Except instead of February 29th, it kicked in for the whole month. And the math was wrong so you ended up with negative values.
The product was due for launch in March of that year and was headed to manufacturing. It was by sheer luck that someone ran a test on February 1st and caught the problem.
Embedded portable device with a teeny ARM processor. Sadly, no room for linux anything or even an RTC. Every time it connected to a phone, the phone would set its clock so the timestamps were somewhat close to being accurate.
However, if you swapped out the AAA battery and DIDN’T connect it to the phone at least once, all your subsequent readings would go back to zero epoch and would be forgotten 🤷🏻♂️
If it had been up to me, I would have included a proper real-time-clock in the design and done things a lot differently.
But the device was designed by one company and the BLE and processor module by another. For some ungodly reason neither trusted each other, so nobody was given access to the firmware source on either side. I worked for a third company that was their customer paying the bill. I was allowed to see the firmware for both sides, but only read only, on laptops provided by each company, one at a time, in a conference room with their own people watching everything. Yeah, it was strange.
I was there because the MCU and the BLE processor sometimes glitched and introduced random noise. Turned out the connection between the two parts were unshielded UART with no error detection/correction 🤦🏻♂️
It was concidental that we hit the date glitch. Took all our effort just to get them to add a checksum and retry. The tiny MCU was maxed out of space. No way to fit in any more code for date math.
Thanks. On the plus side, I got to try ‘soup dumpling’ – still the best I’ve ever had. And Kaoliang, the most gut-busting distilled beverage known to mankind. OTOH, the product shipped, won lots of awards, and got national coverage for the company.
Nothing to do with timezones, but still, fun times.
Unix time doesn’t help with timezones… It’s always in UTC.
Unix timestamps also get a bit weird because of leap seconds. Unix timestamps have no support for leap seconds (the POSIX spec says a Unix day is always exactly 86400 seconds), so they’re usually implemented by repeating the same timestamp twice. This means that the timestamp is ambiguous for that repeated second - one timestamp actually refers to two different moments in time. To quote the example from Wikipedia:
Unix time numbers are repeated in the second immediately following a positive leap second. The Unix time number 1483142400 is thus ambiguous: it can refer either to start of the leap second (2016-12-31 23:59:60) or the end of it, one second later (2017-01-01 00:00:00). In the theoretical case when a negative leap second occurs, no ambiguity is caused, but instead there is a range of Unix time numbers that do not refer to any point in UTC time at all.
Some systems instead spread a positive leap second across the entire day (making each second a very very tiny bit longer) but technically this violates POSIX since it’s modifying the length of a second.
Aren’t timestamps fun?
Luckily, the standards body that deals with leap seconds has said they’ll be discontinued by 2035, so at least it’s one less thing that developers dealing with timestamps will have to worry about.
Don’t try to write your own date/time code. Just don’t. Use something built by someone else.
Unix time doesn’t help with timezones… It’s always in UTC.
Unix timestamp is always in UTC which is why it’s helpful. It’s seconds since Jan 1st 1970 UTC. Libraries let you specify timezone usually if you need to convert from/to a human readable string.
Don’t try to write your own date/time code. Just don’t. Use something built by someone else.
…yes that’s why UNIX timestamps are helpful, because it’s a constant standard across all the libraries.
Some systems instead spread a positive leap second across the entire day (making each second a very very tiny bit longer) but technically this violates POSIX since it’s modifying the length of a second.
Unix timestamp is always in UTC which is why it’s helpful.
Any time you show the time to a user, you have to use a timezone. That’s why the unix timestamp has limited usefulness - it doesn’t do a lot on its own and practically all use cases for times require the timezone to be known (unless you’re dealing with a system that can both store and display dates in UTC). Even for things like “add one week to this timestamp”, you can’t do that without being timezone-aware, since it’s not always an exact number of seconds as you need to take Daylight Saving transitions and leap seconds into account.
Then that system should be trashed.
A lot of systems just don’t handle leap seconds well. Many years ago, Reddit was down for four hours because their systems couldn’t deal with leap seconds. Smearing the extra second across the whole day causes fewer issues as software doesn’t have to be built to handle an extra second in the day.
