Skull giver
Giver of skulls
- 0 Posts
- 197 Comments
SOAP requires reading a manual before you get started, but so do the frameworks that try to replace it. APIs are APIs, you rarely need to manually access any of the endpoints unless the backend doesn’t stick to the rules (and what good do any alternatives provide if that happens?) or your language of choice somehow still lacks code generators for WSDL files.
OpenAPI/Swagger is just SOAP reincarnate. The code generators seem to be a bit more modern, but that’s about it really.
Perhaps they should’ve asked for a sliver of a percentage rather than a large amount upfront, but based on their counter-offer they weren’t interested in percentual royalties.
Until the game is launched, Rockstar is operating on investment money and every component of the game is expressed in cost. Spending 1/85th of 11 years of revenue (or about a third on top of development cost) on songs upfront is hard to sell to executives. Especially when the rate is set by a small band like this.
Asking Beatles money for a Heaven 17 song was worth a try, but I don’t think they get to feel incredulous after their counter-offer was refused. Don’t high-ball offers you can’t afford to lose!
The offer was for $22.5k ($7.5k per member). Their counter-offer of $75k per member ($225k) was rejected and that’s why they went public. GTA V has 441 licensed songs, and there’s no way Rockstar is going to be paying $99 million dollars for just songs.
I’m not surprised they rejected a 10x counter offer, and looking for sympathy on social media is kind of silly. Pretty crazy that this band thought they had the negotiating power to get a 10x deal out of this.
Of course you can use XML that way, but it is unnecessarily verbose and complex because you have to make decisions, like, whether to store things as attributes or as nested elements.
That’s a rather annoying shortcoming of XML, I agree. Then again, the choice is pretty inconsequential and the XSD for your data exchange format will lift any ambiguity anyway.
The choice between XML and JSON are a matter of preference, nothing more. XML is much more powerful than JSON and it’s usually a better choice in my opinion, but if you’re writing your applications well, you may as well be sending your data as pixels in a PNG because your serialiser/deserialiser should be dealing with the file format anyway.
I don’t see comments in the spec?
Most web frameworks contain code to exchange JSON over XMLHttpRequest for a reason. XML is and always has been a data transfer format as well as a file format. JSON is, too. The amount of config.jsons I’ve had to mess with…
but using XML to communicate between your app’s frontend and backend wouldn’t be either
I don’t see why not? The entrypoint of web frontends is sent as HTML already. I guess that’s based on SGML, XML’s weird and broken cousin. Outputting XML is just a matter of configuring whatever model serialiser from JSON to XML.
There are a few good arguments against XML, but those also work against JSON.
Don’t drink the JSON coolaid. XML is fine. Better, in many cases, because XML files actually support comments.
In the modern programming world, XML is just JSON before JSON was cool. There was a whole hype about XML for a few years, which is why old programming tools are full of XML.
It’s funny but sad to see the JSON ecosystem scramble to invent all of the features that XML already had. Even ActivityPub runs on “external entities but stored as general purpose strings”, and don’t get me started on the incompatible, incomplete standards for describing a JSON schema.
It’s not just XML either, now there’s cap’n proto and protobuf and bson which are all just ASN.1 but “cool”.
Apple and Google turn a blind eye to large apps. App stores need Facebook more than Facebook needs the app stores.
That said, they need some pretty complicated bypasses to not show a microphone icon every time they try to listen in.
I believe these apps will listen in on calls and maybe voice messages, but they’re not enabling the microphone 24/7.
I think Microsoft saw how pointless their efforts were and dropped it. I think they may still lock your desktop background?
It’s so easy to set up vlmcsd that I don’t even leave temporary virtual machine unregistered, but last time I used a pirated copy on another person’s laptop I had no idea until I noticed the text in the bottom right. Even stuff like backgrounds are easy to change by just downloading third party background software, like back on the good ol’ Windows 7 days.
The npm package flip-text is the closest that I know of:
const flip = require('flip-text');
const str = "dobo";
const flippedStr = flip(str);
console.log(flippedStr); // Output: "qoqo"
However, with great libraries like is-thirteen I’m sure JavaScript will some day gain a proper horizontal flipping library.
Same is true for JavaScript’s namesake, Java; Object has a toString method, so everything but primitives (int, long, etc.) must have a toString method (and primitives sort of have one too in a roundabout way).
I think JavaScript’s toString also serves another function, namely to have some form of fallback when doing operations on what should be incompatible types. [] + "", for instance; JavaScript will call toString() to do type conversion when the nearest matching type is a String.
