Azure, last I knew, required RSA SSH keys. (Attempting to give a new VM an ed25519 key just fails.)
GCP's project switcher … like why can't I just search by project name? Instead, it only searches the current org, and unfortunately, my org uses multiple GCP orgs, so I'm all day switching between orgs in the project switcher.
GCP: I have no idea what the deal with the sidebar is, or why it died. The search box is okay, but why can't services be just preloaded, and the search done locally? Nuanced search through docs might require an AJAX, okay, but "clusters" should match GKE instantly.
GCP: IAM won't show inherited permissions if you don't have getIamPolicy on the thing that the perm inherits from. This can result in weird situations where, e.g., you have editor on a project, but it won't show up in IAM.
GCP: I swear the API cannot decide if it's a "region" or a "location".
GCP and Azure: various UI processes will create multiple objects, and it's not clear that that's what is happening. In the long run, this hampers a user understanding how the various bits all fit together.
GCP: some objects require other objects. I hate hitting this, as GCP's UI will refuse to validate the form, as it sees the field with the dependent object being empty. But GCP's UI won't let you enter anything into the field, either, because it's a drop-down combo box, and it only loads its values when the page does. So even if you pop into a new tab, build the dependent object, you can't add that new object to the form without reloading the page, which wipes the form. This makes filling in the UI O(n²). Literally, I've had my RSI flare up on these forms when they have 3, 4 of these.
Azure: the portal will redirect/reload like 8 times during log in. What on earth. Also, their "SSO" seems to have forgotten what the first "S" stands for. Then, 2FA requires unlocking a phone, and entering a code. Their 2FA app has a terrible delay between prompting you, and surfacing the keyboard. Add to that that the login sequence has a short timeout, and sometimes you can miss the window just trying to complete the 2FA flow fast enough.
GCP is my current cloud, so while there's probably more quips here for them, it's just because I'm using them. Out of the big 3 (AWS, Azure, GCP) I actually think they're alright. Either #1 or #2.
… most of these clouds have no material means of issue tracking, so quality issues shouldn't really be that shocking. There's no way to bug report it! (And no, Azure, some dinky "feedback portal" where I can upvote at most 3 bugs … is not a bug tracker. Customer support portal != a bug tracker, either.)
A non-allocating library would be forced to return to you the unparsed string literal, since returning a parsed string can require an allocation. It might tell you that the literal is valid.
E.g., take the JSON:
"\"\uD83D\uDCA9\""
There's no (pointer, length) into that that you can then printf(…, ptr, len); you'd get the escapes, raw.
Ofc., there might be situations like debugging where that's fine.
I think you get thread-safety and memory leaks (the article alludes to macOS taking this approach), or it's unsafe but doesn't leak. But that is inherent in the API, as specified by POSIX: setenv must necessarily either invalidate the pointer returned by getenv (which is cannot do safely) or leak it.
Perhaps the leak is "better", in at least there won't be non-OOM crashes, but it still leaves a bad taste in one's mouth.
For a long running program like Steam (that is for some odd reason calling setenv…?) … I'm not sure which is better. Better would be not calling setenv, which it sounds like they've worked on.
I would be happy if getenv() called strdup() on the value and returned that. It would cause loads of minor memory leaks and maybe a handful of serious ones, but they should be reasonably easy to clean up and would avoid returning pointers to mutable private data.
It'd be an API change, sort of? Although POSIX doesn't seem to say anything about ownership of the pointer, beyond thou-shalt-not modify the data it points to. Doesn't seem to specify calling free as valid or invalid.
But honestly, it seems like one might as well do exactly that (strdup & return)? At worst, nothing calls free(), and it is equivalent to the macOS strategy of "just leak the memory" to make it threadsafe. But at best, a program could #ifdef its way into "oh, this semi-sorta-nonstandard-behavior on this particular OS" and call free(), getting both a thread-safe & non-leaking implementation.
I think it's fine to implement a useless control to get a customer.
Just don't pretend that you're doing it because it is a useful control, pretend that you're doing it because jumping through that hoop gets you that customer, and "we're a smaller fish than the government". Especially with the government (especially if it's the USA…) there are going to be utterly pointless hoops. I can pragmatically smile & jump, … but that doesn't make it useful.
Exactly. There is absolutely a threshold of money that will get me to implement FIPS. There is no threshold of money that will get me to say it's a good idea that has any value other than getting the (singular) customer that demands FIPS.
The core idea of FIPS doesn't seem terrible at first glance: a validation program to ensure known attacks are protected against.
The obvious issue is that known attacks have progressed significantly faster than FIPS has been updated, so in practice it doesn't defend against actual attackers. Compliance-based security pretty much always falls into this trap, and often is even worse because compliance with the standard is considered the maximum that can be done instead of the minimum that must be done. FIPS' fatal flaw is that in many cases it mandates a maximum security level that is now outdated.
It's a lot like building or electrical codes: if they're treated as the minimum as intended things stay safe, but if they're just barely complied with then buildings tend to fall down and/or catch fire.
I guess as a company I would agree that it's fine to implement a useless control to get a customer. As a tax-payer...not so much. We spend so much money (at least in the U.S.) on garbage.
I think it depends a bit on circumstance, but I think I'd start with "way too much software binds to 0.0.0.0 by default", "way too much software lacks decent authn/z out of the box, possibly has no authn/z out of the box", and "developers are too lazy to change the defaults".
It's a particularly cursed form of writing IPv4 addresses:
> A popular implementation of IP networking, originating in 4.2BSD, contains a function inet_aton() for converting IP addresses in character string representation to internal binary storage. In addition to the basic four-decimals format and 32-bit numbers, it also supported intermediate syntax forms of octet.24bits (e.g. 10.1234567; for Class A addresses) and octet.octet.16bits (e.g. 172.16.12345; for Class B addresses). It also allowed the numbers to be written in hexadecimal and octal representations, by prefixing them with 0x and 0, respectively. These features continue to be supported in some software, even though they are considered as non-standard.