If I remember correctly, they’re updating the standards to allow for more deviation between UTC time and “actual time”. They’ll likely replace leap seconds with a leap minute that happens much less frequently, implemented by spreading it across the whole day, similar to the leap second workaround I mentioned.
This is sometimes practical, too. For example, hooking and extending functions in compiled code that will never be updated by the original author, while preserving the original executable/library files.
Extension functions are not the same at all. Extension functions are syntactic sugar. For example if you have an extension function like
<span style="color:#323232;">public static class ObjectExtension
</span><span style="color:#323232;">{
</span><span style="color:#323232;"> public static void DoSomething(this object input) { }
</span><span style="color:#323232;">}
</span>
You can call that function on an object by doing object.DoSomething() - Yes. But underneath it’s the same as doing ObjectExtension.DoSomething(object)
That function does not actually become part of the object, and you can’t use it to override existing functions
A closer example of how to do something similar in a memory safe language would be - in C# - using something like Castle DynamicProxy - where through a lot of black magic - you can create a DynamicProxy and fool the CLR into thinking it’s talking to an object, while it’s actually talking to a DynamicProxy instead. And so then you can actually intercept invocations to existing methods and overrule them
Generally overruling existing functions at runtime is not that easy
I thought you were talking about keeping an unmaintained library intact but building onto it.
I thought C was a really dangerous way to use that syntactic sugar pattern. Actual manipulation of the bytecode to maintain and extend a compiled binary is wild
This is sometimes practical, too. For example, hooking and extending functions in compiled code that will never be updated by the original author, while preserving the original executable/library files.
Your original comment made it seem more like extensions - extend and preserve. That’s the misunderstanding.
When I said it’s wild to manipulate bytecode I means “wow that’s a terrifying practice, I would hate to check that PR”
Fair enough. What threw me is that you said “bytecode”, which is generally not used when referring to hardware machine instructions. My original comment is about patching the in-memory image of a running program or library, replacing machine instructions in order to intercept certain calls and extend their behavior.
I thought my phrase “compiled code” would convey this, but I guess nowadays bytecode-compiled languages are so common that some people assume that instead.
Yeah and part of this is that the domain I’ve been working in for years now is very far from machine code, and I’m probably overly lax with my language here.
The result of being in very corporate app dev - I’m usually talking in much higher level abstractions. My bad on conflating bytecode and machine code
Sometimes what I’d like to be able to do is treat part of an app as a core and the rest like user provided scripts, but written and evaluated in the host language and not running an embedded scripting language like lua with all the extra burden.
E.g. you have an image editor and you want the user to be able to write native functions to process the image. Or you have a game engine and you want to inject new game code from the user without the engine being a compiler or the game logic being bundled scripts.
And then you can load plugin classes from all the dlls with dependency injection, and execute them though something like this:
<span style="color:#323232;">public class ImageEditor(IEnumerable<IImageEditorPlugin> plugins)
</span><span style="color:#323232;">{
</span><span style="color:#323232;"> public void EditImage(int[,] imageData)
</span><span style="color:#323232;"> {
</span><span style="color:#323232;"> foreach (var imageEditorPlugin in plugins)
</span><span style="color:#323232;"> {
</span><span style="color:#323232;"> imageEditorPlugin.BeforeImageEdit(imageData);
</span><span style="color:#323232;"> // Do internal image edit function
</span><span style="color:#323232;"> imageEditorPlugin.AfterImageEdit(imageData);
</span><span style="color:#323232;"> }
</span><span style="color:#323232;"> }
</span><span style="color:#323232;">}
</span>
This is a very simple example obviously, normally you’d send more meta-data to the plugins, or have multiple different interfaces depending on the kinda plugin it is, or have some methods to ask plugins when they’re suitable to be used. But this way a user can provide compiled versions of their plugins (in the same language as the core application) - instead of having to provide something like lua scripts
Agreed. It’s a very adult approach. C hands you a running chainsaw and whatever happens after that is your responsibility. It is also your responsibility to decide when it’s not the right time to use C.
C is dangerous like your uncle who drinks and smokes. Y’wanna make a weedwhacker-powered skateboard? Bitchin’! Nail that fucker on there good, she’ll be right. Get a bunch of C folks together and they’ll avoid all the stupid easy ways to kill somebody, in service to building something properly dangerous. They’ll raise the stakes from “accident” to “disaster.” Whether or not it works, it’s gonna blow people away.