Java would be "test string".toString(). C# has "test string".ToString(). Python has str("test string") (as str() is Python’s toString equivalent). Rust has String::from("test string").to_string().
That’s just from the top of my head. I’m sure there’s more.
Edit: actually, I think Rust’s to_string() may not be entirely useless, I think it may be used as a consuming placeholder for clone()? Not sure how that would be useful, but it’s not a complete no-op at least.
When you get and hire a plumber, do you check their criminal history? It’s ridiculous to expect Microsoft to act like the police or government to choose who does and doesn’t comply with laws. They’re not going to hire private investigators to check for crimes, that’s not their job.
Microsoft did pick the location, and as far as I can read, the permits have been signed. Attempts to block construction didn’t pass court, implying that either the local council doesn’t decide over what gets built there or the paperwork is in place.
it just perpetuates colonialism, and Bill Gates+Microsoft have always been in lock step in this regard.
You’re right, Bill Gates is spending billions on fighting malaria because deep in his heart he wants to bring the Congo back under white control. Lmao. Rich people giving away money for tax and image purposes is mostly just that, with a bit of a “I’m helping the world” mindset attached to it. As long as we acknowledge that, I can only see net positives in the charity work. This isn’t the “let’s dump a bunch of money near corrupt warlords” or “let’s kill the local fabric industry by sending our old clothes to a poor country” charity, this is R&D and free mass produced measures, available for cheap in any western country but unaffordable for poor nations, that could never have been produced locally.
The point is the true villain here is colonialism
Ridiculous. India is no longer a colony and even before that it wasn’t an American colony. Making Microsoft responsible for Indian politics, environmental agencies, and law enforcement is literally pulling the power away from the people and placing it with a foreign corporation. Microsoft taking on governmental responsibilities is the closest thing to colonialism they can possibly pull.
India should show that they don’t need a colonial power to instruct them how to control their country and figure this shit out, from local councils to the national government. Infantilisation of ex-colonies is part of the colonial mindset.
Microsoft pulled the same shit here. They lobbied at the national and provincial government, the locals protested but lost, they tried to block construction through environmental concerns (some kind of rare bird or beetle I believe), and this all failed. The reason? The previous elected local and provincial council agreed and signed all the paperwork before people found out what was happening. Does this mean Bill Gates is trying to colonise the Netherlands? No, this just means our politicians are corrupt and the legal instruments to protect the people are lacking. If it weren’t Microsoft, it could’ve been a supermarket distribution center, or a greenhouse, or anything else. The problem is systemic and the solution lies within the political system, not by being angry at the first company that figures out there’s some affordable land somewhere.
They’re it going to be dumping servers in the river. They’ll get moved to whatever recycling infrastructure is nearest, or maybe resold on the second hand market. From what the article says, the local economy and farming industry has been in decline since long before Microsoft bought land for a data center. A picture of a stack of pipes, with no verification that they’re even hooked up, aren’t exactly proof of anything either.
It seems to me that this isn’t about Microsoft or data centers, but about the local government versus the wider government. The locals don’t want a data center but the government above their local representation doesn’t care, and has the power to give out permits for this kind of stuff.
I’m sure there’s illegal waste dumping by the construction companies as locals say (which heavy fines or even prison sentences should be handed to), but data centers aren’t exactly chemical plants. There are many other downsides to data centers (such as fresh water consumption during hot summers, which India has plenty of, orthe impact on the local power grid) but as far as I can tell this is a political disagreement/power imbalance spun into an environmentalist story against a Big Bad Foreign Company to gain sympathy.
I don’t think Microsoft owns a construction company. Surely the shady construction company is to blame in that case? It’s not like Microsoft told them 4k dump their construction waste.
Also, Bill Gates isn’t head of Microsoft anymore, and hasn’t been for years now, maybe even decades at this point. The obsession with Gates doesn’t make much sense when there have been way worse people who have replaced him over the years.
I know about overhead and fairness guarantees and context switching impact, but for simplicity’s sake I just generally start new threads in Rust. Introducing async isn’t that much harder, but for what I write it’s generally fine.
Java’s project Loom looks pretty cool, though I’ve read scheduling remains challenging and several libraries seem to have the occasional deadlocking issues.
Javascript passes objects by reference in most cases. Passing logging objects by copy would actually be an anomaly within the language. The only unexpected part is that the browser console doesn’t toString your objects instantly (for performance reasons mostly), but the same happens in other frameworks for other languages (though often with less latency, milliseconds most of the time).
