Let me translate:

"... it often depends heavily on external crates, which can introduce complexity and auditing challenges, especially in enterprise environments."

"If you write code in rust, you may link to a library in your code. I think this is somehow unique to rust, but I have no experience in software development. That makes rust more challenging in Enterprise environments."

The difference is that everything is statically linked in Rust. This isn't a problem if you rebuild the universe and release every day anyway, fix the library and everything will pick it up.

But it's an issue for Canonical (and Debian) because they don't rebuild every one of the tens if not hundreds of thousands of packages for each update of the Release file. And this would have to include older releases too that are still supported.

With many languages, if you rebuild the .so then that's all that is needed. Sure end users need to restart processes to be sure of picking up the fix but that's all. Debian tries quite hard to avoid library bundling where possible but rust sort of makes it implicit anyway.

The downside of the shared library model is that any and every incompatible library change requires a soname bump. ABI stability is critical to the .so model.

I assume my phone is less secure than my desktop, because it's less frequently updated and probably a preferential target.

And fscking impossible to firewall properly. I've never tried with an apple phone but an android phone with always on VPN will still bypass the VPN when it feels like because "the OS is too important to be inconvenienced by such things"

The easiest way to see this happening is to remove the sim, so it has no mobile data at all, connect to wifi and turn on always on VPN.

Then monitor for traffic that tries to bypass the vpn.

Sure, there are some things that have to not go via the vpn, there's the vpn itself, of course, dns might be necessary for the vpn too if it cannot use static addresses, but it's also reasonable that captive portal detection stuff needs to happen before the vpn.

But even that leaks information to google - and we should be able to ensure that literally only the VPN software itself is allowed to talk to the outside world (via data).

On my latest phone there's a lot more than just captive portal detection going out.

Bloomberg is doubtless making a profit at $24k to $27k per user per year,

I doubt it, but I don't know.

Bloomberg has positioned itself as a premium service at a premium price.

Currently, it delivers premium service for that premium price, and that costs. You are a Japanese (only) speaker working at 1am Tokyo time and you have an issue, and your call to Bloomberg will be passed to a fluent Japanese speaker in minutes.

Pretty much anything that a company issues, news, reports, financials, will make it to the Bloomberg terminal quickly. Obviously, where possible, this is a digital link, but they transcribe things released as paper too.

I do wonder what will happen to Bloomberg (the company) once Bloomberg (the man) is no longer in charge. In the short term it seems trivially easy to turn the company into a $20K per terminal cash generator, but that will be achieved by stopping spending money on all the things that provide the premium service. There are plenty of alternatives that are good at a fraction of the cost and there's constant pressure on the people who have Bloomberg to use something else instead. Currently it's easy for the people who want Bloomberg to justify it - there's plenty of information only available on Bloomberg - but after five years of milking the company for cash instead of spending the money on premium service, and it will be harder to justify taking Bloomberg over one of the alternatives.

There again, what they actually want is the long days of summer to happen year round.

Is this really it?

Living in Northern Europe, when the clocks change in October is the most depressing day of the year. It's knowing that I won't see daylight for 4 months. And it happens on the day that the clocks change, there's no gradual "it's getting dark when I leave work" it goes straight to "it's nighttime when I leave work". The morning is already dark when I leave in the morning and it stays dark.

Having sunset at 5pm rather than 4pm on the shortest day is going to make it feel like what the day in October where the clocks change. Not great but "it's going to be getting better from here on".

The correct meaning of that sentence is that most particle accelerators are unable to steer two particle beams to crash head-on into one another.

Then it's utter bullshit. Probably by count most accelerators were either not intended to generate collisions at all or were fixed target accelerators. In either case there was only a single beam so talk about steering two beams is foolish. "Most accelerators are unable to steer two beams" would have been sufficient.

Once we went past the CoM energies that are reasonably achievable with a fixed target accelerator we needed colliders. Most colliders could only operate with a single mass of particle.

I'm pretty sure by count that most colliders could only accelerate electrons/positrons but again, as CoM requirements increase, e-e collisions become less productive.

If we're talking heavy ion accelerators, then yes, there are only two colliders currently in operation currently capable of colliding heavy ions, but that's all of the hadron colliders in operation. I don't know how many fixed target heavy ion accelerators there might be.

