Contents^
Items^
DNS over Dedicated QUIC Connections
> Abstract: This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet-loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC 7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DoQ as a general-purpose transport for DNS and includes the use of DoQ for stub to recursive, recursive to authoritative, and zone transfer scenarios.
> [...] DNS over HTTPS (DoH) [RFC8484] can be used with HTTP/3 to get some of the benefits of QUIC. However, a lightweight direct mapping for DoQ can be regarded as a more natural fit for both the recursive to authoritative and zone transfer scenarios, which rarely involve intermediaries. In these scenarios, the additional overhead of HTTP is not offset by, for example, benefits of HTTP proxying and caching behavior.
Twitter Deal Temporarily on Hold
I strongly feel that the spammers thing is smoke and mirrors.
The deal at $54.20 was maybe OK for him a month ago (it was great for Twitter because nobody else was interested at that price). Since then, Twitter reported disappointing numbers for the past quarter, and the entire market took a nose dive, with tech hit especially hard.
TWTR stock price was in the mid-30s before Musk's offer. Without the offer, and with the disappointing numbers, and with the recent market development, one could reasonably assume that the stock would be below 30 today.
Musk should just pay the break fee of $1bn, and renegotiate for $42.69 or whatever meme number he fancies. Why pay $42bn total for something when you can get it for $30bn.
When Musk started selling his TSLA shares to buy Twitter, TSLA fell by like $200 or like 20%.
It was becoming obvious that to buy Twitter, TSLA value would have to decline severely. IIRC, Musk only got around to selling $8 Billion pretax before quitting.
Musk thought he could afford Twitter. He sells some TSLA and the market collapses, and he suddenly decides against it.
Everything else is smoke and mirrors. Musk doesn't have the cash for the deal anymore (maybe he never had the cash for the deal). I guess Musk is looking at the $1 Billion ejection clause now and trying to weasel around it.
But at this rate, it looks like Musk owes Twitter $1 billion cash for this broke deal.
This is the pretty good point to all the "richest person" "net worth XX Billion" lists and calculations.
Most if not all of these people can't liquidate even close to their "net worth"
If you can get several tens of millions of dollars, liquid, on fairly short notice, there's almost nothing you can't buy on a whim. You may as well have infinite money. It doesn't matter that you can't liquidate another 90-99% of your net worth easily. You borrow $60m for that second yacht, then pay it off as soon as the tax situation looks favorable for realizing some gains. No big deal. Live like (er, better than) a king, pay taxes like a pauper. It's the American way.
Larger sums are only really useful for making big-splash investments. Like this. As far as personal spending goes, it's no obstacle, so it doesn't matter that they can't easily turn their entire net worth into a literal billions-of-dollars balance in a checking account.
Show HN: Pythondocs.xyz – Live search for Python documentation
Hi everyone!
I've been working on a web search interface for Python's documentation as a personal project, and I think it's ready for other people to use...
Please give it a go (and join me in praying to the server gods):
Here's the tech stack for those interested:
- Parser: Beautiful Soup + Mozilla Bleach
- Database: in-memory SQLite (aiosqlite) + SQLAlchemy
- Web server: FastAPI + Uvicorn + Jinja2
- Front end: Tailwind CSS + htmx + Alpine.js
I have ideas for future improvements but hopefully the current version is useful to someone.
Let me know what you think!
Does python not have built in documentation search? In R I use `??searchterm`.
It has help(), but I don't think there's a nice search feature included.
I mean you could use string methods to search for something of course, help just returns a string.
Then again, it's Python. There's probably some kind of
import search from helpTools
The `pydoc` / `python -m pydoc` module doesn't do search; it would be O(n) for every search like grep without e.g. a sphinx searchindex: https://docs.python.org/3/library/pydoc.html
Sphinx searchindex.js does Porter stemming for English and other languages: https://github.com/sphinx-doc/sphinx/blob/5.x/sphinx/search/...
sphinxcontrib.websupport.search supports Xapian, Whoosh (Python), and null: https://github.com/sphinx-doc/sphinxcontrib-websupport/blob/...
sphinx-elasticsearch https://github.com/zeitonline/sphinx_elasticsearch :
> This is a stand-alone extraction of the functionality used by readthedocs.org, compatible with elasticsearch-6.
MeiliSearch (rust) compared with ElasticSearch (java), Algolia, TypeSense (C++): https://docs.meilisearch.com/learn/what_is_meilisearch/compa...
Is there a good way to index each sphinx doc set's searchindex.js?
Colleges where everyone works and there's no tuition
Sorry to depart from the feel-good narrative, but this kind of student labor is token or symbolic at best.
The kinds of jobs that students can perform are not nearly the kind of jobs that a college with a physical plant to maintain, professors to pay, finances to administer, etc. can make a meaningful dent in. (By and large), students are not going to be doing electrical work, maintenance, financial accounting, administration, etc. -- the day to day necessary jobs that keep an institution running -- at all, or enough to be offsetting the costs of those professionals and paying for salaries of the faculty. And you wouldn't want students to be handling many of the jobs that rely on people to conscientiously do them for years, and have institutional memory in mind. They're there to be students, not workers. That's why most student jobs are of the type similar to dorm cleaners, kitchen staff, library, computer room, etc. -- short term temp work requiring no great specific skills.
The article itself acknowledges that much of the income comes from the endowment, grants, donations. If you wanted to start a school on the premise of student labor paying for it, without these existing sources, there would be no way. The cost of running a school is simply way too high in developed countries to do this.
Having students work is not a bad thing. But it isn't some utopian possibility to solve the problems of the cost of education at nearly any typical school. To make this possible you'd have to start something like an educational coop in a developing country. And I doubt that would be a significant contributor to higher education, until it got larger and more professional, at which point you would start to run into the exact same issues above.
I actually entirely disagree with the premise that students should work. I think it's wrong, aside from a perhaps holiday job. They should study, that's it. If they are not busy enough to study, then they don't study hard enough.
That's why, I think, in some European countries, instead of giving debt to students, we give them a stipend. The society should be able to support students enough to study, so they wouldn't have to work.
True, being a student should be considered a full-time job. I'm from Europe and we get stipends that depend on grades (and financial situation), and studying is at least somewhat considered a duty and responsibility towards society then, instead of the American attitude where students are service consumers, customers who must be pandered to. You can see where that attitude has led on American campuses.
[deleted]
What are your most used self-hosted applications?
awesome-selfhosted/awesome-selfhosted lists quite a few: https://github.com/awesome-selfhosted/awesome-selfhosted
Sqldiff: SQLite Database Difference Utility
Which {SQL,} databases do this as a native, online database feature; so you don't have to pull backups to sqldiff?
E.g. django-reversion and VDM do versioned domain model on top of SQL, but not with native temporal database features.
Many apps probably could or should be written as mostly-append-only - not necessarily blocking until the previous record is available to hash – but very few apps are written that way, so run sqldiff offline.
There is Dolt, which started out as git for tables but is turning into a MySQL compatible database with good versioning. (Including branches and merges.)
dolthub/dolt https://github.com/dolthub/dolt:
dolt clone
dolt pull
dolt push
dolt checkout
dolt branch
dolt commit
dolt merge
dolt blame
dolt diff
EthicalML/awesome-production-machine-learning#model-and-data-versioning: https://github.com/EthicalML/awesome-production-machine-lear...
GitBOM: Enabling universal artifact traceability in software supply chains
From https://gitbom.dev/resources/whitepaper/ :
> For this reason we propose two areas of work:
> 1. enhancing artifact-generating tools (e.g., compilers, linkers, and container image generators) to also output metadata regarding their inputs and outputs
> 2. defining a storage format which represents the minimum information to describe the artifact relationship tree, and which uses git’s on-disk storage format
> Following from (1), this approach will require minimal to no effort on the part of open source project maintainers, thus significantly increasing its chances of widespread adoption as compared to any approach which requires maintainers to perform additional actions (e.g., implementing substantive changes in their CI/CD or package build pipeline to generate an SBOM).
Requirements traceability: https://en.wikipedia.org/wiki/Requirements_traceability
codemeta/codemeta - Minimal metadata schemas for science software and code, in JSON-LD: https://github.com/codemeta/codemeta
Compostable fungi-based replacement for styrofoam
I'm heartened by the interest in better packaging and it seems like it's having a moment. Last week Cruz Foam[0] (probably a direct competitor) had an announcement that it had some celebrity investors[1]. It's probably not a popular opinion but I think adding more regulations or incentives (tax breaks) to discourage the use of non-biodegradable packaging, especially in foods, is long overdue.
[0] - https://www.cruzfoam.com [1] - https://www.cruzfoam.com/post/meet-our-new-investors-advisor...
Yeah, we have incentives to insulate homes but they all use terrible tech. The best solution still off-gases and can be dangerous if done improperly.
Home insulation has a longer useful life than most packaging, but you're right that it still usually ends up in a landfill. However the current incentives for home insulation are very different - usually to reduce home heating/cooling costs and reduced energy consumption is usually an environmentally sound policy. Should there be further incentives to encourage insulation alternatives which have a more eco-friendly end of life? Absolutely. And that is likely a harder problem given the productive lifetime of an average home, but definitely a worthy place to also put further incentives.
I think one of the solutions may be based on hemp, currently known as hempcrete or hemp concrete - essentially a mix of hemp hurd (the woody essence of the hemp plant), hydraulic lime, and water.
You mix it up and then all you need is just the wooden frame (if you're building load bearing walls), then you wrap it in hempcrete (floors, walls & roof), apply some mud plaster and you're done. No need for 6-10 layers full of plastics & glues.
Thanks to use of lime instead of cement the building even captures CO2, as the walls literally turn into stone over time.
Some hemp buildings are 200+ years old, in some cave in india they've even found 1500 y.o. hempcrete, and you can compost whole building at EOL.
Some other benefits: non-toxic, no off-gassing, no solvents, mold resistance, high vapor permeability, humidity control, durable, sustainable, carbon sequestration, fire and pest resistance, passive self regulation of temperature and humidity, great insulator
Can hempcrete be made from Mars or Moon aggregate instead of lime, and 4d printed?
FWIU, lime requires coral for production? Is lime sustainable?
Alternative solutions for: structural wood frame in a hempcrete structure: stacking hempcrete blocks on structural forms that are stronger and more insulting than structural concrete; green concrete, a carbon and thermal gradient sink; and Hempwood, which is apparently stronger than spec lumber of the same dimensions as well.
most lime comes from limestone, extracted by quarries/mines- although sometimes it is sourced from coral
the process of producing lime can involve a number of not-very-sustainable steps, hopefully which can be substituted for more environmentally responsible alternatives
How does this product compare to aerogel, which is inorganic without minor radiation? https://en.wikipedia.org/wiki/Aerogel
> Aerogels are produced by extracting the liquid component of a gel through supercritical drying or freeze-drying. This allows the liquid to be slowly dried off without causing the solid matrix in the gel to collapse from capillary action, as would happen with conventional evaporation. The first aerogels were produced from silica gels. Kistler's later work involved aerogels based on alumina, chromia and tin dioxide. Carbon aerogels were first developed in the late 1980s.[12]
Can aerogels be made with {formed,?} fungi-based production processes?
Aerogels tend to be fairly brittle, but more recent innovations make them probably work.
Fundamentally they are defined when you remove a solvent from a gel supercritically. High temperatures or pressures. Not very friendly for organics, but probably could work with a polymer.
Of course if you just want a low density polymer with air in it that's just styrofoam. The organic part is the interesting bit, and organic stuff usually has better strength due to multi-dimensional patterning whereas an aerogel would tend to have a single structure throughout.
In this domain it's important to remember that organic means carbon-containing, the word you're looking for is biological or biochemical. Polystyrene is an organic compound.
Sorry to have confused you. I used simplified language because this is not a site filled with chemists and I wanted to avoid confusing people.
Is it a carbon sink organic compound? Does it offgas VOCs?
HS chem was years ago. Does jsmol/pymol work in Jupiter notebooks? That probably doesn't at all model heat or other QFT or QG fields.
Though this one probably doesn't require an understanding of how quantum chemistry is actually occurring (Q12 STEM), I found this for protyping, which "operates on abstract data structures allowing the formulation, combination, automatic differentiation and optimization of generalized objectives. Tequila can execute the underlying quantum expectation values on state of the art simulators as well as on real quantum devices." https://github.com/tequilahub/tequila#quantum-backends
I'm not sure this is a useful framing.
If the chemicals used to make an aerogel are carbon sinks, the aerogel will be as well unless the energy use is higher than the sunk carbon.
If it's not biological, it's usually not a carbon sink. There are exceptions.
And as for outgassing, in my experience any polymer that you do gas sampling over in a closed container will be show some offgassing of something. It's just the nature of solids to release vapor, if there is zero in the gas phase then there's a lot of entropic force to drive there to be at least one in the gas phase. Like, a huge entropic driving force. Everything outgasses.
Whether there's a lot of outgassing depends on the chemicals that are broken down and the volatility and the temperature, I think this will almost always be low but measurable for long chain polymers, and modest for short chain and low density polymers (think how foam insulation smells when it gets heated in the sun if you've ever seen it). What is outgassed is definitely more important, so it really just is super case by case to do an actual safety analysis to compare them, and it would depend on the use conditions (temperature, sunlight, etc).
I don't know anything about jsmol or pymol, I don't think a software suite is necessary here. These processes are pretty basic and you can just look up relative volatilities and breakdown products for a given case. You definitely don't want to try to simulate the thermal breakdown of a polymer (which you'd define statistically with potentially hundreds of thousands of atoms each) -- especially not quantum mechanically -- into the gas phase. There are a lot of opportunities for much more basic issues than software libraries; like how you model the gas around the solid surface and what the structure of the solid surface is. Does gas move due to outside flow? Does it also carry away heat?
It's a hugely complex thing to actually calculate (and even for a few atoms QM simulations are horrific and easy to mess up) so instead I personally would just rely on the rules of thumb I talked about first and then look up actual data from bulk materials property measurements. I definitely wouldn't touch a simulation when real bulk property measurements are easily available.
Evolution is not a tree of life but a fuzzy network
I've always said it's not the Tree of Life, but rather the DAG of Life.
It may not even be acyclic. For example it appears fetal DNA is permanently detectable in mothers and may even have health benefits that conceivably increase the mother’s evolutionary fitness.
How can it be acyclic? A phylogenetic tree is a DAG. Organisms sharing DNA? That's definitely a cyclic graph.
If there were Schema.org/Animal and/or schema:AnimalInstance classes, what do you list under a :breed property to indicate that e.g. one parent is breed X and another is breed Y?! That's definitely not a DAG; that looks like a feature clustering dendrogram.
DNA barcoding > Mismatches between conventional (morphological) and barcode based identification https://en.wikipedia.org/wiki/DNA_barcoding#Mismatches_betwe...
Taxonomy (biology) https://en.wikipedia.org/wiki/Taxonomy_(biology)
FWIU, there's at least one DNA-based organism naming system; IDK how much that helps resolve :Animal and :AnimalInstance if at all?
My assumption as someone not formally trained in advanced biology is that the phylogenetic tree has an implied arrow of time, and each node of the tree is a point where a mutation occurred that was sufficient to create a new and separate family/order/genus/etc afterwards, with leaf nodes representing species.
In this sense a cycle can’t occur because a branch would need to reach back in time and rejoin with an ancestral branch. It would be a different kind of grandfather paradox: who would be the ancestor and who the descendant in a cycle?
Maybe someone could help point out the flaws in this model.
Your assumption is true, but only for rooted phylogenetic trees. In unrooted trees the node representing the most ancestral state is absent and thus no directionality can be determined.
U.S. interest rates have soared everywhere but savings accounts
The issue is that there is no incentive for banks to increase interest rates on accounts as they are already sitting on too much cash. Banks make money by lending money out, in times where banks are strapped for cash on hand, you will see interest rates increase. I don’t see this changing in the near future.
> "...there is no incentive for banks to increase interest rates on accounts as they are already sitting on too much cash."
and folks wonder why banks are so strictly regulated... no, banks are never sitting on too much cash unless they've made a marketing and/or an operational error. most banks are highly levered, meaning they're lending out, say, 10× the cash they hold, so they never "have too much cash on hand". quite the opposite. banks continually lobby regulatory agencies to raise their leverage thresholds so they can lever up even more and rake in more of that sweet, nearly risk-free[0] cash flow.
that they don't raise savings rates is purely out of greed, not necessity. they're also under no competitive pressure to do so, which indicates a malfunctioning market (functioning markets are by definition competitive). and more galling, they charge you hidden fees out the wazoo for the "privilege" of banking in a mine field.
banks are core infrastructure, much like roads and housing. i'd rather go back to a simpler form where banks were only allowed to make money on the spread between lending and savings rates, making them boring and having to compete (with higher savings rates, for example) for your business. all the risk-taking extensions to banking can still exist, just in a separate, firewalled entity with no access to that (nearly) risk-free cash flow.
[0]: risk-free in the finance sense of being free of idiosyncratic risk, not systemic risk.
You’ve just described the Glass-Steagall act. It has a long and storied history.
It was created in response to the Great Depression, then repealed by the Gramm-Leach-Bliley act because money. Then the Dodd-Frank act tried to have it reinstated but failed, also because money.
You may already be familiar with all of this but mentioning in case you’re not.
(https://en.m.wikipedia.org/wiki/Glass–Steagall_legislation)
There’s a quite brilliant documentary that came out in 2010, Inside Job, that covers this, but which was completely overshadowed by the much less informative The Big Short which came out 5 years later.
There was a separation between savings and investment banking between ~1933-1999.
Glass–Steagall in post-financial crisis reform debate: https://en.wikipedia.org/wiki/Glass%E2%80%93Steagall_in_post...
(Edit: Monetary policy / Monetarism > Current State , Liquidity trap > Global financial crises of 2008 and 2020: https://en.wikipedia.org/wiki/Liquidity_trap )
How do microlending and DeFi rates democratize subsidized capital availability?
From IL-RFC-1 Interledger Architecture https://interledger.org/rfcs/0001-interledger-architecture/ :
> Settlement for one account MUST NOT depend on the status of any other accounts.
> If settlement of one account in the Interledger is contingent on the status of another account or relationship, this could create the threat of cascading risks and failures, similar to problems that occurred during the 2008 global financial crisis. Nodes can protect themselves from such risks by choosing to use settlement technologies such as collateralized payment channels where available. These types of arrangements can provide high-speed settlement without a risk that the other side may not pay. For more information on different ledger types and settlement strategies, see IL-RFC-22: Hashed Timelock Agreements.
> Nodes can also choose never to settle their obligations. This configuration may be useful when several nodes representing different pieces of software or devices are all owned by the same person or business, and all their traffic with the outside world goes through a single “home router” connector. This is the model of `moneyd`, one of the current implementations of Interledger.
Changing std:sort at Google’s scale and beyond
> LLVM history: Back then we recognized some really interesting benchmarks and we didn’t recall anybody trying to really benchmark sorts on different data patterns for standard libraries.
Timsort https://en.wikipedia.org/wiki/Timsort :
> In the worst case, Timsort takes O(n log n) comparisons to sort an array of n elements. In the best case, which occurs when the input is already sorted, it runs in linear time, meaning that it is an adaptive sorting algorithm. [3]
> It is advantageous over Quicksort for sorting object references or pointers because these require expensive memory indirection to access data and perform comparisons and Quicksort's cache coherence benefits are greatly reduced. [...]
> Timsort has been Python's standard sorting algorithm since version 2.3 [~2002]. It is also used to sort arrays of non-primitive type in Java SE 7,[4] on the Android platform,[5] in GNU Octave,[6] on V8,[7] Swift,[8] and Rust.[9]
Sorting algorithm > Comparison of algorithms https://en.wikipedia.org/wiki/Sorting_algorithm#Comparison_o...
Schwartzian transform https://en.wikipedia.org/wiki/Schwartzian_transform :
> In Python 2.4 and above, both the sorted() function and the in-place list.sort() method take a key= parameter that allows the user to provide a "key function" (like foo in the examples above). In Python 3 and above, use of the key function is the only way to specify a custom sort order (the previously supported cmp= parameter that allowed the user to provide a "comparison function" was removed). Before Python 2.4, developers would use the lisp-originated decorate–sort–undecorate (DSU) idiom,[2] usually by wrapping the objects in a (sortkey, object) tuple
Big-O Cheatsheet https://www.bigocheatsheet.com/
Quicksort in Python 7 ways (and many other languages) on RosettaCode: https://rosettacode.org/wiki/Sorting_algorithms/Quicksort#Py...
Thanks, I'll remove the note about "recalling"
xeus-cling didn't exist back then: https://github.com/jupyter-xeus/xeus-cling#a-c-notebook
https://github.com/fffaraz/awesome-cpp#debug
A standard way to benchmark and chart {sorting algorithms, web framework benchmarks,} would be great.
The TechEmpower "framework overhead" benchmarks might have at least average case sorting in there somewhere: https://www.techempower.com/benchmarks/#section=data-r20&hw=...
awesome-algorithms https://github.com/tayllan/awesome-algorithms#github-librari...
awesome-theoretical-computer-science > Machine Learning Theory, Physics; Grover's; and surely something is faster than Timsort: https://github.com/mostafatouny/awesome-theoretical-computer...
Christ, the description on that second repo is so comically terribly spelled that I can’t figure out whether it’s a joke:
> The interdicplinary of Mathematics and Computer Science, Distinguisehed by its emphasis on mathemtical technique and rigour.
(Perhaps a witty satire on the reputation of mathmos for being godawful at anything literary...)
Deep Learning Poised to ‘Blow Up’ Famed Fluid Equations
Euler equations (fluid dynamics) https://en.wikipedia.org/wiki/Euler_equations_(fluid_dynamic...
> In fluid dynamics, the Euler equations are a set of quasilinear partial differential equations governing adiabatic and inviscid flow. They are named after Leonhard Euler. In particular, they correspond to the Navier–Stokes equations with zero viscosity and zero thermal conductivity. [1]
Navier–Stokes equations https://en.wikipedia.org/wiki/Navier%E2%80%93Stokes_equation...
> The Navier–Stokes equations mathematically express conservation of momentum and conservation of mass for Newtonian fluids.
Computational fluid dynamics https://en.wikipedia.org/wiki/Computational_fluid_dynamics
Numerical methods in fluid mechanics https://en.wikipedia.org/wiki/Numerical_methods_in_fluid_mec...
- [ ] Quantum fluid https://en.wikipedia.org/wiki/Quantum_fluid
> Quantum mechanical effects become significant for physics in the range of the de Broglie wavelength. For condensed matter, this is when the de Broglie wavelength of a particle is greater than the spacing between the particles in the lattice that comprises the matter. [...]
> The above temperature limit T has different meaning depending on the quantum statistics followed by each system, but generally refers to the point at which the system manifests quantum fluid properties. For a system of fermions, T is an estimation of the Fermi energy of the system, where processes important to phenomena such as superconductivity take place. For bosons, T gives an estimation of the Bose-Einstein condensation temperature.
Classical fluid https://en.wikipedia.org/wiki/Classical_fluid
> Classical fluids [1] are systems of particles which retain a definite volume, and are at sufficiently high temperatures (compared to their Fermi energy) that quantum effects can be neglected [...] Common liquids, e.g., liquid air, gasoline etc., are essentially mixtures of classical fluids. Electrolytes, molten salts, salts dissolved in water, are classical charged fluids. A classical fluid when cooled undergoes a freezing transition. On heating it undergoes an evaporation transition and becomes a classical gas that obeys Boltzmann statistics.
Chaos theory https://en.wikipedia.org/wiki/Chaos_theory
> Chaos theory is [...] focused on underlying patterns and deterministic laws highly sensitive to initial conditions in dynamical systems that were thought to have completely random states of disorder and irregularities. [1] Chaos theory states that within the apparent randomness of chaotic complex systems, there are underlying patterns, interconnectedness, constant feedback loops, repetition, self-similarity, fractals, and self-organization.
Quantum chaos https://en.wikipedia.org/wiki/Quantum_chaos
> If quantum mechanics does not demonstrate an exponential sensitivity to initial conditions, how can exponential sensitivity to initial conditions arise in classical chaos, which must be the correspondence principle limit of quantum mechanics?
... in dynamic, nonlinear - possibly adaptive - complex systems.
google/jax-cfd https://github.com/google/jax-cfd#other-awesome-projects lists "Other differentiable CFD codes compatible with deep learning"
FWIU the AlphaZero for Fusion optimization is for the non-fluid plasma Deep Learning convex optimization part of the problem?
Is it ever enough to model just fluids, is modeling quantum chemistry necessary as well?
pip install tequila-basic
https://github.com/tequilahub/tequila#quantumchemistry
https://github.com/tequilahub/tequila-tutorials/blob/main/Ch...
awesome-fluid-dynamics https://github.com/lento234/awesome-fluid-dynamics :
- "12 Steps to Navier-Stokes"
- Differential programming https://en.wikipedia.org/wiki/Differentiable_programming : gradients; sometimes gradient descent
- Neural Networks for PDE
"Differentiable function" https://en.wikipedia.org/wiki/Differentiable_function
> In mathematics, a differentiable function of one real variable is a function whose derivative exists at each point in its domain
If there is a ZeroDivisionError because a denominator is zero, is that actually a differentiable function?
-x**-1
-1/x
Divergence theorem ... Fluid diverconvergences https://en.wikipedia.org/wiki/Divergence_theorem :
> The divergence theorem is an important result for the mathematics of physics and engineering, particularly in electrostatics and fluid dynamics. In these fields, it is usually applied in three dimensions. However, it generalizes to any number of dimensions. In one dimension, it is equivalent to integration by parts. In two dimensions, it is equivalent to Green's theorem. [...] Explanation using liquid flow [...]
"Logarithms yearning to be free" re: symbolic limits and currently non-axiomatic Infinity https://news.ycombinator.com/item?id=31015139
... Quantum thermodynamics, fluids, and chaotic divergence
The "derivative" at a certain point is defined as the limit of the ratio between function differences and argument differences.
In the context of derivatives, "exists" means that this limit is a finite number.
If the derivative function has an expression which is a fraction whose denominator becomes null at a point, the derivative may exist or not exist at that point.
If the corresponding numerator at that point is non-null (i.e. the derivative is infinite), then the derivative does not exist and the original function is not differentiable at that point.
If the numerator is also null, the derivative may exist or not at that point, depending on whether the limit of the derivative exists or not.
Are there no symbolic results from derivatives of any order?
Is it more correct to say that, if the denominator is zero at that point, the derivative is just non-Real because it's e.g. `n*x*oo`?
Practically, do we just say that such actually discontinuous functions are still mostly differentiable but the derivative does not exist in non-symbolic space?
> ... Quantum thermodynamics, fluids, and chaotic divergence
FWIW, does [quantum] thermodynamics predict emergent behaviors amongst self-organizing systems apparently at least temporarily contradicting a tendency to entropic decay?
My understanding is that no: fluid dynamics, quantum fluid dynamics, and quantum chemistry are not sufficient to describe and thus cannot predict emergent behaviors in complex nonlinear - possibly emergently adaptive - complex systems.
Emergence occurs in/of/by/within/betwixt/between systems; in application emergent programs require human-level intelligence ethical filters: https://en.wikipedia.org/wiki/Emergence
Perhaps before describing physical systems with current best known descriptions as multi-field (QFT,QQ,) wave-particle[-fluid] interactions with convergent and divergent e.g convection, it's appropriate to compare the difference between Classical and Quantum Wave Interference: https://en.wikipedia.org/wiki/Wave_interference#Quantum_inte...
> some of the differences between classical wave interference and quantum interference: (a) In classical interference, two different waves interfere; In quantum interference, the wavefunction interferes with itself. (b) Classical interference is obtained simply by adding the displacements from equilibrium (or amplitudes) of the two waves; In quantum interference, the effect occurs for the probability function associated with the wavefunction and therefore the absolute value of the wavefunction squared. (c) The interference involves different types of mathematical functions: A classical wave is a real function representing the displacement from an equilibrium position; a quantum wavefunction is a complex function. A classical wave at any point can be positive or negative; the quantum probability function is non-negative.
Thus our best descriptions of emergent behavior in fluids (and chemicals and fields) must presumably be composed at least in part from quantum wave functions that e.g. Navier-Stokes also fit for; with a fitness function.
