Enum really does feel like a superpower sometimes. I’ll knock out some loop and then spend a few mins with h Enum.<tab> and realise it could’ve been one or two Enum functions.
Functionally, it doesn't matter anyway. These licensing schemes only serve the owners of services large enough to legally badger other moneyed entities into retrospective payments. Individual users have no agency over their submitted content, and nobody in charge of these companies even gives a second thought to keeping it that way. As I've said many times, nobody in this space gives a shit about anything except how they look to investors and potential users-- least of all the people that make the 'content' these machines 'learn'.
Do you have some expectation that when you post your content to some 3P site that you somehow continue to exercise control over it (other than rights under the GDPR)? What basis do you have for this belief?
IAAL but this is not legal advice; seek licensed counsel in your jurisdiction.
Copyright gives you a bundle of rights over your expressive works, but when you give them to someone else for republication, as you are here, you’re licensing them. By licensing according to the terms of service, which is a binding contract, you are relinquishing those rights. As long as there is a term in the terms of service that allows the publisher to convey your expression to a third party, you don’t get any say into what happens next. You gave your consent by submitting your content, and there’s no backsies. (Subject to GDPR and other applicable laws, of course.)
And these days, no web service that accepts user generated content and has a competent lawyer is going to forget to have that sort of term in their ToS.
Why do you say OpenBSD stopped "supporting bind"? You mean they don't include it in the base system anymore since the switch to unbound?
I mean.. It's one pkg_add away. It's a weird constraint to give yourself if that was the problem, considering you absolutely had to install it on your replacement ubuntu servers.
The short version is that we wound up not feeling particularly enthused about OpenBSD itself. We have a much better developed framework for handling Ubuntu machines, making it simply easier to have some more Ubuntu machines instead of OpenBSD machines, and we also felt Bind on Ubuntu was likely to be better supported than a ports Bind on OpenBSD. If everything else is equal we're going to make a machine Ubuntu instead of OpenBSD.
Ah I don't know if I would agree with that. Temporal does a lot of stuff; we just don't happen to need most of it and it's really heavyweight on the database side (running low 500 or so workflows/second of their own 'hello world' style echo benchmark translates to 100k database ops/second..
DBOS is tied to Postgres, right? That wouldn't scale anywhere near where we need either.
Sadly there aren't many shortcuts in this space and pretending there are seems a bit hip at the moment. In the end, mostly everyone who can afford to solve such problems are gonna end up writing their own systems for this.
> DBOS is tied to Postgres, right? That wouldn't scale anywhere near where we need either.
I would challenge that assumption. We have 50 years of experience scaling Postgres. It can scale pretty far, and then you can shard it for even more. Or you can use one of the new flavors of Postgres compatible database that has unlimited horizontal scaling.
> In the end, mostly everyone who can afford to solve such problems are gonna end up writing their own systems for this.
Hard disagree (granted, I'm the CEO of one of the companies selling a solution in this space). If done right with a good DX and lightweight enough, ideally everyone will use DE by default, and will use one of the frameworks provided. Most likely one of the new style frameworks that you see in this blog post and that DBOS uses, that don't use an external coordinator and black box binary with a shim.
DBOS uses in process coordination with a pure language library, which makes it far more performant with a lot less hardware. It's not an apples to apples comparison.
Barely supported by Apple these days - in addition to needing to disable SIP which is a pain, it was broken causing system freezes for several major macOS releases.
Does instruments allow you to track file reads/writes and other syscalls/mach stuff? Their docs are quite bad at describing the capabilities, so I'm not really sure. From what I can see it's a profiler rather than a tracing tool.
It seem fairly logical to me? If a config change causes services to crash then rollout stops … at least in every phased rollout system i’ve ever built…
If the vendor can't even secure their update server; how long do you think it would be until some RCE on these 100k un-patchable routers gets exploited?
The only people to blame for this is the vendor, and they failed on multiple levels here. It's not hard to sign a firmware, or even just fetch checksums from a different site than you serve the files from...
the problem is that these laws just make the problem bigger - instead of having to compromise 100 thousand routers they can just compromise a single update server from a vendor that doesn't care about security.
the fallout is some companies losing their revenue: https://status.neoprotect.net/ and other headaches for people all over the world
But that's already true for most cases and devices. Most people using most devices let auto updates just happen.
And the other option isn't that much better, because "don't do autoupdates because maybe the update server is compromised" leads to a bunch of unsecured devices everywhere.
The only "real" solution is also completely unrealistic: Every private person disables auto updates, then reads the change log, downloads updates manually, and checks them against some checksum.
The better solution would be to simply increase fines until morale improves.
I tried to read this page, but it keeps refreshing itself and resetting the scroll position to the very top. Since I'm on mobile, I can't do anything about this easily and it's worse because it takes longer to figure out where to scroll to to continue.
ok, let's redo this: instead of routers it's an IoT device. The router protects the IoT device from direct access so it is secure from majority of attack vectors - now an IoT device provider gets their server compromised and hundreds of thousands of IoT devices are now bots in a botnet due to the ability to forcefully push a security update.
I don't think it does outweigh the benefits, the real benefits would be punishing or/and banning vendors that do not secure their devices since using laws such as "timely updates" just promotes them to include sloppy (insecure) implementations for pushing said updates just to do bare minimum to comply with the law.
reply