For me the weird parts jump out in the very first definitions. I'm not used to thinking of M, C, and K as "all possible messages, ciphertexts, and keys". It never occurred to me to work from those assumptions because that's a crazy huge space in my mind.
Plus the set notation threw me a little, e.g.: the cardinality of the set of all ciphertexts for key k in K is ... a number Nc. oookkaaayy.... pause ... ...60 minutes later .... OOOHHH got it!!! ... Same goes for the additive theorem, where suddenly the bit strings M and C become numbers that are added with k mod n --> First it's a message and now ... SHAZAM ... its big integer!
I know as an embedded analyst that RSA and ECC crypto spends a lot of time in bigint routines, but it is becoming clear WHY that is the case.
I realize this is all 101 stuff for people who know crypto, but I really want to learn it for real-reals, so I'm creeping through this book a little bit every day until my brain shuts down. It took me 30 minutes to convince myself of Example 2.6 wasn't perfect crypto: I know intuitively why, but applying the definition mathematically made me feel all of the rust in my brain from 30 years out of college.
I"m sure I'll hit more confusing set theory math, fortunately I have the internet.
I mean, you're not wrong, but it's only for three shows, and there are no ads during the shows, only before and after. It was 7 when it first launched, so it doesn't seem like any other shows or new content will ever have ads. But hey, if you watch Agents of Shield, Grey's Anatomy, or How to Get Away with Murder, that surely does suck.
How is this not a false advertising lawsuit in the making? I mean, maybe the effect will be to make it "Hulu Silver", but that's better than blatantly claiming "No Ads" on an ad-containing product.
There is Hulu with no ads where there are three shows with ads.
Then there is Hulu Live TV which is like traditional cable. That gives you shows live and on demand that would usually come with a cable package. This is in addition to the regular Hulu offering.
No, actually: because they started out as ad-only, then added paid subscriptions while still forcing their subscribers to watch ads, and that is when I decided it was not for me. Maybe they've been evolving in a more positive direction if there are only a few shows left with ads?
They've had an ad free* version for years. Six dollars extra and you don't get ads.
*Three shows still have ads since they signed a deal before they released an ad free tier, and the only alternative would removing those three shows from the ad free tier, which is lose-lose.
> We are just properly leveraged and operating with an acceptable amount of risk.
I think that's OP's point. Every word in this sentence is subjective. Throwing around concepts like leverage debt and risk exposure is a way only a mid/well-off person would frame the discussion.
For the other 80% of the US, this statement is madness.
Not really. NPM relies heavily on semver - https://semver.org/. In this case, the package that was updated updated a minor version, which means it should be backwards compatible, but it wasn't for later versions of Node.
Of course, you can always lock your build to exact versions of your dependencies (lock files in NPM used to be a complete cluster, in my opinion they are less of a cluster now - you can pretty much do everything you want with them but there are some gotchas that make it easy to shoot yourself in the foot). The issue is that when you run 'npm install', it will pull the latest semver-compatible versions of your dependencies.
So for everyone decrying how this is a bad example of NPM and the javascript ecosystem, I really think the opposite is true. Yes, it broke a lot of upstream dependencies, but importantly only for new builds of those items, and furthermore it was found almost immediately.
Also, of course, you can specify exact versions of your dependencies - you don't have to rely on semver. That means, though, that you need to be more vigilant about pulling in bug fixed and security fixes, and most people take the tradeoff that they are comfortable pulling in patch or minor versions, but using lock files once they have a build they have verified.
The regression suite never gets to run if it shares the dependency.
And the system under test shouldn't even compile for the tests to run either. So it isn't so much the regression suite saving you so much as it is just acting as the client of first resort.
CRA would be running the tests, not is-promise. CRA could have pinned every dep, and had a bot (dependabot) automatically run tests against every new version of every depended-upon package, and update only when those tests pass.
Potentially. If cra had pinned all their deps, and used a bot to automatically bump deps contingent on passing a comprehensive regression matrix, this would have been avoided. GitHub's Dependabot is good for this. In my opinion everybody besides libraries should pin deps and use dependabot.
Exactly. We use Renovatebot for the same purpose. It pins dependencies and creates PRs for updates.
Amazing to see how often the builds break, even sometimes after minor updates. But at least we fix them before release, and not after... :)
Yep. One of the very nice things about npm/node versus python or go or some others is that package locks and dependency pinning is possible. But few people seem to use it.
I’ve seen reports of people using a go library that gets a minor update and breaks their app, at which point they become SOL as go always installs the lad test version. I myself have been working in python projects where the dockerfile simply says “pip install blah” and I get different deps than the working version. No clue why anyone would be okay with working like that.
It's not true that Go always installs the latest version of a dependency. `go get github.com/x/y@v1.3.4` installs v1.3.4 of x/y, assuming there is a tag matching that.