Gigahertz topological valley Hall effect in NEMS phononic crystals
"Gigahertz topological valley Hall effect in nanoelectromechanical phononic crystals" (2022) https://www.nature.com/articles/s41928-022-00732-y
> Topological phononic crystals can manipulate elastic waves that propagate in solids without being backscattered, and could be used to develop integrated acousto-electronic systems for classical and quantum information processing. However, acoustic topological metamaterials have been mainly limited to macroscale systems that operate at low (kilohertz to megahertz) frequencies. Here we report a topological valley Hall effect in nanoelectromechanical aluminium nitride membranes at gigahertz (up to 1.06 GHz) frequencies. We visualize the propagation of elastic waves through phononic crystals with high sensitivity (10–100 fm) and spatial resolution (10–100 nm) using transmission-mode microwave impedance microscopy. The valley Hall edge states, which are protected by band topology, are observed in both real and momentum space. Robust valley-polarized transport is evident from wave transmission across local disorder and around sharp corners. We also show that the system can be used to create an acoustic beamsplitter.
Quantum Hall effect > Photonic quantum Hall effect: https://en.wikipedia.org/wiki/Quantum_Hall_effect
> The quantum Hall effect, in addition to being observed in two-dimensional electron systems, can be observed in photons. Photons do not possess inherent electric charge, but through the manipulation of discrete optical resonators and coupling phases or on-site phases, an artificial magnetic field can be created. [17][18][19][20][21] This process can be expressed through a metaphor of photons bouncing between multiple mirrors. By shooting the light across multiple mirrors, the photons are routed and gain additional phase proportional to their angular momentum. This creates an effect like they are in a magnetic field.
The Hall effect article describes how Superposition states can be prepared with the Hall effect.
So, in crystal lattices, is there less noise due to scattering?
[deleted]
Doing small network scientific machine learning in Julia faster than PyTorch
A library I designed a few years ago (https://github.com/Netflix/vectorflow) is also much faster than pytorch/tensorflow in these cases.
In "small" or "very sparse" setups, you're memory bound, not compute bound. TF and Pytorch are bad at that because they assume memory movements are worth it and do very little in-place operations.
Different tools for different jobs.
In "small" setups, you're actually more likely to be overhead-bound if anything (especially on CPU).
Would you mind defining "overhead"?
IMO, one of the big sources of overhead is the PCIe bus.
Transferring data to-and-from the PCIe / GPU takes time. If the CPU is faster and can perform the calculation before the PCIe is done transferring, then there's no point even touching the GPU.
PCIe is on the scale of ~5000 nanoseconds (20,000 CPU cycles assuming 4GHz). A PCIe write, then read could be ~40,000 CPU cycles or so, and it turns out that a lot of things can be done in that time before the GPU was even _NOTIFIED_ that there was work to do.
CPUs can contact other CPU-cores within 50 to 500 nanoseconds or so, depending on the distance. A 64-core CPU could then have 64-cores * 18000 clocks == ~1-million CPU-clock cycles before the GPU gets any message at all.
There's no mention of GPUs, TPUs, or indeed QPUs in the memory hierarchy described by Wikipedia!
Locality of reference ("Data locality") > Spatial and temporal locality usage : https://en.wikipedia.org/wiki/Locality_of_reference
Memory hierarchy https://en.wikipedia.org/wiki/Memory_hierarchy :
> Most modern CPUs are so fast that for most program workloads, the bottleneck is the locality of reference of memory accesses and the efficiency of the caching and memory transfer between different levels of the hierarchy [citation needed]. As a result, the CPU spends much of its time idling, waiting for memory I/O to complete. This is sometimes called the space cost, as a larger memory object is more likely to overflow a small/fast level and require use of a larger/slower level. The resulting load on memory use is known as pressure (respectively register pressure, cache pressure, and (main) memory pressure). Terms for data being missing from a higher level and needing to be fetched from a lower level are, respectively: register spilling (due to register pressure: register to cache), cache miss (cache to main memory), and (hard) page fault (main memory to disk).
Is it that PCIe is necessarily implied by the debuggable pipeline specified by the von Neumann architecture? https://en.wikipedia.org/wiki/Von_Neumann_architecture
Otherwise, computation within RAM avoids interconnect saturation.
"Neuromorphic" computing, stateful RAM with operators mapped to particle interactions:
Memristor > Derivative devices > memtransistor https://en.wikipedia.org/wiki/Memristor#Derivative_devices
Quantum reservoir computing: https://en.wikipedia.org/wiki/Reservoir_computing#Quantum_re...
But these still need a faster and wider (and qubit) bus than PCIe, too: https://en.wikipedia.org/wiki/PCI_Express
https://en.wikipedia.org/wiki/Programming_the_Universe :
> Lloyd also postulates that the Universe can be fully simulated using a quantum computer; however, in the absence of a theory of quantum gravity, such a simulation is not yet possible. "Particles not only collide, they compute."
Quantum on Silicon looks cheaper in today dollars.
Devide the universe in QFT field-equal halves A and B, take energy from A to make B look like A, then add qubit error correction, and tell me if there's enough energy to simulate the actual universe on a universe QC with no instruction pipeline.
Logarithms yearning to be free
> The author opens with the example of finding the antiderivative of xn. When n ≠ -1 the antiderivative is another power function, but when n = -1 it’s a logarithm.
What a neat limit. Probably best to leave the powerfn/logfn() as a dumb symbolic symbol until the end (until after later parameter substitution)?
I don't follow. The antiderivative fails because of division by zero. What limit? And what does symbolic manip do?
The idea is that you want to calculate
integral{from t=0, to t=x} t^{-1+0} dx
but you calculate instead
f(x) = lim_{ε->0} [ integral{from t=0, to t=x} t^{-1+ε} dx ]
that is just
= lim_{ε->0} [ (t^ε - 1) / ε ]
replacing t^ε
= lim_{ε->0} [ (e^(ln(t)*ε) - 1) / ε ]
by https://en.wikipedia.org/wiki/L%27H%C3%B4pital%27s_rule
= lim_{ε->0} [ ln(t)*e^(ln(t)*ε) / 1 ]
that is easy to calculate
= ln(t)*e^(ln(t)*0) / 1
= ln(t)*1 / 1
= ln(t)
So f(t)=ln(t)
So the type of the return value changes at asymptotes/limits (already) and thus that's not a pure function in terms of math. If a [math] function returns a more complex type signature instead of throwing a ZeroDivisionError (as Python core does) what is that then called? Is it differentiable or no, etc?
We throw ZeroDivisionError instead of axiomatically defining a ranking for
scalar*parameter*inf
if x > 0:
2*x*inf > x*inf
# because
2 > 1
Is negative infinity to the infinity greater or lesser than infinity?
assert (-1*math.inf)**math.inf == math.inf
assert (-1*sympy.oo)**sympy.oo == sympy.oo
from sympy import symbol
from sympy.abc import x
Infinity = symbol('Infinity', real=True) # *
#
from sympy.symbols import Wild
limit(-x**-1)
"[Python-ideas] Re: 'Infinity' constant in Python" https://mail.python.org/archives/list/python-ideas@python.or...
> So the type of the return value changes at asymptotes/limits (already) and thus that's not a pure function in terms of math.
Plenty of functions are discontinuous. Almost all of them, in fact. (This isn't true constructively, but GP is clearly doing classical analysis.)
> If a [math] function returns a more complex type signature instead of throwing a ZeroDivisionError (as Python core does) what is that then called? Is it differentiable or no, etc?
Depends on the smooth structures you've imposed on the domain and codomain, which requires much more powerful types to represent than are available in any mainstream language I'm aware of. (You might be able to contort Haskell into something sort of close, but it wouldn't be simple.)
Show HN: Monocle – bidirectional code generation library
I just published a bidirectional code generation library. Afaik it's the first of its kind, and it opens up a lot of possibilities for cool new types of dev tools. The PoC is for ruby, but the concept is very portable. https://blog.luitjes.it/posts/monocle-bidirectional-code-gen...
Yeah back in the 90's it was called "round-tripping"
https://www.ibm.com/docs/en/rhapsody/8.2?topic=developing-ro...
I did a lot of code generation work in those years, working on the two dominant Mac-based generators (AppMaker and Prototyper) but was never ambitious enough to try round-tripping because of the horrors of parsing C++.
https://en.wikipedia.org/wiki/Round-trip_engineering :
> Round-trip engineering (RTE) is a functionality of software development tools that synchronizes two or more related software artifacts, such as, source code, models, configuration files, and even documentation.[1] The need for round-trip engineering arises when the same information is present in multiple artifacts and therefore an inconsistency may occur if not all artifacts are consistently updated to reflect a given change. For example, some piece of information was added to/changed in only one artifact and, as a result, it became missing in/inconsistent with the other artifacts.
Source-to-source_compiler > See also > #ROSE, : https://en.wikipedia.org/wiki/Source-to-source_compiler
Organization Discussions – GitHub Changelog
"What is GitHub Discussions? A complete guide" https://resources.github.com/devops/process/planning/discuss...
> GitHub Discussions vs. GitHub Issues: When to use each: When and how to use Discussions and Issues on a project—and how to turn a Discussion into an Issue (and vice versa).
Looks like they also support Polls now. There should be an obligatory note about e-voting, private keys (SK/PK), ZK, and "master keys" in non- Zero Trust Systems . https://github.com/topics/e-voting
Zero-trust security model: https://en.wikipedia.org/wiki/Zero_trust_security_model
"What’s new in GitHub Discussions: Organization Discussions, polls, and more" (2022-04) https://github.blog/2022-04-12-whats-new-in-github-discussio...
Unfortunately code can indeed generate code.
Fossil of dinosaur killed in asteroid strike found, scientists claim
The telling quote is:
"Dinosaurs: The Final Day with Sir David Attenborough will be broadcast on BBC One on 15 April at 18:30 BST. A version has been made for the US science series Nova on the PBS network to be broadcast later in the year."
say no more.
Over here that's PBS NOVA "Dinosaur Apocalypse: The Last Day" (2022) with Sir David Attenborough. https://www.pbs.org/wgbh/nova/video/dinosaur-apocalypse-the-...
It says "MAY 11, 2022 AT 10PM". Presumably that's EST or EDT.
This decent 25minute version will do until then. [https://www.youtube.com/watch?v=UChQHrjefVU] (Less a distinguished British accent. ;-> )
List of impact craters on Earth https://en.wikipedia.org/wiki/List_of_impact_craters_on_Eart...
Cretaceous–Paleogene extinction event (C-P or also K-Pg event) https://en.wikipedia.org/wiki/Cretaceous%E2%80%93Paleogene_e... :
> A wide range of species perished in the K–Pg extinction, the best-known being the non-avian dinosaurs. It also destroyed myriad other terrestrial organisms, including some mammals, birds,[21] lizards,[22] insects,[23][24] plants, and all the pterosaurs.[25] In the oceans, the K–Pg extinction killed off plesiosaurs and mosasaurs and devastated teleost fish,[26] sharks, mollusks (especially ammonites, which became extinct), and many species of plankton. It is estimated that 75% or more of all species on Earth vanished.[27] Yet the extinction also provided evolutionary opportunities: in its wake, many groups underwent remarkable adaptive radiation—sudden and prolific divergence into new forms and species within the disrupted and emptied ecological niches. Mammals in particular diversified in the Paleogene,[28] evolving new forms such as horses, whales, bats, and primates. The surviving group of dinosaurs were avians, ground and water fowl who radiated into all modern species of bird.[29] Teleost fish,[30] and perhaps lizards[22] also radiated.
https://en.wikipedia.org/wiki/Near-Earth_object :
> A near-Earth object (NEO) is any small Solar System body whose orbit brings it into proximity with Earth. By convention, a Solar System body is a NEO if its closest approach to the Sun (perihelion) is less than 1.3 astronomical units (AU).[2] If a NEO's orbit crosses the Earth's, and the object is larger than 140 meters (460 ft) across, it is considered a potentially hazardous object (PHO).[3] Most known PHOs and NEOs are asteroids, but a small fraction are comets. [1]
Asteroid impact avoidance https://en.wikipedia.org/wiki/Asteroid_impact_avoidance :
> In 2016, a NASA scientist warned that the Earth is unprepared for such an event.[3] In April 2018, the B612 Foundation reported "It's 100 percent certain we'll be hit by a devastating asteroid, but we're not 100 percent sure when."[4] Also in 2018, physicist Stephen Hawking, in his final book, Brief Answers to the Big Questions, considered an asteroid collision to be the biggest threat to the planet. [5][6][7] Several ways of avoiding an asteroid impact have been described.[8] Nonetheless, in March 2019, scientists reported that asteroids may be much more difficult to destroy than thought earlier.[9][10] In addition, an asteroid may reassemble itself due to gravity after being disrupted.[11] In May 2021, NASA astronomers reported that 5 to 10 years of preparation may be needed to avoid a virtual impactor based on a simulated exercise conducted by the 2021 Planetary Defense Conference. [12][13][14]
- Nkalakatha the "#megamaser" (2022) https://www.sciencealert.com/extreme-megamaser-discovered-sh... ... (Can we harvest or collect and point - or pull against - such energy sources which are already present, using a minimum pertubative force in n-body idk QFT+QG fields in order to effectively read and write to points in stochastic spacetime, which is presumably all embedded in the horizon disc of one or more microscopic and larger black holes?)
Can a train of multiple solar collector + sails + lasers exceed (c + nlimit_approaching_c, or does that warp spacetime for NEOs, over their net effective path through spacetime?
- A QG Quantum Gravity duality for idk Gravitational lensing > Explanation in terms of spacetime curvature: https://en.wikipedia.org/wiki/Gravitational_lens
Claimed moons of Earth https://en.wikipedia.org/wiki/Claimed_moons_of_Earth
> Although the Moon is Earth's only natural satellite, there are a number of near-Earth objects (NEOs) with orbits that are in resonance with Earth. These have been called "second" moons of Earth. [3]*
> 469219 Kamoʻoalewa, an asteroid discovered on 27 April 2016, is possibly the most stable quasi-satellite of Earth.[4] As it orbits the Sun, 469219 Kamoʻoalewa appears to circle around Earth as well. It is too distant to be a true satellite of Earth, but is the best and most stable example of a quasi-satellite, a type of near-Earth object. They appear to orbit a point other than Earth itself, such as the orbital path of the NEO asteroid 3753 Cruithne. Earth trojans, such as 2010 TK7, are NEOs that orbit the Sun (not Earth) on the same orbital path as Earth, and appear to lead or follow Earth along the same orbital path.
> Other small natural objects in orbit around the Sun may enter orbit around Earth for a short amount of time, becoming temporary natural satellites. As of 2020, the only confirmed examples have been 2006 RH120 in Earth orbit during 2006 and 2007,[1] and 2020 CD3 in Earth orbit between 2018 and 2020. [5][6]
ʻOumuamua from ~Vega (2017)?: https://en.wikipedia.org/wiki/%CA%BBOumuamua
We’ve got a science opportunity overload: Launching the Wolfram Institute
Wind Turbine Blades Can’t Be Recycled, So They’re Piling Up in Landfills (2020)
"GE produces world's largest recyclable wind turbine blade" (2022) https://newatlas.com/energy/ge-worlds-largest-recyclable-win...
> The 62-meter (203-ft) prototype blade is made with Elium resin from materials company Arkema, which is a glass-fiber reinforced thermoplastic. Not only is the material 100 percent recyclable, it is said to deliver a similar level of performance to thermoset resins that are favored for their lightweight and durability.
> Through a chemical recycling method, the material can be depolymerized and turned into a new resin for re-use, acting as a proof-of-concept for a circular economy loop for the wind energy sector. Before that happens, in the coming weeks LM Wind Power will start full-scale structural testing to verify the blade's performance
And for blades that aren’t recycled, they can be shredded into insulation pellets or feedstock for cement.
Why doesn't that work with existing thermosets?
Could these be feedstock for something like these formed LEGO-style hempcrete blocks with structure that are stronger and more insulating than structural concrete? https://youtu.be/eqLXXjvQXgI
Traditional composites are difficult to recycle because of several reasons: - the thermoset polymer matrix cannot be melted or separated from the fiber in any reasonable way - the thermoset resin cannot be reformed or reshaped into a useful shape or material - graphite fiber composites in particular are very, very hard on cutting tools and are difficult to chop up (not sure about glass fiber composites, but on bulk they have similar strength characteristics to some aluminums)
These properties are difficult to separate from composites because we want composite parts to survive the elements, often high temperatures, and be robust and reliable with little fatigue
What about waterjet?
Or e.g. SYLOS laser for transmutation?
Or replicating nanomachines?
Or a vat of something like the stuff that eats plastic and everything else in the ocean if it gets out?
Probably just orders of magnitude cheaper to just bury it somewhere
https://www.quora.com/How-many-wind-turbines-could-fit-in-1-... :
> The density of wind turbines per unit of land area depends on many factors. Wind farms containing very large (1.5–2 megaWatt) turbines may have only one for every 25–50 acres. Smaller turbines can be more closely spaced.
> At either rate, the overall harvestable wind energy per unit of land at fully rated conditions (approx. 12 meters/sec wind speed), is generally in the range of 50 to 100 kW per acre.
harvestable_wind_energy = 50-100 kW/acre
average_rotor_diameter: 120m (393ft)
blade_length = 1/2 * average_rotor_diameter = 60m (197m)
Acre = 43560 ft**2
blade_depth__on_end =
spacing_vertical =
spacing_horizontal =
Sphere packing https://en.wikipedia.org/wiki/Sphere_packing
Wind_turbine_design#Blade_recycling https://en.wikipedia.org/wiki/Wind_turbine_design#Blade_recy...
In Python, [JupyterLite or Mamba] Pint and Uncertainties might be helpful for units and uncertainty/error propagation.
The https://numpy.org/ pyolite (WASM) IPython demo has SymPy installed in the env but not Pint?
GhostSCAD: Marrying OpenSCAD and Golang
I wonder how many OpenSCAD wrappers now exist? I know of scad-clj [0], openpyscad [1], and solidpython [2].
I particularly like scad-clj, because of `lein auto generate`. It watches source files, and regenerates the OpenSCAD files automatically, which OpenSCAD then also picks up. Although I'm not well versed in Clojure, and find debugging Clojure tricky, the workflow is just so good.
[0] https://github.com/farrellm/scad-clj
you know the language is limited/poorly thought out when dozens of people re putting time into making tools that do nothing but wrap it in order to make it usable.
https://github.com/CadQuery/cadquery :
> CadQuery is often compared to OpenSCAD. Like OpenSCAD, CadQuery is an open-source, script based, parametric model generator. However, CadQuery stands out in many ways and has several key advantages:
> The scripts use a standard programming language, Python, and thus can benefit from the associated infrastructure. This includes many standard libraries and IDEs.
> CadQuery's CAD kernel Open CASCADE Technology (OCCT) is much more powerful than the CGAL used by OpenSCAD. Features supported natively by OCCT include NURBS, splines, surface sewing, STL repair, STEP import/export, and other complex operations, in addition to the standard CSG operations supported by CGAL
> Ability to import/export STEP and the ability to begin with a STEP model, created in a CAD package, and then add parametric features. This is possible in OpenSCAD using STL, but STL is a lossy format.
> CadQuery scripts require less code to create most objects, because it is possible to locate features based on the position of other features, workplanes, vertices, etc.
> CadQuery scripts can build STL, STEP, and AMF faster than OpenSCAD.
What are some of the advantages of OpenSCAD tooling?
The existence of true one-way functions depends on Kolmogorov complexity
Isn’t Kolmogorov Complexity hard to measure, because it depends on the language chosen?
The value of K for any language is within a constant of K for any other language. To convince yourself this is true, imagine constructing an interpreter for your preferred language in whatever language you are given. You can always prepend this (fixed-sized) interpreter to a program in your preferred language, adding a constant value to the complexity.
K can be arbitrarily large though.
I think the key is that K is fixed per language, not per input. So if you have a sequence of inputs of complexity 1, 10, 100, 1000, 10000...in language L1, then in language L2, the complexities will be something like 1+K, 10+K, 100+K, 1000+K, 10000+K,.... In the limit of very-high-complexity-input (pick a random TB of data as your string) the language-specific constant is overwhelmed.
1+K, 10+K, ... are merely upper bounds on the Kolmogorov complexities in L2, but the actual complexities can be lower, by an arbitrary amount for some strings. Furthermore, what's considered complex in L1 and L2 can be very different, and although "most" strings would be complex in either language, they don't have to be the same subsets in L1 and L2.
What is the correlation between _ complexity and e.g. EVM/eWASM opcode [CPU,] costs?
https://news.ycombinator.com/item?id=28499001
> Smart contracts cost CPU usage with costed opcodes. eWASM (Ethereum WebAssembly) has costed opcodes for redundantly-executed smart contracts (that execute on n nodes of a shard) https://ewasm.readthedocs.io/en/mkdocs/determining_wasm_gas_...
> AFAIU, while there are DLTs that cost CPU, RAM, and Data storage between points in spacetime, none yet incentivize energy efficiency by varying costs depending upon whether the instructions execute on a FPGA, ASIC, CPU, GPU, TPU, or QPU?
Language of fungi derived from their electrical spiking activity
Lifetime Annotations for C++
Looks like at least some of the authors are working for Google (if not everyone), with compiler backgrounds. I wonder if this is a strategical investment from Google to make cxx like approach more robust? Chrome team showed some interests on using Rust but not sure if there's any significant code written in Rust from then. Benefit from using Rust beside well isolated library might be quite limited without this kind of lifetime annotation while interop itself is additional cognitive overheads for programmers.
I think it makes the most sense for Google, considering the ridiculous amount of C++ code. Even Spanner alone is larger than most company's codebases, and rewriting it in Rust would take decades, especially because of the paradigm mismatch (C++ embraces shared mutability, Rust rejects it).
It also makes sense because in Spanner, doing any minor change required many months of review, because it was such critical infrastructure. Refactoring was a non-starter in a lot of cases.
So, a more gradual approach, just adding annotations that don't themselves affect the behavior of the program (just assist in static analysis) makes much more sense.
Rust does not reject shared mutability. Rather, it is explicitly reified via the Cell<>, RefCell<>, etc. patterns. Even unsafe shared mutability ala idiomatic C++ is just an UnsafeCell<> away.
In theory yes, but when you look at the average Rust program, those mechanisms are avoided in favor of more idiomatic approaches.
Interior mutability is used all over the place. It's absolutely necessary. The thing is you are forced to be clear about the runtime safety mechanism you're using. In general, it gets abstracted away behind a safe API.
Indeed it's present under the hood, we are operating on a CPU after all, which treats all of RAM as one giant shared-mutable blob of data. It will always be there, under some abstraction.
The point I'm trying to communicate is that in practice, for various reasons, Rust programs do not use shared mutable access to objects to the same extent that C++ programs do. For example, C++ programs use observers, and dependency injection (the pattern, not the framework) to have member pointers to mutable subsystems, and we just don't often see that in Rust programs. This is the paradigm mismatch I'm highlighting: to rewrite a C++ program in Rust often requires a large paradigm shift. The pain is particularly felt when making them interoperate in a gradual refactoring.
This is IMO one the bigger reasons that big rewrites to new languages fail, and why new languages benefit from being multi-paradigm, so that there's no paradigm mismatch to impede migrations.
IDK why the private, internal paradigms of e.g. Spanner would even need to be reimplemented in a clone instead of a port?
Looks like CockroachDB (Go), TiDB (Go, Rust), and YugabyteDB (C++) are Distributed SQL alternatives to Spanner.
... Which may or may not be able to rely upon inexpensive Lamport clocks: https://en.wikipedia.org/wiki/Lamport_timestamp#Lamport's_lo...
From https://westurner.github.io/hnlog/#comment-30603322 re https://en.wikipedia-on-ipfs.org/wiki/Database_index :
https://github.com/wilsonzlin/edgesearch :
> * Serverless full-text search with Cloudflare Workers, WebAssembly, and Roaring Bitmaps *
> "Edgesearch builds a reverse index by mapping terms to a compressed bit set (using Roaring Bitmaps) of IDs of documents containing the term, and creates a custom worker script and data to upload to Cloudflare Workers"
WASM or [C++] to WASM?
TIL about Roaring Bitmaps: /?q=roaring+bitmap https://medium.com/@amit.desai03/roaring-bitmaps-fast-data-s...
All those alternatives you mentioned are nowhere close to being on the level of Spanner in reliability or performance, particularly in a high contention scenario.
From https://discourse.llvm.org/t/rfc-lifetime-annotations-for-c/... :
> We are designing, implementing, and evaluating an attribute-based annotation scheme for C++ that describes object lifetime contracts. It allows relatively cheap, scalable, local static analysis to find many common cases of heap-use-after-free and stack-use-after-return bugs. It allows other static analysis algorithms to be less conservative in their modeling of the C++ object graph and potential mutations done to it. Lifetime annotations also enable better C++/Rust and C++/Swift interoperability.
> This annotation scheme is inspired by Rust lifetimes, but it is adapted to C++ so that it can be incrementally rolled out to existing C++ codebases. Furthermore, the annotations can be automatically added to an existing codebase by a tool that infers the annotations based on the current behavior of each function’s implementation.
> Clang has existing features for detecting lifetime bugs [...]
edit: Chrome evaluated previous [[clang::lifetimebound]], and that wasn't enough:
https://docs.google.com/document/d/e/2PACX-1vRZr-HJcYmf2Y76D...
Is this doc talking about the same feature that this post is about? It sounds like the doc is talking about a different, less-precise analysis that the post cites as prior art.
Learn about Concept Maps
I grew up hearing a lot of buzz for concept maps (or mind maps as I heard). I never found them to be as powerful as advertised.
A concept map is slightly easier than writing in bulletpoints because it can ignore structure. But this makes it incredibly difficult for anyone, including myself, to read after it is written.
At best, I use a concept map as an intermediary stage for figuring out how to write in bulletpoints, write in paragraphs, or draw in diagrams. This intermediary stage never lasts overnight for me, and I discard the concept map immediately.
("Mind maps are similar in structure to concept maps, developed by learning experts in the 1970s, but differ in that mind maps are simplified by focusing around a single central key concept."):
Perfect one sentence summary. I wasted a minute or two searching online for the difference between the two, but I should have read your comment first! Thanks for communicating precisely and concisely.
While scoping is necessary and useful, I hadn't ever learned that there were categorical restrictions upon mind map graphs, definitionally
Centrality, Components, Cliques might be helpful for general network analysis: https://networkx.org/documentation/stable/reference/algorith...
The difference between a URI and a URL; a URL is supposed to be dereferenceable and retrievable.
Named Graphs are composed of triples:
{named_graph_uri, subject_uri, predicate_uri, value_uri, [datatype_uri, language_uri]}
{g, s, p, o, [d, l]}
Though, general systems are more complex than the average [concept] network: there are nonlinearities in so many of the observed relations between components that trees and DAGs are laughably insufficient; systems descriptions require more than naievely-acyclical graphs without nonlinearity in independent relations even.
Graph (disambiguation) https://en.wikipedia.org/wiki/Graph
Glossary of systems theory https://en.wikipedia.org/wiki/Glossary_of_systems_theory
How best to describe nonlinear relations without a MultiDiGraph that bundles edges together by [QFT] field, because they're objectively not statistically independent?
s/value_uri/object/, which may be a URI:
{named_graph_uri, subject_uri, predicate_uri, object, [datatype_uri, language_uri]}
{g, s, p, o, [d], [l]}
@base <_#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix schema: <https://schema.org/> .
:Node, a, rdfs:Class .
:linksTo, a, rdfs:Property .
:Shapes, a, :Node .
:Shapes, :linksTo, :Rectangle .
:Rectangle, a, :Node .
:Rectangle, :linksTo, :Square .
:Square, a, :Node .
:Square, rdfs:label, "Square" .
:Square, schema:name, "Square" .
:Rectangle, rdfs:subClassOf, :Shape .
:Square, rdfs:subClassOf, :Rectangle .
The Personal Security Checklist
Also good: "The SaaS CTO Security Checklist [Redux]" https://github.com/vikrum/SecurityChecklists
"The Personal Infosec & Security Checklist" https://www.goldfiglabs.com/guide/personal-infosec-security-...
"The DevOps Security Checklist Redux" https://www.goldfiglabs.com/guide/devops-security-checklist/
... Years ago, I helped develop a checklist app for a hospital (in Python and JS at the time).
TIL checklists usually are justified, and may be the only process for collaboratively improving process controls that a healthy organization handling feedback has established; who gets to send PRs to the checklist, and what criteria should be applied such that evidence-based variations of process are objectively tested?
"Post-surgical deaths in Scotland drop by a third, attributed to a checklist" (2019) https://news.ycombinator.com/item?id=19684376
Study Tips from Richard Feynman
There's the famous Feynman method i.e. Study hard, Teach it to others, Identify the gaps in your own knowledge, and Simplify/Synthesize.