C++ is dangerous like a quiet librarian who knows exactly which forbidden tomes you’re looking for. He and his… associates… will gladly share all the dark magic you know how to ask about. They’ll assure you, oh no no no, the power cosmic would never pull someone inside-out, without sufficient warning. They don’t question why a loving god would allow the powers you crave. They will show you which runes to carve, and then, they will hand you the knife.
Rust is like a paranoid overprotective guardian. A “mom friend”, of sorts. Always the designated driver of the group, keeps you from staying up too late, stops you from eating things that might be choking hazards without proper precaution, and so on and so forth. You’ll never meet a person more concerned with your health and safety – until, that is, you say the magic word “unsafe”. Suddenly the alter ego that their hypnotist implanted gets activated, and their entire demeanor changes on a dime. BMX biking? Bungee jumping? Inline assembly? Sounds like a great idea! Let’s go, man! Rules are for NERDS! Then the minute the unsafe block ends, they’re back to normal, fully cognizant of the adventure they just went on and thinking absolutely nothing of it. “Whitewater rafting with you guys was really fun, especially the part where Jason jumped into the water and I went after him! I’d best go get the first aid kit, though – that scrape he got when he did that looks like it might get infected. I know he said it didn’t hurt, but better safe than sorry!”
They kinda scare you when they’re like that, if you’re honest.
It literally cannot come up with novel solutions because it’s goal is to regurgitate the most likely response to a question based on training data from the internet. Considering that the internet is often trash and getting trashier, I think AI will only get worse over time.
Also the more the internet is swept with AI generated content, the more future datasets will be trained on old AI output rather than on new human input.
Lets see, since the goal is to prevent webscaping all these should work: paywalls, account only acsess, text obferscation (e.g. using a custom font that maps letters randomly to other ones so it looks fine but to a webscraper it looks like gibberish), HTML obferscation (inserting random characters in the HTML then hiding them using CSS) and many more.
AI has poisoned the well it was fed from. The only solution to get a good AI moving forward is to train it using curated data. That is going to be a lot of work.
On the other hand, this might be a business opportunity. Selling curated data to companies that want to make AIs.
I could see large companies paying to train the LLM on their own IP even just to maintain some level of consistency, but it obviously wouldn’t be as valuable as hiring the talent that sets the bar and generates patent-worthy inventions.
You can fine tune a model with specific stuff today. OpenAI offers that right on their website and big companies are already taking advantage. It doesn’t take a whole new LLM, and the cost is a pittance in comparison.
Hi, I don’t want to say too much, but after being invited to some closed AI talks by one of the biggest chip machine manufacturers (if you know the name, you know they don’t mess around), I can tell you AI is, in certain regards, a very powerful tool that will shape some, if not all, industries by proxy. They described it as the “internet” in the way that it will take influence on everybody’s life sooner or later, and you can either keep your finger on the pulse or get left behind. But they distinguished between the “AI” that’s floating around in the public sector vs. actual purpose-trained AI that’s not meant for public usage. Sidenote: They are also convinced the average user of a LLM is using it the “wrong” way. LLMs are only a starting point.
Also, it’s concerning; I’m pretty sure the big boys have already taken over the AI market, so I do not trust that it will be to the benefit of all of us and not only for a select group (of shareholders) that will reap the benefits.
Again, none of the people at this talk have anything to do with selling a product or pushing an agenda or whatever you think. There is no press, there is no marketing, there is no product - it was basically a meetup of private equity firms that discussed the implementation and impact of purpose-trained AI in diverse fields, which affects the business structure of the big single-family office behemoths, like an industry summit for the private equity sector regarding the future of AI and how some plan to implement it (mainly big non-public SFOs).
Sometimes people just meet to discuss strategy; no one at these talks is interested in selling you anything or buying anything - they are essentially top management and/or members of large single-family offices and other private equity firms. They are not interested in selling or marketing something to the public; they are not public companies.
It’s weird how you guys react; not everything is a conspiracy or a marketing thing. It’s pretty normal in private equity to have these closed talks about global phenomena and how to deal with it.