As I’ve personally experienced, this can make debugging concurrency issues real fun! Pre-composing your log messages as a string (within the same critical section) will prevent quite a few weird edge cases.
The Python console doesn’t allow you to expand and dig deep into the object hirerachy of the thing you’re dumping. You either implement a string conversion handler or manually convert the object to a string as well, whereas Javascript doesn’t need the extra string pass and doesn’t flatten the log hierarchy. There are a few JSON logging frameworks you can combine with log aggregators that provide the same functionality, but that’s quite heavy and complicated to set up.
Fwiw, Javascript’s object logging is a feature I often miss in other languages. If you just want to log the string, use formatted strings or just log obj+“” like you would need to do in every other language. Or even better, log a copy, like you probably wanted to do, with {…obj}.
I have many gripes with Javascript, but the logging API is pretty solid.
Google clearly shows their intent by not providing an alternative API for content filtering, but that doesn’t mean there are no security concerns. Malicious extensions have become so prevalent that Mozilla had to switch to only permitting signed extensions (despite community outroar) because shitty companies were inserting their extensions into the users’ profile directory without permission and breaking websites and even Firefox itself in some cases.
Secure Boot requires the user to be able to turn it off, so if it gets in the way of anyone, it’s implemented wrong. Microsoft has a weird certification system for “super duper secure” laptops or whatever they call it where only their private key is loaded, but that’s a small amount of expensive business laptops.
If anything, Secure Boot is an example of the “just let me turn it off if I want to” crowd making computers less secure for the majority because Microsoft allows booting a whole bunch of Linux distros on supposedly locked-down systems, which has been proven to make other attacks possible (like that recent one on Lenovo laptops where a Linux boot disk could insert a fingerprint into the fingerprint reader that would unlock TPM-based encryption).
Nobody is preventing you from installing Linux through secure boot. In fact, you can take control of your secure boot settings and prevent anyone from installing Windows on your computer without your password.
Personally, I would’ve lowered the size of this was about security. Make it a nice, round number, like 1024.
I think it must’ve been based on something like “the declarative layout is x KB per entry so if we assume the file can be 10MB at most we get about 30k entries”. Maybe they documented it somewhere, I don’t know.
I think it’s clear that a security concern has been hijacked by the ad people. If it was just about security, some other content blocking API would’ve been set up. Safari on iOS has content blockers and that doesn’t even use web extensions, so clearly there are software design models that allow blocking without the “read any website data any time” risk that WebExtensions pose.
But these features don’t just target ad blockers. It also affects other extensions, like Stylus for user CSS, or TamperMonkey for user scripts. It also affects other content blockers, of course. The big difference is that most extensions that require permanent access to every resource on every page are either ad blockers, malware, or power user scripts.
But they’re not blocking ad blockers. They’re restricting a huge attack surface which has the side effect of making it harder to build ad blockers. With this change, extensions can “only” alter/inspect/redirect/block 30,000 domains if they use the webRequest API. That’s not enough to build uBlock Origin with, but at least there’s limit now.
Google should add a specific ad blocking API (though I suppose that name would run afoul of market competition laws, so maybe they’d need to workshop that stuff info “content enhancers” or whatever) before removing the ability for extensions to hide/block/redirect/alter arbitrary requests, but the way extension’s currently work is pretty terrible.
It’s all fun and games if uBlock Origin uses this API, but if one of your other extensions get bought out by a Chinese malware company, you’d be wondering why “save downloads to Nextcloud” and “remove Google search bar from the browser home page” were able to steal all the money out of your checking account and open several credit cards in your name.
Google’s approach sucks, but in my opinion other browsers should show stronger warnings when installing extensions with access to everything you do in a browser (and outside it, if you screen share).
I don’t really care about Chrome, Chrome users can just download another browser if they don’t like ads. I do care about the risks in other browsers, and browsers need to do a lot better communicating and compartmentalising this risk to end users.
Most motherboards I’ve seen come in two versions: one with WiFi and Bluetooth, and one that doesn’t have wireless but is a few dollars cheaper.
I don’t think it makes sense to cheap out on the motherboard only to spend twice the difference on a USB adapter. I only have a dongle because Bluetooth motherboards weren’t quite so ubiquitous when I bought my current machine.
For prebuilts, the cheapest office PCs seem to come with Bluetooth now. Maybe there’s some kind of ultra barebones office PC stock out there, but I think you need to go out of your way to get those.
