Sounds good - DDG is pretty bad lately, it typically just returns a list of AI generated SEO slop pages, so I've been switching back to Google in a private tab for a lot of things. Might be worth trying this one now!
If they leave them there, the next administration might be able to switch them back on and start gathering woke climate science data again.
Long ago, the UK courts ordered all the major consumer ISPs to block The Pirate Bay along with various other popular services. Ever since, we've had to keep up to date on what the latest proxy address might be.
Of course, thanks to the new censorship laws introduced more recently, we're all on VPNs now, so as to avoid having to hand our ID to the wallet inspector for every last website we ever use. And once that was set up, it was nice to discover that the original is still in play!
Please, no. Often when writing code I need the API reference and only the API reference. I know what I want to do and how to do it, I just need a quick check of the exact order of arguments or exact symbol names. I don't need to try to sift that out of commentary. Likewise when I'm learning how to use the library I'm more interested in the overall view. I don't need to know the exact names of the options for a call, only what the options are for. I expect the code in the user's guide to be accurate, but I don't want the same things out of it that I want out of the API reference.
Except for the bit where it does that caching for a loop where each lookup only occurs once. Because everybody caches lookups, so that must be the right thing to do (it's the most likely thing to happen) in a case where the cache is never used. Riiiiight...
Something critical to note: intent is the most important thing to document when it comes to software. You can see what it does by reading the code, that's straightforward. What I need to know most, both when writing software and maintaining it later, is why it's doing that. What's it supposed to be doing? Why is it doing it in that way? What were the alternatives and why weren't they chosen? How is it supposed to be used by code that calls it? An LLM can't generate any of that just from the code.
This is why traditionally software libraries have had two separate pieces of documentation: an API reference that details every call and it's arguments and results, and a user's guide that lays out how and why to use the library.
The jokes about Darth Jar Jar were everywhere of course, but it could have worked. Star Wars lifted a few ideas from classic SF sources including Asimov's Foundation series - in which, we might recall, the terrifying, unstoppable galactic warlord known as The Mule was hiding in plain sight as a clown, who seemed to be merely a harmless entertainer at court. His military success was chiefly thanks to his psychic ability to manipulate others' minds to his liking - Darth Jar Jar could have done very well that way!
I saw three Star Wars movies when I was young. They were great. Mainly because I was a child and this stuff was new and fresh and exciting to me. Even the Ewoks.
I saw three more when I was not quite so young. They were... poor.
I saw a couple more when I was older. One was great, the other was okay but a retread of one of the old ones, and I never got round to seeing the rest. Didn't care enough.
Now they've got more, and apparently they're based on a TV series they did, which I didn't watch because I wasn't subscribed to that streaming platform at the time. So I'm not going to see those either. Same reason I've not seen a Marvel superhero film since the first Avengers one - just too much homework required with all the backstory. Every scene is a shout out or reference that I won't get. Every character seems to be getting ever louder and angrier and more and more of them have access to time machines. I just don't have it in me to care anymore.
I like the sound of these horror films, though. They're going to tell a complete story? In one film? With a beginning, middle and end, that don't ask me to be up to date on an entire Cinematic Universe? Sounds great, time to check where they're showing!
A modern version of GTA London would be the absolute dream. Been long enough now, you could set it in the nineties and have the same retro value to it!
... why unions aren't much more common among technology workers. Especially given what you hear about the videogame industry in particular, with that mad 'crunch time' culture in which workers are ruthlessly, well, crunched. I'd always ask, well, what does your union say about it? And what do you know, there isn't one, how about that.
Nice to hear of some progress being made, then. I suppose the risk with this for the rest of us is that GTA 6 might be late to release, but, uh, at this point I think we're over that
This has been typical behavior for large companies when dealing with vulnerability reports for decades. Report one, they treat you as the problem. They'll try to ignore it, consider it "not exploitable", delay and deflect as long as they can get away with it, anything but address the vulnerability. And they'll never tell anyone the vulnerability exists. This only changes when they have no choice but to admit to the problem and fix it, usually when the vulnerability is being publicly exploited. They push "responsible disclosure" because it includes the reporter not making the vulnerability public until the company has a fix, which allows them to stall disclosure as long as they want.
It used to be enough to just include a reasonable deadline when reporting it, after which the reporter would make it public if the company hadn't taken some action on it. Then companies started threatening and then taking legal action against the reporter as soon as they reported the problem, playing the deadline up as "blackmail".
So, what do you do when faced with this? The only reasonable response is to skip the company entirely and make the details public immediately. You're going to be facing retaliation from the company either way, this way the public isn't vulnerable for an extended time. And yes you include details on how to exploit the vulnerability, ideally via working code, so researchers other than the company can confirm it's a real vulnerability that's actually exploitable without having to take your word for it. No, that doesn't give the bad guys anything because remember the working assumption for vulnerabilities: if a good guy has found it, the bad guys already know about it and are using it. Remember that when the company whines.
This isn't unusual for a cloud environment where services are distributed across multiple servers for performance and resilience. For read/write data the propagation window necessarily has to be short, but for read-only or read-mostly data like authentication tokens the architecture usually favors speed of authentication and resistance to infrastructure failures over fast propagation of changes. Eg., using a pull-based "changes since the last time I checked" process instead of setting up everything for a real-time event-driven process.
The main thing everyone needs to remember about cloud systems is that they are operating in a distributed environment and changes do not propagate instantly to the entire system. The question is whether the propagation delay is acceptably small or not.
Also, do not depend on "we can revoke the credentials" as your primary defense against compromise. That won't help you against use of the credentials in the span between when they're compromised and when you revoke them, if that's acceptable for you then extending that span by a bit isn't an existential crisis. Design your authentication so credentials can't be compromised in the first place, and are as difficult as possible to use from any system other than the one they were issued to if they are compromised. Hardware tokens (Yubikey etc.) have been a thing for a decade now, it boggles me that they aren't the minimum standard yet.
IN MY OPINION anyone interested in improving himself should not rule out becoming pure energy. -- Jack Handley, The New Mexican, 1988.