These talks are more to keep the industry informed. I get that you do not like it when essentially the big SFOs have a meeting where they discuss their future plans on a certain topic, but it’s pretty normal that the elite will arrange themselves to coordinate some investments. It’s essentially just the offices of the big billionaire families coming together to put heads together to discuss a topic that might influence their business structure. But, in no way is it a marketing strategy; it would, on the contrary, be negatively viewed in the public eye that big finance is already coordinating to implement AI into their strategy.
But feelings don’t change facts. My point is if the actual non public big players are looking at AI in a serious matter, then so should you.
I never argued that I was in IT/Tech; I deal with investments and PE. I have nothing to do with IT or tech. My point is we, in the PE/FO sector, are going to invest in AI businesses in 24/25, not only in the “B2C market” but mainly in the B2B market and for internal applications. Whether you believe it or not, it’s gonna happen anyway.
So Nvidia (or Intel or AMD) told you that you need to AI to stay competitive. Not only that, but you needed a bespoke solution. Not the toy version out on the net every can get access to.
Strangely enough, they have some wonderful products coming to market which would be just what you need to build a large training network capable of injesting all your company data. They’d be happy to help you on this project.
All they had to do to get you to drop your guard was invite you by name to a “closed talk”.
Haha, lol, whats happening why do you hate me, just sharing an experience, an opinion?
it’s not NVIDIA or AMD or any chip manufacturer, or someone who has a product to sell to you. Most of them are not even publicly traded but are organized in family office structures. They don’t care about the B2C market at all; they are essentially private equity firms. You guys interpret anything to fit your screwed-up vision of this world. They don’t even have a product to sell to you or me; it was a closed talk with top industry leaders and their managers where they discussed their view of AI and how they will implement purpose-trained AI into manufacturing, etc. It has nothing to do with selling to the public.
I have already said too much - just let me tell you if you think LLMs are the pinnacle of AI, you are very mistaken, and depending on your position in the market, you need to take AI into account. You can only dismiss AI if you have a position/job with no real responsibility.
So weird how you guys think everything is to sell you something or a conspiracy - this was a closed talk to discuss how the leaders in certain industries will adapt to the coming changes. They give zero cares about the B2C market, aka you as an individual.
Again, none of the people at this talk have anything to do with selling a product or pushing an agenda or whatever you think. There is no press, there is no marketing - it was basically a meetup of private equity firms that discussed the implementation and impact of purpose-trained AI in diverse fields, which affects the business structure of the big single-family office behemoths.
As long as AI isn’t outlawed or “regulated” in some stupid way, open-source AI models will stay competitive. People are interested in AIs and working on them is exciting and doesn’t require a lot of code or other bullshit, this is the type of thing that the open-source community will work on.
Low-background steel, also known as pre-war steel, is any steel produced prior to the detonation of the first nuclear bombs in the 1940s and 1950s. Typically sourced from ships (either as part of regular scrapping or shipwrecks) and other steel artifacts of this era, it is often used for modern particle detectors because more modern steel is contaminated with traces of nuclear fallout.[1][2]
ChatGPT is banned by my employer, because they don’t want trade secrets being leaked, which IMO is fair enough. We work on ML stuff anyway.
Anyway, we have a junior engineer that has been caught using ChatGPT several times, whether it’s IT flagging its use, seeing a tab open in their browser during a demo, or simply just seeing code they obviously didn’t write in code I’m reviewing.
I recently tried to help them out on a project that uses React, and it is clear as day that this engineer cannot write code without ChatGPT. The library use is all over the place, they’ll just “invent” certain API’s, or they’ll use things that were deprecated/don’t work if you’ve even attempted to think about the problem. IMO, reliance on ChatGPT is much worse than how juniors used to be reliant on Stack Overflow to find answers to copy paste.
One of the dirty secrets at FAANG companies is that lots of people join from internships, and can get all the way to senior and above without ever needing to go through a standard, full technical loop. If you have a formal apprenticeship scheme, sometimes you’ll join through a non-tech loop.
The underlying problem is the same, it just became more accessible to copy code you don’t understand (you don’t even need to come up with a search query that leads you to some kind of answer, chatpgt will interpret your words and come up with something). Proper use of chatgpt can boost productivity, but people (both critics of chatgpt and people who don’t actually know how to code) misuse it, look at it as a “magic solution box” instead of a tool that can assist development and lead you to solutions.