But people often also forget that there is another method associated with Feynman aka The Feynman Algorithm (which was outlined by his colleague Murray Gell-Mann, a noble prize winning physicist himself). This method goes as follows:
1. Write down the problem. 2. Think real hard. 3. Write the solution.
Not to discount or discredit anything (or anyone) here but we must understand that Feynman was no average person and that his advice on anything related to learning or problem-solving must be viewed through an optics that adequately adjusts for his intellect as well.
> Teach it to others
If there's no one around, try explaining it to yourself. An easy method to determine whether you superficially understood a topic or not. After reading some material, it's remarkable how little of it you've truly understood sometimes.
Minimodem – general-purpose software audio FSK modem
If you are interested in transmitting data over sound between airgapped devices, make sure to also checkout ggwave [0]. I've been working on this library on and off during the past year in my free time. I focused on making a FSK protocol that is robust in noisy environments at the cost of low bandwidth. Found some fun applications in various hobby projects.
Could this be used to embed e.g. the sports "game clock" clock time(s) in broadcast TV/audio/video streams; in order to synchronize an air-gapped device next to the media signal reproduction unit?
For example at a grille during the game.
FWIU, e.g. Chromecast have ultrasonic pairing.
Digital broadcasting adds significant latency so it would be in sync with the TV but still out of sync with the actual game (and other broadcast receivers).
The same issue affects radio time signal (e.g. https://en.wikipedia.org/wiki/Greenwich_Time_Signal, last beep is the exact top of the hour), so some broadcasters will no longer play them on internet streams/digital radio, rather than be inaccurate.
So live TV could broadcast [ultrasonic] timecodes during ad breaks such that the gameclock would be synchronized even when the viewer initially tunes in during ad breaks, but "Video On Demand" would be fine because it's not the current time timecode, it would be a game time timecode?
Selecting between multiple audible [sports bar TVs, radios] might imply need for a sonewhat-unique signal code, or only over e.g. USB would work with more than one game on; because there's naturally noise in that airgap channel.
Yes absolutely! (Edit: or maybe not :-) see sibling comment for more info)
Actually, the "Waver" youtube video linked at the top of the README has an embedded ultrasound transmission at around 0:36. I can for example decode the message on my iPhone by simply running the Waver app and playing the video on my PC.
Some people have already done some work for AV sync in the issues of the project [0].
https://www.adafruit.com/product/3421 https://learn.adafruit.com/adafruit-i2s-mems-microphone-brea... :
> The I2S is a small, low-cost MEMS mic with a range of about 50Hz - 15KHz, good for just about all general audio recording/detection.
From https://en.wikipedia.org/wiki/Ultrasound :
> Ultrasound devices operate with frequencies from 20 kHz up to several gigahertz.
Raspberry Pi Pico (RP2040), Pi Zero [2 W]: $5+
Power supply, case, wall-mount:
Mic: ~$6
Huge [red] 7-segment display with I2C and voltage regulator components taped to the wall next to the sports bar TVs:
Ask HN: Why don't PCs have better entropy sources?
After reading the thread "Problems emerge for a unified /dev/*random" (1) I was wondering why PCs don't have a bunch of sensors available to draw entropy from.
Is this assumption correct, that adding a magnetometer, accelerometer, simple GPS, etc to a motherboard would improve its entropy gathering? Or is there a mathematical/cryptographical rule that makes the addition of such sensors useless?
Do smartphones have better entropy gathering abilities? It seems like phones would be able to seed a RNG based on input from a variety of sensors that would all be very different between even phones in the same room. Looking at a GPS Android app like Satstat (2) it feels like there's a huge amount of variability to draw from.
If such sensors would add better entropy, would it really cost that much to add them to PC motherboards?
----
(1) https://news.ycombinator.com/item?id=30848973
(2) https://mvglasow.gitlab.io/satstat/ & https://f-droid.org/en/packages/com.vonglasow.michael.satsta...
I think it's worth repeating this:
While there are platforms with better and worse hardware sources of unpredictable bits, the problem with Linux /dev/random isn't so much a hardware issue, but rather a software one. The fundamental problem Linux tries to solve isn't that hard, as you can see from the fact that so many other popular platforms running on similar hardware have neatly solved it.
The problem with the LRNG is that it's been architecturally incoherent for a very long time (entropy estimation, urandom vs random, lack of clarity about seeding and initialization status, behavior doing bootup). As a result, an ecosystem of software has grown roots around the design (and bugs) of the current LRNG. Major changes to the behavior of the LRNG breaks "bug compatibility", and, because the LRNG is one of the core cryptographic facilities in the kernel, this is an instance where you really really don't want to break userland.
The basic fact of kernel random number generation is this: once you've properly seeded an RNG, your acute "entropy gathering" problem is over. Continuous access to high volumes of high-entropy bits are nice to have, but the kernel gains its ability to satisfy gigabytes of requests for random numbers from the same source that modern cryptography gains its ability to satisfy gigabytes of requests for ciphertext with a 128 bit key.
People looking to platform hardware (or who fixate on the intricacies of threading the LRNG isn't guest VMs) are mostly looking in the wrong place for problems to solve. The big issue today is that the LRNG is still pretty incoherent, but nobody really knows what would break if it was designed more carefully.
The piece I've been missing in this whole debate: why isn't the existing RNG simply frozen in its current bug-exact-behavior state and a new /dev/sane_random created?
Stuff that depends on the existing bugs in order to function can keep functioning. Everything else can move to something sane.
Obviously I'm missing something here.
> Obviously I'm missing something here
For a start, there's a long tail of migrating all useful software to /dev/sane_random. Moreover, there's a risk new software accidentally uses the old broken /dev/random.
Besides, /dev/sane_random essentially exists; it's just a sysctl called getrandom().
It's not that simple; Donenfeld wants to replace the whole LRNG with a new engine that uses simpler, more modern, and more secure/easier-to-analyze cryptography, and one of the roadblocks there is that swapping out the engine risks breaking bugs that userland relies on.
Postgres wire compatible SQLite proxy
Awesome to see work in the DB wire compatible space. On the MySQL side, there was MySQL Proxy (https://github.com/mysql/mysql-proxy), which was scriptable with Lua, with which you could create your own MySQL wire compatible connections. Unfortunately it appears to have been abandoned by Oracle and IIRC doesn't work with 5.7 and beyond. I used it in the past to hack together a MySQL wire adapter for Interana (https://scuba.io/).
I guess these days the best approach for connecting arbitrary data sources to existing drivers, at least for OLAP, is Apache Calcite (https://calcite.apache.org/). Unfortunately that feels a little more involved.
NYTimes/DBSlayer (2007) wraps MySQL in JSON: https://open.nytimes.com/introducing-dbslayer-64d7168a143f
ODBC > Bridging configurations: https://en.wikipedia.org/wiki/Open_Database_Connectivity#Bri...
awesome-graphql > tools: security: https://github.com/chentsulin/awesome-graphql#tools---securi...
... W3C SOLID > Authorization and Access Control: https://github.com/solid/solid-spec#authorization-and-access...
"Hosting SQLite Databases on GitHub Pages" (2021) re: sql.js-httpvfs, DuckDB https://news.ycombinator.com/item?id=28021766
[edit] TIL the MS ODBC 4.0 spec is MIT Licensed, on GitHub , and supports ~challenge/response token auth: "3.2.2 Web-based Authentication Flow with SQLBrowseConnect" https://github.com/microsoft/ODBC-Specification/blob/master/...
> Applications that are unable to allow drivers to pop up dialogs can call SQLBrowseConnect to connect to the service.
> SQLBrowseConnect provides an iterative dialog between the driver and the application where the application passes in an initial input connection string. If the connection string contains sufficient information to connect, the driver responds with SQL_SUCCESS and an output connection string containing the complete set of connection attributes used.
> If the initial input connection string does not contain sufficient information to connect to the source, the driver responds with SQL_NEED_DATA and an output connection string specifying informational attributes for the application (such as the authorization url) as well as required attributes to be specified in a subsequent call to SQLBrowseConnect. Attribute names returned by SQLBrowseConnect may include a colon followed by a localized identifier, and the value of the requested attribute is either a single question mark or a comma-separated list of valid values (optionally including localized identifiers) enclosed in curly braces. Optional attributes are returned preceded with an asterix (*).
> In a Web-based authentication scenario, if SQLBrowseConnect is called with an input connection string containing an access token that has not expired, along with any other required properties, no additional information should be required. If the access token has expired and the connection string contains a refresh token, the driver attempts to refresh the connection using the supplied refresh token.
Also TIL ODBC 4.0 supports: https://github.com/microsoft/ODBC-Specification :
> Semi-structured data – Tables whose schema may not be defined or may change on a row-by-row basis
> Hierarchical Data – Data with nested structure (structured fields, lists)
> Web Authentication model
Show HN: Redo – Command line utility for quickly creating shell functions
Currently, I'll append a comment to a frequently used command for easy searching from my history. For a simple example, I can access `git diff -w ; git diff -w --cached # gitdiff` by pressing Ctrl+R and typing `# gitd`.
For commands I use frequently or that are clunky to maintain as one-liners, I'll convert them into functions in my bashrc.
This seems like the best of both worlds in many ways, or at least is a great third option to have.
From https://westurner.github.io/hnlog/#comment-20671184 ::
> I log shell commands with a script called usrlog.sh that creates [per-]$USER and per-virtualenv tab-delimited [$_USRLOG] logfiles with unique per-terminal-session identifiers [$_TERM_ID] and ISO8601 timestamps; so it's really easy to just grep for the apt/yum/dnf commands that I ran ad-hoc when I should've just taken a second to create an Ansible role with `ansible-galaxy init ansible-role-name ` and referenced that in a consolidated system playbook with a `when` clause. https://westurner.github.io/dotfiles/usrlog.html#usrlog
stid \#tutorial; echo "$_TERM_ID"
tail -n11 $_USRLOG
ut -n11
grep "$_TERM_ID" "$_USRLOG"
usrlog_grep "$_TERM_ID"
ug "$_TERM_ID"
usrlog_grep_parse "$_TERM_ID"
ugp "$_TERM_ID" # `type ugp`
Rustc_codegen_GCC can now bootstrap rustc
It's really great to be able to skip compiling LLVM when bootstrapping a whole OS/toolchain from source and only Rust happens to pull LLVM in.
Besides the gcc work I'm actually also hoping for the rustc_codegen_cranelift work to land one day!
Compiling llvm is a nightmare
Compiling LLVM for what purpose? Hacking on it? Producing an optimized build? Installing a build on a user's machine? You should be more specific.
The default clean build works just fine. On my machine I can clone the Git repo, do `mkdir build && cmake ../llvm && make -j64` and end up with working binaries after 5 minutes.
The build take 37GB by default here, and the binaries under bin/ are immediately usable work. If you want a smaller build with shared library just add a parameter. Want to throw in sub-projects such as LLD or Clang? Just another parameter. It's all very well-documented.
64 cores, and it takes 5 minutes? That’s… not awesome. Most people do not have 64 (presumably high performance) cores lying around for the purpose of building dependencies.
10 minutes of a c6i.32xlarge costs less than a dollar at on-demand rates in the us-east-2 AWS region. That'll get you 128 vCPUs and 256 gb of memory.
I think people put up with a lot of stuff that there's no reason to any more with on-demand computing.
Q: "Does my data fit in RAM?" https://news.ycombinator.com/item?id=22309883
A: https://yourdatafitsinram.net
Is there a one-liner to build llvm e.g. with k8s and containers, or just a `git push` to a PR? #GitOps
And another to publish a locally-signed tagged build?
`conda install rust` does install `cargo`.
`conda install -c conda-forge -y mamba; mamba install -y rust libllvm14 lit llvm llvm-tools llvmdev`
conda-forge/llvmdev-feedstock; ninja, cmake, python >= 3 https://github.com/conda-forge/llvmdev-feedstock/blob/main/r...
.scripts/run_docker_build.sh is called by build-locally.py: https://github.com/conda-forge/llvmdev-feedstock/blob/main/....
Black Holes Shown to Act Like Quantum Particles
Wouldn’t a singularity be the smallest point possible? By definition it is pretty much a cyclone of the smallest units of space time fabric. Any particle would need to exist above this scale in order to exist within the construct of the universe. If there were any object smaller than this it would mean that whatever makes up a unit/point/pixel of space time fabric is actually an emergent construct of much smaller units. If there were smaller said units composing even space time itself, perhaps these would be or be composed by a finally irreducibly small unit, the properties of which give rise to all variations of matter/energy, the laws which govern them and their equality and convertablity according to special relativity.
Most scientists do not think that black holes have a "real singularity." The idea of a mass that occupies a single point in space comes from taking Einstein's equations beyond the event horizon, ie. the curvature of space is greater than light so means nothing can have any resistance to distance/size. At some point between the event horizon and the center, quantum gravity (which is not understood) has to come into the picture. One idea is the "black hole firewall," which is that mass gets "stuck" at the boundary of the black hole.
White hole > Big Bang/Supermassive White Hole https://en.wikipedia.org/wiki/White_hole :
> Some researchers have proposed that when a black hole forms, a Big Bang may occur at the core/singularity, which would create a new universe that expands outside of the parent universe
Where's the exit on this thing?
Do the CMB or GWB indicate that the Shapley Attractor / Great Attractor interaction is the omnidirectional mouth / center of it all, or no? https://en.wikipedia.org/wiki/Shapley_Supercluster
Gravitational wave background > Cosmological sources https://en.wikipedia.org/wiki/Gravitational_wave_background
... FWIU, all we've done is observe minute confirmatory fluctuations from the ground; e.g. LIGO (Nobel Prize in Physics 2017, Thorne, NumFocus-supported tools)? Could that tell us where the center is? Should there even be one if we're actually inside a white hole / black hole combo?
What "dark matter" do we subtract or add to the CMB, GWB,?
... Severe questions of cosmological topology, in regards to a manifold for holographic projection
@PBSSpaceTime videos:
"Where Is The Center of The Universe?" (2022) https://youtu.be/BOLHtIWLkHg
"Could The Universe Be Inside A Black Hole?" (2022) https://youtu.be/jeRgFqbBM5E
"The Holographic Universe Explained" (2019) https://youtu.be/klpDHn8viX8
"Are Black Holes Actually Fuzzballs?" (2022) https://youtu.be/351JCOvKcYw
From https://www.quantamagazine.org/massive-black-holes-shown-to-... :
> Physicists are using quantum math to understand what happens when black holes collide. In a surprise, they’ve shown that a single particle can describe a collision’s entire gravitational wave.
"Scale invariance in quantum field theory" https://en.wikipedia.org/wiki/Scale_invariance#Scale_invaria...
Dagger: a new way to build CI/CD pipelines
Hi everyone, I'm one of the co-founders of Dagger (and before that founder of Docker). This is a big day for us, it's our first time sharing something new since, you know... Docker.
If you have any questions, I'll be happy to answer them here!
Hi! I've browsed the docs quickly, and I have a few questions.
Seems to assume that all CI/CD workflows work in a single container at a time pattern. How about testing when I need to spin up an associated database container for my e2e tests. Is it possible, and just omitted from the documentation?
Not familiar with cue, but can I import/define a common action that is used across multiple jobs? For example on GitHub I get to duplicate the dependency installation/caching/build across various jobs. (yes, I'm aware that now you can makeshift on GitHub a composite action to reuse)
Can you do conditional execution of actions based on passed in input value/env variable?
Any public roadmap of upcoming features?
> Seems to assume that all CI/CD workflows work in a single container at a time pattern.
Dagger runs your workflows as a DAG, where each node is an action running in its own container. The dependency graph is detected automatically, and all containers that can be parallelized (based on their dependencies) will be parallelized. If you specify 10 actions to run, and they don't depend on each other, they will all run in parallel.
> How about testing when I need to spin up an associated database container for my e2e tests. Is it possible, and just omitted from the documentation?
It is possible, but not yet convenient (you need to connect to an external docker engine, via a docker CLI wrapped in a container) We are working on a more pleasant API that will support long-running containers (like your test DB) and more advanced synchronization primitives (wait for an action; terminate; etc.)
This is discussed in the following issues:
- https://github.com/dagger/dagger/issues/1337
- https://github.com/dagger/dagger/issues/1249
- https://github.com/dagger/dagger/issues/1248
> Not familiar with cue, but can I import/define a common action that is used across multiple jobs?
Yes! That is one of the most important features. CUE has a complete packaging system, and we support it natively.
For example here is our "standard library" of CUE packages: https://github.com/dagger/dagger/tree/main/pkg
> For example on GitHub I get to duplicate the dependency installation/caching/build across various jobs. (yes, I'm aware that now you can makeshift on GitHub a composite action to reuse)
Yes code reuse across projects is where Dagger really shines, thanks to CUE + the portable nature of the buildkit API.
Note: you won't need to configure caching though, because Dagger automatically caches all actions out of the box :)
> Can you do conditional execution of actions based on passed in input value/env variable?
Yes, that is supported.
> Any public roadmap of upcoming features?
For now we rely on raw Github issues, with some labels for crude prioritization. But we started using the new Github projects beta (which is a layer over issues), and plan to open that to the community as well.
Generally, we develop Dagger in the open. Even as a team, we use public Discord channels (text and voice) by default, unless there is a specific reason not to (confidential information, etc.)
Thank you for the detailed response. I appreciate you taking the time. One last question/note.
> Note: you won't need to configure caching though, because Dagger automatically caches all actions out of the box :)
Is this strictly because it's using Docker underneath and layers can be reused? If so, unless those intermediary layers are somehow pushed/pulled by the dagger github action (or any associated CI/CD tool equivalent), experience on hosting server is going to be slow.
Sidenote, around 2013 I've worked on a hacky custom container automation workflow within Jenkins for ~100 projects, and spent considerable effort in setting up policies to prune intermediary images.
Thus on certain types of workflows without any prunning a local development machine can be polluted with hundreds of images, unless the user is specifically made aware of stale images. Does/will dagger keep track of the images it builds? I think a command like git gc could make sense.
> > Note: you won't need to configure caching though, because Dagger automatically caches all actions out of the box :)
> Is this strictly because it's using Docker underneath and layers can be reused?
Not exactly: we use Buildkit under the hood, not Docker. When you run a Dagger action, it is compiled to a DAG, and run by buildkit. Each node in the DAG has content-addressed inputs. If the same node has been executed with the same inputs, buildkit will cache it. This is the same mechanism that powers caching in "docker build", but generalized to any operation.
The buildkit cache does need to be persisted between runs for this to work. It supports a variety of storage backends, including posix filesystem, a docker registry, or even proprietary key-value services like the Github storage API. If buildkit supports it, Dagger supports it.
Don't let the "docker registry" option confuse you: buildkit cache data isn't the same as docker images, so it doesn't carry the same garbage collection and tag pruning problems.
> Don't let the "docker registry" option confuse you: buildkit cache data isn't the same as docker images, so it doesn't carry the same garbage collection and tag pruning problems.
IIRC doesn't buildkit store its cache data as fake layer blobs + manifest?
I don't see how it can avoid the garbage collection and tag pruning problems since those are limitations of the registry implementation itself.
You still need to manage the size of your cache, since in theory it can grow infinitely. But it’s a different problem than managing regular Docker images, because there are no named references to worry about: just blobs that may or may not be reused in the future. The penalty for removing the “wrong” blob is a possible cache miss, not a broken image.
Dagger currently doesn’t help you remove blobs from your cache, but if/when it does, it will work the same way regardless of where the blobs are stored (except for the blob storage driver).
Is there a task runtime stat for a blob pruning task?
This sounds like memoization caching: https://en.wikipedia.org/wiki/Memoization
> In computing, memoization or memoisation is an optimization technique used primarily to speed up computer programs by storing the results of expensive function calls and returning the cached result when the same inputs occur again.
Re: SBOM: Software Bill of Materials, OSV (CloudFuzz), CycloneDX, LinkedData, ld-proofs, sigstore, and software supply chain security: "Podman can transfer container images without a registry" https://news.ycombinator.com/item?id=30681387
Can Dagger cache the (layer/task-merged) SBOM for all of the {CodeMeta, SEON OWL} schema.org/Thing s?
Grafana Mimir – Horizontally scalable long-term storage for Prometheus
There isn't a link to the project on the page (that I could find) so it almost looked like it's not open source. But here it is: https://github.com/grafana/mimir.
You have to find the "Download" button and click it, it's very non-obvious :< The entire page seems to be designed to funnel you into signing up for their paid service, which makes sense, but still doesn't feel great...
Recently switched from their cloud service back to on-premise. The cloud version wasn't being updated and the entire setup experience left a lot to be desired with how you connect their on-premise grafana agent, especially if you aren't using their easy button deployment stuff. Also, billing for metrics is insane, as on any given day my metric load may vary between 5-7k or more. This caused some operational overhead as I was constantly tweaking scrapers to reduce useless metrics.
For $50/mo, you can self host everything easier, cheaper and with more control IMO.
> For $50/mo, you can self host everything easier, cheaper and with more control IMO.
Can you give an example as to how you could self host a grafana stack for $50/month? On AWS that buys you 4 cores, 8GB memory and 0 storage, and it's certainly not easier than clicking one button on the grafana website.
There are Helm charts available for all Grafana products so if you already run a Kubernetes cluster and have spare capacity you can just throw it up there. Loki supports shipping logs to GCS/S3 natively and Prometheus can use Cortex (also available as a Helm chart) to do the same. Once you throw Grafana behind SSO and implement a backup cronjob you're done until you reach scale and have to start deploying/scaling individual components separately.
I implemented most of the above using Terraform on a managed DigitalOcean cluster on a Saturday a few months back; it wasn't super-hard. Alternatively you could rent a few VPSes someplace and use k3s or similar to get an unmanaged cluster.
Physicists Build Circuit That Generates Clean, Limitless Power from Graphene (2020)
It's been two years, what is their progress? It has probably failed to be exploitable then ?
ScholarlyArticles that cite "Fluctuation-induced current from freestanding graphene" (2020) https://scholar.google.com/scholar?cites=3748350803951231734...
Recommendations when publishing a WASM library
conda: "Adding a WebAssembly platform" https://github.com/conda/conda/issues/7619
pyodide.loadPackage("numpy");
pyodide.loadPackage("https://foo/bar/numpy.js");
# import micropip
micropip.install('https://example.com/files/snowballstemmer-2.0.0-py2.py3-none-any.whl')
conda-forge: "WASM as a supported architecture" https://github.com/conda-forge/conda-forge.github.io/issues/...
A statically typed scripting language that transpiles to Posix sh
If you’re not using SSH certificates you’re doing SSH wrong (2019)
Rant engaged. As a person who feels responsible for ensuring what I build is secure, the security space feels inscrutably defeating. Is there a dummies guide, MOOC, cert, or other instructional material to better get a handle on all these things?
SSH keys make sense. But certificates? Is this OIDC, SAML, what? Is it unreasonable to request better and deeper "how to do {new security thing}" when PKI is a new acronym to someone? Where can I point my data science managers so they can understand the need and how to implement measures to have security on PII-laden dashboards? As so on.
I can surely recommend reading into SSH certificates using the ssh-keygen manpage. No any extra tools required.
I sign SSH certificates for all my keypairs on my client devices, principal is set to my unix username, expiry is some weeks or months.
The servers have my CA set via TrustedUserCAKeys in sshd_config (see manpages). SSH into root is forbidden per default, i SSH into an account with my principal name and then sudo or doas.
My gain in all of this: I have n clients and m servers. Instead of having to maintain all keys for all clients on all servers, i now only need to maintain the certificate on each client individually. If i loose or forget a client, its certificate runs out and becomes invalidated.
`ssh-keygen` #Certificates: https://man7.org/linux/man-pages/man1/ssh-keygen.1.html#CERT...
"DevSec SSH Baseline" ssh_spec.rb, sshd_spec.rb https://github.com/dev-sec/ssh-baseline/blob/master/controls...
"SLIP-0039: Shamir's Secret-Sharing for Mnemonic Codes" https://github.com/satoshilabs/slips/blob/master/slip-0039.m...
> Shamir's secret-sharing provides a better mechanism for backing up secrets by distributing custodianship among a number of trusted parties in a manner that can prevent loss even if one or a few of those parties become compromised.
> However, the lack of SSS standardization to date presents a risk of being unable to perform secret recovery in the future should the tooling change. Therefore, we propose standardizing SSS so that SLIP-0039 compatible implementations will be interoperable.
Google's Certificate Transparency Search page to be discontinued May 15th, 2022
I know there are CT search services like crt.sh, but is it practical to download the raw data and search it locally? If the logs are append‐only, it feels like a perfect usecase for rsync.
Yes, you can use the certificate-transparency go code to pull down from the trillian API https://github.com/google/certificate-transparency-go/blob/m...
You would need to know the index, or you could just iterate over a range
Do you think that CT log data replication would be more secure and efficient if the CT logs were stored by a zero trust distributed application like a blockchain, instead of Merkle signatures in a database owned by one party (that's now discontinuing free indexing, at least)?
From "Oak, a Free and Open Certificate Transparency Log" (LetsEncrypt 2019) https://news.ycombinator.com/item?id=19920002 :
> Trillian is a centralized Merkle tree: it doesn't support native replication [...] According to the trillian README, trillian depends upon MySQL/MariaDB and thus internal/private replication is as good as the SQL replication model (which doesn't have a distributed consensus algorithm like e.g. paxos).
And what about indexing and search queries at volume, again without replication?
From "A future for SQL on the web" https://news.ycombinator.com/item?id=28158491 :
> https://thegraph.com/docs/indexing
>> Indexers are node operators in The Graph Network that stake Graph Tokens (GRT) in order to provide indexing and query processing services. Indexers earn query fees and indexing rewards for their services. They also earn from a Rebate Pool that is shared with all network contributors proportional to their work, following the Cobbs-Douglas Rebate Function.
>> GRT that is staked in the protocol is subject to a thawing period and can be slashed if Indexers are malicious and serve incorrect data to applications or if they index incorrectly. Indexers can also be delegated stake from Delegators, to contribute to the network.
>> Indexers select subgraphs to index based on the subgraph’s curation signal, where Curators stake GRT in order to indicate which subgraphs are high-quality and should be prioritized. Consumers (eg. applications) can also set parameters for which Indexers process queries for their subgraphs and set preferences for query fee pricing.
FWIW, here's how OSV affords search queries: https://github.com/google/osv#data-dumps
> For convenience, these sources are aggregated and continuously exported to a GCS bucket maintained by OSV: gs://osv-vulnerabilities
> This bucket contains individual entries of the format gs://osv-vulnerabilities/<ECOSYSTEM>/<ID>.json as well as a zip containing all vulnerabilities for each ecosystem at gs://osv-vulnerabilities/<ECOSYSTEM>/all.zip
> E.g. for PyPI vulnerabilities:
# Or download over HTTP via https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip
gsutil cp gs://osv-vulnerabilities/PyPI/all.zip
Implementing a toy version of TLS 1.3
This is wonderful.
I was super excited to dive in an find the RSA code so I could preen about Bleichenbacher's vulnerability, but she neatly sidestepped that by doing ECDH. Then I thought, well, maybe it's P-curve ECDH and I can preen about invalid curve attacks on static-ephemeral ECDH. But nope, X25519! My point here, apart from making fun of myself for being the kind of person who would write this stuff on a message board, is TLS 1.3 is pretty solid.
The "block thing" that's kind of weird is, I assume, the TLS Record Layer. TLS runs (ordinarily) over TCP, which provides a non-demarcated stream of bytes. TLS breaks that stream up into records, and runs its handshake messages over one type of record, (say) HTTPS over another, and "alerts" over a third. The Record Layer also interacts, I think, with TLS's misbegotten compression system?
In the same vein as this project (but with different goals) is Trevor Perrin's tlslite, which is implemented in pure Python: https://github.com/trevp/tlslite
> tlslite
"PEP 543 – A Unified TLS API for Python" #interfaces (-2016) https://peps.python.org/pep-0543/#interfaces
Learning a protocol by writing a toy client (or toy server) is a blast. It's so satisfying to see a real, production-quality server sending real responses to your little mess.
You'd probably enjoy work as a software pentester, where the docket --- at least for non-web-applications, which admittedly are the most common project if you don't specialize --- is almost entirely building tooling-grade implementations of random protocols so you can test for vulnerabilities.
Here's caddy's go/tls wrapper with e.g. ACME, OCSP stapling: https://github.com/caddyserver/caddy/blob/master/modules/cad...
Django-ca also does OCSP and certbot-compatible ACMEv2 w/ known limitations: https://django-ca.readthedocs.io/en/latest/acme.html#known-l...
