> The people responsible are representatives (in one way or another) of the United States of America. Land of the free. Home of the brave.
I don't get this at all... Harvard fellow uses MIT's network surreptitiously to violate the terms of service to download a nonprofit's entire database and then give it away for free, putting them out of business. Gets busted and charged with crimes. Where's the problem here?
Ok the prosecutor may have been overzealous, but we do have an adversarial system and it was Swartz's bad decisions that brought the hammer down. They didn't plant drugs on him. He wasn't doing it to feed his family. Sorry to all the people here that knew him personally, and to whom this is a personal tragedy, but this is not the kind of travesty of justice that you are making it out to be.
JSTOR's database is scholarly articles going back about 500 years. These papers were written not-for-profit for the public good by academics and then peer reviewed (for free) by other academics. This represents our shared cultural knowledge, it belongs to everyone of us, and should be 100% freely available. And indeed much of it is in the public domain anyway since copyright has lapsed.
Whether the gate-keeper is nonprofit or not isn't really important. In point of fact, the entire system of journals charging fees for access to academic papers is outdated and broken, and is merely a parasitic relic from an age where it cost large sums of money to print and distribute paper-based media. Remember that universities pay a fee to access journals, and sometimes even pay a fee to have their papers published in journals, all the while generating and peer reviewing the content at their own expense.
In other words we can do better. And we should do better. By releasing JSTOR's content publicly Aaron was engaging in activism for the common good. You're welcome to your opinion that he deserved the book throwing at him and a $1M legal bill, but (in my opinion) you should think again.
* Why is this a Federal crime at all? Because some computer in another state was involved? If so,then soon all crimes will be federal.
* It appears they used mostly catch-all laws. The vague wording is subject to confirmation bias where almost any action looks like a violation. This is a particular problem with laws related to computer use; but also includes laws like "obstruction of justice" and "lying to a federal agent".
* In order to have a "reasonable" sentence on the table at all, he has to give up his right to a trial.
* As far as I can tell, no damage was actually done to anyone yet.
* Since when is violating a TOS a criminal issue? Did we outsource the writing of laws to company legal teams?
According to the Wall Street Journal[1], the government would probably have asked for 7 years, and a plea bargain offer was made to reduce to 6-8 months in prison. The 35+ years was the potential maximum, would have required conviction on all charges, and ultimately would have required an independent trial judge to "throw the book at him."
And "checking out too many books at once" = allegedly hacking into a third party network to download 4 million articles from 1,000 academic journals without paying the required fees.
Allow me to rephrase that then: 6-8 months, for downloading articles that should probably be in the public domain? Well, that's not prosecutorial overreach at all.
"allegedly hacking into [...] without paying the required fees
"Crime against 'intellectual property', goddammit! Let him rot in prison, I say! That content was paid-for by tax dollars, and nobody lost a dime because he never redistributed it, but so what? It's the principle: if you break property laws, you should always go to prison."
> Harvard fellow uses MIT's network surreptitiously to violate the terms of service to download a nonprofit's entire database and then give it away for free, putting them out of business.
Do you notice the contradiction in 'non profit' and 'putting them out of business'?
Non-profits and being a business are not contradictory. The Associated Press and NPR are both non-profit and have the potential to "go out of business" if people stop supporting them and paying member fees. The best non-profits are run as good businesses...because you need money to pay salaries and keep the lights running.
It is also notable how many non-profits aren't necessarily what people would conventionally think of as charities, despite being given a special tax status, etc.
Even so why would you write that boilerplate code out each time?
Something like this would work even better:
result = src.asyncMap { |e| dowork(e) };
Except Google Go returns several values instead of tuples, so you can't just collect all the results as-is. And with no generics it would be annoying to actually use e and the result, since they would need casts. Too bad.
If you think you can do asyncMap in Google Go, without casts and without manually collecting multiple return values, by all means show us the code. I would find that really interesting.
In IE10 the JavaScript is multithreaded... there's a separate thread for JS parsing, compiling, and garbage collection. As far as I know this is the only browser with a threaded JavaScript VM. So the skipping frames is probably because the rendering can be done independently from running JavaScript, and the core in use is probably some quirk like the benchmark creating a few objects on a timer, causing the GC to run on another thread -- that kind of thing can be fixed pretty easily, either by tweaking the benchmark (if it were publicly available) or by Microsoft fixing IE.
I haven't actually used IE10 yet, but I think you'll find this new architecture makes overall browsing more responsive and smoother than Chrome.
The real problem is the software libraries are just as hard.
Take OpenSSL for example... it's almost easier to learn the crypto than to figure out the API. Here's a good one: an SSL read/write operation can fail with more than one error, and if you don't clear or loop through all the errors then the next operation will fail because of the previous errors -- even if it succeeded. Or just try getting it to work with non-blocking sockets, you finally believe it is working and surprise it fails only once the network gets saturated. Or hours later when it renegotiates the crypto.