What I think matters is how terrible the consumer GPU market has become in the past five years. Decent GPU tiers doubles or tripled in price. Many gamers are probably rocking older hardware than they would’ve if it weren’t for cryptocurrency and AI eating up the consumer GPU market.
Other browser vendors like Microsoft and Brave and Opera could’ve added XL support if they wanted to. It’s not just Google, none of the browser makers want to deal with yet another image format. Only Safari supports the protocol, and even then they don’t support animated images.
IE and pre-Chromium Edge implemented JPEG XR and nobody followed. Safari implemented JPEG 2000 and nobody followed. Implementing an image codec is a lot of work and adds attack surface for hackers, nobody really wants to do that unless they have to.
We have JPEG, we have WebP if you need smaller images than JPEG, and we have AVIF if you want something smaller than PNG for photographs. Unless all of the competition implements JPEG XL again, I don’t think they have any reason to bother. Especially with the whole patent vagueness.
Google could always donate the money to Mozilla and let Mozilla make the right choice, though I’m not sure if legislators will accept that. It’s not like Google would even notice a traffic drop if Mozilla stopped shipping Google as a default. Hell, with Firefox’s tracking protection, they may be glad to lose the extra load that doesn’t help revenue streams.
Luckily, Firefox has such a tiny sliver of market share that rarely anyone will notice. Bigger browsers, like Safari, are more likely. To catch the regulators’ eyes.
I believe this guide can get you started pretty quickly to get the basics down. There are tons of guides online, but most of them will give you the basics (“this is how to find a prime number”) and then leave you on your own. Once you know how instructions, calling conventions, and system calls work, the rest of assembly programming is just reading documentation or Googling “how do I X in assembly”.
What can help is using websites like godbolt.org to write simple C programs and looking at the compiled output. Look up instructions you don’t recognize and make sure you don’t enable optimizations, unless you want to deal with atrocities like VGF2P8AFFINEINVQB.
If you don’t mind getting started with old assembly, there are also more comprehensive guides for MS-DOS and old Windows that mostly involve 16 bit and 32 bit programs programming. 64 bit programming is different (uses more registers to pass variables, floating point support is guaranteed, etc.) but there aren’t as many good books on the topic anymore now that it’s become a niche.
I think there are quite a few guides out there for ARM these days, if you have something like a Raspberry Pi or an emulator you can also learn ARM assembly (which has fewer supported weird instructions, but also a tonne of weird stuff).
If you want to go deep, you can also check Ben Eater’s youtube channel where he shows step by step how an 8 bit computer on a breadboard works, how instructions relate to memory, and all that. With some intuition from that, learning amd64 assembly may be a lot easier than going from normal programming languages to assembly.
Edit: to get into understanding assembly programming, [Human Resource Machine[(https://store.steampowered.com/app/375820/Human_Resource_Machine/) will explain the concepts of assembly programming without ever overtly explaining the concepts. Plus, it’s a fun puzzle game.
That’s Kotlin. Mostly used for programming for the JVM, though it compiles to native code as well these days. Very interesting for cross platform app development, although I rarely do that these days.
I think Swift has a similar syntax, but it doesn’t do some of the less obvious Kotlin tricks as far as I’m aware.
Modern decompilers like the one packaged with Ghidra helps a lot for intuiting how instructions work. Unfortunately, a lot of video game code is obfuscated, so you’re probably more likely to run into weird instructions, but OK the other hand you’ll learn what they do faster than when you rarely encounter them.
If you want to write amd64 code, you can get away with mastering just one instruction, and that’s the kind of tomfoolery that obfuscated programs will try to use to make your life harder.
From what I’ve heard, writing big stuff in assembly comes down to play-acting the compiler yourself on paper, essentially.
I think that’s true for just about any programming languages, though the program you’re “compiling” is a human understanding of what you’re trying to accomplish. Things like val bar = foo.let { it.widget?.frub() ?: FrubFactory::defaultFrub(it) } don’t come naturally to the human mind, you’re already working through the logic required before you start typing.
As for the x86 instruction count: you don’t need to know all of them. For instance, here’s a quick graph of all of the instructions in systemctl on my system:
With the top 15 or maybe to 25 of these instructions, you can probably write any program you can think of, and what’s missing will probably be easily found (just search for “multiply” or “divide”). You don’t need to know punpckldq to write a program.