E.g. https://google.github.io/clusterfuzzlite/ is likely not so great at protocols because that requires testing concurrent and distributed systems and TLAplus, which at least currently can't find side channels FWIU.
https://github.com/secfigo/Awesome-Fuzzing#network-protocol-...
OSS-Fuzz runs CloudFuzz[Lite?] for many open source repos and feeds OSV OpenSSF Vulnerability Format: https://github.com/google/osv#current-data-sources
The quantum technology ecosystem explained
Wikipedia (dbpedia, wikidata,) concept URIs:
Category:Quantum mechanics https://en.wikipedia.org/wiki/Category:Quantum_mechanics
Applications_of_quantum_mechanics https://en.wikipedia.org/wiki/Applications_of_quantum_mechan...
List of emerging technologies https://en.wikipedia.org/wiki/List_of_emerging_technologies may have inspiration for applications of currently-discovered quantum mechanical phenomena.
#Q12 is the Quantum K12 talent.
QoS: Quantum-on-Silicon may very well scale; but how can we store un-collapsed output qubits?
Quantum tagging,
> QoS: Quantum-on-Silicon may very well scale; but how can we store un-collapsed output qubits?
Aren't all current programmable quantum processors essentially made of qubit memory cells capable of certain in-memory operations?
All current programmable quantum processors are made from unicorn hairs and fairy dust.
The current state of the art is trying to prove that the thing did something quantum. Programmability is at best swapping some wires around to change that something.
This is false. Quantum computers are not programmed like telephone switch boards. They're programmed typically by sending signal pulses (of RF, DC, or light) of the right shape at the right time to physical elements and they react. It really is programming.
Moreover, it's remarkably easy to see that the machines—universal gate-based machines—are doing something quantum. What's not easy to see is if they'll ever break away from their scaling challenges and become useful, large scale machines.
Well, NMR has been doing that for quite some time but nobody considers it "computing". Realistically, you're encoding a problem within a physical system by perturbing its energy levels, letting them evolve, and then doing readout. This works because computation is universal.
Again, no. Maybe you're thinking about adiabatic quantum computation, something popularized by D-Wave. But most people in the industry don't call their machines "(universal) computers," but rather "quantum annealers."
This is not the same as universal, gate-based computation, which does take an actual program containing instructions, and executes those instructions more-or-less sequentially, just as any computer programmer would expect. The state of the system begins with what is essentially equivalent to a large array of 0's, and you manipulate it accordingly, without resorting to evolution as your primary computational means of marching forward. In fact, left alone, these computers are designed to remain static, like an ordinary computer. (However, they still couple with the environment and decohere, which is one of the major challenges we, as humanity, face in building a useful quantum computer.) This is what Rigetti, IBM, Google, HRL, Amazon, IonQ, ColdQuanta, etc. are doing. They use superconducting transmon qubits, ion qubits, neutral atom qubits, or silicon quantum dot qubits. (There are other companies and qubit technologies still.)
Hey, um, I think I do know what I'm talking about :). You can see more of this historical side effort, which didn't pan out for a number of reasons: https://en.wikipedia.org/wiki/Nuclear_magnetic_resonance_qua... A 7 qubit QC NMR was implemented in 2001.
All these systems are just evolution of spin systems or other similar systems. The big difference with an NMR quantum computer is that it manipulates ensembles of spins.
The comment about universality of computing is that many physical processes can be used to compute things. I didn't say that qcs were universal computers.
Please try to read what i'm writing more carefully.
I know what NMR is. The systems are not evolutions of NMR. They're fundamentally different in their design, construction, and physics. An exchange-only silicon dot quantum computer is very different than an NMR quantum computer, which is very different than a neutral atom quantum computer.
These computers, these days, are by and large considered computers which execute programs. Perhaps in the 90s-00s that wasn't the case since physicists cared more then about the construction of a laboratory apparatus and less about turning it into a programmable device with program and data I/O.
I can't comment on what you know or don't know, but what you're writing is misleading and not accurate. The two points you've made (about what's considered computing and how modern quantum computers work) are what I refute.
I don't understand your point. Everything I said above is completely and totally technically correct from a physical point of view. You are ascribing to my statements meaning which I did not intend.
Modern trapped ion computers are doing the same underlying operations as NMR: you are using RF or other energy to perturb the energy states of underlying particles or other components, and reading out the results.
There was also a whole field called 'dna computing' which you would call biologists in a lab, but they were absolutely doing computing
I'm intently curious what sort of common-sense explanation you'd ascribe to how one programs an ordinary classical computer. Would you describe a computer programmer as one who orchestrates a delicate movement of charge through an intricate arrangement of n–p–n bipolar transistors?
Quantum computers really can be instructed to do an abstract operation on an abstract quantity, just like I can on an ordinary computer. You tell quantum computers to add and multiply, just as you do in your favorite programming language. In the programming language Quil, which a couple quantum computers of different base technologies use, one can literally write down a matrix of numbers in a program to define a new mathematical function, and later use that function to manipulate the contents of the computer's RAM[1]. On top of this, you can have loops, boolean conditions, and all that jazz a programmer expects. You don't even need a physicist to do this; a completely physics-ignorant programmer could do this.
All this business about energy levels, evolution, etc. are distractions, just as the electrodynamics of a transistor are distractions from what it means to program a computer.
[1] I'm abusing the word "RAM" here, where I truly mean the state of your quantum register(s).
> one can literally write down a matrix of numbers in a program to define a new mathematical function, and later use that function to manipulate the contents of the computer's RAM[1].
This "Quantum Computing for Computer Scientists" video https://youtu.be/F_Riqjdh2oM explains classical and quantum operators as just matrices. What are other good references?
Quantum state: https://en.wikipedia.org/wiki/Quantum_state
Quantum logic; quantum logical operators: https://en.wikipedia.org/wiki/Quantum_logic
> All this business about energy levels, evolution, etc. are distractions, just as the electrodynamics of a transistor are distractions from what it means to program a computer.
But a classical simulator - like e.g. qiskit - for a quantum circuit/experiment/function must run the experiment very^very^very many times to even probabilistically approximate a sufficient quantum system; because of the combinatorial probabilistic explosion that results from adding just one more basis state.
What are the fundamental limitations of quantum simulators? Maybe it's possible.
Quantum simulator: https://en.wikipedia.org/wiki/Quantum_simulator
- [ ] Maybe Twistor theory has insight into a classical geometrical formulation that could be run on a non-QC?
Amplituhedron: https://en.wikipedia.org/wiki/Amplituhedron
[Photon] wave-particle constructive superpositions approximate which operators, which may form a neat topology like this:
- [ ] > A research question for a new school year:
> The classical logical operators form a neat topology. Should we expect there to be such symmetry and structure amongst the quantum operators as well? https://commons.m.wikimedia.org/wiki/File:Logical_connective...
Your assessment of how a quantum simulator works is not quite right. These simulators represent the entire probability distribution of basis states succinctly as an array. This array grows very large (exponentially) in the number of qubits.
A simulator only needs to run a computation once (which is multiplication of matrices in a tensor product space) and look at the resulting state. You don't need to run anything multiple times to approximate a quantum state.
The questions you're asking are the whole point of the field of quantum information science. On an ordinary quantum computer where quantum state will collapse to a basis state upon readout, indeed you might need to gather statistics to determine the answer to whatever you've asked your computer. However, "very many times" is mathematically bounded in some way for an ideal quantum computer. It's like saying "we need to do many^many^many^many comparisons to do quicksort". Well yes, but we have a relationship between the size of the input (N) and the average number of comparisons needed (N log N), which makes the algorithm feasible in practice. This is the same with quantum algorithms.
There are also different kinds of quantum algorithms. Some are more probabilistic in nature. Others are—again in purely ideal circumstances—give you the right answer in one go.
As a side note: It is very hard for me to read, understand, and respond to your comments. They seem like random buzzword soups and aren't very coherently put together, mixed with random links and references.
Re: error in simulators and actual QC hardware, which we do need for a reason: Quantum Error Correction # General_codes https://en.wikipedia.org/wiki/Quantum_error_correction#Gener...
How to best quantize reals into matrices (~= tensors)? https://en.wikipedia.org/wiki/Quantization_(signal_processin...
> Peter Shor first discovered this method of formulating a quantum error correcting code by storing the information of one qubit onto a highly entangled state of nine qubits. A quantum error correcting code protects quantum information against errors of a limited form.
Here's "Quantum Algorithm Zoo" by Microsoft Quantum: https://quantumalgorithmzoo.org/
And "Timeline of quantum computing and communication" https://en.wikipedia.org/wiki/Timeline_of_quantum_computing_...
I have a hard time with the idea that the outcome of the ultimate quantum simulation is a collapsed float.
Quantum Monte Carlo: https://en.wikipedia.org/wiki/Quantum_Monte_Carlo :
> Quantum Monte Carlo encompasses a large family of computational methods whose common aim is the study of complex quantum systems. One of the major goals of these approaches is to provide a reliable solution (or an accurate approximation) of the quantum many-body problem. [...] The difficulty is however that solving the Schrödinger equation requires the knowledge of the many-body wave function in the many-body Hilbert space, which typically has an exponentially large size in the number of particles. Its solution for a reasonably large number of particles is therefore typically impossible,
What sorts of independent states can or should we map onto error-corrected qubits in an approximating system?
Propagation of Uncertainty ... Numerical stability ... Chaotic convergence, ultimately, apparently: https://en.wikipedia.org/wiki/Propagation_of_uncertainty
"Quantum computing: A taxonomy, systematic review and future" (2022) https://doi.org/10.1002/spe.3039
"Multi-qubit quantum logic operations with ion-implanted donor spins in silicon" (2022) https://scholar.google.com/citations?view_op=view_citation&h... https://meetings.aps.org/Meeting/MAR22/Session/G39.1 (Veritasium video)
> Among semiconductor qubits, the electron and nuclear spins of donors in silicon play a special role for their conceptual simplicity (a 31P donor in silicon is similar to hydrogen in vacuum) and their exceptional coherence times [1] and 1-qubit gate fidelities [2]. Here I will present experimental progress on multi-qubit logic operations with donor spins, which point to several credible pathways for scalability using ion-implanted donors in MOS-compatible devices. The current state of the art is a hybrid electron-nuclear 3-qubit processor [3], where two 31P nuclear spin qubits are coupled to the same electron. The shared electron enables a geometric nuclear two-qubit CZ gate, which we perform with 99.37% average fidelity. NMR single-qubit gates reach fidelities up to 99.95%, and state preparation and measurement are performed with 98.95% fidelity. These three metrics show how close this system is to operating at fault-tolerance thresholds. Further, we entangle the two nuclei with the electron to prepare a 3-qubit GHZ state with 92.5% fidelity. Electron-nuclear entanglement unlocks the ability to connect nuclear qubits via the electrons, for instance using exchange interactions [4]. We have operated a weakly (~10 MHz) exchange-coupled 31P donor pair as a 2-qubit electron system, with native CROT gates performed by resonant microwaves. Gate fidelity benchmarks are underway and will be reported at the Meeting. On the engineering side, we have demonstrated the ability to implant single donors in silicon with confidence up to 99.85% [5]. This striking result identifies ion implantation as a scalable and accurate manufacturing strategy for spin-based quantum computers in silicon.
QoS: Quantum-on-Silicon
The survey article above just says "[Quantum] Output"? Is that different from registers? How long are those states ah coherent?
"Researchers store a quantum bit for a record-breaking 20 milliseconds" (2022) https://phys.org/news/2022-03-quantum-bit-fora-record-breaki...
> By managing to store a qubit in a crystal (a "memory") for 20 milliseconds, a team from the University of Geneva (UNIGE) has set a world record and taken a major step towards the development of long-distance quantum telecommunications networks.
What are repeaters, and what are [quantum] prepared states in re: registers and longer-term storage for non-collapsed (or just probabilistic?) qubit outputs?
Programming current quantum computers does not require swapping wires around. You can go to https://quantum-computing.ibm.com right now, drag some operations around in an editor, and have their quantum computer run those operations. No one is madly dashing around changing wires when you do that.
That was how they did it back in the old days though.
Q: "Ask HN: What's the Equivalent of 'Hello, World' for a Quantum Computer?" https://news.ycombinator.com/item?id=22707580 [ IBM Qiskit, Microsoft Q#, Google TFQ TensorFlow Quantum, Google Cirq ([NumFOCUS,] SymPy) ]
- https://www.tensorflow.org/quantum/tutorials/hello_many_worl...
A: Set a register to zero and see how many times it reads as zero: A) in the local software simulator; and B) with just one modern day qubit register.
Debugging with GDB
One absolutely essential companion to gdb is 'rr' [0], it's a 'post mortem' debugger, but unlike a core file, you can replay the action, in reverse if necessary. You can reverse-cont, reverse-step create watchpoints, run forward again etc etc. It's absolutely amazing!
The best thing about time travel debugging is that you effectively get an instruction-perfect reproducer for the problem you're looking at.
Even if the problem only occurs one time in a thousand, if you have recorded it then you can review it in arbitrary detail as many times as you need. You can even send the recording to another developer for their feedback.
Probably the second best thing about time travel is watchpoints[0] + reverse-continue[1] - combining these two features, you can answer "why is that value there?" incredibly quickly.
Reverse execution + watchpoints is so powerful it can speed up the diagnosis of memory corruptions, race conditions, algorithmic bugs, etc from days/weeks to hours.
[0] https://sourceware.org/gdb/onlinedocs/gdb/Set-Watchpoints.ht...
[1] https://sourceware.org/gdb/onlinedocs/gdb/Reverse-Execution.... - GDB has an implementation of reverse debugging but larger projects like `rr` (https://rr-project.org/) or `udb` (https://undo.io/solutions/products/udb/ - which, disclaimer, I work on) exist to do this with higher performance on complex, real-world programs.
(edit: format links better)
Time travel debugging https://en.wikipedia.org/wiki/Time_travel_debugging :
> Interactive debuggers include the ability to modify code and step forward based on updated information.[4] Reverse debugging tools allow users to step backwards in time through the steps that resulted in reaching a particular point in the program. Time traveling debuggers provide these features and also allow users to interact with the program, changing the history if desired, and watch how the program responds.[5]
https://github.com/rr-debugger/rr :
> System requirements: Linux kernel ≥ 3.11 is required (for PTRACE_SETSIGMASK).
> rr currently requires either:
> An Intel CPU with Nehalem (2010) or later microarchitecture. [OR] Certain AMD Zen or later processors
Is there an rr-like reverse time-travel debugging tool for ARM64/aarch64?
Are GUIs like Voltron and Ghidra helpful for gdb and/or rr-like traces?
rr works in principle on AArch64 though it requires an extremely recent CPU and the rest of system userspace to be compiled correctly.
Any gdb front end can probably be made to work with rr. Our current project is (shameless plug) https://pernos.co/ which provides a super-advanced GUI for working with (x86) rr traces.
"Support ARM" #1373 https://github.com/rr-debugger/rr/issues/1373
rr (software) https://en.wikipedia.org/wiki/Rr_(debugging)
Record and replay debugging https://en.wikipedia.org/wiki/Record_and_replay_debugging
/? site:github.com inurl:awesome https://www.google.com/search?q=site%3Agithub.com+inurl%3Aaw...
Arpchat – Text your friends on the same network using just ARP
libp2p/rust-libp2p: https://github.com/libp2p/rust-libp2p
"chat with mdns does not work on the internet" https://github.com/libp2p/go-libp2p-examples/issues/64 ... mdns.go: https://github.com/libp2p/go-libp2p/blob/master/examples/cha...
'Quantum hair’ could resolve Hawking’s black hole paradox, say scientists
Does this mean we can finally see the (collapsed, 'classical photonic') quantum information of dinosaurs which is never destroyed; by recalling information embedded in or relayed through such spaces; which are induced by cosmic rays, neutron stars, and possibly accelerators?
... That we can finally see dinosaurs?
A Primer on Proxies
Is it ok if I don’t like the term “reverse proxy”?
I find it entirely confusing and non-intuitive. I put it up there with idiotic terms like “OTT” which AFAIK just means “connected to the internet”.
Has always bothered me also, but that's the industry term so we are kind of stuck with it.
Proxy components are officially called Intermediaries in thr HTTP semantic specification; see https://httpwg.org/http-core/draft-ietf-httpbis-semantics-la....
Intermediaries can have different purposes. The official alternative to reverse proxy is "gateway", which is unfortunately overloaded with other kinds of gateways in networking.
Naming things is hard. Reverse proxy isn't great but all things considered is unique enough to allow folks to discriminate the sort of HTTP proxying that is happening
An HTTP reverse proxy forwards HTTP requests and adds e.g. X-Forwarded-For and X-Forwarded-Host headers.
https://www.nginx.com/resources/wiki/start/topics/examples/f... :
X-Forwarded-For: 12.34.56.78, 23.45.67.89
X-Real-IP: 12.34.56.78
X-Forwarded-Host: example.com
X-Forwarded-Proto: https
Forwarded: for=12.34.56.78;host=example.com;proto=https, for=23.45.67.89
k8s calls this "Ingress" and there are multiple "Ingress API" implementers; which essentially must reload the upstream server list on SIGHUP. https://kubernetes.io/docs/concepts/services-networking/ingr...
List of k8s Ingress Controllers: https://kubernetes.io/docs/concepts/services-networking/ingr...
> What is the difference between a reverse proxy and a load balancer?
Reverse proxy may or may not loadbalance requests. For example, in a sidecar configuration it can just terminate tls, provide telemetry, etc and forward everything to local port.
A [load-balancing] reverse proxy can also keep WAF rules in RAM for processing requests and responses. WAF: Web Application Firewall (OWASP CRS ruleset, CF ruleset,)
Methods for delegating HTTP requests to another application, with per-message overhead and inevitably-necessarily-tunable buffering: Layer 2 (MAC on a local segment), Layer 3 (IP), Layer 4 (TCP, UDP ports), Layer 7: HTTP parse and forward over network sockets or file sockets, defy separation of concerns and least privileges and run the (e.g. non-blocking Lua,) app within the webserver, Layer 7+: container service mesh Ingress API,
e.g. FastCGI uses file sockets, which avoids additional TCP overhead but doesn't really scale because sockets and network filesystems.
(ASGI is the Asynchronous WSGI, which specifies $ENVIRONMENT_VARIABLE names as an interface contract in order to decouple web [[reverse] proxy] servers from web applications.)
Fundamentally, which variables passed in the e.g. os.environ dict like $REMOTE_USER and IDK is it like $SSL_CLIENT_CERT_SHA384, SSL_CLIENT_CERT_*; should downstream web applications simply trust as valid strings over what network path?
TLS re-termination.
Non-root [web] servers must run on ports less than 1024, which e.g. iptables or nftables (or eBPF) can easily port-forward to only if rewriting URLs within potentially-signed assets within HTTP messages and HTTP/3 UDP streams isn't necessary.
Ask HN: Tools to generate coverage of user documentation for code
Does anyone know of tools/techniques for generating a coverage report of user documentation over source code? In other words, I'd like to be able to automatically determine when there is documentation missing for an implemented feature or if there is documentation for a feature that was removed.
I'm asking because I've been working on a tool for many years and it's grown large enough that I have a hard time keeping track of what all the parts do and what has and has not been documented. What I'm thinking I'd like to do is add a tag to a piece of source code (C++) and put the corresponding tag in the user docs (RST). Then, during the build, I'd like a report of untagged code, code/docs with matching tags, and code/docs with unmatched tags.
I also feel like there should be at least two levels of documentation to be tracked: 1) the overall feature and 2) fine-details about how the feature behaves under different circumstances. For example, a feature that interacted with the network would have an overall description and some extra notes about how timeouts/retries are handled.
Does anyone have any experience with such a thing or have a similar interest?
"[Python-Dev] Should set objects maintain insertion order too?" https://mail.python.org/archives/list/python-dev@python.org/... :
> Are there URIs for Big-O notation that could be added as e.g. structured attributes in docstrings or annotations?
Looks like docutils supports bibliographic fields and a `metadata` directive: https://docutils.sourceforge.io/docs/ref/rst/directives.html...
RST field lists: https://docutils.sourceforge.io/docs/ref/rst/restructuredtex...
`sphinx-apidoc -M`: https://www.sphinx-doc.org/en/master/man/sphinx-apidoc.html
sphinx-contrib/apidoc re-runs sphinx-apidoc on every build to generate the doc stubs: https://github.com/sphinx-contrib/apidoc
awesome-sphinxdoc: https://github.com/yoloseem/awesome-sphinxdoc
Requirements traceability: https://en.wikipedia.org/wiki/Requirements_traceability
Test coverage: https://en.wikipedia.org/wiki/Code_coverage
...
Someday I'd like to be able to express RDF triples in RST; wherein the preceding heading and/or a specific attribute specify the subject URI and then attr/value pairs are predicate/objects. IDK if that's even necessary for this application where you'd have the dotted-path of the __doc__ string to imply the subject URI?
: https://twitter.com/westurner/status/1384081580218408962 :
How to express #LinkedData in
- [ ] LaTeX
- [x] HTML: RDFa, JSON-LD, Microdata
- [ ] YAML: YAML-LD
- [ ] Markdown: MyST-Markdown for executablebooks/jupyter-book (Sphinx roles and directives)
- [ ] reStructuredText (docutils)- [ ] SCH: SEON OWL ontology could grow a "Documentation"/"Docstring" rdfs:Class/owl:Class and requisite domains on possibly already covering properties to describe the URI-traceable relations between the artifacts: https://github.com/sealuzh/onts-seon :
> SEON consists of multiple ontologies, for example to describe stakeholders, activities, artifacts, and the relations among all of them. The ultimate goal is to facilitate the implementation of tools that help software engineers to manage software systems over their entire life-cycle.
jupyter-book (Sphinx (docutils), myst-parser, jupyter notebooks) > #879 "Generate OpenGraph metadata for social previews and cards" https://github.com/executablebooks/jupyter-book/issues/879#i...
Show HN: `Git add -p` with multiple buckets
There are probably a couple good ways to avoid trying to split `git add -p` with e.g. jujutsu `jj`? https://github.com/martinvonz/jj/blob/main/docs/git-comparis...
If CI isn't running tests for every PR, `git add -p` can create pretty patches that fail when attempting to `git bisect` later.
> Comprehensive support for rewriting history: Besides the usual rebase command, there's `jj describe` for editing the description (commit message) of an arbitrary commit. There's also `jj edit`, which lets you edit the changes in a commit without checking it out. To split a commit into two, use `jj split`. You can even move part of the changes in a commit to any other commit using `jj move`.
Beavers back in London after 400-year absence
Here in the US midwest beavers are shot and their dams dynamited wherever they are found.
The majority of the US used to be endless chains of mosquito-infested beaver ponds, the entire length of every stream and river. Nearly uninhabitable by people.
The extinction of the beaver is what made the US agriculturally useful. There's not a single landowner I know, who wants a random pond flooding their field, road or house.
For better or worse, the age of the beaver is definitely over. At least in the US.
In the Pacific Northwest, beavers increase resilience to wildfire and drought. They do so by creating natural fire breaks and by increasing groundwater storage. They also do this in a way that also creates fish habitat and deeper pools that coldwater fish like trout and salmon can take advantage of to survive lower water years.
They're really ecologically important, and while some may complain that they fall trees, that's actually very beneficial in the west where we have forest fires that burn far more trees than any beavers could hope to destroy to build their structures. This is not just for the northwest, but other drought and fire-prone western regions (Oregon, Colorado).
TL;DR Our elimination of beavers is exacerbating the problems of drought and fire in the american west.
Good video from PBS's Terra series: https://www.youtube.com/watch?v=6lT5W32xRN4
"Leave It to Beavers" (2018) PBS Nature [53m] https://g.co/kgs/5yA9R5 :
> A growing number of scientists, conservationists and grass-roots environmentalists have come to regard beavers as overlooked tools when it comes to reversing the disastrous effects of global warming and world-wide water shortages. Once valued for their fur or hunted as pests, these industrious rodents are seen in a new light through the eyes of this novel assembly of beaver enthusiasts and “employers” who reveal the ways in which the presence of beavers can transform and revive landscapes. Using their skills as natural builders and brilliant hydro-engineers, beavers are being recruited to accomplish everything from finding water in a bone-dry desert to recharging water tables and coaxing life back into damaged lands.
Apparently beavers are attracted to the sound of running water.
Show HN: A Graphviz Implementation in Rust
Author of a web-based GraphViz editor [1] here. We're currently using viz.js [2], which is the original GraphViz compiled to WASM. Since viz.js is unmaintained, we're looking for a replacement.
This library looks really promising! As it's written in rust, it should be possible to port it to WASM. Are there plans in that direction?
Is it planned to be a drop-in replacement for GraphViz (or the dot engine)?
[1]: https://edotor.net [2]: https://github.com/mdaines/viz.js
awesome-graphviz #language-bindings, https://github.com/CodeFreezr/awesome-graphviz#language-bind...
awesome-network-analysis #javascript lists a few libraries. https://github.com/briatte/awesome-network-analysis#javascri...
FWIW, JupyterLite builds WASM as well
How to record data for reinforcement learning agent from any Linux game (2020)
The title is misleading, it promises recording data from *any* game, yet it requires some UDP telemetry to be implemented in the game itself and uses F1 as the game.
I was expecting something with a) strace to track IO or b) gdb to monitor specific memory regions which contain game state or c) some eBPF stuff (to track IO or memory aka a+b combined).
"Sysdig vs DTrace vs Strace: A technical discussion." https://sysdig.com/blog/sysdig-vs-dtrace-vs-strace-a-technic...
There are sysdig chisels that reference gdb.
https://github.com/openai/retro :
> Gym Retro lets you turn classic video games into Gym environments for reinforcement learning and comes with integrations for ~1000 games. It uses various emulators that support the Libretro API, making it fairly easy to add new emulators.
Podman can transfer container images without a registry
I wish containers hadn't created the abstractions of a registry and an image instead of exposing it all as tar files (which is what it kind of is under the covers) served over a glorified file server. This leads to people assuming there's some kind of magic happening and that the entire process is very arcane, when in reality it's just unpacking tar files.
If you want to DIY a container with unix tools, this should help: https://containers.gitbook.io/build-containers-the-hard-way/
"Signing Images with Docker Content Trust" explains how cryptographic container image signatures work w/ Docker Notary (TUF) https://docs.docker.com/engine/security/trust/#signing-image...
The TUF spec (and PyPI TUF PEPs) explains why a tar over https (with optional DNSSEC, a CA cert bundle, CRL, OCSP,) isn't sufficient for secure software distribution. "#ZeroTrust DevOps"; #DevSecOps
What's the favorite package format with content signatures, key distribution, a keyring of trusted (authorized) keys, and a cryptographically-signed manifest of per-file hashes, permissions, and extended file attributes? FWIW, ZIP at least does a CRC32.
We now have the Linux Foundation CNCF sigstore for any artifact, including OCI container images.
W3C ld-proofs is a newer web standard that unfortunately all package managers haven't yet migrated to. https://news.ycombinator.com/item?id=29355786
Because ld-proofs is RDF, it works in JSON-LD and you could merge the entire SBOM [1] and e.g. CodeMeta [2] Linked Data metadata for all of the standardized-metadata-documented components in a stack.
[1] https://github.com/google/osv/issues/55
[2] https://github.com/codemeta/codemeta
Isn't this reinventing the wheel somehow? Linux distros have been using tar.gz over HTTP (not S!) and relying on GPG for years.
But most Linux distros are not that great either. They don't implement TUF and are not safe against some vectors prevented by that. It's OK to start anew when container distribution poses a different problem anyway.
The linked page doesn't explain anything at all. It says some incredibly obvious things (remotes can be compromised and you should be prepared for that) and then goes on to say the subject fixes all that, but there's actually no explanation of how it does that or what it does to get there. It's a marketing piece, essentially.
From this about DNSSEC and software supply chain security a couple weeks ago, from this about Android packages: https://news.ycombinator.com/item?id=27700513 :
>> [...] Sigstore is a free and open Linux Foundation service for asset signatures: https://sigstore.dev/what_is_sigstore/
>> The TUF Overview explains some of the risks of asset signature systems; key compromise, there's one key for everything that we all share and can't log the revocation of in a CT (Certificate Transparency) log distributed like a DLT, https://theupdateframework.io/overview/
>> Certificate Transparency: https://en.wikipedia.org/wiki/Certificate_Transparency
>> Yeah, there's a channel to secure there at that layer of the software supply chain as well.
