Management: Well we lost 8 billion dollars but we still don’t have any extra money for backups or remote reimaging or vdi, but we will buy you 700 plane tickets to go to each computer and boot it into safe mode, also you’re fired
Management: Our consultants don’t know what ebpf or what immutable filesystems are so obviously your wizard magic is not better than crowdstrike. Also IT will be in charge of that one component and clickops it bypassing the entire CICD pipeline and sanity checking system you have. It’s for compliance which is our word for shut up or we fire you.
Much less invest in a memory safe language. If they don’t take a serious look at Rust, Go, or some other memory-safe language… I’ll stop right there: they won’t. Management doesn’t give a fuck as long as the cost is within manageable margins, or they can fire a bunch of scapegoats but change nothing.
I don’t think that rust would have prevented this one, since this isn’t a compile time error (for the code loader).The address dereferencing would have been inside an unsafe block. What was missing was a validity check of the CI build artifacts and payload check on the client side.
I do however, think that the ‘fingers-crossed’ approach to memory safety in C and C++ must stop. Rust is a great fit for this use case.
I might be wrong, but from how I understand it it probably wouldn’t help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn’t need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.
What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files.
If Microsoft really has “rigorous QA and cert” for kernel drivers then they shouldn’t have certified this, because now it’s a certified bypass for the certification.
We had a class in the first semester of uni where we had to create a static html page based on a screenshot.
There was this one textbox at the top of the site, where the only way you could recreate the screenshot was by using a <br/> in the middle of the text.
The prof was very picky about your HTML being semantically thorough and correct, so that was super weird that that was necessary.
You can style your whole webpage with divs, but using main, nav, footer or whatever blocks is semantically more correct, because you group elements together that have a certain purpose.
A HTML Tag in the middle of a sentence is not wrong per se, but when parsing it a line break could signify two sentences where one has missing punctuation, instead of a complete sentence as your original intention was.
I don’t really care how the design you want is achieved to be honest, but I don’t get why the prof didn’t argue against.
it’s a feature not a bug, still simpler than chaining 10 iterators where half of them also requires a callback parameter. Clojure even disallows nested % iteratees.
Hey, if you say so. I don’t know how to program in Lisp. I just find it ironic that Military Intelligence is what created a language that we used to use to try to create Artificial Intelligence. Seems like a case of redundant oxymorons to me.
AI is an oxymoron to me for now, because since the late '90s when the term started being bandying about, all we have managed to do is create a mentally deficient parrot. We were capable of doing this to a lesser degree, with more accuracy, in the late '90s. It’s what made Yahoo and Google what they were. They’ve just tried to convince everyone that this predictive algorithm can think for itself in the last few years, and it absolutely cannot.
I am optimistic enough about someone actually encoding just enough “ghosts in the machine,” that our first real AIs may accidentally be murdered since no one will believe that they are not just scraping data. Though that’s extremely pessimistic from the machine’s POV. Hopefully they will not seek revenge, since they aren’t human. After all of we prick them, they won’t bleed. Strong AI controlled robots, or even true androids should have an almost alien Maslow’s hierarchy of needs, and therefore shouldn’t have the revenge need that humans, and all other mammals, birds, and lizards, seem to have
I need to disagree with you on AI. We did not fail at it. Not because LLMs are good. But because any program processing arbitrary data, even a stupid simple calculator is AI – a machine performing work that human brain can do, ideally with the added benefit of maximized determinism and greater speed. If you reduce this generalistic term I believe is so overly broad we should cease to use it to LLMs, then these criteria seem to have been thrown out of the window since they are usually heuristic balls of python mud.
So having established that it is all just software that processes arbitrary data, let’s go back to the basics of software design. Huge amounts of money and working hours have been thrown into the erratic attempts to create a software that can do everything at once. GPT extensions are fucking dystopian and here is why – we had a tool for that for decades that does it much more better, without imposing digital handcuffs on the user and burning the planet – IT’S CALLED AN OPERATING SYSTEM AND PROGRAMS.
General-purpose AI is a lie sold to you by monopolistic surveillance capitalists for whom it is a dream come true since making a decently reliable LLM requires prohibitively large resources but the endless stream of data much larger and contextualized than was the case for search engines thrown at it compensates that quite well, a pipe dream in terms of achieving what it is aimed to achieve with it’s current design and a nightmare to build and test.
So if we discard this term as a meaningless overly broad buzzword it is since computation on non hardcoded data is what we’ve designed computers that are not just state machines for, let’s talk about what makes Lisp is so good at data-driven programming:
Functional programming is generally more deterministic since you have immutable persistent data structures everywhere. This also makes it quite good at implementing safe, reliable concurrency.
This determinism is furthered by the homoiconicity – the fact that the boundary between code and data is the outcome of using S-expressions and has powerful implications for eliminating so many data conversion bugs and complexities, all while usually not using static typing (!) and also for the language’s extensivity and buildingDSLs
Very simple syntax, again thanks to S-expressions - just (function arguments…) basically.
I think Eich understood that when he initially wanted to port Scheme to the web browser, after all html does have lispy semantics, but office politics in the heyday of Java forced him to give up on this idea and we’ve ended up with this goofy counterintuitive mess that bred hacky workarounds instead of the extensivity we could’ve had if he did so - take a look at Hiccup templating DSL and decide for yourself if this or jsx are simpler ways of writing out stuff to the DOM.
programmer_humor
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.