And you still have to know all the crypt terms to use it. What's a PEM? A BIO? PKCS? DHparams? What's "ASCII armor"? X509? Did SSL_library_init() add weak algorithms? Why do I have to know this just to create a secure connection?
Most of blame for crypto problems belongs to the libraries not the developers using them.
> P4 would have to be running at over 20GHz to match what the i7 is doing on a per-core basis.
Seems to me memory getting 10x more bandwidth and cache getting 8x larger probably accounts for the majority of the performance differences between these processors not instructions per cycle, which I think has gone up by more like 2x.
So a Pentium 4 with current memory and cache would need to be more like 8 Ghz if it scaled linearly like that (P4 had ~3 instructions per cycle, i7 ~7-8).
The only actual proper thing in this whole affair was Apple's lawsuit. As Samsung was copying them right down to the shape of the charger Apple felt they had a real case. They lost, but disputes are supposed to be settled in court when the parties can't come to an understanding.
- Samsung slavishly copying Apple's designs
- The Judge issuing a order designed to embarrass Apple
- Apple posting a snarky letter of the law notice
- Hacker News posters like in this thread
...these things are childish and immature. Grow up.
> > On the other hand, there are plenty of things you can do in Java that are simply impossible to do in Go.
> Depending on what you mean by "do" ...
Oh, I don't know, maybe dynamic code loading or secure sandboxing of code? For instance you can compile a custom Google Go without disk IO, but you can't have an app that loads plugins much less one where the app can do IO but the plugin can't.
These may not be the wisest or most useful of features for "systems" programming, but you have to admit that there are real things Java can do that Google Go cannot.
I think Google Go advocates put blinders on like agentS because if they actually objectively looked at the situation they would have the same thing to say as others do about Google Go: "meh".
> Oh, I don't know, maybe dynamic code loading or secure sandboxing of code? For instance you can compile a custom Google Go without disk IO, but you can't have an app that loads plugins much less one where the app can do IO but the plugin can't.
Sure you can. Spawn a child process with lower security privileges, and communicate over a pipe. It might require you to restructure to reduce chattiness, but on the other hand, you will be much less likely to expose yourself to security vulnerabilities than the Java "sandbox".
If the child process is written in Go, you can even use the -u compiler flag to only allow safe packages (i.e. no assembly, C, only packages explicitly marked as safe and pure Go). You can go even further, and mark package os unsafe, disallowing file system access altogether. Or do what (I suspect) Appengine does, and provide your own neutered implementation of package os/time/net/etc, and mark those as safe.
The Go playground is an example of this, btw. It merely streams stdout and stderr, but you could imagine doing other things with the sandboxed program.
> I think Google Go advocates put blinders on like agentS because if they actually objectively looked at the situation they would have the same thing to say as others do about Google Go: "meh".
I think you are falling prey to the same fallacy of false cause as your GP. "agentS likes Go, so he must not be objectively looking at the language". It is possible to objectively look at the language, and think it useful.
This is exactly what I was talking about. You can't even admit facts like that Java has dynamic loading and a security model and that Google Go does not. You're simply delusional in this respect.
It seems I wasn't clear enough; I apologize for the confusion. I fully admit that Java has dynamic loading and a security model and the Go does not.
I was responding to "you can't have an app that loads plugins much less one where the app can do IO but the plugin can't."; that is, I was merely providing a way to implement what you wanted (plugins that cannot do IO, in a host that can).
Like I said in my original post, "If you mean things that you can syntactically write down, like a Giraffe is-a Animal, or an Apple is-a Fruit, then yes, that is impossible to write down in Go." Similarly, it is impossible to dynamically load code, or enforce permissions at the runtime level (although implementations of this enforcement has historically been... buggy, to be charitable). I was attempting to show that the problem of having sandboxed plugins is solvable in Go.
The child process approach is viable, but in fairness you should note that shared address space provides efficiencies that the RPC approach does not. This approach is IMO quite interesting in context multi-core and certain problem domains, but as a general mechanism it is a 'hack'.
It is borderline fanaticism to insist on comparing Go to Java, and unfair to Go. Effective advocacy of Go should focus on its strengths (syntax) and not attempt to gloss over its inherent limitations. It is a capable and viable language within well defined limits. Java and JVM are in another league. Accept it and move on.
If a new 'headius' feels up to it, Go on JVM would be a very interesting new language for the JVM ...
> The child process approach is viable, but in fairness you should note that shared address space provides efficiencies that the RPC approach does not. This approach is IMO quite interesting in context multi-core and certain problem domains, but as a general mechanism it is a 'hack'.
As to the lack of a shared address space, I thought I had communicated that when I said "It might require you to restructure to reduce chattiness", but yes, there are performance advantages to having a shared address space.