>> "PEP 480 -- Surviving a Compromise of PyPI: End-to-end signing of packages" (2014-) https://www.python.org/dev/peps/pep-0480/
>>> Proposed is an extension to PEP 458 that adds support for end-to-end signing and the maximum security model. End-to-end signing allows both PyPI and developers to sign for the distributions that are downloaded by clients. The minimum security model proposed by PEP 458 supports continuous delivery of distributions (because they are signed by online keys), but that model does not protect distributions in the event that PyPI is compromised. In the minimum security model, attackers who have compromised the signing keys stored on PyPI Infrastructure may sign for malicious distributions. The maximum security model, described in this PEP, retains the benefits of PEP 458 (e.g., immediate availability of distributions that are uploaded to PyPI), but additionally ensures that end-users are not at risk of installing forged software if PyPI is compromised.
>> One W3C Linked Data way to handle https://schema.org/SoftwareApplication ( https://codemeta.github.io/user-guide/ ) cryptographic signatures of a JSON-LD manifest with per-file and whole package hashes would be with e.g. W3C ld-signatures/ld-proofs and W3C DID (Decentralized Identifiers) or x.509 certs in a CT log.
> FWIU, the Fuschia team is building package signing on top of TUF.
W3C Web Bundles + Linked Data for the SBOM and metadata could be a good solution for software supply chain security in general: https://news.ycombinator.com/item?id=29296573 :
>> Web Bundles, more formally known as Bundled HTTP Exchanges, are part of the Web Packaging proposal.
>> HTTP resources in a Web Bundle are indexed by request URLs, and can optionally come with signatures that vouch for the resources. Signatures allow browsers to understand and verify where each resource came from, and treats each as coming from its true origin. This is similar to how Signed HTTP Exchanges, a feature for signing a single HTTP resource, are handled.
How do these newer potential solutions compare to distributing packages and GPG-signed hash manifests over HTTP, with GPG public keys retrieved over HTTPS (HKP)? (Maybe with keys pinned in the GPG source codes for common key servers? Or why not?)
Are DNS (DNSSEC, DoH, DoT downgrade attacks), CA compromise (SPOF), and x.509 cert forgery still the significant potential points of failure? What of that can e.g. Web3 solve for?
Wut? I just make websites man.
I don't want to be dismissive, but I hate deploying my applications for this reason. I'm an application developer. I'm not averse to infrastructure as code, and containerization, and I'm happy to do ops for my preferred stack. But I can't learn all this stuff too.
Conveniently, Docker has abstracted 99% of what she said away from you.
Does `podman trust` also work yet? Shell commands from the first Docker docs link above:
docker trust key generate jeff
# docker trust key load key.pem --name jeff
docker trust signer add --key cert.pem jeff registry.example.com/admin/demo
docker trust sign registry.example.com/admin/demo:1
export DOCKER_CONTENT_TRUST=1
docker push registry.example.com/admin/demo:1
docker trust inspect --pretty registry.example.com/admin/demo:1
docker trust revoke registry.example.com/admin/demo:1Light exposure during sleep impairs cardiometabolic function
Research on Blue light and sleep: https://justgetflux.com/research.html
https://en.wikipedia.org/wiki/Melanopsin :
> Melanopsin photoreceptors are sensitive to a range of wavelengths and reach peak light absorption at blue light wavelengths around 480 nanometers.[30] Other wavelengths of light activate the melanopsin signaling system with decreasing efficiency as they move away from the optimum 480 nm. For example, shorter wavelengths around 445 nm (closer to violet in the visible spectrum) are half as effective for melanopsin photoreceptor stimulation as light at 480 nm.[30]
Under Melanopsin > infobox > "Biological process", e.g. "entrainment of circadian clock by photoperiod" and "regulation of circadian rhythm" are listed.
Show HN: Instantly create a GitHub repository to take screenshots of a web page
I built a GitHub repository template which automates the process of configuring a new repository to take web page screenshots using GitHub Actions.
You can try this out at https://github.com/simonw/shot-scraper-template
Use the https://github.com/simonw/shot-scraper-template/generate interface to create a new repository using that template, and paste the URL that you want to take screenshots of in as the "description" field.
The new repository will then configure itself using GitHub Actions, take the screenshot and save it back to the repo!
This but automated visual regression testing (eg testing screenshots are the same) would be amazing. Anyone got any ideas how this might work with shot-scraper?
You could absolutely get this working with GitHub Actions with a bit of creativity.
I've been playing around with my own image-diff tool for this kind of thing, but it's not yet in a decent state: https://github.com/simonw/image-diff - there are other, better options out there such as https://github.com/mapbox/pixelmatch
Needle is an older system that did this using Selenium - updating that to work with Playwright (or Playwight via shot-scraper) would be an interesting project: https://github.com/python-needle/needle
Awesome Visual Regression Testing > lists quite a few tools and online services: https://github.com/mojoaxel/awesome-regression-testing#tools...
"visual-regression": https://github.com/topics/visual-regression
Cypress.io can run in a CI job, does Time Travel, works with DevTools debugger, can take screenshots and [headless] video, and it looks like there's a visual regression testing thing for it: https://github.com/mjhea0/cypress-visual-regression https://docs.cypress.io/guides/overview/why-cypress#Features
Lawn mowing frequency affects bee abundance and diversity (2018)
The previous owner of my house was maintening a picture perfect green. With the kids and the jobs, I didn't want to follow that practice. Too much time for a soil not made for this, lots of fertilizer, various chemicals...
I fix the dead patches every spring and autumn with clover seeds and compost made from grass clippings, egg shells and vegetables/fruits peels. Zero fertilizer or weed killers, I remove by hand the weeds I don't like once in a while. I rake the garden twice a year to keep moss under control.
5 years later, our garden no longer looks like a green, but a prairie with the usual local plants. Since 2 years poppies are colonizing the most sun exposed parts, with spectacular blooms we are eagerly waiting for. Worms, larvae, slugs and snails are plenty, so birds are always at work foraging. Whatever dies during the hottest weeks regenerates in autumn. Plenty of bees are foraging the clovers and bindweed flowers.
It's looks nice, it's alive, it's much less work and money to maintain, it's self regenerating.
That's awesome - natural and native ecosystems are what we should be aiming for, not sterile lawns. It's better for the environment and for biodiversity, lower maintainence, and you get the benefits of an ecosystem like surprise blooms.
I don't know if you're aware of this (you probably are but I'm posting it for readers anyway) but there's a movement for doing this in many aspects of our nature management called permaculture. It's pretty cool!
Rewilding (conservation biology) https://en.wikipedia.org/wiki/Rewilding_(conservation_biolog...
Climate change mitigation effects of rewilding > Carbon sinks and removal: https://en.wikipedia.org/wiki/Climate_change_mitigation#Carb...
Permaculture : https://en.wikipedia.org/wiki/Permaculture
It would also cut the number of interrupted Zoom meetings due to noise pollution in half.
Another reason for textual chat meetings with URLs, #hashTags, @atTags, an agenda at the top, headings, and a prepared, accessible transcript!
I’m not sure why this comment is grey. I know this wouldn’t necessarily work for everyone, but hey voice/video meetings don’t work well for some of us either. Folks, do what works for you and your team. Not everyone has to do the same thing.
Lasers could cut lifespan of nuclear waste from a million years to 30 minutes
I'm a practicing nuclear physicist and do work on gamma ray interactions with actinides. It's possible i'm missing something important, but i think this article is an utter mess and was clearly written by someone with absolutely no understanding of what they are saying. Attempting to learn anything from this article will be counterproductive.
Here is an explanation of chirped pulse amplification: https://www.rp-photonics.com/chirped_pulse_amplification.htm... This technique is for producing optical photons, which will have less than 10 ev of energy. In the same way that you can't focus the sun's light to a point that gets hotter than the surface of the sun (violates second law of thermodynamics), it isn't obvious how low energy laser pulses can be useful for this. The article offers no explanation whatsoever. Maybe the electric field across the nucleus can be made strong enough to induce scission?
In general, if you want to interact with the nucleus you need photons on the order of 1 Mev or more, whose wavelengths are comparable to the size of the nucleus. These are gamma rays, which are not optical photons. There are ways to boost optical photons to those energies (like inverse compton scattering), but the article says nothing about that either. I would think inverse compton scattering of a chirped pulse from an electron packet in an accelerator will completely destroy the sharp timing and reflect the distribution of the electrons instead.
Mourou's Nobel lecture [1] has brief explanation of the envisioned process. The idea is to use intense laser pulses to accelerate deuterium ions into a tritium target. The deuterium-tritium fusion then generates high-energy neutrons that can transmutate nuclei.
This is probably not impossible, but I have doubts if this could be implemented efficiently at scale.
[1] https://journals.aps.org/rmp/abstract/10.1103/RevModPhys.91....
You can do that with fusor. It does direct acceleration without laser generation losses.
uranium 235 and plutonium 239, have a half life of 24,000 years
- U235 has a half life of 700,000,000 years.
If he gets pulses 10,000 times faster, he says he can modify waste on an atomic level.
The article says nothing about how he hopes to gain 4 orders of magnitude. Is there some kind of Moore's law in the "speed" of these pulses?
I wasted my time reading this article, it explains nothing.
It's not a novel idea:
"Laser induced nuclear waste transmutation" https://arxiv.org/abs/1603.08737
"Transmutation prospect of long-lived nuclear waste induced by high-charge electron beam from laser plasma accelerator" https://arxiv.org/abs/1705.05770
"Fusion Driven Transmutation of Transuranics in a Molten Salt" https://arxiv.org/abs/2109.08741
"Generic method to assess transmutation feasibility for nuclear waste treatment and application to irradiated graphite" https://arxiv.org/abs/2201.02623
It never really occurred to me that transmutation is a reputable field of scientific study nowadays.
A sub-skill of Alchemy :-)
Show HN: Hubfs – File System for GitHub
HUBFS is a file system for GitHub and Git. Git repositories and their contents are represented as regular directories and files and are accessible by any application, without the application having any knowledge that it is really accessing a remote Git repository. The repositories are writable and allow editing files and running build operations.
Or you could, you know, clone the repository into a local working tree.
That works well for small repos or a few repos but if you want to find all cc files, at all release branch's, in your entire company and check for some exploit it is helpful to have a VFS. Makes it so you could also support N SCMs through one API. You just need to make a new VFS.
Isn't there already a good way to push computation closer to the data?
GmailFS and pyfilesystem (userspace FUSE) and rclone are neat as well.
https://stackoverflow.com/questions/1960799/how-to-use-git-a... explains about the `git push` step that git-remote-dropbox enables: https://github.com/anishathalye/git-remote-dropbox
GitHub also has a code search now: https://cs.github.com
Needing to tie into a specific API (like codesearch) couples you to the specific storage backend (Github). If you build your software to operate on a POSIX-y file system, you can support anything that shows up as a file system. For example: A local working tree of files, an NFS share, or now a remote git repository.
Running the code where the data already is saves network transfer: with data locality, you don't need to download each file before grepping.
Locality_of_reference#Matrix_multiplication explains how the cache miss penalty applies to optimizing e.g. matrix multiplication: https://en.wikipedia.org/wiki/Locality_of_reference#Matrix_m...
Physicists steer chemical reactions by magnetic fields and quantum interference
Perhaps also practical for intersecting applications: "These Superabsorbent Batteries Charge Faster the Larger They Get: In the lab, the prototype quantum batteries are charged with light" https://spectrum.ieee.org/quantum-battery :
> Previous work found that matter could act collectively in surprising ways due to quantum physics. For example, in "superradiance," a group of atoms charged up with energy can release a far more intense pulse of light than they could individually.
> In the past decade, researchers have also discovered the reverse of superradiance was possible—superabsorption, with atoms cooperating to display enhanced absorption. However, until now superabsorption was seen for only small numbers of atoms.
[…]
> The new device consists of a reflective waferlike microcavity enclosing a semiconducting organic Lumogen F orange dye, which the researchers charged with energy using a laser. Ultrafast detectors helped the team monitor the way in which this dye charged and stored light energy at femtosecond resolution. As the microcavity size and the number of dye molecules increased, the charging time decreased.
Could a combo PV photovoltaic, storage, full-spectrum e.g. LED product for outdoor and/or indoor applications be created with super absorption, , and superradiance?
Maybe also wrap the thing in thin film (and/or graphene sheets that throw off electrons) to harvest energy off the thermal gradient around the unit; and shape it like self-cleaning petals.
White noise improves learning by modulating activity in midbrain regions (2014)
White noise: https://en.wikipedia.org/wiki/White_noise
https://news.ycombinator.com/item?id=28402424 :
> https://en.wikipedia.org/wiki/Neural_oscillation#Overview says brainwaves are 1-150 Hz? IIRC compassion is acheivable on a bass guitar.
Doodling improves memory retention / learning, too. IDK how much difference the content of a doodle makes? Hypothesis: Additional "cognitive landmarky" content in the doodle or received waveforms would increase retention up to a limit.
Regarding doodling, it seems that any active productive study method is at least somewhat beneficial. I've found this in my own personal experiments. For example, testing myself with cloze deletions, creating Anki cards, generating mind maps, Cornell notes, inline annotation/marginalia, doodling, generating questions, generating mnemonics, mind palaces, etc.
An interesting one is reading and reciting out loud: https://www.tandfonline.com/doi/full/10.1080/09658211.2017.1...
Another non-intuitive method that is helping me a lot is pacing around my house slowly while I read. It goes to show that cognition is an embodied phenomenon. It's unintuitive when intelligence is viewed from the traditional split mind/body paradigm but just take a look at an image of our nervous systems. Those wires to and from our brain and guts wrap around every part of us.
Memory and retention in learning > Methods of improving memory and retention https://en.wikipedia.org/wiki/Memory_and_retention_in_learni...
Mnemosyne/Anki, (FreeMind, yEd, Gephi, AtomSpace as-moses, RDF bnodes, ONNX,) mind maps, RestructuredRext, MyST-Markdown, todo.txt (TaskWarrior,), StructuredProcrastination, ActivityWatch, Dogsheep, *-to-sqlite, awesome-quantified-self, https://github.com/woop/awesome-quantified-self
But metrics for actual memory retention? I've heard of TinCan xAPI w/ a LRS. nbgrader, Khan Academy exercises, OpenBadges to demonstrate proficiency,
Awesome. Thanks for the resources. Coincidentally, I stumbled on this research today on the effect of exercise + meditation on word recall: https://hpp.tbzmed.ac.ir/PDF/hpp-9-314.pdf
"Episodic memory enhancement versus impairment is determined by contextual similarity across events" (2021) https://www.pnas.org/doi/full/10.1073/pnas.2101509118
From "How Our Environment Affects What We Remember" https://neurosciencenews.com/environment-memory-20165/amp/
Show HN: Prepform – AI and spaced-repetition to optimize learning
Hi, I'm Eric and I'm the founder and lead developer of Prepform.
A high-quality education helped me pursue my interests and achieve my goals. I started Prepform so students of all backgrounds have access to the same kind of education.
I grew up in Southern California, surrounded by dozens of SAT prep programs, and I swear I must have gone to all of them. Different programs followed different styles and techniques, but the strategy they shared was to create a study plan and review mistakes.
A study plan is taking a diagnostic test,
setting a target score,
creating a study schedule,
identifying mistakes, and finally
reviewing those mistakes.
I wanted to take this structure and optimize it with machine learning, while accounting for elements of human learning and memory. I'm a big fan of SuperMemo, a memorization technique developed by Piotr Wozniak, where you review material just as you're about to forget it. Cognitive psychology tells us human forgetting follows a pattern, but Piotr quantified this behavior to identify the precise moment forgetting happens.
The goal was to build on his research with AI and tailor it to not only test prep but to the individual student, and make it the engine of the study plan.
The result is Blended Prep, which guides students to internalize knowledge rather than memorize material, and gives them the best chance to ace their next exam.
I'm so excited to share this with the HN community, and would love to know what you think. You can try it out at https://prepform.com. Thanks for reading.
https://news.ycombinator.com/item?id=28309645 https://westurner.github.io/hnlog/#comment-28309645 :
Re: Phonemic awareness and Phonological awareness,
> What are some of the more evidence-based (?) (early literacy,) reading curricula? OTOH: LETRS, Heggerty, PAL:
> Which traversals of a curriculum graph are optimal or sufficient?
> You can add https://schema.org/about and https://schema.org/educationalAlignment Linked Data to your [#OER] curriculum resources to increase discoverability, reusability.
https://news.ycombinator.com/item?id=24527589 https://westurner.github.io/hnlog/#comment-24527589 :
>> A bottom-up (topologically sorted) computer science curriculum (a depth-first traversal of a Thing graph) ontology would be a great teaching resource.
>> One could start with e.g. "Outline of Computer Science", add concept dependency edges, and then topologically (and alphabetically or chronologically) sort.
>> https://en.wikipedia.org/wiki/Outline_of_computer_science
>> There are many potential starting points and traversals toward specialization for such a curriculum graph of schema:Things/skos:Concepts with URIs.
> https://westurner.github.io/hnlog/ ... Ctrl-F "interview", "curriculum"
OpenBadges as Blockcerts for Q12 competencies
Why tensors? A beginner's perspective
I was happy to see that this article is actually talking about tensors, not just multidimensional arrays (which for some reasons are often called tensors by machine learning folks).
Same word, different contexts and meaning. In ML tensors are multidimensional arrays (and nothing more). Neither physicists nor ML researchers/developers are confused about what it means.
I'm pretty sure that a multidimensional array was the original implementation of tensors and the more fancy linear forms formalism came later in the twentieth century. Then the question was how do these multidimensional arrays operate on vectors and how do they transport around a manifold. (Source: first book I read on general relativity in the 1970s had a lot of pages about multidimensional arrays and also this good summary of the history: https://math.stackexchange.com/questions/2030558/what-is-the...
(Sort of like how vectors kind of got going via a list of numbers and then they found the right axioms for vector spaces and then linear algebra shifted from a lot of computation to a sort of spare and elegant set of theorems on linearity).
AFAIU, Matrices are categorically subsets of Tensors where the product operator, at least, is not the tensor product but the Dot product.
Dot product: https://en.wikipedia.org/wiki/Dot_product
Matrix multiplication > Dot product, bilinear form and inner product: https://en.wikipedia.org/wiki/Matrix_multiplication#Dot_prod...
> The dot product of two column vectors is the matrix product
Tensor > Geometric objects https://en.wikipedia.org/wiki/Tensor :
> The transformation law for a tensor behaves as a functor on the category of admissible coordinate systems, under general linear transformations (or, other transformations within some class, such as local diffeomorphisms.) This makes a tensor a special case of a geometrical object, in the technical sense that it is a function of the coordinate system transforming functorially under coordinate changes.[24] Examples of objects obeying more general kinds of transformation laws are jets and, more generally still, natural bundles.[25][26]
Mathematicians are comfortable with the idea that a matrix can be over any set, in other words matrix is a mapping from the cartesian product of two intervals [0,N_i) to a given set S. Of course to define matrix multiplication you need at least a ring, but a matrix doesn’t have to define such an operation, and there are many alternative matrix products, for example you can define the Kronecker product with just a matrix over a group. Or no product at all for example a matrix over the set {Red,Yellow,Blue}.
Tensors require some algebraic structure, usually a vector space.
Booting ARM Linux the standard way
Fwiu, the magical path to launch Grub on an ARM board is:
/boot/efi/debian/grubaa64.efi
"DOC: How to boot into Grub" (in order to get a passphrase-protected graphical boot menu where you can modify kernel parameters like `rescue`) https://github.com/Tow-Boot/Tow-Boot/issues/110
putting a file in /boot/efi/debian/ won't do anything at all unless the specific board you have already has platform firmware onboard to actually make that work. Arm EBBR complicant server boards do this for example, this won't work for the vast majority of ARM single board computers though.
PipeWire: A year in review and a look ahead
Can anyone explain me like I'm five, why this major transition from PulseAudio to PipeWire is happening during the last year?
Pipewire was started by Wim Taymans, one of the gstreamer people. Originally it was supposed to allow video-streams in sandboxed environments like flatpak (and was known as "pulsevideo"), but then he noticed that it could be extended to do audio as well.
Since pulseaudio's architecture isn't well-suited to incorporate sandboxing, that project continued and it turned out that it could handle compatibility with both pulseaudio (the sound server for "consumerist" needs) and jack (the one for "pro audio" people where low latency is paramount).
You can even use programs like QJackCtl, which was written for Jack, to perform audio routing and stuff with pipewire!
So now, we have a sound server that
1. is much nicer to configure than pulseaudio
2. is compatible with sandboxing
3. is compatible with pulseaudio, jack and the older alsa APIs and features
4. is developed much more quickly than either of the others
See also https://fedoraproject.org/wiki/Changes/DefaultPipeWire
> 2. is compatible with sandboxing
"DOC,ENH: How to connect container pipewire, alsa, jack to host pipewire (#1612)" https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/16...
How does database indexing work? (2008)
https://en.wikipedia.org/wiki/Database_index
https://en.wikipedia-on-ipfs.org/wiki/Database_index
From "Hosting SQLite Databases on GitHub Pages" https://news.ycombinator.com/item?id=28021766 re: edgesearch, HTTP/3 QUIC UDP, :
> Serverless full-text search with Cloudflare Workers, WebAssembly, and Roaring Bitmaps https://github.com/wilsonzlin/edgesearch
>> How it works: Edgesearch builds a reverse index by mapping terms to a compressed bit set (using Roaring Bitmaps) of IDs of documents containing the term, and creates a custom worker script and data to upload to Cloudflare Workers
WebGPU – All of the cores, none of the canvas
Question for someone with gpu programming experience: is it feasible to analyze time series data (eg.: run a trading algorithm through a series of stock prices) in parallel (with the algorithms receiving different parameters in each core)?
If not then what is the limiting factor?
This depends on the algorithm. If it has lots of branching and control flow, then it's unlikely to run well. If it's based on something like FFT or any sort of linear algebra really, then it should run really well.
WebGPU is accessible enough maybe you should try it! You'll learn a lot either way, and it can be fun.
Isn't there something like SciPy which you can run on WebGPU?
https://wgpu-py.readthedocs.io/en/stable/guide.html :
> As WebGPU spec is being developed, a reference implementation is also being build. It’s written in Rust, and is likely going to power the WebGPU implementation in Firefox. This reference implementation, called wgpu-native, also exposes a C-api, which means that it can be wrapped in Python. And this is what wgpu-py does.
> So in short, wgpu-py is a Python wrapper of wgpu-native, which is a wrapper for Vulkan, Metal and DX12, which are low-level API’s to talk to the GPU hardware.
So, it should be possible to WebGPU-accelerate SciPy; for example where NumPy is natively or third-partily CUDA-accelerated
edit: Intel MKL, https://Rapids.ai,
> Seamlessly scale from GPU workstations to multi-GPU servers and multi-node clusters with Dask.
Where can WebGPU + IDK WebRTC/WebSockets + Workers provide value for multi-GPU applications that already have efficient distributed messaging protocols?
"Considerable slowdown in Firefox once notebook gets a bit larger" https://github.com/jupyterlab/jupyterlab/issues/1639#issueco... Re: the differences between the W3C Service Workers API, Web Locks API, and the W3C Web Workers API and "4 Ways to Communicate Across Browser Tabs in Realtime" may be helpful.
Pyodide compiles CPython and the SciPy stack to WASM. The WASM build would probably benefit from WebGPU acceleration?
Command-line Tools can be 235x Faster than your Hadoop Cluster (2014)
It often isn’t about the execution time, if it’s a daily job and takes 26 minutes who cares?
Using something like databricks means it is easy to schedule and manage jobs, easy to write jobs that work in good enough time, easy to troubleshoot when things go wrong.
It comes with a well documented security mode and a support contract when needed.
Developers can be onboarded quickly and work code reviewed and managed.
Logging and diagnostics are available and you can report on metrics easily.
That isn’t true with custom data pipelines written in shell scripts.
The value isn’t in the pure execution time, it is in everything around it.
Can't you just ask one of the machines in the databricks/spark cluster to run those shell commands?
Or is that more of a kubernetes thing?
That's pretty much how Dask works; though Dask doesn't throw away data types for newline-delimited strings between each failed partitioned IPC pipeline process, and then the new hire didn't appropriately trap errors in their shell script, so the log messages are chronologically non-sequential and text-only.
https://github.com/dask/dask-labextension :
> This package provides a JupyterLab extension to manage Dask clusters, as well as embed Dask's dashboard plots directly into JupyterLab panes.
Something like ml-hub allows MLops teams to create resource-quota'd containers with k8s and IAM, though even signed code can DoS an unauditable system with no logs of which processes ran which signed archive of which code at what time, with bash and ssh. https://github.com/ml-tooling/ml-hub
CPython, C standards, and IEEE 754
I don't know why GCC-12 was in the picture, but I hope all of you can understand one thing: python's source code must be compatible with GCC 6. And no so called "Threading [Optional]" features. It is all because CentOS is dead. CentOS has been sold to IBM. There is no CentOS 8 anymore. The free lunch is ended. And there wouldn't be another OSS project to replace it.
Linux kernel developers want to use C11. CPython developers want to use C11. But does your compiler support it? If you were a C++ developer, would you request C++17/C++20 also?
CPython must be aligned with the manylinux project. manylinux build every python minor release from source. Historically manylinux only use CentOS. CentOS has devtoolset, which allows you use the latest GCC in an very old Linux release. Red hat has spent much time on it. Now you can't get it for free because CentOS is dead. So the manylinux community is switching to Ubuntu. Ubuntu can only provide GCC 6 to them. If anycode in CPython is not compatible with GCC6, then manylinux will have to drop ubuntu too. And they don't have any other alternative. As I said, for now Red Hat devtoolset is the only solution. When IBM discontinued the CentOS project, most people do not understand what it means to the OSS community.
(I work for Microsoft. It doesn't stop me to love Linux.)
> for now Red Hat devtoolset is the only solution. When IBM discontinued the CentOS project, most people do not understand what it means to the OSS community.
"Compilers and Runtimes" > "CentOS sysroot for linux-* Platforms" https://conda-forge.org/docs/maintainer/infrastructure.html#...
From https://conda-forge.org/docs/user/announcements.html :
>> 2021-10-13: GCC 10 and clang 12 as default compilers for Linux and macOS
>> These compilers will become the default for building packages in conda-forge.
Conda-forge specifies enough to solve for CentOS sysroot compatibility and newer GCC is already specified.
CentOS (RHEL SRPMs with RH trademarks removed + EPEL) lives on as {Rocky Linux, Alma Linux, CentOS Stream,} and SUSE is still RHEL-compatible.
https://github.com/pypa/cibuildwheel :
>> Build Python wheels for all the platforms on CI with minimal configuration.
>> Python wheels are great. Building them across Mac, Linux, Windows, on multiple versions of Python, is not.
>> cibuildwheel is here to help. cibuildwheel runs on your CI server - currently it supports GitHub Actions, Azure Pipelines, Travis CI, AppVeyor, CircleCI, and GitLab CI - and it builds and tests your wheels across all of your platforms.
Ask HN: Books recommendations on developing critical thinking?
hoping get your recommedation on critical thinking, decision under uncertainity - other than khaneman's book.
"Ask HN: How can I “work-out” critical thinking skills as I age?" https://news.ycombinator.com/item?id=24026223
Causal_inference#Methodology https://en.wikipedia.org/wiki/Causal_inference#Methodology
Web Share API
From https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_A... :
> The Web Share API allows a site to share text, links, files, and other content to user-selected share targets, utilizing the sharing mechanisms of the underlying operating system. These share targets typically include the system clipboard, email, contacts or messaging applications, and Bluetooth or WiFi channels
> Note: This API should not be confused with the Web Share Target API, which allows a website to specify itself as a share target
W3C Web Share Target API: https://w3c.github.io/web-share-target/ :
> This specification defines an API that allows websites to declare themselves as web share targets, which can receive shared content from either the Web Share API, or system events (e.g., shares from native apps).
W3C Web Share API: https://w3c.github.io/web-share/ :
> This specification defines an API for sharing text, links and other content to an arbitrary destination of the user's choice.
Ask HN: Is Kubernetes the only alternative for being cloud agnostic?
My company's management desires for us to be "cloud agnostic" - without having a firm definition of what that actually means. Lots of people in my company think "cloud agnostic" means you "containerize" your solutions and run them on Kubernetes. Then you can pick and move your application from cloud to cloud as desired. That seems extremely limited to me. To me that thinking exemplifies the cloud as being "someone else's computer" rather than seeing the cloud as an application platform in and of itself.
What does HN think about this? Is there a way of looking at "cloud agnostic" that still allows you to look at the cloud as an application platform and not just as a platform for running Kubernetes? Is there another way to think about this?