Yes, it is. We saw this in 2020 where states came from behind and ended up being for Biden. I feel like that late-counting of Democratic votes was very partly was spurred the ensuing election conspiracies. Election votes are not counted uniformly at random.
A central tenant of the mainstream LGBTQ community is to "live authentically". That tenant cuts both ways, in that nobody in the trans community is going to force someone to be trans — they wouldn't be "living authentically" if someone were forcing them to be trans. I've seen this point expressed in the LGBTQ community countless times outside of political discussion, usually to someone who is self-questioning, and asking someone else if they're gay/trans/etc., which is community, more often than not, will respond to with "we can't decide that for you."
The last political ad I saw, and it was endorsed by Trump, featured a segment furthering the conspiracies around Imane Khelif, implying she was a man, etc.
Every piece of evidence revealed so far points towards Imane Khelif being male. Two blood tests from independent labs showing an XY karyotype, a member of Khelif's coaching team describing problems with chromosomes and hormones while also mentioning that Khelif has been on medication to adjust testosterone levels to bring this closer to the female range, and most recently, a leaked medical report showing that Khelif has a male-specific disorder of sexual development: 5-alpha reductase deficiency (5-ARD).
We can ascertain from all this that Khelif went through male puberty and has the male physical advantage in sport that is caused by male sexual development.
Interestingly this is the same DSD that Caster Semenya has. Semenya is another male athlete who competed in a women's category at the Olympics, for the 800 metres track event, and who also won gold.
Individuals with this condition are sometimes mistaken for female at birth due to internal testes and an underdeveloped penis. And are then issued identity documents erroneously stating that they are female. This is what happened with Semenya and almost certainly is the case with Khelif too.
> This seems like some wildly misplaced animosity toward the concept. Especially in regard to trying to shift away from calling kids "intelligent". […] I'm not here to say whether that's panned out or not, it seems very new in the child psychology space, but I think the idea makes sense.
That's the entire point of the elaboration that TFA goes into on the research in this area: while the idea feels like it "makes sense", it actually doesn't, and the research appears to confirm that it is just junk science.
The larger point is that it's just C-suite grift, and they're just shoveling bull to appear as if they're knowledgeable leaders.
The article is criticising the “you can be anything you want” mindset and highlighting the lack of reproducibility in research around student academic results.
But the reason a multinational like Microsoft might promote a growth mindset are different. Employees who are open minded are able to work with others and collaborate more effectively. Employees who actively seek new data and try to invalidate their preconceptions can be more successful in large sprawling organisations.
> I did look for something a bit more cross platform to replace it
vim. ;) While yes, it has quite a learning curve, the payout IMO is ultimately worth it.
But Notepad++ will always have a place in my heart; it was what I used for a long time back when I was also still using Windows, and it's a solid editor, and leagues better than NOTEPAD.EXE. Especially 21 years ago, the landscape was much different. "DevC++" I think was the other editor I had that was competing with it.
Unfortunately then you will eventually be forced to work in environments without it and feel like you just had a brain aneurysm due to how insufferably slow and clunky everything else is. Ignorance is bliss, just look at all those cute commenters here who think notepad++ is the best thing ever. "It even supports regexp!" It makes the editor wars feel so pointless, but Windows users are adorable.
Azure, last I knew, required RSA SSH keys. (Attempting to give a new VM an ed25519 key just fails.)
GCP's project switcher … like why can't I just search by project name? Instead, it only searches the current org, and unfortunately, my org uses multiple GCP orgs, so I'm all day switching between orgs in the project switcher.
GCP: I have no idea what the deal with the sidebar is, or why it died. The search box is okay, but why can't services be just preloaded, and the search done locally? Nuanced search through docs might require an AJAX, okay, but "clusters" should match GKE instantly.
GCP: IAM won't show inherited permissions if you don't have getIamPolicy on the thing that the perm inherits from. This can result in weird situations where, e.g., you have editor on a project, but it won't show up in IAM.
GCP: I swear the API cannot decide if it's a "region" or a "location".
GCP and Azure: various UI processes will create multiple objects, and it's not clear that that's what is happening. In the long run, this hampers a user understanding how the various bits all fit together.
GCP: some objects require other objects. I hate hitting this, as GCP's UI will refuse to validate the form, as it sees the field with the dependent object being empty. But GCP's UI won't let you enter anything into the field, either, because it's a drop-down combo box, and it only loads its values when the page does. So even if you pop into a new tab, build the dependent object, you can't add that new object to the form without reloading the page, which wipes the form. This makes filling in the UI O(n²). Literally, I've had my RSI flare up on these forms when they have 3, 4 of these.
Azure: the portal will redirect/reload like 8 times during log in. What on earth. Also, their "SSO" seems to have forgotten what the first "S" stands for. Then, 2FA requires unlocking a phone, and entering a code. Their 2FA app has a terrible delay between prompting you, and surfacing the keyboard. Add to that that the login sequence has a short timeout, and sometimes you can miss the window just trying to complete the 2FA flow fast enough.
GCP is my current cloud, so while there's probably more quips here for them, it's just because I'm using them. Out of the big 3 (AWS, Azure, GCP) I actually think they're alright. Either #1 or #2.
… most of these clouds have no material means of issue tracking, so quality issues shouldn't really be that shocking. There's no way to bug report it! (And no, Azure, some dinky "feedback portal" where I can upvote at most 3 bugs … is not a bug tracker. Customer support portal != a bug tracker, either.)
reply