Father, Hacker (Information Security Professional), Open Source Software Developer, Inventor, and 3D printing enthusiast

  • 9 Posts
  • 268 Comments
Joined 2 years ago
cake
Cake day: June 23rd, 2023

help-circle




  • Even worse: It’s a compliance nightmare!

    Classified information leaking in this way is a one-off situation that might get an individual in trouble. If someone at a heavily-regulated company uploads the wrong thing though, that can cause major disruptions to commercial services while the regulators investigate. Not just fines or prosecutions after-the-fact!

    Here’s why it’s a big deal: Nearly every organization allows employees to use google.com. That necessitates allowing POSTs to google.com and from a filtering perspective it makes it nearly impossible to prevent. The best you can do is limit the POST size.

    Having said that, search forms in general always pose a 3rd party information disclosure risk but when you enable uploading of entire files instead of just limited text prompts you increase the risk surface by an order of magnitude.






  • Oh I can explain this: You were born with a destiny that doesn’t make sense anymore because the gods had to make some changes to the timeline. Sounds simple enough but some people have actually been given theirs or someone else’s prophecy so now they have to make it happen… Somehow.

    To resolve this situation they often have to come up with clever solutions to make sure the prophecy still happens in a way that the (new) timeline can handle. Such as “experiencing plague” and “getting caught rolling with a naked woman in public”.








  • For Microsoft, the key threat is that the Steam Deck isn’t even a Windows OS device by default, let alone having Microsoft’s Xbox services and Game Pass on it. Valve has used the platform, very successfully, to evolve Steam from being simply a digital store that runs (usually) on Windows, into being a very capable gaming OS in its own right.

    That, perhaps more than anything else happening in the industry in recent years, is a threat to Microsoft’s plans for the Xbox platform and gaming more broadly – and if the success of the Steam Deck is a key component of that threat, then creating an Xbox device to compete directly in that space seems like the logical response.

    And there’s the real reason why Microsoft cares. The success of the Steam Deck is a threat to Windows because it runs Linux. Also, the more games that run on the Steam Deck means the more games run on Linux.

    Microsoft normally solves problems like this by abusing their monopoly and crushing their competition. In this case though, Microsoft is the underdog since Steam is the one with a much larger gaming monopoly. They’re going to have to spend billions and billions if they want to stand a chance against the Steam Deck.

    The other enormous problem they face is that Windows is very, very far behind when it comes to technology compared to Linux. Devices made for Linux vastly outperform the best hardware that runs Windows. Even if that hardware was made to run Windows!

    Windows is decades behind Linux from a technological development standpoint. For example, Windows is still running the same filesystem from over 30 years ago!

    What this means is that for any given portable hardware Linux is going to vastly outperform Windows in basically every benchmark from battery life to frame rate. That doesn’t even include the fact that in Windows you’re forced to install many background apps (and kernel level rootkit anti-cheat) that takes up memory and slows everything down just to get basic security and play games.


  • without type safety your code is no longer predictable or maintainable

    This sounds like someone who’s never worked on a large Python project with multiple developers. I’ve been doing this for almost two decades and we never encounter bugs because of mismatched types.

    For reference, the most common bugs we encounter are related to exception handling. Either the code captured the exception and didn’t do the right thing (whatever that is) in specific situations or it didn’t capture the exception in the right place so it bubbles up waaaaay too high up the chain and we end up with super annoying troubleshooting where it’s difficult to reproduce or difficult to track down.

    Also, testing is completely orthogonal to types.



  • Riskable@programming.devtoProgrammer Humor@lemmy.mlBefore and after programming
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    2
    ·
    edit-2
    25 days ago

    Yeah that’s annoying but it’s a short-term problem. Python just recently cleaned up some long-standing issues that broke backwards compatibility in packaging (for certain things). Most public modules that broke made trivial changes to fix the problems (once they learned about them) and life went on.

    However, for some fucking reason a whole bunch of dependencies related to AI are dragging their feet and taking forever to fix their shit. Insisting that everyone “just use Python 3.10” and it drives me nuts too.

    This problem started to become a real thing almost two years ago (so they had plenty of warning and time to fix things) and yet here we are with still a handful of core dependencies that won’t install for things like Stable Diffusion, Flux, and various LLM stuff because they’re dragging their feet.

    I blame corporate culture: Enterprises hate upgrading their shit and they’re as slow as glaciers sometimes. There’s probably tooling at Nvidia, for example, that needs a ton of work for Torch to work with new versions of Python and since all their documentation already was written for running on Python 3.10 (and Ubuntu 22.04 LTS) they’ve created a lot of work for themselves.

    Any day now they’ll finally finish fixing all these little dependencies and then we’ll have another two years of ease before the problem rises again with Python 3.14 and it’s massive GIL-free improvements that require big changes in code to actually take advantage of them.


  • Why? The most annoying thing that I remember about it was popular modules that hadn’t been ported yet. In essence, a temporary problem; growing pains.

    The Unicode/string/bytes changes were welcome (to me). But that might just be because I had actually encountered situations where I had to deal with seemingly endless complexity and ambiguity related to Unicode stuff and encodings. Python 3 made everything much more logical 🤷