I think it’s worth taking the time to learn IPv6 property. If you have a good understanding of IPv4 it shouldn’t take you more than an afternoon.
Eliminating NAT and just using firewall rules (ie what NAT does behind your back) is incredibly freeing.
I don’t get people complaining about typing out IPs. I like to give all of my clients full FQDNs but you don’t have to. Just using mDNS would be enough to avoid typing a bunch of numbers.
Maybe I have Stockholm Syndrome, but I like NAT. It’s like, due to the flaws of IPv4 we basically accidentally get subnets segmented off, no listening ports, have to explicitly configure port forwarding to be able to listen for connections, which kinda implies you know what you’re doing (ssshh don’t talk about UPnP). Accidental security of a default deny policy even without any firewalls configured. Haha. I’m still getting into this stuff though, please feel free to enlighten me
Anything connected to an untrusted network should have a firewall, doesn’t matter if it’s IPv4 or IPv6.
There’s functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.
If anything, IPv6 is more secure because it’s impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.
With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.
Ahh, woah, I never thought about the huge address space would affect network scans and such.
With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?
I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.
With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?
The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.
Assuming you have multiple hosts in your IPv6 network you can simply add “port forwardings” for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.
I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.
That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn’t matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.
I wouldn’t rely on the size of the address space to provide security. It’s possible to find hosts through methods other than brute force scanning. I remember seeing a talk from a conference (CCC? DEF CON? I can’t remember) where they were able to find hosts in government IPv6 address space (might have been DOD?) through stuff like certificate transparency logs and other DNS side channels.
Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.
For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.
However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.
It should not be the sole source of security but it definitely adds to it if done right.
Could a hypothetical attacker not just get you to visit a webpage, or an image embedded in another, or even a speculatively loaded URL by your browser. Then from the v6 address of the connection, directly attack that address hoping for a misconfiguration of your router (which is probable, as most of them are in the dumbest ways)
Vs v4, where the attacker just sees either your routers IP address (and then has to hope the router has a vulnerability or a port forward) or increasingly gets the IP address of the CGNAT block which might have another 1000 routers behind it.
Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.
There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked “directly” the attacker still talks to the router responsible for your network first and foremost.
While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it’s even a “feature” in many consumer routers called “DMZ host”, which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.
Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets “NATted” 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.
Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.
That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.
Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.
Since you can have multiple IPv6 addresses on one machine, you can use a rotating address for all outbound connections and a permanent address for inbound connections. If you visit a malicious website that tries to attack the IP that visits it, there will be no ports open. They would have to scan billions of addresses to find the permanent address. All of that scanning would be easily detected and blocked by an IDS.
There is this notion that IPv6 exposes any host directly to the internet, which is not correct.
TP-Link routers used to actually do this. They didn’t have an IPv6 firewall at all. In fact they didn’t add an IPv6 firewall to their “enterprise-focused” 10Gbps router (ER8411) until October 2023.
That and the IPv6 address on client systems will periodically rotate (privacy extensions), so the IPs used today won’t necessarily be the ones used tomorrow.
(you can disable that of course, and it’s usually disabled by default on server-focused OSes)
I don’t think you have Stockholm syndrome. You just like what you already understand well. It’s a normal part of the human condition.
All those features of nat also work with IPV6 with no nat in the exact same way. When I want to open up a port I just make a new firewall rule. Plus you get the advantages of being able to address the ach host behind the firewall. It’s a huge win with no losses.
Instead of nat and port forwards that rewrite, your firewall is set to only forward specific traffic, exactly how’d you’d configure outbound forwarding on a nat network (but opposite directions)
Every time I see a defense of IPv4 and NAT, I think back to the days of trying to get myself and my roommate to play C&C: Generals together online, with a 2v2 game, with one of us hosting. Getting just the right combination of port forwarding working was more effort than us playing C&C: Red Alert on dial up when we both lived at home.
With IPv6, the answer is to open incoming traffic on the port(s) to the host machine (or just both since the other guy is might host next time). With IPv4, we have to have a conversation about port forwarding and possibly hairpin routes on top of that. This isn’t a gate for people “who know what they’re doing”, it’s just a bunch of extra bullshit to deal with.
programmer_humor
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.