I would guess that there will be no hadron collider built in the future that couldn't collide heavy ions. It may not be possible to supply them with heavy ions as it may not be deemed worth building the infrastructure to do that, but if so, that will be a political decision to save a few hundred million on a multi billion machine, not a scientific decision.

Yes, but same mass collisions are trivial, the only requirement is that the accelerator is able to handle the mass.

The main ring at cern requires relativistic particles, it depends on the speed being (almost) constant while accelerating, so depends on the various feeders being able to accelerate Pb to sufficient energy.

And it depends on the magnets being able to contain the higher mass.

So
"Most particle accelerators are unable to steer two particle beams to crash head-on into one another."
is a strange comment. I'm not sure if they meant:
"Most particle accelerators are unable to circulate two particle beams of this mass" or
"Most particle accelerators are unable to be loaded with heavy nuclei"
but it's hard to imagine any accelerator that can meet those requirements not being able to steer the beams to collide.

I think it's interesting. C compilers aren't that complicated but C is just enough "uncooperative" that neither is it "feed the right file into lex/yacc and it will work". 20K seems cheap.

What I'd really like to see though is what they can do with reverse engineering, binary to C seems eminently sensible, C is low enough level that it can easily reflect the binary code without artificial constructs, but it's also expressive enough that it can express the semantic meaning of the code. And unlike compiling, where the global view matters, decompiling is almost exclusively local in scope.

It's not far off what qemu does when emulating an architecture, but it's really hard to go from that "JIT view" to something that a human can look at, understand, and improve.

We can be absolutely sure that China, the US and other major powers already have "state of the art decompilers" and are using them to seek vulnerabilities in closed source software. We, the people, need to know what "state of the art" really means. Perhaps it's useless in practice, no better than looking at the raw assembly for an expert, or perhaps it's "amazingly good" to the point where an expert doesn't need to know the architecture at all to understand the code.

Most particle accelerators are unable to steer two particle beams to crash head-on into one another.

https://cds.cern.ch/record/281...

Ag-Ag might be unique but cern does Pb-Pb (which was always planned) and Pb-p (which is much harder due to the slight difference in orbit required to keep the bunches counter-rotating at the same period and is in my books amazing)

but few people can tell the difference [when comparing 8K] with 4K,

I can well believe this. For a very long time I really struggled with sub-pixel rendering because it (to me) left visible colour fringes on the edge of letters. It was "bizarre" when the word "well" at the start of this sentence might have one red and one blue 'l' for example.

Since switching to 4K I've not had a problem. While writing this I double checked and the colour edging is still there but I can't really see it at all. Now I've looked carefully I can see that the 'im' in the middle of "time" has a faint reddish hue which changes as I scroll the text but it's so faint as to be almost unnoticeable.

Additionally, anti-aliased text doesn't look particularly blurred any more, certainly not enough that I'm straining to "bring it into focus" - obviously not going to work as it's not out of focus to start with.

At home, I've still got sub-pixel rendering and anti-aliasing turned off. Yes, text is sharper but it's also more jagged and, at 4K, it's not obvious which one is better (to my eyes) and were I starting from scratch I wouldn't take the time working out how to turn off sub-pixel rendering and anti-aliasing (but I'm also not going to spend the time working out what I need to undo to turn it back on after all these years).

Of course, countless people will say "you can't see colour fringing if sub-pixel rendering is done correctly, you must have it setup wrongly" - but it's a fact that I can, no matter how it is tweaked. Anti-aliasing on lower DPI screens is equally as uncomfortable to me although that difference is visible to others too, just that they disagree with me about which is easier to look at. FWIW, it's obviously a fact that I can see colour fringing that others can't because we can talk about the same text on the same screen at the same time, and I can say "look, that "l" has a green fringe, that "M" is red etc, they can say "I can't see it". Then you take a screen shot, zoom in and they say "Oh, yes, I can see it now!"

If this is a transient thing,

I have definitely noticed an uptick in non-white Americans relocating to Ireland. The numbers are too small to be statistically significant but it's noticeable - and also that these are permanent relocations[1] rather than people here on a fixed term contract.

Another reason this might not be transient is that many of these PhDs have very desirable skills in the private sector. They can probably earn 3-10x as much as they were getting. Even if they planned to go back to their government jobs eventually, they might find giving up the money harder than having never earned private sector salaries in the first place.

[1] By that I don't mean that they won't go back, just that their job in Ireland is permanent with no planned end date and at least some are taking salary cuts in order to move.