Install any moderately complex nodejs lib or app and it will throw tons of warnings, ignored errors, and security issue alerts. As you should with any app running in production, lock down everything and watch network traffic because there are innumerable backdoors in the JavaScript ecosystem.
My company's current production electron app has 360 npm dependencies. We have CI for the UI but not for the USB/FFI stack, so any time we have to touch that code everyone blanches.
> innumerable backdoors in the JavaScript ecosystem.
Same goes for Python and CPAN. Any "click here for fancy module" installer has this problem.
Open up any serious Python project and you'll find significant dependencies. Math, graphics, IO, stats, ML... anything you really want to do requires dependencies. In fact, one of my biggest issues with Python is the cross-platform incompatibility of many packages which makes it a terrible choice for my deployment. (Even worse if the project has Cython components!)
I often end up having to scour github for forked pywheels that aren't vetted. Which are then cloned ad infinitum.
Its a tradeoff between extensibility and open source / free software, and robustness.
Math -> You use numpy, scipy, none of these have any significant dependencies. And libraries this complex are not even available for node.
Graphics -> Python comes with included Tkinter, and others are also one include away.
Stats -> Scipy does a lot of the stuff. There is a built in package for stats. Again, no stats package has 100 dependencies, and node doesn't even have anything with even 1/10th of the features
ML -> I mean node has nothing here, nothing, while pytorch has total of six dependencies. In node, left pad might have these many.
Python doesn't need left pad, isNumber, isInteger, isOdd, isPromise , take your pic.
> In fact, one of my biggest issues with Python is the cross-platform incompatibility of many packages which makes it a terrible choice for my deployment. (Even worse if the project has Cython components!)
But python has high performance libraries written in C, can you even use node for any of the cases where python has platform compat issues?
It is a tradeoff, and there is no comparison. Python needs far far less dependencies than node. e.g, Flask has 2 total dependencies, express has 48 direct dependencies, and even then flask comes out ahead on features, so much so that you would need many more packages to do the same stuff with express.
I'm not comparing functionality of Node and Python. They are different beasts. I was pointing out problems inherent with Python packaging, which you didn't even address in your fanboy rant.
The small investment in VMWare Fusion was worth it but I still need some dedicated machines.
I just have a few issues:
Problem #1: Disk space requirements. I have a late 2013 MBP and windows gobbles up a min 60GB for the image, which is 1/4th my SDD. This is why I ended up buying cheap beige boxes for every other OS (or AWS).
Problem #2: Clipboard on VMWare is a trainwreck. Same goes for VNC and Microsoft Remote Desktop which I also use. My workaround is to use a text file on my router's USB drive so that I cut and paste through that in each OS.
----> I would pay someone $1,000 to come to my house and fix my clipboard problems.
Problem #3a: The magic mouse blows chunks on anything but macOS. And even running Excel on macOS is impossible with a magic mouse. The left-right slop makes it difficult to scroll vertically without drifting diagonally... I don't know how macOS apps solve that.
Problem #3b: I would kill for a mouse with a real middle button, not a scroll+button. Unix/X middle click paste is a feature I sorely miss on macOS and Windows.
You can buy an Windows or Linux "computer" and run MacOS in a virtualmachine. VMWare Workstation is great for it. You can do it also with Virtualbox or KVM. But the latter doesn't have "hardware acceleration" support.
You phrased it in context like you thought using a Mac was preventing you from using a mouse with a middle button, especially when it was right after the section complaining about the Magic Mouse.
Middle-click paste is one of X's many usability fails, especially since it's a convention adopted by no other UI. All the rest assume a max of 2 essential buttons.
Command-C and Command-V are just so much better. Learn to love them.
I don't know the implementation details behind this, but it also seems to me that Ctrl-C/Ctrl-V has a separate clipboard while middle-click-to-paste pastes whatever is selected. Makes no sense to me but I've tried to Ctrl-C / middle click and had issues before. Just one more thing that makes it worse.
Count me in. Text alerts on all financial institutions to a google voice # and monthly reconciles of all acounts plus weekly investment checks.
I have had two fraudulent CC charges in 25+ years, and they both were reversed immediately so I'm not worried about that. More worried about my credit union so I keep as little in there as possible. (Interest rates are a joke so it doesn't matter.)
> He’s able to recite details about the account that only pnc would know, so now I’m not sure.
That's the creepy part. There is so much of our info available on the darkweb that even engaging with scammers potentially verifies it and makes it more valuable, although it is unlikley a purchaser of a phishing database is going to provide feedback to the point of origin, they may feed it forward if they resell and augmented dbase. [For example, if someone buys 1,000,000 phone numbers, and that person finds 250,000 are bogus, they can sell the "cleaned" database again claiming it's been slightly sanitized. DefCon has taught me to fear the world.]
(And the chapter number ordering doesn't reset with sections, not a big deal, just odd)