Peter Weller, playing Buckaroo Banzai, is late for his military-particle-physics-interdimensional-jet-car test because he's helping Jeff Goldblum's character with neurosurgery. Later that day he will go play lead guitar in an ensemble.
Scriptwriting gurus advise that your protagonist should have flaws and character progression. The writers of this movie disagree.
Kevin Smith has an introduction to this movie where he calls it a true piece of art: "It doesn't care what you bring to the table, it bring itself to the table and says: figure it out". https://youtu.be/N8R8wmlggwc?si=sva2-jF1Kl5eFsU4
In Mad Men, we have these little moments of mind=blown by the constant sexism, racism, smoking, alcoholism, even attitudes towards littering. In 2040 someone's going to make a show about the 2010s-2020s and they'll have the same attitude towards social media addiction.
It has never been about small government. You can just look at the Republican record on deficit spending or military funding to dismiss that. “Small government” was just an acceptable way to say you were for reducing benefits to people deemed undeserving.
There are people who called themselves Republican who started to believe their own propaganda, but it’s never been an empirical fact in the modern era that Republicans acted to reduce government spending in toto.
Thanks for bringing Vancouver into the discussion.
We have SROs here still, and they have a contentious relationship with both the government and the population they serve. Sometimes it's hard to tell if they are good or bad, other than they're probably better than people living on the street.
For example, a few days ago it was announced that a major SRO downtown would close. It was perceived to be causing nuisances, but also, we have FIFA coming soon and many cities do this sort of "cleanup" when events like that happen.
You're right that Eby has shifted rightwards somewhat. In my estimation it's more to do with where the voters are. Sometimes we're electing socialist advocates for the unhoused to be premier and then we're electing Bitcoin-happy bagel merchants to be the mayor. Make it make sense.
So details were left out and it doesn't adhere exactly to this author's idea of what a good security report is.
Nothing to see here IMO.
The simpler explanation is that:
- They're a young organization, still figuring out how to do security. Maybe getting some things fundamentally wrong, no established process or principles for disclosure yet.
- I have no inside info, but I've been around the block. They're in a battle to the death with organizations that are famously cavalier about security. So internally they have big fights about how much "brakes" they can allow the security people to apply to the system. Some of those folks are now screaming "I TOLD YOU SO". Leaders will vacillate about what sort of disclosure is best for Anthropic as a whole.
- Any document where you have technologists writing the first draft, and PR and executives writing the last draft, is going to sound like word salad by the time it's done.
XSLT is being exploited right now for security vulnerabilities, and there is no solution on the horizon.
The browser technologies that people actually use, like JavaScript, have active attention to security issues, decades of learnings baked into the protocol, and even attention from legislators.
You imagine that XSLT is more secure but it’s not. It’s never been. Even pure XSLT is quite capable of Turing-complete tomfoolery, and from the beginning there were loopholes to introduce unsafe code.
As they say, security is not a product, it’s a process. The process we have for existing browser technologies is better. That process is better because more people use it.
But even if we were to try to consider the technologies in isolation, and imagine a timeline where things were different? I doubt whether XML+XSLT is the superior platform for security. If it had won, we’d just have a different nightmare of intermingled content and processing. Maybe more stuff being done client-side. I expect that browser and OS manufacturers would be warping content to insert their own ads.
>You imagine that XSLT is more secure but it’s not. It’s never been. Even pure XSLT is quite capable of Turing-complete tomfoolery, and from the beginning there were loopholes to introduce unsafe code.
> The browser technologies that people actually use, like JavaScript, have active attention to security issues, decades of learnings baked into the protocol, and even attention from legislators.
Yes, they also have much more vulnerabilities, because browsers are JIT compiling JS to w+x memory pages. And JS continues to get more complex with time. This is just fundamentally not the case with XSLT.
We're comparing a few XSLT vulnerabilities to hundreds of JIT compiler exploits.
While JIT exploits represent a large share of vulnerabilities in JS engines, there are enough other classes of vulnerabilities that simply turning JIT off is not sufficient. (The same goes for simply turning JS off, the Web browser internal is complex enough even without JS.)
Turning off the JIT eliminates an entire class of vulnerabilities just by nature of how the JIT works.
Ironically, JIT JS is much more susceptible to buffer overflow exploits than even the C code that backs XSLT - because the C code doesn't use w+x memory pages!
Yeah, turning off the JS or Web eliminates an entire class of vulnerabilities just by nature of how the JS or Web works (running untrusted code or showing untrusted content in the local machine) as well. That's no surprise.
The problem with JS isn't running untrusted code. That's easy and solved, we've been doing that for decades.
The problem with the JIT is compiling instructions, writing them to memory pages, and then executing them. This means your memory MUST be w+x.
This is really, really bad. If you have any way to write to memory unsafely, you can write arbitrary code and then execute it. Not arbitrary JS code. Arbitrary instructions. In the browsers process.
Even C and C++ does not have this type of vulnerability. At best, you can overwrite the return pointer with a buffer overflow and execute some code somewhere. But it's not 1995 anymore. I can't just write shell code in the buffer and then naively jump back into the buffer.
With these characters, from Trump on down, discourse is not the point.
He is flexing his power by showing he can make an obviously fatuous point and get away with it. Because there are no consequences, for someone like him.
Working on: to teach myself Rust, I’ve been working on a NYT Letter Boxed solver, with some ambitions to turn it into a game by itself. I think this game could be made a lot more fun.
Thinking about: A new take on LinkedIn/web-of-trust, bootstrapped by in-person interactions with devices. It seems that the problem of proving who is actually human and getting a sense of how your community values you might be getting more important, and now devices have some new tools to bring that within reach.
Microsoft and Oracle sold closed source software that had obtained tremendous leverage in their fields, if not outright monopolies. Historically, Microsoft and Oracle’s business models were threatened by open source. They have reacted in various ways over decades: alternately resisting, embracing, or acquiring control of important projects.
However, Shopify sells SAAS thst runs on open source. What does it benefit them to take over key aspects of infrastructure?
If they disliked what was happening with the OSS tools, they are big and rich enough to maintain forks or their own toolchain.
The OP seems to be associating the start of this controversy with some feud between DHH and the founder of Sidekiq. Shopify is indeed quite aligned with DHH. And there’s some controversy about so-called supply chain attacks, which I understand might inspire a call for a more locked-down organization. But as an outsider I am confused.
Webhooks would be much closer to a sane solution to this use case.
Why would you spam a web server asking repeatedly wether something has happened or not, instead of just providing him with an adress so that he can simply let you know in due time ?
It's not spamming any more than me opening their website myself in a browser, loading their entire webpage, looking "Is part 3 posted yet", and doing that every day until part 3 is posted.
Except this idea is automated, and wouldn't need to load the entire website.
Because then you have to maintain a publicly accessible server, and he has to maintain a database of everyone who has clicked the button. It wouldn't be "spamming", just loading a tiny endpoint once a day (or less!) is a trivial amount of traffic.
https://www.youtube.com/watch?v=aWXuDNmO7j8
Peter Weller, playing Buckaroo Banzai, is late for his military-particle-physics-interdimensional-jet-car test because he's helping Jeff Goldblum's character with neurosurgery. Later that day he will go play lead guitar in an ensemble.
Scriptwriting gurus advise that your protagonist should have flaws and character progression. The writers of this movie disagree.