We have ansible playbooks that we wrote leveraging some of the ansible-galaxy stuff, and they do the same thing either on-prems or in cloud. I would say we're pretty cloud native, we follow best practices and deploying something to a cloud provider or internally is the same thing.
Our level of abstraction is containers, we don't use services that cloud providers sell, for example, Lambda, as they are very cloud provider specific. We prefer to use technologies like RabbitMQ which can be deployed on any cloud or on prems easily.
Ansible & k8s:
https://docs.ansible.com/ansible/latest/scenario_guides/kube...
ansible-collections/kubernetes.core: https://github.com/ansible-collections/kubernetes.core
geerlingguy/ansible-for-kubernetes book: https://github.com/geerlingguy/ansible-for-kubernetes
openshift/openshift-ansible: https://github.com/openshift/openshift-ansible
OKD is the open source (RedHat, (IBM)) OpenShift, which wraps kubernetes ; sort of like AWX : https://github.com/openshift/okd
> [OKD] Features: A fully automated distribution of Kubernetes on all major clouds and bare metal, OpenStack, and other virtualization providers;
Single-node OpenShift 4 requires at least 16GB of RAM and 8 vCPU : https://www.redhat.com/en/blog/single-node-openshift-manufac...
> Single node OpenShift offers both control and worker node capabilities in a single server and provides users with a consistent experience across the sites where OpenShift is deployed, regardless of the size of the deployment.
MicroShift requires 2Gb of RAM on e.g. an ARM64 Raspberry Pi 4 or similar SBC: https://microshift.io/docs/getting-started/
Terraform doesn't require k8s: https://github.com/hashicorp/terraform
OpenStack is somewhat EC2 API compatible, but the reverse is not true.
Bootloader Basics
Author of the post here, thanks for sharing! Happy to answer any questions, though even after the few nights spent getting these programs to work I had many questions of my own.
Excellent post! I had a lot of fun writing a bootloader game sometime ago and wrote a post about it, it's a 2048 clone: https://crocidb.com/post/bootsector-game/
That's a great one! Added it to my list of suggested reading in the repo.
https://github.com/eatonphil/bootloaders/blob/main/README.md
- uboot w/ Pinebook Pro : https://gitlab.com/pine64-org/u-boot https://wiki.pine64.org/wiki/Uboot
- pboot w/ Pinephone Pro: https://xnux.eu/p-boot/
- tow-boot: "ENH: "Chainload" to {grub,}" https://github.com/Tow-Boot/Tow-Boot/issues/110 https://github.com/rhboot/grub2/blob/master/grub-core/loader...
Automerge: A JSON-like data structure (a CRDT) that can be modified concurrently
An interesting challenge in the CRDT era today, is that there isn't an ideal CRDT for rich text yet. I mean, not just simple boundary based formattings like bold/italics but also complex block based elements like tables and lists.
While recent CRDTs like peritext has done an incredible job of focussing on this specific problem of rich text, even that project hasn't extended its types to cover table operations and list operations. I've been thinking about this problem deeply and my intuition is that anything that resembles semantic trees are tricky to deal with using a generic CRDT.
For example a generic tree/json CRDT cannot be used for an AST tree - and it will most likely fail. I wrote about this a while back - https://news.ycombinator.com/item?id=29433896
If you have ideas on how to approach this problem, join us on this thread https://github.com/inkandswitch/peritext/issues/27#issuecomm...
I can't find a link right now but I believe Kevin is in the process of implementing "move" in Yjs, so that if you copy and paste from a section or split it, it is a move rather than a delete and insert.
Agreed on tables, they are so much more complex and may need further operation types to ensure no dropped edits.
Obviously with Peritext you are implementing a very rich text focused CRDT. The way I see it is there are general purpose and domain specific CRDTs, Yjs being more general purpose but with a concept of 'marks' on strings for formatting. Ultimately we need both and I like the concept of one that covers both bases so you can have a db document that contains rich text fields along with more traditional structured data.
Without exactly domain specific CRDTs for your application you will always have to do some level of schema correction after merging documents.
Re: inlined tabular data in CRDT distributed systems for collaboration on documents that may be required to validate:
Atomicity: https://en.wikipedia.org/wiki/Atomicity_(database_systems)
> An atomic transaction is an indivisible and irreducible series of database operations such that either all occurs, or nothing occurs.[1] A guarantee of atomicity prevents updates to the database occurring only partially, which can cause greater problems than rejecting the whole series outright. As a consequence, the transaction cannot be observed to be in progress by another database client. At one moment in time, it has not yet happened, and at the next it has already occurred in whole (or nothing happened if the transaction was cancelled in progress).
> An example of an atomic transaction is a monetary transfer from bank account A to account B. It consists of two operations, withdrawing the money from account A and saving it to account B. Performing these operations in an atomic transaction ensures that the database remains in a consistent state, that is, money is neither lost nor created if either of those two operations fail. [2]
IIRC, Apache Wave (Google Wave (2009)) solves for tables but is not built atop a CRDT, like Docs and Sheets? https://en.wikipedia.org/wiki/Google_Wave
Jupyterlab/rtc - Jupyterlab, JupyterLite (WASM), - is built upon a CRDT for .ipynb JSON, at least. https://github.com/jupyterlab/rtc
(URI-) Named Graphs as JSON-LD would work there, too. https://json-ld.org/playground/
Does Dokieli have atomic table operations for ad-hoc inlined tables as RDF Linked Data? https://github.com/linkeddata/dokieli
I think there is some confusion over "tables", the GP I believe was referring to typographic "rich text" tables, like you have in a word document, rather than a "data table" in a DB.
The issue with "rich text" tables and CRDTs is that you effectively have two overlapping "blocks", columns and rows. Current CRDTs are good at managing a list of blocks, splitting them, reordering them. Most rich rich text tables are represented as a list of rows of cells.
If you have two clients, one adds a new row (represented as a new row in rows list), and the other adds a new column (represented as a new cell in each row in the rows list), and then merge, you have a conflict where the new row and column meet. There is a missing cell, and so you end up with a row that is one cell too short.
What is needed is a CRTD that has a concept of a table, or table like structure, so that when the documents are merged it knows to add that extra cell in the new row.
This has nothing to do with Atomicity in the traditional DB transaction sense.
Edit:
Just thinking about this a little more, if you model the table as a list of maps, with each column having a unique id it would overcome the misalignment issue, and it potentially helps with other table conflicts too. You would however have to store the order of the columns somewhere and deleting columns could conflict.
> This has nothing to do with Atomicity in the traditional DB transaction sense.
Partial application of conflicting additive schema modifications is an atomicity issue as much as it is a merge issue. If the [HTML] doesn't validate before other nodes are expected to synchronize with it, that changeset shouldn't apply at all; atomicity.
It looks like Dokieli supports embedded tables.
With RDF (and triplestores, and property graphs), you can just add "rows" and "columns" (rdfs:Class instances with rdfs:Property instances) without modifying the schema or the tabular data. Online schema migration is dangerous with SQL, too, because the singular db user account for the app shouldn't have [destructive] ALTER TABLE privileges.
"CSV on the Web: A Primer" > "Validating CSVs" (CSVW Tabular Data) https://www.w3.org/TR/tabular-data-primer/#validating-csvs
A 13-year-old used my artificial nose to diagnose pneumonia
Hmmm... I'm skeptical. Not necessarily because I don't think that pneumonia could be detected by testing VOCs in breath, but because I'm currently working on a project that uses sensors to do breath analysis and my amateur research has informed me that it's fairly hard to get right (which is why my primary goal is to identify deltas rather than achieve numerical accuracy).
For one, VOCs can be present in breath for other reasons besides some sort of infection in the lung, and VOCs are incredibly hard to differentiate with just a sensor. The fact that they tend to be faint in human breath even at their highest (in contrast to O2 and CO2) doesn't help. Even the most expensive PID sensors for VOCs (they get up into the several hundreds a pop) can't really tell you whether the predominant gas is acetone or alcohol or acetaldehyde or hydrogen sulfide. So you've got to figure out whether the presence of VOCs is truly an anomaly and not just a part of ketosis. In which case you will also need to measure at least VeO2 to see whether the VOCs correspond with the Respiratory Quotient.
The "e-nose" project, as described on the MakeZine article, doesn't appear to do that. It does have an alcohol sensor. But these sensors aren't particularly sophisticated. They use semiconductors with heating elements to detect the presence of gases, and there is almost certainly some overlap between the alcohol and VOCs sensors.
If VOCs are produced by pneumonia, then yes, it's conceivable that even just the VOCs sensor alone would detect this. But can this group of sensors used in the e-nose differentiate pneumonia from catabolism?
Maybe? ¯\_(ツ)_/¯
After all, this thing uses AI. And maybe AI can recognize something that a human can't by simply looking at a line graph. I dunno... Such things should be tested against known inputs before being suggested to diagnose anything.
In my experience, "AI can extract more information from sensors" is mostly a myth.
An example is the SCIO sensor ( https://nocamels.com/2019/03/scio-kickstarter-darling-promis... ) which was a cheap handheld spectrometer that claimed to accurately determine the nutritional information of any food you pointed it at.
One good way to debunk this is to measure raw sensor output and compute Mutual Information (which incorporates sensor noise/variability). If the sensor only produces X bits of information, no algorithm will be able to extract more classes than that. In the SCIO case it was just under 8 bits total of information. So something like a poor color sensor. You could train on apples and oranges and maybe do an investor demo, but it's not actually going to do anything useful (as the Kickstarter crowd soon learned).
Is the limit: A) sensor resolution, B) NN architecture and/or algorithm, C) training sample size, D) training data (labeling, segmentation) quality, or E) it doesn't sufficiently predict the variance with low enough error?
New NN models are able to do more with the exact same sensor data.
You cannot conjure information out of thin air. Even with infinite data and a hypothetical wormhole CPU that runs everything in O(1) and solves the halting problem, you still couldn't do this. So to answer your question, the reason is effectively (A). Sensor resolution might be the wrong term but it's the general idea.
How much information content is there in DNA (and RNA,)? How do creatures know or learn what not to eat given limited available sensor data?
How much information content is there in DNA? 2 bits per base, before compression. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3220916/
How do creatures know what to eat? Evolution solved that for most creatures, so their sensors don't have to work as hard at runtime. And in other cases, some number of members of a population of creatures will die before the population learns the food is poisonous. Our sensors, and the information processing systems that manage their outputs, are remarkably efficient data processing engines that do the equivalent of approximating and predicting, often well beyond what the most advanced deep learning systems are capable of doing now.
So, sensor resolution is higher, there are multiple fields being integrated, in a massively-parallel spreading-activation Biological Neural Network, and that's how blank-slate creatures just know?
Is there enough information content - per the Shannon entropy definition or otherwise - in DNA and/or RNA to code for the survival-selected traits that
I'm not sure that the (Shannon entropy, MIC, Kolmogorov,) information content of the samples is the limit of any given network trained therefrom? Is there anything to be gained from upsampling and adding e.g. gaussian blur (noise)? Maybe it's feature engineering, maybe it's expert methods bias, maybe it's just sensor fusion; that's the magic noise.
Perhaps this is moving the goalposts a bit, but e.g. depixelation does appear to defy such a presumed limit due to apparent information content? Perhaps it is that the network reading the sensor carries additional information associated with the lower-resolution or additional-fields' sensor data?
https://github.com/krantirk/Self-Supervised-photo :
> Given a low-resolution input image, PULSE searches the outputs of a generative model (here, StyleGAN) for high-resolution images that are perceptually realistic and downscale correctly.
Maybe no amount of feature engineering can actually add information?
Lit-up fishing nets reduce catch of unwanted sharks, rays and squid: study
Is there some way to make fishing nets out of e.g. bioluminescent, biodegradable, carbon negative organic material?
LEDs that biodegrade after ___ years would be a good idea, too. MEMS-powered?
Design of a rapid transit to Mars mission using laser-thermal propulsion
WebGL 2.0 Achieves Pervasive Support from All Major Web Browsers
Why though? WebGL is already getting left behind for WebGPU.
WebGPU: https://en.wikipedia.org/wiki/WebGPU
> WebGPU is the working name for a future web standard and JavaScript API for accelerated graphics and compute, aiming to provide "modern 3D graphics and computation capabilities". It is developed by the W3C GPU for the Web Community Group with engineers from Apple, Mozilla, Microsoft, Google, and others. [1]
Uniting the Linux random-number devices
https://en.wikipedia.org/wiki//dev/random#Linux has :
> In October 2016, with the release of Linux kernel version 4.8, the kernel's /dev/urandom was switched over to a ChaCha20-based cryptographic pseudorandom number generator (CPRNG) implementation [16] by Theodore Ts'o, based on Bernstein's well-regarded stream cipher ChaCha20.
> In 2020, the Linux kernel version 5.6 /dev/random only blocks when the CPRNG hasn't initialized. Once initialized, /dev/random and /dev/urandom behave the same. [17]
Carbon Robotics new LaserWeeder with 30 lasers to autonomously eradicate weeds
From the article:
> In addition to an updated build, the 2022 LaserWeeder features 30 industrial CO2 lasers, more than 3X the lasers in Carbon Robotics’ self-driving Autonomous LaserWeeder, creating an average weeding capacity of two acres per hour. Growers who use Carbon Robotics’ implements are seeing up to 80% savings in weed management costs, with a break-even period of 2-3 years.
How does this compare to competing laser weeding robots?
Agricultural robot: https://en.wikipedia.org/wiki/Agricultural_robot
Launch HN: Pelm (YC W22) – Plaid for Utilities
Hi HN, Drew and Edmund from Pelm here (https://www.pelm.com). We are building an API that allows developers to access energy data, such as electricity usage or billing data, from utilities.
Currently, if you want to build an application on top of energy data, you have to build integrations with utilities across the country. Not only is this time-consuming, it's super frustrating given the lack of data standardization and the clunky, high-friction integration processes that energy companies use. With Pelm, you only have to integrate with one service to access utility data, and you get to use a seamless, well-documented API built by other developers.
We are software engineers (from Asana and Affirm) who are enthusiastic about sustainability and the creation of a more modern energy grid. We talked with lots of developers who were frustrated from trying to work with energy data and saw an opportunity to meet their needs while supporting the push for a more efficient energy grid.
Most companies trying to tackle this problem are energy companies, not technology companies. The products they build don't keep the user in mind and only focus on meeting bare functional requirements. Pelm, by contrast, is by-developers-for-developers. Our focus is ease of use. Our API is simple to get up and running (under ten minutes) and provides clear documentation and instructions.
It works like this: you register for our service and embed Connect (our front-end plugin) into your application. The end user uses Connect to authorize access to their data from their particular utility. We scrape electricity usage and billing data from their utility account and store it in a standardized format in a database. Your application can then query electricity interval data and billing data for the end user through our REST API. We also recently built out functionality to pay utility bills through our API.
Our API is designed for apps that do things like help consumers reduce electricity usage, charge EVs at optimal times, optimize HVAC installs, or educate on climate-friendly practices.
One example of how Pelm can currently be used is in demand response programs—that’s when utilities pay companies to get large amounts of people to reduce their electricity consumption during peak hours. Our API can help measure the reduction, which determines how much the company gets paid. Another example: solar panel installers can use us to show potential clients how much they could save on their electricity bill by installing solar. Another is community solar programs that allow people to buy into remote solar farms and get credit for the generated energy from utilities. Pelm can be used by community solar providers to calculate and bundle bills.
(By the way, an interesting little-known fact: this space is possible because of a 2012 initiative by Obama that required utilities to allow consumers more visibility into their energy consumption habits.)
Pelm is free up to 100 API calls and 10 active end users per month. After that we charge on a usage based plan: $0.10/call and $0.50/active end user up to 10,000 API calls and 1,000 active users. Past that limit, you'll move onto an enterprise plan with a flat monthly rate based on your service level and an adjusted rate for calls and active end users (we’re still figuring out the exact parameters).
We’d love to hear any of your ideas or experiences within this space! We’re always looking for creative approaches to the problem and ways we can better the developer experience we’re building. If you get a chance to test out the API, please share your feedback on how we could improve it. Thanks so much!
Two questions:
How are you connecting to the users energy supplier, I assume most don't have their own apis and so you are having to save the users login credentials? If so you should list the security measures you are taking to ensure that are safely stored. This is much like how developers had to connect to banks before they started supporting standard apis.
Which utility companies can you currently connect to? Again may be worth listing them on the site.
Great callout. Passwords are encrypted using a 256-bit AES cipher and are never persisted or shown to developers in plaintext. We currently support PG&E and SCE with a ComEd integration landing within the week.
What does it cost a utility to add e.g. read-only OAuth token support to their customer-facing app?
FWIU, it's pretty easy to add OAuth support to any HTTP API endpoint with e.g. Nginx auth_request or by integrating an OAuth library with automated tests into the application at the url routes, if nothing else.
Do you have a "Guide for utilities who want users to have a safe third-party read-only API", a Developer portal, or like a decision tree for which script to read a decision-maker or a front-line lackey who doesn't know anything about APIs?
Does Pelm integrate with Zapier? https://zapier.com/platform
Show HN: SHA-256 explained step-by-step visually
SHA2: https://en.wikipedia.org/wiki/SHA-2
https://rosettacode.org/wiki/SHA-256
Hashcat's GPU-optimized OpenCL implementation: https://github.com/hashcat/hashcat/blob/master/OpenCL/inc_ha...
Bitcoin's CPU-optimized sha256.cpp, sha256_avx2.cpp, sha256_sse4.cpp, sha256_sse41.cpp: https://github.com/bitcoin/bitcoin/blob/master/src/crypto/sh...
https://github.com/topics/sha256 https://github.com/topics/sha-256
Cryptographic_hash_function#Cryptographic_hash_algorithms: https://en.wikipedia.org/wiki/Cryptographic_hash_function#Cr...
Merkle–Damgård construction: https://en.m.wikipedia.org/wiki/Merkle%E2%80%93Damg%C3%A5rd_...
(... https://rosettacode.org/wiki/SHA-256_Merkle_tree ... Merkleized IAVL+ tree that is balanced with rotations in order to optimize lookup,: https://github.com/cosmos/iavl
Self-balancing binary search tree: https://en.wikipedia.org/wiki/Self-balancing_binary_search_t... )
Frank Rosenblatt's perceptron paved the way for AI 60 years too soon (2019)
Perceptron: https://en.wikipedia.org/wiki/Perceptron #History, #Variants
An MLP: Multilayer Perceptron can learn XOR and is considered a feed-forward ANN: Artificial Neural Network: https://en.wikipedia.org/wiki/Multilayer_perceptron
Backpropagation: 1960-, 1986, https://en.wikipedia.org/wiki/Backpropagation
1999 Repeal of Glass-Steagall was the worst deregulation enacted in US history
Yeah what was the deal with that dotcom correction in the early 2000s? Did banks invest differently after GLBA said that they can gamble against peoples' savings deposits (because they created a 'sociallist' $100b credit line, called it FDIC, and things like that don't happen anymore)
Decline of the Glass-Steagall Act: https://en.wikipedia.org/wiki/Decline_of_the_Glass%E2%80%93S...
Dot-com bubble: https://en.wikipedia.org/wiki/Dot-com_bubble
America’s Covid job-saving programme gave most of its cash to the rich
Would a [premined, escrowed] stablecoin token make it easier to answer these kinds of Transparency and Accountability questions in regards to government spending and government stimulus funding beyond intra-governmental transfers of real value?
Said stablecoin token would be hosted on more or more resilient Distributed Ledger Technologies (DLTs; 'blockchains') with a - indeed more auditable - transaction record specification that supports multiple transaction inputs and outputs and an optional identifier such as an e.g. "coinbase field" to key auxilliary (unfortunately comparably mutable, offsite-backuped by which responsible parties) database records to.
The issue here is not transparency, it's who the money was directed to. This is a policy question, and what type of currency you use is totally irrelevant. It's already very easy to see who received money (https://projects.propublica.org/coronavirus/bailouts/), what we're discussing is whether it should have been given to different people.
So, in your opinion, the "And then where did the money go?" question is entirely distinct from the "Did those investments have the desired impact for the desired audience, per the predefined criteria for success?" question? Who were we doing capital investment for, in hopes of them raising additional separately-accounted-for monies? https://westurner.github.io/hnlog/#comment-25893860 re: https://www.usaspending.gov/
Oh, are you talking about tracking the money after it's been loaned out? Like for a given dollar we can see that it was loaned to Company X, then paid to an employee, then spent on rent, then spent at a restaurant, etc. If that's what you mean then I agree it would be useful for studying the impacts of stimulus policies, although I think there are a lot of other privacy impacts we'd need to consider.
You can always launder money to defeat such a trail. I'm not going to go into detail about how, just in case my ignorant ramblings have some novel techniques in there, but it's definitely possible.
Like with banning encryption, the privacy impacts would be felt by the little people, and the big bad actors would be largely unaffected.
So we rely upon reports apparently generated from reconciled alternate accounting systems to determine whether the funds were appropriated impactfully?
TheGivingBlock specializes in handling cryptoasset donations with tax receipts. (We don't yet (?) prefill returns in the US)
When you donate to a TheGivingBlock Cause Fund, you get a tax receipt by email and the donation is privately sent to each of the multiple registered nonprofit charities included in that particular Fund.
TheGivingBlock Cause Funds map to the UN SDG Sustainable Development Goals; are categorically aligned to the #GlobalGoals Goals, but not yet (?) to specific Targets or Indicators. https://thegivingblock.com/donate/
Re: CharityNavigator nonprofit rating methodology, SDG-aligned GRI Corporate Sustainability Reports, setting up a CharityVest charitable matching fund for your employees, SDGs,: https://news.ycombinator.com/item?id=24412594 https://westurner.github.io/hnlog/#comment-24412594 CharityVest feedback: https://westurner.github.io/hnlog/#story-23907902
How should nonprofits be evaluated in order to invest impactfully?
If somebody says "Strategic Alignment" again, will less-impactful cashflows be eliminated?
When the government nonprofit invests in government services, nonprofits, NGOs, international aid, and for-profit entities, how do we evaluate per-investment/per-allocation ROI according to the predefined criteria at regular intervals, potentially with incremental commitment?
So, the specific fund allocation control adjustments being requested here are presumably due to feedback (sensor data and nonlinearity) which may or may not be traceable to an actual funding suggestion allocation task item in the near future, presumably
Most of the highest-impact charities wouldn't score highly on a “what happens to the money” metric. Think of the good stuff the Gates Foundation has been doing, or the GiveWell top charities. It's a good way of measuring the benefits of cash injection, but that's all.
no
What would be better feedback for developing a resilient economy together? https://en.wikipedia.org/wiki/Glossary_of_systems_theory#Fee...
Ask HN: Do you use TLA+?
It's surprising to me that so many crypto projects don't use TLA+. Besides the ones mentioned here (https://lamport.azurewebsites.net/tla/industrial-use.html), does your company use TLA+? Why? Why not?
## TLA+
Wikipedia: https://en.wikipedia.org/wiki/TLA%2B
Src: https://github.com/tlaplus/tlaplus
Awesome: https://github.com/tlaplus/awesome-tlaplus
### Dr TLA+
Web: https://github.com/tlaplus/DrTLAPlus
Src: https://github.com/tlaplus/DrTLAPlus :
> Dr. TLA+ series - learn an algorithm and protocol, study a specification; [Byzantine] Paxos, Raft, Cosmos,
##
"Concurrency: The Works of Leslie Lamport" ( https://g.co/kgs/nx1BaB
##
https://westurner.github.io/hnlog/#comment-27442819 :
> Can there still be side channel attacks in formally verified systems? Can e.g. TLA+ help with that at all?
New material that can absorb and release enormous amounts of energy
Not quite the same, but got me thinking: Could we theoretically power and refuel car in the following way:
- Take a cube of X elastic material and squish it really dense with a big machine.
- Power the car via the pressure of the material trying to expand.
- Once it's nearly depleted (fully expanded), take it to another squishing station.
I imagine you couldn't store anywhere near enough power that way today, but then that's also the kind of problem the linked material is trying to solve, right?
Compressed air energy storage is already a thing!
The energy stored is limited by the tensile strength of the container. The best capacity for a unit weight is from laminated carbon fibre tanks, but this still doesn’t even approach the energy density of ordinary hydrocarbon fuels.
You’ll find that there’s lots of interesting ways to store energy — like flywheels or chemical cells — but one way or another they’re all inherently limited by chemical bond strengths.
Fundamentally all energy storage is some sort of stored “tension” in chemical bonds that can be released to do useful work.
The reason fuels are so good is that this release needs a second component (oxygen) that is kept separated. This makes high energy densities safe.
No separation — like with compressed gas — means that the energy storage is a bomb waiting to go off. It would be too dangerous to use.
There are various forms of energy and various forms of energy storage, including chemical energy and gravitational potential energy.
We probably think of energy as entropy like gases because e.g Maxwell?
Examples of gravitational potential energy:
- A water tower or a pulley with weight suspended a greater distance from the most local mass/graviton centroid.
Potential energy: https://en.wikipedia.org/wiki/Potential_energy
WebVM: Server-less x86 virtual machines in the browser
Is WebVM a potential solution to "JupyterLite doesn't have a bash/zsh shell"? The current pyodide CPython Jupyter kernel takes like ~25s to start at present, and can load Python packages precompiled to WASM or unmodified Python packages with micropip: https://pyodide.org/en/latest/usage/loading-packages.html#lo...
Does WebVM solve for workload transparency, CPU overutilization by one tab, or end-to-end code signing maybe with W3C ld-proofs and whichever future-proof signature algorithm with a URL?
The VM cannot have full TCP/IP stack, so any data research tasks are likely to need a special code paths and support for downloads. No SQL databases, etc.
From "Hosting SQLite Databases on GitHub Pages" https://news.ycombinator.com/item?id=28021766 https://westurner.github.io/hnlog/#comment-28021766 :
DuckDB can query [and page] Parquet from GitHub, sql.js-httpvfs, sqltorrent, File System Access API (Chrome only so far; IDK about resource quotas and multi-GB datasets), serverless search with WASM workers
https://github.com/phiresky/sql.js-httpvfs :
> sql.js is a light wrapper around SQLite compiled with EMScripten for use in the browser (client-side).
> This [sql.js-httpvfs] repo is a fork of and wrapper around sql.js to provide a read-only HTTP-Range-request based virtual file system for SQLite. It allows hosting an SQLite database on a static file hoster and querying that database from the browser without fully downloading it.
> The virtual file system is an emscripten filesystem with some "smart" logic to accelerate fetching with virtual read heads that speed up when sequential data is fetched. It could also be useful to other applications, the code is in lazyFile.ts. It might also be useful to implement this lazy fetching as an SQLite VFS [*] since then SQLite could be compiled with e.g. WASI SDK without relying on all the emscripten OS emulation.
Also, I'm not sure if jupyterlab/jupyterlab-google-drive works in JupyterLite yet? Is it yet possible to save notebooks and other files from JupyterLite running in WASM in the browser to one or more cloud storage providers?
https://github.com/jupyterlab/jupyterlab-google-drive/issues...
The VM could have its own TCP/IP stack, possibly with a SLIRP layer for translation of connections to the outside. Internet connectivity can be done by limiting it to AJAX, or forwarding the packets to a proxy (something like http://artemyankov.com/tcp-client-for-browsers/), or including a Tor client that connects to a Tor bridge, etc.
StackBlitz' WebContainers have in-browser TCP/IP stack, I think from MirageOS.
How does it get raw ip packets out from inside the browser?
Does it need to reframe packet structs and then fix fragmentation issues, or can it set the initial MSS (because MTU discovery likely won't work quite right) so that it doesn't have to ~shrink and re-fragment tunneled {TCP,} packets? https://en.wikipedia.org/wiki/Maximum_segment_size#MSS_and_M...
Plant-based epoxy enables recyclable carbon fiber
FWIU flax and hemp are more sustainable and potential substitutes for carbon fiber, which is industrially hazardous to produce?
The branching structure makes e.g. hemp bast fiber ideal for supercapacitor (~battery) anodes. How does this plant-based epoxy affect conductivity and resistivity in various materials in various outdoor conditions with and without a coating?
If it's plant-based, is it safe next to plenum cable? Can it be used for Hemp structural framing lumber, such as HempWood?
> potential substitutes
When I can order sheets of hemp fiber pre-preg and a recyclable epoxy I’ll get my company to use it same day.
Here I am holding my breathe, because I’m not sure what you heard but an organic fiber will never be as thin, strong, uniform as curated carbon thread that was produced specially for this purpose.
There are Hemp alloys.