Unless you’re developing an OS or something, you’ll probably be using the C standard library and maybe a bunch of other libraries provided by most distros. Just because you’re doing assembly doesn’t mean you need to program syscalls manually.
Modern assemblers also come with plenty of macros to prevent common mistakes and provide common methods. For instance. NASM comes with things like %strcat to do string concatenation.
I suppose the lack of compiler warnings can be a challenge, but most low-level compilers don’t exactly provide guidance for when you design your program wrong.
No doubt Assembly is harder than Java or Python, but compared to languages like C, I don’t think it’s as hard as people pretend to it to be.
Assembly isn’t that hard. It’s the same imperative programming, but more verbose, more work, and more random names and patterns to remember. If you can understand “x += 3 is the same as x = x + 3”, you can understand how the add instruction works.
I wouldn’t be able to write Rollercoaster Tycoon in assembly because keeping track of all that code in assembly files must be hell, but people pretending like you need to be some kind of wizard to write assembly code are exaggerating.
These days, you won’t be able to beat the compiler even if you wrote your code in assembly, maybe with the exception of bespoke SIMD algorithms. Writing assembly is something only kernel developers and microcontroller developers may need to do in their day to day life.
Reading assembly is still a valuable skill, though, especially if you come anywhere near native code. What you think you wrote and what the CPU is actually trying to do may not be the same, and a small bit of manual debugging work can help you get started resolving crashes that make no sense whatsoever. No need to remember thousands of instructions either, 99% of assembly code is just variations of copying memory, checking equality and jumping anyway. Look up the weird assembly instructions your disassembler spits out, they’re documented very well.
Depends on the quality of the phishers I guess, but the phishing pages I’ve been emailed only work for the IP that first visited them, after that they turn to 404s or legitimate looking websites. Really annoying, because I wanted to report some domain as phishing to a domain registrar and the moment they checked my submission they told me not to file fake reports.
I suppose they could try to record all traffic and sift through it to record phishing pages, but somehow I don’t think they’re willing to collect the petabytes per day necessary to check back later. That’s the whole point of Cloudflare, they don’t store the code running websites, they just proxy connections towards these hosts.
As for telling who they are: I haven’t heard of Cloudflare ignoring any warrants. These hosters aren’t unfindable because they’re behind Cloudflare, the authorities just need to get their shit together to do something about them.
I don’t think the bad actors are a large part of Cloudflare’s customer base. I get why nonprofits, threat analysists, and other non-government organisations get frustrated when their work is so much easier with the shared hosts and server resellers, but they’re not the police.
I want Cloudflare’s abuse report to be better, but I don’t think the problems these blog posts have with Cloudflare will disappear if they do. Domains are quick and cheap to re-register, and abuse removal on a Cloudflare scale will probably bring the entire modern internet into a YouTube-copyright-strike system where a few automated reports can take down most websites.
Cloudflare apparently has 14% to 16% of the DNS market but only serves 10% of domain names for spammers, according to this blog post. That means a site being hosted on Cloudflare is actually a reason to trust an email more, not less, by pure statistics.
Unlike other hosts, Cloudflare offers a DNS server that’s easy to script against, cheap, and actually works well. A combination of three factors I haven’t seen another DNS host do. Of course spammers are going to flock to services like these. Kick over Cloudflare and the next most bot-friendly DNS provider will take the spammers instead.
I get why that one security vendor published a blog post about Cloudflare recently (after all, they make money selling scary news articles) but I don’t really get why Spamhaus is publishing this. They link to their own “how to prevent abuse” page which comes down to “take basic personal information (because criminals would never lie), don’t take crypto (anonymity == criminal), use our various services”.
As for the “bulletproof hosters” part: Cloudflare tries not to make ethical decisions about their customers. Given the position they’re in as middle man to at least 20% of the entire internet (80% of CDNs), I don’t think I want them to make any decisions about who can and who can’t use their services. In fact, if they start picking and choosing their customers and what they host, that increases their liability when illegal stuff does happen on their platform. The internet is free because hosters don’t need to manually approve the stuff they’re hosting as long as they follow up on legal issues; if they start picking and choosing, they’re on the hook for stuff they misjudged or missed.
SpamHaus can flag Cloudflare domains as a spam/phishing risk if they want to (but I doubt they will, as that would affect their own emails as well, seeing as they are hosted behind Cloudflare). I don’t see why they would need to make a public blog post about their problems.
I can’t find that for JSON, only for JSON schema (which is a different spec), is that the one you mean?