I was updating a program that uses c-ares to use a newer version, some of the functions that were being used were deprecated.

Now I've never used c-ares, this was in a program that I do use and I wanted to bring up to date as it had been neglected for a long while.

One of the replacements gave me a pointer to an opaque type. I needed to know how to get the data out of the opaque type, somewhere there would be helper functions to do exactly this.

So I asked chatGPT, immediately it said ptr->value. Obviously, this is wrong and will not compile. But nothing I could say to it would stop it writing ptr->. It didn't say "I don't know, I can't do that", it didn't say "you need to find the helper functions", it didn't try to look them up, just every time I said something along the lines of:
"If you write ptr-> then it's wrong and will not compile" it just said "You're right. I'm sorry about that. Here's a corrected version" (that included ptr->)

That's why it's not intelligent. Hell, even someone who'd never programmed C in their life, when you told them "if you write ptr-> it won't compile" will write something that doesn't include ptr-> or give up.

I solved it the usual way, looking at the header for likely matching functions and then the docs to see how to use them.

I don't know but I'd guess that it makes other CO2 intensive generation more attractive.

Ultimately, the majority of fossil fuel generation is doomed, renewables are now comfortably cheaper by pretty much any metric unless you put a very high value on 100% availability.

For a long while the west will probably need a rump of fossil generation because our entire system is built around 100% reliable grid power at any load. It will likely be the developing world that will get there first as they don't already have a reliable grid, so adding lots of renewable power that might only be available 80% of the time doesn't inconvenience them - indeed, it allows recharging of micro storage so they can have existing levels of power consumption 24/7.

The problem for the west is that the technology doesn't currently exist - you cannot buy a washing machine that can deal with an hour long power interruption part way through a wash cycle. It's not that it cannot be done, it's that it would add to the cost of a machine for no benefit.

Likewise, freezers can easily deal with intermittent power generation - the problem is ensuring that the door isn't opened (except in an emergency) while there is no power. It's easy to imagine a lock that prevents someone who doesn't realize the power is off, opening the door - but that's 100% useless - I remember exactly once in the last 10 years where I lost power (which was a loss of three phase supply to the building due to water ingress into the underground cable supplying the building)

There's nothing stopping you doing NAT6 either.

In fact, I do, but that's because my ISP is incompetent and IPV6 doesn't work properly (lots of other things don't work properly either, including DNS where I have to talk to a (remote) DNS server on a non-standard port to do DNSSEC[1]).

The nice thing about IPV6-IPV6 NAT if you're using it as a poor mans firewall is that you can do 1:1 address mapping, which also makes debugging issues easier and forwarding things you do want to allow trivial too, no more only one machine can listen on port 443 and you have to use a reverse proxy.

[1] I suspect that DNS does work if you make the router the (IPV4) DNS server but I've not checked that extensively. IPV6 dns doesn't work properly even if you use the ISPs advertised DNS servers.

Agreed, although egress filtering can be tricky if you're using SLAAC with privacy addresses and you want some clients to have external connectivity and not others unless you can partition them onto separate /64.

I use mac based tagging via an iptables firewall rather than have multiple SSID on the wlan.

But egress filtering is getting harder and harder anyway, everybody and his dog talks to something at amazon aws on port 443. So far, I've been able to use SNI inspection and there's been nothing using ESNI that I need to allow to connect, but once that becomes common for things like banking apps I guess the bad guys have won and it will be all but impossible to egress filter, you cannot even use DNS as they'll talk to DNS servers over HTTPS too.

In theory you should be able to MITM bit neither android nor apple make installing an ultimately trusted certificate easy (if it's possible at all)

Hell, it's even hard now to block all outgoing connections on android except via VPN. Always on VPN doesn't actually route everything via the VPN, it likes to chatter to google bypassing the VPN. And it "really doesn't like it" if it cannot confirm direct internet connectivity even though the VPN can connect. You used to be able to divert the connectivity check - which was on port 80, but that seems to be on port 443 with later versions of android and good luck importing a certificate so that you can fake google.com.

and let their cars drive around all day searching for free parking

Or just find the nearest traffic jam, the problem with looking for parking is that if there isn't a space you've got to keep driving. But if you just use whatever traffic information there is to find the most congested bit of the road, you've got "free parking" without needing to park at all.