From https://motonetworks.com/worlds-greenest-car-somebody-made-c... :
> It’s actually made using hemp fibers that have been woven together and then sealed and finished with as super hard resin. And once it’s completed you have an insanely strong material that makes steel look weak and brittle. It’s reported to be as much as ten times stronger than steel, yet is lighter than fiberglass.
> The Renew Sports Car was recently featured on an episode of Jay Leno’s Garage [...]*
> Dietzen got the idea from none other than Henry Ford who back in 1941 advocated that Ford should build everything they possibly could out of plant material. Which makes sense because that’s obviously going to drastically reduce material costs which should in turn, reduce the overall price of the car. And thanks to modern technology, Dietzen managed to figure out how to make it all work. If this catches on to the mainstream it could revolutionize the automotive industry across the board. He says that it takes roughly 100lbs of cannabis plants to make a car, which sounds like a lot, but when compared to how much steel and other metals used to create current automobiles that’s just a drop in the bucket.
"Is Hemp Really Stronger Than Steel? How?" re: Tensile Strength and Compression Strength exceeded that of {steel, aluminum, } https://hempfoundation.net/is-hemp-really-stronger-than-stee...
Do high carbon steel rockers rust after a couple years of average road salt?
Which carbon fibers are least health-hazardous to produce?
> It’s actually made using hemp fibers that have been woven together and then sealed and finished with as super hard resin. And once it’s completed you have an insanely strong material that makes steel look weak and brittle.
You want to know how you can quickly tell this is all bullshit?
Steel isn’t brittle. Not in any relative sense to composites. Saying something is weak and brittle… that’s dry spaghetti. Does steel failure remind you of that? Or does composite failure seem closer?
Carbon is brittle. Composites are brittle. Hemp with epoxy is going to be brittle,all relative to steel which has plenty of pliability to it.
Are you sure you know enough about composites to repeat these hemp claims? Because if “makes steel look weak and brittle” didn’t immediately flag for you, you either know a lot more than I’ve learned in 20 years of working around composites and manufacturing or you don’t and just want hemp to be cool.
Hemp might be amazing. But you are posting nonsense that it seems like you have some desire to believe for some reason.
Sure maybe it’ll get out of the lab just around the same time graphene does.
Have you here contested claims that hemp - biocomposite with resin - has greater Tensile Strength and Compressive Strength than steel and aluminum (and carbon fiber with sustainable binder)?
If this were OT, we could reference ScholarlyArticles which describe experiments which return scalar intervals for: Tensile and Compressive Strength, Melting point / deployed heat resistance, production cost in real dollars, carbon cost (reduction in carbon tax credits because unnecessary with alternate sustainable inputs), resistance to corrosion due to sodium chloride, [in-space without water] repairability, magnetizability, water transport and filtration cost, and other factors; with a fair standard panel for relative comparison.
Fyi, Fiber Melting points:
Hemp: 150 c
Flax, saline treated: 153 c
Basalt: 1,500 c
Carbon: 3652 c
Ask HN: Is it worth it to learn C to better understand Python?
For those who learned C after learning Python, was it worth it? Did it help you to better understand Python?
In college I used to tutor students in computer science. Mid-way through my college career my school switched the curriculum to teach Python instead of Java. I found that the students who took Python lacked what I considered a basic appreciation for and understanding of how the language actually ‘does’ something.
For instance, when you only need to write two curly braces to create a “dictionary” (of course behind the scenes this is a hash table) many of the nuances of that data structure are hidden from you. You have no idea that accesses are O(1) amortized but worst case are O(n). Even if you do, maybe you don’t understand why. You have no idea that there is reallocation and collision handling code working behind the scenes constantly.
Python also lacks a number of nuances I consider it important to be aware of. You live your entire Python life blissfully unaware that everything is a pointer, and the impact that has on performance. You never come across static typing, or that it is possible to check your code for some level of syntactic correctness before it runs (i.e. Python is interpreted rather than compiled).
I think from this standpoint, it is worth learning a language like C to gain an appreciation for how truly complex a lot of the things Python allows you to do, are. I think that anything which helps you better understand what it is you are doing, how you are doing it, and why you are doing it that way, will make you better at doing that thing.
From https://news.ycombinator.com/item?id=28709239 :
> From "Ask HN: Is it worth it to learn C in 2020?" https://news.ycombinator.com/item?id=21878372 : (which discusses [bounded] memory management)
> There are a number of coding guidelines e.g. for safety-critical systems where bounded running time and resource consumption are essential. *These coding guidelines and standards are basically only available for C, C++, and Ada.*
> awesome-safety-critical > Software safety standards: https://awesome-safety-critical.readthedocs.io/en/latest/#so...
> awesome-safety-critical > Coding Guidelines: https://awesome-safety-critical.readthedocs.io/en/latest/#co...
Rancher Desktop 1.0
From https://rancherdesktop.io/ :
> Kubernetes and Container Management on the Desktop:
> An open-source desktop application for Mac, Windows and Linux.
> Rancher Desktop runs Kubernetes and container management on your desktop. You can choose the version of Kubernetes you want to run. You can build, push, pull, and run container images using either containerd or Moby (dockerd). The container images you build can be run by Kubernetes immediately without the need for a registry.
How does Rancher Desktop compare to Docker Desktop in terms of e.g. k8s support?
I think they ship k3s, which is sort if vanilla. It works great in my (limited) experience.
A key point around Rancher Desktop's k8s (actually k3s) support that stands out is that it allows you to use any k3s version and swap between them. This is great for those that want to test their workloads on different k8s versions right on their desktop.
Systemd by Example
This is outstanding... I really wish I would have had this learning systemd as it would have saved me _hours_. Let's be real - a lot of Linux fundamental stuff is still pretty terse. Learning tools like this really smooth it out and optimize how long it takes to wrap your head around a concept. Also, I am a _huge_ advocate for hands-on in regards to retention.
Adding to my favorites and will be passing this on over the years - thank you for such a great resource.
If anything the biggest problem the systemd docs have is verbosity. It's all classic UNIX man pages, a billion pages of detail on every possible setting with no useful examples anywhere. Fortunately the core system is simple enough that the learning curve isn't too steep but I'd really hate to try and learn it from the official docs. They don't even apply CSS to the HTML versions of the docs.
Wikipedia: https://en.wikipedia.org/wiki/Systemd
Web: https://systemd.io/
Src: https://github.com/systemd/systemd
Systemd manpage index: https://www.freedesktop.org/software/systemd/man/
https://www.freedesktop.org/software/systemd/man/systemd.htm... :
man 1 systemd
man systemd
man init
man systemctl
man journalctl
man systemd.timer
man systemd-resolved
Fedora docs > "Understanding and administering systemd" https://docs.fedoraproject.org/en-US/quick-docs/understandin...
RHEL7 System Administrator’s Guide > "Chapter 10. Managing Services with SystemD" https://access.redhat.com/documentation/en-us/red_hat_enterp...
This isn't a knock but it's exactly what I was talking about and why I find OP's learning tool to be so valuable.
Lots of folks learn by example and hands-on labs. Personally, I'd much rather learn the basic ropes by jumping into a tool like OP's vs. finding/digging through all of these resources. I'll also criticize to say you likely already know much about systemd, and were able to pull/filter these resources much easier vs someone completely new to the concepts.
To illustrate further: vim is another tool that has outstanding learning resources, everything from very quick "hey get started" examples docs all the way up to adventure games. If I had to go back and relearn vim I would absolutely do it this way vs. digging on man pages like when I was a kid in the 90's. Personally, I learn by doing.
---
Overall - OP's thingy is what I would call a "rich interactive learning tool." It's anecdotal, and obvious projection - but _for me_, interactive learning tools optimize the time it takes to fully "grok" a subject from scratch vs. jumping into a bunch of docs/man pages.
I often find the `## Usage Examples` heading in manages to be most helpful, too.
~Examples as Integration Tests as executable notebooks with output and state assertions may incur less technical debt.
How to manage containers with [MicroShift] k8s/k3d with systemd might be a good example.
Read the Source, Read the Docs, Write the Docs, post the Link to the actual Source of the docs: https://github.com/systemd/systemd/blob/main/docs/index.md
Systemd man pages source: https://github.com/systemd/systemd/tree/main/man
Also https://www.freedesktop.org/software/systemd/man/systemd.mou... https://github.com/systemd/systemd/blob/main/man/systemd-mou... :
man systemd.mountWell, we also have a very nice manpage viewer.
I think systemd.directives(7) is an often overlooked manpage.
FWIW, the man.vim vim plugin does grep and some syntax highlighting. https://github.com/vim-utils/vim-man
Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
What a glorious little bug. They're trying to scan arguments, and have a loop that starts with (effectively) argv[1]. But if argv is NULL, the loop terminates immediately --- with the maximum argument still set to 1, an out-of-bounds dereference to argv[1] that ends up pointing into the environment. Just beautiful.
I'm surprised that the Linux kernel doesn't prevent execve with argc == 0. I know a lot of programs that would break on that too.
Changing that now would break the core tenet of "never break userspace".
I actually wonder what it could actually break.
argv[0] always exists in normal means, it is either physical path of the executable or soft link position. Without accidents like run a program from code and forget about passing argv. That couldn't happen at all. And in fact, most cross platform program or shell even just assume argv[0] is the same as executable path (and don't give you a option to change it, because it is not possible on all platforms).
I have personally written (lazy) code that calls execve with argv=NULL. So it'd break that.
So, all C/C++ code on {Linux,} but not {OpenBSD,} that handles argc/argv needs to at least just exit() on the conditions added by the like 8 lines in main() in the patch for this issue?: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c...
if (argc < 1) {
exit(126);
}
if (argv[n] == NULL) {
exit(128)
}
// But this could never ever happen?
if (argv == NULL)MicroShift
> Functionally, MicroShift repackages OpenShift core components* into a single binary that weighs in at a relatively tiny 160MB executable (without any compression/optimization).
Sorry, 160meg isn't 'relatively tiny'.
I have many thousands of machines running in multiple datacenters and even getting a ~4mb binary distributed onto them without saturating the network (100mbit) and slowing everything else down, is a bit of a challenge.
Edit: It was just over 4mb using .gz and I recently changed to use xz, which decreased the size by about 1mb and I was excited about that given the scale that I operate at.
> I have many thousands of machines running in multiple datacenters and even getting a ~4mb binary distributed onto them without saturating the network (100mbit) and slowing everything else down, is a bit of a challenge.
Maybe I suggest CAS (Content-addressable storage) or something similar for distributing it instead? I've had good success using torrents for distributing large binaries to a large fleet of servers (that were also in close proximity to each other physically, in clusters with some more distance between them) relatively easily.
Thanks for the suggestion, but as weird as this sounds, we also don't have central servers to use at the data centers for this.
The machines don't all need to be running the same version of the binary at the same time, so I took a simpler approach, which is that each machine checks for updates on a random schedule over a configureable amount of time. This distributes the load evenly and everything becomes eventually consistent. After about an hour everything is updated without issues.
I use CloudFlare workers to cache at the edge. On a push to master, the binary is built in Github CI and a release is made after all the tests pass. There is a simple json file where I can define release channels for a specific version for a specific CIDR (also on a release ci/cd as well, so I can validate the json with tests). I can upgrade/downgrade and test on subsets of machines.
The machines on their random schedule hit the CF worker which checks the cached json file and either returns a 304 or the binary to install depending on the parameters passed in on the query string (current version, ip address, etc.). Binary is downloaded, installed and then it quits and systemd restarts the new version.
Works great.
Notes re: distributed temporal Data Locality, package mirroring, and CAS such as IPFS: "Draft PEP: PyPI cost solutions: CI, mirrors, containers, and caching to scale" (2020) https://groups.google.com/g/pypa-dev/c/Pdnoi8UeFZ8 https://discuss.python.org/t/draft-pep-pypi-cost-solutions-c...
apt-transport-ipfs: https://github.com/JaquerEspeis/apt-transport-ipfs
Gx: https://github.com/whyrusleeping/gx
IPFS: https://wiki.archlinux.org/title/InterPlanetary_File_System
Systemd service sandboxing and security hardening (2020)
This is a pretty lax policy IMHO, you can go much farther. These days I usually start with this, it's much more strict:
https://news.ycombinator.com/item?id=29976096
Or simply follow whatever `systemd-analyze security` recommends, just make sure you run it on a system with recent systemd.
Which distro has the best out-of-the-box output for:?
systemd-analyze security
https://stopdisablingselinux.com/
> Which distro has the best out-of-the-box output
I haven't seen any difference between distributions with the same systemd version. Anything with a recent one should do fine. More recent than RHEL8, mind you (which is on systemd 239): for example, a syscall allow/deny analysis is buggy there and asks you to enable some protections, and then disable them. The same unit is analyzed correctly on my desktop with v250 (I use the popular rolling release distribution).
I haven't seen anything like audit2allow. It's probably not especially necessary because of the difference in philosophies: SELinux is deny by default, while in systemd you're playing whack-a-mole anyway, and are expected to add directives one by one until the application stops working. Unit logs usually make it obvious if something was denied.
The usual way I've seen (and do myself) is to just let the process be killed and have its coredump taken, then `coredumpctl gdb $process_name -A '-ex "print $rax" -ex "quit"'` to get the syscall number, then check `systemd-analyze syscall-filter` for whether I want to allow just that one syscall or the whole group it's in.
> The usual way I've seen (and do myself) is to just let the process be killed and have its coredump taken, then `coredumpctl gdb $process_name -A '-ex "print $rax" -ex "quit"'` to get the syscall number, then check `systemd-analyze syscall-filter` for whether I want to allow just that one syscall or the whole group it's in.
Another approach would be to set SystemCallLog= to be the opposite of SystemCallFilter= (negate each group with ~) and then you'll see the call (and caller) in the journal.
FWIU, e.g. sysdig is justified atop whichever MAC system.
In the SELinux MAC system on RHEL and Debian, in /etc/config/selinux, you have SELINUXTYPE=minimal|targeted|mls. RHEL (CentOS and Rocky Linux) and Fedora have SELINUXTYPE=targeted out-of-the-box. The compiled rulesets in /etc/selinux/targeted are generated when [...].
With e.g gnome-system-monitor on a machine with SELINUX=permissive|enforcing, you can right-click the column header in the process table to also display the 'Security context' column that's also visible with e.g. `ps -Z`. The stopdisablingselinux video is a good SELinux tutorial.
I'm out of date on Debian/Ubuntu's policy set, which could also probably almost just be sed'ed from the current RHEL policy set.
> * SELinux is deny by default, while in systemd you're playing whack-a-mole anyway, and are expected to add directives one by one until the application stops working. Unit logs usually make it obvious if something was denied.*
DENY if not unconfined is actually the out-of-the-box `targeted` config on RHEL and Fedora. For example, Firefox and Chrome currently run as unconfined processes. While decent browsers do do their own process sandboxing, SELinux and/or AppArmor and/or 'containers' with a shared X socket file (and drop-privs and setcap and cgroups and namespaces fwtw) are advisable atop really any process sandboxing?
Given that the task is to generate a hull of rules that allow for the observed computational workload to complete with least-privileges, if you enable like every rule and log every process hitting every rung on the way down while running integration tests that approximate the workload, you should end up with enough rule violations in the log to even dumbly generate a rule/policy set without the application developer's expertise around to advise on potential access violations to allow.
From https://github.com/draios/sysdig :
> "Sysdig instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events. Sysdig also makes it possible to create trace files for system activity, similarly to what you can do for networks with tools like tcpdump and Wireshark.
Probably also worth mentioning: "[BETA] Auditing Sysdig Platform Activities" https://docs.sysdig.com/en/docs/developer-tools/beta-auditin...
A bit of SELinux:
# /etc/selinux/config
SELINUXTYPE=targeted
SELINUX=permissive
$# touch /.autorelabel # `restorecon /` at boot
$# reboot
$# setenforce 1 # redundant
$ sudo aureport --avc
$ journalctl --system -u auditd
$ journalctl --system -o json-seq --reverse
$ journalctl --system --grep "AVC" --reverse
journalctl -fa _TRANSPORT=audit
journalctl -fa _TRANSPORT=audit --grep AVC
journalctl -a _TRANSPORT=audit --grep 'AVC avc: denied' -o json | pyline -m json 'json.dumps(json.loads(l), indent=2, sort_keys=True)'Why isn't there a universal data format for résumés?
Looks like there's an hresume microformat but https://schema.org/Person and https://schema.org/Occupation are probably the way to mark up resumes as JSONLD.
From https://stackoverflow.com/questions/51315725/resume-work-his... :
> Schema.org's Occupation example 4, illustrates how to use Role and hasOccupation to associate an array of work history, like so:
There's already a https://schema.org/JobPosting .
LAN-port-scan forbidder, browser addon to protect private network
And also "Private Network Access: introducing preflights" (2022) https://developer.chrome.com/blog/private-network-access-pre...
> Chrome is deprecating direct access to private network endpoints from public websites as part of the Private Network Access (PNA) specification.
> Chrome will start sending a CORS preflight request ahead of any private network request for a subresource, which asks for explicit permission from the target server. This preflight request will carry a new header, `Access-Control-Request-Private-Network: true`, and the response to it must carry a corresponding header, `Access-Control-Allow-Private-Network: true`
> The aim is to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks. These attacks have affected hundreds of thousands of users, allowing attackers to redirect them to malicious servers.
What would a browser setting to just block all PWA requests (`DENY * TO *` (to {192.168.0.1, .1.1, .100.1,}) - regardless of the appropriate new HTTP headers - actually prevent a normal user from doing?
Ask HN: What are the best books for professional effectiveness?
What books have helped you be more effective at work that apply to most “knowledge work” jobs?
Getting Things Done by David Allen was very helpful to me. It's barely a book - if you skim over the cruft it's more like a pamphlet. I don't follow it religiously but some of his ideas have made a big difference in my productivity.
There's a flowchart of the GTD procedures with something like standard flowchart symbols in [1] PDF, [2] Search query (/?) [3] PNG / MP4 gif. But not yet a meme MP4 GIF, FWIU.
Given that URLs are the workflow improvement of the web, watch if these citations is most useful to you?
1: Heylighen, Francis, and Clément Vidal. "Getting things done: the science behind stress-free productivity." Long Range Planning 41, no. 6 (2008): 585-605.
2: https://scholar.google.com/scholar?hl=en&as_sdt=0%2C43&q=Get...
3: https://www.researchgate.net/profile/Francis-Heylighen/publi...
6: https://westurner.github.io/wiki/workflow
5: https://github.com/westurner/wiki/blob/master/workflow.rest
5 is editable by the author in their - the original - fork; which may include local and remote branches that Pull Requests and ("#DevOpsSec") Continuous Integration build task automation that help collaborators collaborate on [open source] software in free public git repos.
HTTP Message Signatures
Is this intended to include the featureset of Signed HTTP Exchanges (SXG) as well?
I was wondering how much overlap the two technologies have too.
What I'd really like to see supported is a way for a web app to specify a public key and a version number, and for the browser to then prompt you every subsequent time you access that page if the key or version number has changed. This would effectively allow web apps to use the same security model as desktop apps, i.e. TOFU.
Arguably, though, auto-updating desktop apps are less secure than even TOFU, but I don't know users can be expected to judge whether v1.2.3 is more secure than v1.2.2, so perhaps the prompt doesn't provide any practical benefit.
Is this solveable by including a cache key in the URL or other client-side storage?
Well, there is the SecureBookmarks trick[0], which uses integrity hashes and Data URLs, so you're right that signatures aren't strictly needed (especially at the HTTP level). I think the difficult part is the UX, and how to handle the failure modes, which is why browsers might reasonably be reluctant to support something like this.
Are there additional HTTP status code-like error codes that need to be specified?
What [same origin, SXG,] failure modes are there?
From "HTTP 402: Payment Required" https://news.ycombinator.com/item?id=22214156 :
> The new W3C Payment Request API [4] makes it easy for browsers to offer a standard (and probably(?) already accessible) interface for the payment data entry screen, at least.
> https://www.w3.org/TR/payment-request/
The failure modes I was imagining are things like what happens if you visit a site and it is no longer serving signed content any more, or it's serving content signed by a key you haven't seen before? Either the user needs to be able to decide (based on information received out-of-band) which keys to trust, or you have to trust a site to never lose control of its keys (which reintroduces all the problems of HPKP, like ransoming).
Even in the happy path, there are questions of how you present to the user that the content has been signed (and by which key), separately from the guarantees that the TLS transport gives. Does there need to be a UI for viewing the key details, and for approving/rejecting upgrades to the web app?
You said HPKP and I misread it
Re: HKP, WKD, GPG Linked Data signatures, Keybase+Zoom and ACME https://westurner.github.io/hnlog/#comment-28814802
https://westurner.github.io/hnlog/#comment-26127879
Ctrl-F "trillian" re: CT cert grant and revocation events on a blockchain
> Does there need to be a UI for viewing the key details, and for approving/rejecting upgrades to the web app?
blockcerts/cert-verifier-js ?
> Does there need to be a UI for viewing the key details, and for approving/rejecting upgrades to the web app?
There do need to be standards for displaying such errors and requesting key verification in the browser. e.g. DNSSEC and DoH/DoT errors should also propagate up to the browser eh? How do web3 browsers handle keychains?
https://github.com/blockchain-certificates/cert-verifier-js#...
From (an obscure comment with pictures on) "Roadmap update for TUF support " https://github.com/pypa/warehouse/issues/5247#issuecomment-9... :
> Only users with package release permissions can create a new SoftwareRelease record for that project
You can log hashes to sigstore now, which is a centralized db supported by The Linux Foundation. https://sigstore.dev/ :
> How sigstore works: sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software.
> A standardized approach: This means that open source software uploaded for distribution has a stricter, more standardized way of checking who’s been involved, that it hasn’t been tampered with. There’s no risk of key compromise, so third parties can’t hijack a release and slip in something malicious.
> Building for future integrations: With the help of a working partnership that includes Google, the Linux Foundation, Red Hat and Purdue University, we’re in constant collaboration to find new ways to improve the sigstore technology, to make it easy to adopt, integrate and become a long-lasting standard.
But then DIDs and ld-proofs (with at least the current trust root in a trustless DLT of some sort) are even more standardized.
Software Releases, [Academic, Professional, Medical,] Credentials, Legal Documents, Server Certs, ScholarlyArticles: all of these things can be signed and may already be listed in the Use Cases documents for W3C DID Decentralized Identifiers [1] and W3C VC Verifiable Credentials [2] which are summarized in context to Keybase here: https://news.ycombinator.com/item?id=28814802
[1] https://www.w3.org/TR/did-use-cases/
[2] https://www.w3.org/TR/vc-use-cases/
Notably: DNSSEC errors do not propagate up to the browser; when DNSSEC fails, sites simply fall off the Internet as if they never existed. It's a major fault of the DNSSEC design.
Unfortunately, because all domains don't yet have DNSSEC DNS records, a strict resolver that requires DNSSEC signatures will fall to resolve all domains unless it's configured to e.g. "allow-downgrade" to non-DNSSEC-signed records for any lookup.
FWIR, the same is basically true of DoH and DoT: if it's not configured to ~allow-downgrade, DNS will fall to resolve when connected to e.g. a captive portal hotspot; and there's no indication that DoH/DoT aren't working in the browser.
How do DNS resolution APIs need to change to accommodate basic DNSSEC and DoH/DoT error handling?
From https://news.ycombinator.com/item?id=28543911 :
```
From https://blog.cloudflare.com/automatic-signed-exchanges/ :
> The broader implication of SXGs is that they make content portable: content delivered via an SXG can be easily distributed by third parties while maintaining full assurance and attribution of its origin. Historically, the only way for a site to use a third party to distribute its content while maintaining attribution has been for the site to share its SSL certificates with the distributor. This has security drawbacks. Moreover, it is a far stretch from making content truly portable.
> In the long-term, truly portable content can be used to achieve use cases like fully offline experiences. In the immediate term, the primary use case of SXGs is the delivery of faster user experiences by providing content in an easily cacheable format. Specifically, Google Search will cache and sometimes prefetch SXGs. For sites that receive a large portion of their traffic from Google Search, SXGs can be an important tool for delivering faster page loads to users.
> It’s also possible that all sites could eventually support this standard. Every time a site is loaded, all the linked articles could be pre-loaded. Web speeds across the board would be dramatically increased.
"Signed HTTP Exchanges" draft-yasskin-http-origin-signed-responses https://wicg.github.io/webpackage/draft-yasskin-http-origin-...
"Bundled HTTP Exchanges" draft-yasskin-wpack-bundled-exchanges https://wicg.github.io/webpackage/draft-yasskin-wpack-bundle... :
> Web bundles provide a way to bundle up groups of HTTP responses, with the request URLs and content negotiation that produced them, to transmit or store together. They can include multiple top-level resources with one identified as the default by a primaryUrl metadata, provide random access to their component exchanges, and efficiently store 8-bit resources.
From https://web.dev/web-bundles/ :
> Introducing the Web Bundles API. A Web Bundle is a file format for encapsulating one or more HTTP resources in a single file. It can include one or more HTML files, JavaScript files, images, or stylesheets.
> Web Bundles, more formally known as Bundled HTTP Exchanges, are part of the Web Packaging proposal.
> HTTP resources in a Web Bundle are indexed by request URLs, and can optionally come with signatures that vouch for the resources. Signatures allow browsers to understand and verify where each resource came from, and treats each as coming from its true origin. This is similar to how Signed HTTP Exchanges, a feature for signing a single HTTP resource, are handled.
```
Asmrepl: REPL for x86 Assembly Language
This could be implemented with Jupyter notebooks as a Jupyter kernel or maybe with just fancy use of explicitly returned objects that support the (Ruby-like, implicit) IPython.display.display() magic.
IRuby is the Jupyter kernel for Rubylang:
iruby/display: https://github.com/SciRuby/iruby/blob/master/lib/iruby/displ...
iruby/formatter: https://github.com/SciRuby/iruby/blob/master/lib/iruby/forma...
More links to how Jupyter kernels and implicit display() and DAP: Debug Adapter Protocol work: "Evcxr: A Rust REPL and Jupyter Kernel" https://news.ycombinator.com/item?id=25923123
"ENH: Mixed Python/C debugging (GDB,)" https://github.com/jupyterlab/debugger/issues/284
... "Ask HN: How did you learn x86-64 assembly?" https://news.ycombinator.com/item?id=23930335
On yak shaving and <md-block>, a new HTML element for Markdown
Oh dear. Markdown has no standard grammar or standard way of rendering.
This website lags while I scroll on mobile.
I remember when the internet used to be fast and responsive. Probably just getting old.
there is the commonmark specification https://spec.commonmark.org/0.30/
I work a lot with common mark and hoedown for work. There's no formal Grammer for parsing markdown unfortunately. The closest thing to what the parent comment is talking about is pandoc which most people are afraid of because Haskell is scary and the markdown format they use is strange.
Also all of the parsers for md are very complicated.
Jupyter-book depends upon MyST-NB (MyST Notebooks) which depends upon myst-parser which depends upon markdown-it-py (which is a port of markdown-it (TypeScript)) for parsing [MyST] Markdown.
https://github.com/executablebooks/myst-parser :
> MyST is a rich and extensible flavor of Markdown meant for technical documentation and publishing.
> MyST is a flavor of markdown that is designed for simplicity, flexibility, and extensibility. This repository serves as the reference implementation of MyST Markdown, as well as a collection of tools to support working with MyST in Python and Sphinx. It contains an extended CommonMark-compliant parser using markdown-it-py, as well as a Sphinx extension that allows you to write MyST Markdown in Sphinx.
https://github.com/executablebooks/markdown-it-py :
> Follows the CommonMark spec for baseline parsing; Configurable syntax: you can add new rules and even replace existing ones; Pluggable: Adds syntax extensions to extend the parser (see the plugin list), High speed (see our benchmarking tests) ; Safe by default
https://github.com/markdown-it/markdown-it :
> Follows the CommonMark spec + adds syntax extensions & sugar (URL autolinking, typographer), Configurable syntax!; You can add new rules and even replace existing ones; High speed; Safe by default; Community-written plugins and other packages on npm
Thoughts on “E-Readers” (2009)
> But MOST importantly the way the user interacts with the interface would re-create the ease of use rendered by our interaction with print media. This last part, about the user interface, is why I believe Apple is best positioned to tackle this problem.
> In one year's time we'll see. 2010 should be the year paper learns of it's destiny, the year we reach a tipping point on our way towards bits from the momentum of atoms.
This is of course a prescient prediction of the iPad. But what it also reminded me of is a device that had already been shown publicly at the time: The Microsoft Courier.