You should note that there are security disadvantages to having a shared address space with a sandboxed plugin written in a relatively low-level language (bytecode). I won't post several links to exploits of the Java sandbox in the last year alone, but I am sure you can google for them.
This mechanism is most certainly not a hack. This is the approach that Chromium and the other multi-process browsers (all the modern ones?) use for sandboxing. It seems far more effective to me to push responsibility for security to the OS, rather than the language runtime.
> A full featured runtime reflection mechanism that does not drop "static info" on the floor
Package reflect is fully featured. It just requires you to have a value, or type to actually reflect upon. The tradeoff being that Go can do dead-code elimination and Java cannot. Same thing for Class.forName.
> @MetaInfo() ... Arguably not easy on the eye but necessary and enabling.
I think you are referring to annotations. Yes, Go doesn't have these on methods, functions, or types. But it has these for struct fields (tags); this gives you 90% of the functionality, without muddying up the syntax.
> Bytecode injest (beyond dynamic linking) -- the JVM is your oyster.
Sure. See my note about all of these points below.
> and related Instrumentation
Go has a CPU profiler, a memory allocation profiler. In tip, it has a data race detector. It can expose this data over an HTTP interface so you can profile a running server http://golang.org/pkg/net/http/pprof/.
> It is borderline fanaticism to insist on comparing Go to Java, and unfair to Go. Effective advocacy of Go should focus on its strengths (syntax) and not attempt to gloss over its inherent limitations. It is a capable and viable language within well defined limits. Java and JVM are in another league. Accept it and move on.
You continually give me solutions that are impossible to implement in Go, but not the corresponding problems. Like I said, there are things that are syntactically impossible to write down in Go. If you want me to give you a list of things that are impossible to do in Java, I can do that (structural typing, value types, methods on values, multiple top level definitions in a single file, first class functions, efficient array slicing come to mind). I have not done that because it is a nonsensical thing to do. That would be like me saying Javascript is superior to Java because Java does not have prototypical inheritance.
The only useful example I've heard is sandboxed plugins. That is a problem, not a solution. All the things you've listed are solutions. If you actually want to have a conversation about how to solve problems in Go, then list problems, not a laundry list of features that Java has that Go does not.
> If a new 'headius' feels up to it, Go on JVM would be a very interesting new language for the JVM ...
Why? If I want more performance than gc gives me, then I use gccgo. What would Go on the JVM give me?
Also, on an unrelated note, I find it a little sad and pathetic how both you and 0xABADC0DA have to resort to insults to get your point across.
>> and related Instrumentation
> Go has a CPU profiler, a memory allocation profiler. In tip, it has a data race detector. It can expose this data over an HTTP interface so you can profile a running server http://golang.org/pkg/net/http/pprof/.
It is canonically called "instrumentation" but that is not all that it is capable of doing. Have you actually ever used this feature of Java?
> Also, on an unrelated note, I find it a little sad and pathetic how both you and 0xABADC0DA have to resort to insults to get your point across.
?? When and where did I insult you? Pathetic, on the other hand, is an insult. I strongly take exception to that.
Seriously just to get the source you have to run two downloaded programs, any linux besides Ubuntu requires extra work, and even still it comes with some pre-built 32-bit binaries which apparently are compiled as part of another project. It's madness.
They say it's so complicatd because Dart is part of Chromium, but Firefox has a direct hg link -plus- hg bundles (repository snapshot).
That's not how you get the source, that's how you prepare for building the whole project, including the VM, compiler, etc. If you just want the source code, just
That isn't terribly easy to find, though, it's true (you either have to have used google code before and know it's on the "checkout source" page or dig through those "get and build" instructions for just the "get" part).
The rest is just dependencies (and daunting at first, but pretty simple after you do any chromium work). You have to deal with the same thing if you check out Firefox and you want to build it (gclient here becomes bootstrap.py there).
- Slashdot has the best moderation to show you the best posts.
- Reddit has best conversation because the red envelope tells you of replies.
- Hacker News has the best audience.
If these were combined into one site it would be hella cool, but unless HN evolves the tech I can tell you what site I won't expect to be around many years from now. Blacklisting unsavory contributors and deleting posts is only going to work to maintain standards for so long.
Yes. Your filter bubble won't let you know that anybody else finds it creepy. "If you like, you can repeat the search with the omitted results included."
I don't get this at all... Harvard fellow uses MIT's network surreptitiously to violate the terms of service to download a nonprofit's entire database and then give it away for free, putting them out of business. Gets busted and charged with crimes. Where's the problem here?
Ok the prosecutor may have been overzealous, but we do have an adversarial system and it was Swartz's bad decisions that brought the hammer down. They didn't plant drugs on him. He wasn't doing it to feed his family. Sorry to all the people here that knew him personally, and to whom this is a personal tragedy, but this is not the kind of travesty of justice that you are making it out to be.