Microsoft was working on a dual-screen tablet that was essentially a notebook in computer form, complete with custom OS.[1] In the end it never happened.
But I think why this hasn't happened (although there are a few color e-ink devices available from Chinese companies) is that the B&W e-ink devices like the Kindle handle reading normal books just fine. The only cases where color would really be needed would be for comic books, art books, and to some extent scientific papers with color figures.
Small monochrome e-readers are great for reading pure text, e.g fiction.
But they’re quite hopeless for textbooks with lots of images/diagrams/tables and more complex layout. Zooming and scrolling is hopeless on an e-ink screen.
That's why we don't use ink devices for those kinds of documents. I have a range of tools that I use for various use cases. In depth reading fiction - Kindle. Casual browsing of large documents with complex layouts and images - iPad. Working on documents - laptop/desktop.
I would almost never mix linear reading with those other kinds of documents so I don't need devices that handle both kinds of documents.
https://en.m.wikipedia.org/wiki/Adam_tablet
> The Adam is set to be the first Android device marketed to contain Pixel Qi's low-power, dual-mode display
Was it that there wasn't a market for Pixel Qi dual-mode displays?
IDK how well you can scroll a (monochrome) PDF textbook on a PineNote development unit yet, given that the eInk display driver didn't work yet last I heard. https://goodereader.com/blog/electronic-readers/high-end-e-i...
Nobody reads the whole PDF on even a large phone in landscape mode. There's a new server-side liquid PDF reflowing solution that could help solve the fixed font sizes and margin issues on mobile devices. ePub is basically just HTML, by comparison. But certain walled gardens feel like it's necessary to convert epub to mobi, rather than just integrate one of a number of existing open source e-reader apps with support for multiple document, eBook, and textbook formats.
Ask HN: Why don’t startups share their cap table and/or shares outstanding?
Start-ups expect you to join as the 4th employee, work incredibly hard for years and not have a clear picture of your compensation? Am I meant to take a 409a valuation at face value?
Is there a legal reason? If not, founders who are hiring, please know that withholding information like this is the easiest way to lose a potential hire.
From "Ask HN: Cap Table Service Recommendations" https://news.ycombinator.com/item?id=27044479 :
> Here are the "409a valuation" reviews on FounderKit: https://founderkit.com/legal/409a-valuation/reviews
> https://en.wikipedia.org/wiki/Capitalization_table
And from "Stock dilution" https://en.wikipedia.org/wiki/Stock_dilution :
> Stock dilution, also known as equity dilution, is the decrease in existing shareholders' ownership percentage of a company as a result of the company issuing new equity.[1] New equity increases the total shares outstanding which has a dilutive effect on the ownership percentage of existing shareholders. This increase in the number of shares outstanding can result from a primary market offering (including an initial public offering), employees exercising stock options, or by issuance or conversion of convertible bonds, preferred shares or warrants into stock. This dilution can shift fundamental positions of the stock such as ownership percentage, voting control, earnings per share, and the value of individual shares.
It is reasonable for shareholders to request - in dated written form - Transparency with What-If scenarios for "let's just issue more shares to raise capital".
From "Ask HN: Value of “Shares of Stock options” when joining a startup" https://news.ycombinator.com/item?id=19789785 :
> There are a number of options/equity calculators:
> https://tldroptions.io/ ("~65% of companies will never exit", "~15% of companies will have low exits", "~20% of companies will make you money")*
> https://comp.data.frontapp.com/ "Compensation and Equity Calculator"
> http://optionsworth.com/ "What are my options worth?"
> http://foundrs.com/ "Co-Founder Equity Calculator"
From foundrs:
> The equity numbers assume a typical 4-year vesting for all founders including the CEO, with no cliff. It also assumes that no significant salary is provided to any of the co-founders (if that is wrong, you are entering into an employee relationship, not a co-founder relationship). If a founder leaves, vesting applies and they forfeit the shares that have not vested yet.
Vesting > Ownership in startup companies: https://en.wikipedia.org/wiki/Vesting#Ownership_in_startup_c...
Toxiproxy is a framework for simulating network conditions
I wrote the initial version of Toxiproxy back in 2014, but Jacob Wirth took it way beyond during his internship at Shopify. It came out of a need for writing integration tests for resiliency work we did at Shopify back then. [1] We didn't want someone to suddenly re-introduce a hard dependency on e.g. Redis on Shopify's storefronts. The initial prototype was a shell script that used lsof(1) and gdb(1) to close the file descriptor of the various connections. But, besides being dodgy, we needed to also simulate latency and make sure it worked on everyone's MacOS laptop's (otherwise e.g. tc(1) would have been intriguing). I wrote a little bit more of the history of Toxiproxy on Twitter. [2] It's stable and has proxied everything in dev and CI at Shopify for over half a decade.
[1]: https://shopify.engineering/building-and-testing-resilient-r...
[2]: https://twitter.com/Sirupsen/status/1455622640727728137
What a useful tool for resilience engineering.
https://github.com/dastergon/awesome-chaos-engineering#notab... does list toxiproxy.
Any general pointers for handling network connectivity issues (from any OSI layer) in client and server apps?
Many apps lack 'pending in outbox' functionality that we expect from e.g. email clients.
- [ ] Who could develop a set of reference toxiproxy 'test case mutators' (?) for simulating typical #DisasterRelief connectivity issues?
(In Python, Pytest + Hypothesis + Toxiproxy-python would be useful.)
Report on Stablecoins [pdf]
It may not be immediately obvious that all banks run their own "stablecoin": LD: "Ledger Dollars". How do "internal bank ledger dollars" differ from stablecoins?
As well, very many countries of the world "peg" their currency to the USD.
From https://www.investopedia.com/terms/c/currency-peg.asp :
> Countries will experience a particular set of problems when a currency is pegged at an overly low exchange rate. On the one hand, domestic consumers will be deprived of the purchasing power to buy foreign goods. Suppose that the Chinese yuan is pegged too low against the U.S. dollar. Then, Chinese consumers will have to pay more for imported food and oil, lowering their consumption and standard of living. On the other hand, the U.S. farmers and Middle East oil producers who would have sold them more goods lose business. This situation naturally creates trade tensions between the country with an undervalued currency and the rest of the world.
> Another set of problems emerges when a currency is pegged at an overly high rate. A country may be unable to defend the peg over time. Since the government set the rate too high, domestic consumers will buy too many imports and consume more than they can produce. These chronic trade deficits will create downward pressure on the home currency, and the government will have to spend foreign exchange reserves to defend the peg. The government's reserves will eventually be exhausted, and the peg will collapse.
> When a currency peg collapses, the country that set the peg too high will suddenly find imports more expensive. That means inflation will rise, and the nation may also have difficulty paying its debts. The other country will find its exporters losing markets, and its investors losing money on foreign assets that are no longer worth as much in domestic currency.
https://en.wikipedia.org/wiki/List_of_countries_by_exchange_...
Is this the game:
(A USD / B USD) * X = (C LD / D LD)
Perhaps "All of the World’s Money and Markets in One Visualization" could be updated to indicate which of the depicted assets are stablecoins and which are derivatives? https://www.visualcapitalist.com/all-of-the-worlds-money-and...
Are there some historical examples of centralized economic planning resulting in currency devaluation and subsequent directly resultant unrest?
Intel Extension for Scikit-Learn
https://github.com/intel/scikit-learn-intelex
CuML is similar to Intel Extension for Scikit-Learn in function? https://github.com/rapidsai/cuml
> cuML is a suite of libraries that implement machine learning algorithms and mathematical primitives functions that share compatible APIs with other RAPIDS projects. cuML enables data scientists, researchers, and software engineers to run traditional tabular ML tasks on GPUs without going into the details of CUDA programming. In most cases, cuML's Python API matches the API from scikit-learn. For large datasets, these GPU-based implementations can complete 10-50x faster than their CPU equivalents. For details on performance, see the cuML Benchmarks Notebook.
The Metaverse Was Lame Even Before Facebook
Weren't BBS (Bulletin Board Systems) lame before Facebook, too?
BBS > List of features https://en.wikipedia.org/wiki/Bulletin_board_system
Metaverse > History https://en.wikipedia.org/wiki/Metaverse
TIL there's a VR version of Flight Simulator 2020 and it has the best Earth model of any game. Is that a metaverse? https://en.wikipedia.org/wiki/Microsoft_Flight_Simulator_(20...
> Flight Simulator simulates the topography of the entire Earth using data from Bing Maps. Microsoft Azure's artificial intelligence (AI) generates the three-dimensional representations of Earth's features, using its cloud computing to render and enhance visuals, and real-world data to generate real-time weather and effects. Flight Simulator has a physics engine to provide realistic flight control surfaces, with over 1,000 simulated surfaces, as well as realistic wind modelled over hills and mountains
AFAIU, e.g. Microsoft Planetary Computer data is not yet integrated into any Virtual Game World Metaverses? An in-game focus on real world sustainability would help us understand that online worlds are very much connected to the real world. https://planetarycomputer.microsoft.com/applications
https://github.com/TomAugspurger/scalable-sustainability-pyd... describes how that can be done with Python code.
You are being downvoted but I agree with your point. Just because past attempts at something were “lame” does not mean the next attempt will be lame. You could just as well say that smartphones were lame before the iPhone. After all, Nokia had Symbian smartphones for some time. HTC had Windows Mobile smartphones with a touchscreen before the iPhone. But when the iPhone happened, everything fell into place and it changed the world. I am a massive skeptic of the meta verse concept, and definitely wary of any big technology company having a lot of influence/control over it (particularly Facebook). But I also don’t think a backwards-looking retrospective on something that hasn’t been done before in the same way is useful or a convincing dismissal.
Is college worth it? A return-on-investment analysis
It makes my flesh crawl to see college reduced purely to ROI, but at least they're honest that that's what they're doing.
I just hope people at least consider all of the other "outputs" of going to college when reading something like this. The ROI analysis is good data, it answers an important question. But there are many, many other important questions worth answering. (And most of them aren't quantifiable, so it's not like you could do a study on them if you wanted to.)
College can be an awful experience for some people even if they end up making good money. And it can be an excellent life experience for people who end up making dirt. I got lucky -- I had a great experience, I learned a lot of important non-academic things, I broke out of my shell, and it's pretty directly responsible for a large portion of my earnings. (And yes, the numbers for my university and major from the study match my current income and age quite well.)
But now I have a kid in high school, and I'm facing all the questions about what futures to keep open and what ones to sacrifice in the service of others. College is much more expensive now. My family was dirt poor and so I had massive financial aid; any financial aid my kid gets will have to be merit-based. Degree inflation has sucked away a lot of the value of having a degree. I can afford to support a less secure (low-risk) path through life if I think it would be better for my kid as a human being. These are not easy questions to be facing.
Increasingly I see the idea of thinking of college in any other terms as a deliberate meme designed to make people pay extremely high prices and put them in a debt trap, and that the sources of that meme like it that way.
Before college can be creating well-rounded citizenry or provide "excellent life experiences" or any of the other things people want of it, it must first provide a good ROI. This is a necessary foundation. If it is not doing that, then all the other fancy things are merely digging the debt trap in deeper because you're paying for all these things while failing to obtain a method of paying them back.
As a culture, in decades past we were used to college generally being so cheap that providing a good ROI wasn't that big a deal. It's much easier to get a good ROI out of something cheap. So we focused on the higher layers and were able to neglect the fact that the higher layers were always built on a foundation of the fact that college in general was a good ROI. Consequently we have come to misinterpret those higher level things as the purpose of college.
But it is necessary that these aspirational benefits be setting on a good foundation of good ROI to not be abusive to the customer.
It is not and must not be considered some sort of betrayal to be worried about ROI for college. It must simply be seen as an understanding of the fact that as the costs have changed, the way we must analyze college has also changed. It was always true, it's just now it has manifested in a larger way.
College wouldn’t need to provide a good roi if it were much mess expensive. Just like, strictly speaking, going to a movie doesn’t provide a good roi.
It’s one thing to take four years of your life deepening your thinking ability and stretching your mind without a good roi if you come out the other end without crushing debt and prospects for employment that can sustain you, even if those prospects have nothing to do with your college experience. This is what college was like until the last four decades or so.
It’s entirely another to come out the other side in crippling debt and no prospects for any kind of sustaining job.
If it provides the same value, but costs less, then by definition, the ROI is better. OTOH, if it puts you in crippling debt, but you have no prospects of a job to support that - the ROI becomes bad or even negative. So doesn't it capture all of that already?
In some sense, twice the cost for twice the benefit might be worth it to those who can afford it, because the time-wise investment (4 years or so of your life) remain constant.
No, it doesn't capture all of that already.
A "better" ROI doesn't necessarily mean a positive ROI.
Getting negative 10% return on a $1,000 investment doesn't matter as much as getting a negative 10% return on a $100,000 investment.
Magnitude certainly is relevant to vector comparisons; but, if we define ROI as nominal rate of return, gross returns are not relevant to a comparison by that metric.
Return on Investment: https://en.wikipedia.org/wiki/Return_on_investment
From https://en.wikipedia.org/wiki/Vector_(mathematics_and_physic... :
> A Euclidean vector is thus an equivalence class of directed segments with the same magnitude (e.g., the length of the line segment (A, B)) and same direction (e.g., the direction from A to B).[3] In physics, Euclidean vectors are used to represent physical quantities that have both magnitude and direction, but are not located at a specific place, in contrast to scalars, which have no direction.[4] For example, velocity, forces and acceleration are represented by vectors
Quantitatively and Qualitatively quantify the direct and external benefits of {college, other alternatives} with criteria in additional to real monetary ROI?
From https://en.wikipedia.org/wiki/Welfare_economics
> Welfare economics also provides the theoretical foundations for particular instruments of public economics, including cost–benefit analysis,
Except that the grandparent post that you responded to was all about the magnitude of the loss rather than just ROI. If the magnitude of the loss is manageable, then the ROI becomes less important for life decisions.
So sure! If all we are looking at is ROI then you are right! By definition! As long as you restrict your refutation ("by that metric") in a way that ignores the additional metric I had been trying to add to the conversation. I was trying to point out that there are other metrics that matter.
Direct or External Loss?
Is the unique loss you identify not accounted for in the traditional ROI expression?
[deleted]
From https://news.ycombinator.com/item?id=18833730 :
>> Why would people make an investment with insufficient ROI (Return on Investment)?
> Insufficient information.
> College Scorecard [1] is a database with a web interface for finding and comparing schools according to a number of objective criteria. CollegeScorecard launched in 2015. It lists "Average Annual Cost", "Graduation Rate", and "Salary After Attending" on the search results pages. When you review a detail page for an institution, there are many additional statistics; things like: "Typical Total Debt After Graduation" and "Typical Monthly Loan Payment".
> The raw data behind CollegeScorecard can be downloaded from [2]. The "data_dictionary" tab of the "Data Dictionary" spreadsheet describes the data schema.
> [1] https://collegescorecard.ed.gov/
> [2] https://collegescorecard.ed.gov/data/
> Khan Academy > "College, careers, and more" [3] may be a helpful supplement for funding a full-time college admissions counselor in a secondary education institution
> [3] https://www.khanacademy.org/college-careers-more
https://www.khanacademy.org/college-careers-more/college-adm... :
- [ ] Video & exercise / Jupyter notebook under Exploring college options for Return on Investment (according to e.g. CollegeScorecard data)
Notes from the Meeting on Python GIL Removal Between Python Core and Sam Gross
Just came in here briefly to opine that there is a very real risk of fork if the Python core community does not at least offer a viable alternative expediently.
The economic pressures surrounding the benefits of gross’s changes will likely influence this more than any tears shed over subtle backwards incompatibility.
I believe it was Dropbox that famously released their own private internal Python build a while back and included some concurrency patches.
Many teams might go the route of working from Sam Gross’ work and if we see subtle changes in underlying runtime concurrency semantics or something else backwards incompatible that’s it- either that adoption will roll downhill to a new standard or Python core will have to answer with a suitable GIL-less alternative.
I for one do not want to think about “ANSI Python” runtimes or give the MSFTs etc of the world an opening to divide the user base.
> I believe it was Dropbox that famously released their own private internal Python build a while back and included some concurrency patches.
Google also had their Unladen Swallow version, but it seems they lost interest at some point.
"PEP 3146 -- Merging Unladen Swallow into CPython" > Future Work (2010) https://www.python.org/dev/peps/pep-3146/#future-work
Perhaps Google/Grumpy could be updated to compile Python 3.x+ to Go with e.g. the RustPython version of the CPython Python Standard Library modules?
"Inside cpyext: Why emulating CPython C API is so Hard" (2018) https://news.ycombinator.com/item?id=18040664
Today, conda-forge compiles CPython to relocatable platform+architecture-specific binaries with LLVM. https://github.com/conda-forge/python-feedstock/blob/master/...
conda-forge also compiles PyPy Python to relocatable platform+architecture-specific binaries with LLVM. conda-forge/pypy3.6-feedstock (3.7) https://github.com/conda-forge/pypy3.6-feedstock/blob/master...
https://github.com/conda-forge/pypy-meta-feedstock/blob/mast... :
> summary: Metapackage to select pypy as python implementation
Pyodide (JupyterLite) compiles CPython to WASM (or LLVM IR?) with LLVM/emscripten IIRC. Hopefully there's a clear way to implement the new GIL-less multithreading support with Web Workers in WASM, too?
The https://rapids.ai/ org has a bunch a fast Python for HPC and Cloud; with Dask and pick a scheduler. Less process overhead and less need for interprocess locking of memory handles that transgress contexts due to a new GIL removal approach would be even faster than debuggable one process per core Python.
Grumpy is unmaintained.There is similar work (py2many) that transpiles python3 to 8 different languages.
The approach focuses on functional programming, does away with extensions completely.
For that approach to be successful, a pure python implementation of stdlib in the transpileable subset of python 3 would be super helpful.
Show HN: OtterTune – Automated Database Tuning Service for RDS MySQL/Postgres
Yo. OtterTune is a database optimization service. It uses machine learning to automatically tune your MySQL and Postgres configuration (i.e., RDS parameter groups) to improve performance and reduce costs. It does this by only looking at your database's runtime metrics (e.g., INNODB_METRICS, pg_stat_database, CloudWatch). We don't need to examine sensitive queries or user tables. We spun this project out of my research group at Carnegie Mellon University in 2020.
This week we've announced that OtterTune is now available to the public. We are offering everyone a starter account to try it out on their Postgres RDS or MySQL RDS databases (all versions, AWS US AZs only). We have seen OtterTune achieve 2-4x performance improvements and 50% cost reductions for these databases compared to using Amazon's default RDS configuration.
I am happy to answer any questions that you may have about how OtterTune works here.
-- Andy
================
More Info:
* 5min Demo Video: https://ottertune.com/blog/ottertune-explained-in-five-minutes
* Free Account Sign-up: https://ottertune.com/try
I know this Show HN is about RDS specifically, but the site suggests this works elsewhere, too; any issues with pointing OtterTune at DBs making heavy use of extensions (e.g. Timescale, Citus) or nonstandard deployment approaches (k8s, patroni, vitess)?
We have deployed OtterTune for on-prem databases (baremetal, containers). But we are not offering that to everyone right now because organizations manage their configurations for these deployments in a bunch of different ways (Github actions, Chef/Puppet, Terraform). The nice thing about RDS is that they have a single API for updating configurations (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_...).
As for the Postgres-derivates that you mentioned (Timescale, Citus), we have not tested OtterTune for them yet. But there is no reason they shouldn't also work because they expose the same metrics API (pg_stat_database) and config knobs. There are just way more people using Postgres (RDS, Aurora), so we are focusing on them right now.
What about OpenStack Trove DBaaS? OpenStack Trove is like an open source self-hosted Amazon RDS or Google CloudSQL. https://docs.openstack.org/trove/latest/
FWIU, Trove supports 10+ databases including MySQL and PostgreSQL.
AFAIU, there are sound reasons to host containers with e.g. OpenStack VMs instead of a k8s scheduler with a proper SAN and just figure out how to redundantly and resiliently sync - replicate, synchronize, primary/secondary, nodeprocd - and tune given the CAP theorem and the given DB implementation(s)?
Here's the official Ansible role for Trove, which provisions various e.g. SQL databases on an OpenStack cloud: https://github.com/openstack/openstack-ansible-os_trove
Despite having just 5.8% sales, over 38% of bug reports come from Linux
Notably, of those bug reports, fewer than 1% (only 3 bugs) were specific to the Linux version of the game. That is, over 99% of the bugs reported by Linux gamers also affected players in other platforms. Moreover (quoting from the OP):
> The report quality [from Linux users] is stellar. I mean we have all seen bug reports like: “it crashes for me after a few hours”. Do you know what a developer can do with such a report? Feel sorry at best. You can’t really fix any bug unless you can replicate it, see it with your own eyes, peek inside and finally see that it’s fixed. And with bug reports from Linux players is just something else. You get all the software/os versions, all the logs, you get core dumps and you get replication steps. Sometimes I got with the player over discord and we quickly iterated a few versions with progressive fixes to isolate the problem. You just don’t get that kind of engagement from anyone else.
Are there any good articles on writing helpful bug reports? Whenever I submit a bug I try to give as much detail and be as specific as possible but I always imagine some dev somewhere reading it rolling their eyes at the unnecessary paragraphs I’ve submitted.
I admit I know next to nothing about this stuff, but something doesn't add up. If everything has a Schwarzchild radius determined by its mass, then should we conclude that particles like electrons and protons also have a (very small) Schwarzchild radius? If the smaller it is, the sooner it explodes, then shouldn't atomic particles have all finished exploding a long time ago? When they explode, what do they eject, if not more subatomic particles like themselves? Alternatively, is the explanation that atomic particles are extended bodies whose sizes exceed their Schwarzchild radii instead being of point masses? If so, then what kind of stuff fills the interior of an electron? I don't have any answers but I have a feeling we're on shaky ground when we start trying to extrapolate general relativity concepts to atomic scales.
edit: typo
> If everything has a Schwarzchild radius determined by its mass, then should we conclude that particles like electrons and protons also have a (very small) Schwarzchild radius?
https://en.m.wikipedia.org/wiki/Black_hole_electron
> If the smaller it is, the sooner it explodes, then shouldn't atomic particles have all finished exploding a long time ago?
See my other comment here: https://news.ycombinator.com/item?id=31378092
> I have a feeling we're on shaky ground when we start trying to extrapolate general relativity concepts to atomic scales.
Correct. We know nothing about how to marry General Relativity with atomic-scale physics (quantum mechanics). That's why everyone and their dog are looking for a theory of quantum gravity.
> https://en.m.wikipedia.org/wiki/Black_hole_electron
Very interesting link - I suppose this could potentially make the problem slightly moot for electrons. Still, I don't think this works for other elementary particles, as black holes can't have color charge or weak hypercharge as far as I know (so they can't behave like quarks, gluons, W or Z bosons etc.)
> We know nothing about how to marry General Relativity with atomic-scale physics (quantum mechanics). That's why everyone and their dog are looking for a theory of quantum gravity.
True, though I think this is not even a problem in matching GR and QM, it is a problem in GR itself. The math of GR has infinities when looking at the center of a black hole, so we know there must be some other math that prevents the curvature from reaching infinity. We can of course easily invent infinitely many solutions to this problem, but there is no way to choose between them on an empirical basis, even in principle (since we can't ever experiment with the inside of a black hole).
A theory of quantum gravity would solve a different problem: GR is nonlinear, while QM is linear (if we ignore the Born rule) - so they can't describe the same system. Relatedly, if applying GR to a system described by a wave function, we are not able to compute how space time will curve given that a single particle(with its mass) is usually present at many points in space-time.
It is hoped that solving the second problem will also solve the first, but I'm not sure this is guaranteed.
> Still, I don't think this works for other elementary particles, as black holes can't have color charge or weak hypercharge as far as I know (so they can't behave like quarks, gluons, W or Z bosons etc.)
I think it is expected they can. The simple reason there are no explicit BH solutions with color charge is that, in contrast to electrodynamics, there's no classic field theory for the strong interaction that we could put into our Einstein-Hilbert action.
> I think this is not even a problem in matching GR and QM, it is a problem in GR itself.
Yes and no.
All kinds of theories have singularities and infinities. Classic electrodynamics is full of them and quantum field theory is, too. Nevertheless we still say the theories are fine and treat the singularities as pretty much nonphysical. ("Point particles don't really exist / a better theory will get rid of them", "We don't see the bare particles anyway, so let's remove the infinities using renormalization", et cetera.) Yes, spacetime singularities seem somewhat more severe, but I think we have good reasons to believe (e.g. the uncertainty relations) that a theory of quantum gravity would solve this conundrum. I mean, every single singularity we worry about in GR comes with infinite curvature and/or infinite energy densities, hence necessarily requires quantum mechanics to study.
On an unrelated note: Why is no one complaining that quantum field theory, from a mathematical point of view, is completely ill-defined? It surprises me time and again that people ascribe severe issues to GR ("It has singularities", "It's not quantum") and yet completely forget that the issues in quantum mechanics (both philophical and mathematical) are much more severe. GR, at the very least, is a mathematically absolutely rigorous theory, with well-defined objects and axioms and such. QFT, in turn, to this day is a toolbox of weird "shut-up-and-calculate" heuristics.
> We can of course easily invent infinitely many solutions to this problem, but there is no way to choose between them on an empirical basis, even in principle (since we can't ever experiment with the inside of a black hole).
There is one way: Come up with candidate theories of quantum gravity and with experiments to test quantum-gravitational effects outside a black hole (there are a few ideas) and select the right theory based on the experimental results and then have the theory predict what happens inside a black hole. Boom. If you say this approach is not valid as it'll remain a theoretical prediction and we still won't be able to peek inside a black hole, you're somewhat right. But right now we're having a discussion about spacetime singularities, which are a purely theoretical problem, too. No one has ever seen them.
> GR is nonlinear, while QM is linear (if we ignore the Born rule) - so they can't describe the same system.
We already know they are incompatible but linearity has nothing to do with it. The equations of motion of interacting quantum fields are non-linear, too. In fact, electrodynamics is, too, in some sense (backreaction & self-force), and we still managed to quantize it.
> Relatedly, if applying GR to a system described by a wave function, we are not able to compute how space time will curve given that a single particle(with its mass) is usually present at many points in space-time.
I wouldn't say this is just a related problem. This is the problem of quantum gravity.
> It is hoped that solving the second problem will also solve the first, but I'm not sure this is guaranteed.
Again, I think the reason people are hopeful are the uncertainty relations. A theory of quantum gravity necessarily has to incorporate them somehow.
/? Quantum gravity fluid
https://scholar.google.com/scholar?q=related:FV3voSY5-kYJ:sc...
"Gravity as a fluid dynamic phenomenon in a superfluid quantum space. Fluid quantum gravity and relativity." (2017)
> The hypothesis starts from considering the physical vacuum as a superfluid quantum medium, that we call superfluid quantum space (SQS), close to the previous concepts of quantum vacuum, quantum foam, superfluid vacuum etc. We usually believe that quantum vacuum is populated by an enormous amount of particle-antiparticle pairs whose life is extremely short, in a continuous foaming of formation and annihilation. Here we move further and we hypothesize that these particles are superfluid symmetric vortices of those quanta constituting the cosmic superfluid (probably dark energy). Because of superfluidity, these vortices can have an indeterminately long life. Vorticity is interpreted as spin (a particle's internal motion). Due to non-zero, positive viscosity of the SQS, and to Bernoulli pressure, these vortices attract the surrounding quanta, pressure decreases and the consequent incoming flow of quanta lets arise a gravitational potential. This is called superfluid quantum gravity. In this model we don't resort to gravitons. Once comparing superfluid quantum gravity with general relativity, it is evident how a hydrodynamic gravity could fully account for the relativistic effects attributed to spacetime distortion, where the space curvature is substituted by flows of quanta. Also special relativity can be merged in the hydrodynamics of a SQS and we obtain a general simplification of Einstein's relativity under the single effect of superfluid quantum gravity.
IIRC, when I searched gscholar for "wave-particle-[fluid]" duality" a few weeks ago there were even more recent papers.
Does Quantum Chaos describe fluids or superfluids? https://en.wikipedia.org/wiki/Quantum_chaos
Do CAS tools must stop reducing symbolic expressions describe infinity such that?:
Conway's surreal numbers of infinity aren't quite it, I'm afraid. Countability or continuum? Did Hilbert spaces (described here in SymPy with degree n) quite exist back then? Degrees of curl; divergence and convergence https://docs.sympy.org/latest/modules/physics/quantum/hilber...