Contents^
Items^
EU Passes Law to Switch iPhone to USB-C by End of 2024
Self-regulation only works if government regulation is a serious threat in case self-regulation fails. In this case, self-regulation failed, so government regulation stepped in to force industry to do what is right.
All the handwringing about stifling innovation is on its face ridiculous as mandates to use micro-usb didn't stop android phones from adopting the new and better standard as soon as it was viable.
All the handwringing about stifling innovation is on its face ridiculous as mandates to use micro-usb didn't stop android phones from adopting the new and better standard as soon as it was viable.
I'm not sure I understand your logic here. Android phones were able to quickly move to micro USB because they weren't restricted from doing so by a government regulation.
If there was a government mandate requiring phones to have whatever connector came before micro USB, wouldn't that have prevented the Android phones from changing connectors/choosing the new innovation?
Or was there a location where micro USB was required by law before, and since I don't live there, I wasn't affected by it?
Edit: Strike that last sentence, since I see in other responses that there was, indeed, a location where micro USB was mandated. So my new question is: How does a company change to a new/better connector, if it's required by law to use an old connector?
Edit edit: Looks like other responses show there was no mandate, that's just something that people on HN assume. It was a recommendation, not a law, like it is now.
> If there was a government mandate requiring phones to have whatever connector came before micro USB, wouldn't that have prevented the Android phones from changing connectors/choosing the new innovation?
Dunno, we have a test case tho: how'd the Micro-B to USB-C transition go in EU markets?
Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
Most of these compose files are pretty outdated AND they depend on non-standard builds of containers for each respective application.
What else would you expect for setups intentionally trying to preserve past versions of software?
Reproducibility in [Infosec] Software Research requires DevOpSec, which requires: explicit data and code dependency specifications, and/or trusting hopefully-immutable software package archives, and/or securely storing and transmitting crytographically-signed archival (container) images; and then Upgrade all of the versions and run the integration tests with a git post-receive hook or a webhook to an external service dependency not encapsulated within the {Dockerfile, environment.yml/requirements.txt/postBuild; REES} dependency constraint model.
With pip-tools, you update the python software versions in a requirements.txt from a requirements.in meta-dependency-spec-file: https://github.com/jazzband/pip-tools#updating-requirements
$ pip-compile --upgrade requirements.in
$ cat requirements.tct
From https://pipenv.pypa.io/en/latest/basics/#pipenv-lock :
$ pipenv lock
"Reproducible builds" of a DVWA Deliberately Vulnerable Web Application is a funny thing: https://en.wikipedia.org/wiki/Reproducible_builds
Replication crisis https://en.wikipedia.org/wiki/Replication_crisis :
> The replication crisis (also called the replicability crisis and the reproducibility crisis) is an ongoing methodological crisis in which it has been found that the results of many scientific studies are difficult or impossible to reproduce. Because the reproducibility of empirical results is an essential part of the scientific method,[2] such failures undermine the credibility of theories building on them and potentially call into question substantial parts of scientific knowledge.
Just rebuilding or re-pulling a container image does not upgrade the versions of software installed within the container. See also: SBOM, CycloneDx, #LinkedReproducibility, #JupyterREES.
`podman-pull` https://docs.podman.io/en/latest/markdown/podman-pull.1.html... ~:
podman image pull busybox
podman pull busybox
docker pull busybox
podman pull busybox centos fedora ubuntu debian
docker-compose up -d --no-deps --build #[servicename]
awesome-vulnerable-apps > OWASP Top 10 https://github.com/vavkamil/awesome-vulnerable-apps#owasp-to... :
> OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
And there's a book, an Open Source Official Companion Guide book titled "Pwning Juice Shop": https://github.com/juice-shop/juice-shop#official-companion-...
If the versions installed in the book are outdated, you too can bump the version strings in the dependency specs in the git repo and send a PR Pull Request (which also updates the Screenshots and Menu > Sequences and Keyboard Shortcuts in the book&docs); and then manually test that everything works with the updated "deps" dependencies.
If it's an executablebooks/, a Computational Notebook (possibly in a Literate Computing style), you can "Restart & Run all" from the notebook UI button or a script, and then test that all automated test assertions pass, and then "diff" (visually compare), and then just manually read through the textual descriptions of commands to enter (because people who buy a Book presumably have a reasonable expectation that if they copy the commands from the book to a script by hand to learn them, the commands as written should run; it should work like the day you bought it for a projected term of many free word-of-mouth years.
From https://github.com/juice-shop/juice-shop#docker-container :
docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000
podman pull bkimminich/juice-shop
podman run --rm -p 3000:3000 -n juiceshop0I have read this multiple times and can still not figure out what you are trying to say and how it is related to OPs comment...
> Most of these compose files are pretty outdated AND they depend on non-standard builds of containers for each respective application.
>> What else would you expect for setups intentionally trying to preserve past versions of software?
So, I wrote about reproducibility in software; and Software Supply Chain Security. Specifically, how to do containers and keep the software versions up to date.
Are you challenging the topicality of my comment on HN - containing original research - to be facetious?
Bash 5.2
@jhamby on Twitter is currently refactoring bash to c++, and it's really interesting to read anecdotes about it and read about the progress. It's a really interesting codebase.
c2rust https://github.com/immunant/c2rust :
> C2Rust helps you migrate C99-compliant code to Rust. The translator (or transpiler), c2rust transpile, produces unsafe Rust code that closely mirrors the input C code. The primary goal of the translator is to preserve functionality; test suites should continue to pass after translation.
crust https://github.com/NishanthSpShetty/crust :
> C/C++ to Rust transpiler
"CRustS: A Transpiler from Unsafe C to Safer Rust" (2022) https://scholar.google.com/scholar?q=related:WIDYx_PvgNoJ:sc...
rust-bindgen https://github.com/rust-lang/rust-bindgen/ :
Automatically generates Rust FFI bindings to C (and some C++) libraries
nushell/nushell looks like it has cool features and is written in rust.
awesome-rust > Applications > System Tools https://github.com/rust-unofficial/awesome-rust#system-tools
awesome-rust > Libraries > Command-line https://github.com/rust-unofficial/awesome-rust#command-line
rust-shell-script/rust_cmd_lib https://github.com/rust-shell-script/rust_cmd_lib :
> Common rust command-line macros and utilities, to write shell-script like tasks in a clean, natural and rusty way
hey thanks for this I didn't know it existed. I'm still kind of a rust noob and working my way through Rust in action and various examples.
Mozilla reaffirms that Firefox will continue to support current content blockers
- [ ] ENH,SEC,UBY: indicate that DNS is locally overridden by entries in /etc/hosts
- [ ] ENH,SEC,UBY: Browser UI: indicate that a domain does not have DNSSEC record signatures
- [ ] ENH,SEC,UBT: Browser UI: indicate whether DNS is over classic UDP or DoH, DoT, DoQ (DNS-over-QUIC)
- [ ] ENH,SEC,UBY: browser: indicate that a page is modified by extensions; show a "tamper bit"
- [ ] ENH,SEC: Devtools?: indicate whether there are (matching) HTTP SRI Subresource Integrity signatures for any or some of the page assets
- [ ] ENH,SEC,UBY: a "DNS Domain(s) Information" modal_tab/panel like the Certificate Information panel
Manifest V3, webRequest, and ad blockers
Google made a faux-pas with this one...
Their stated goal is to improve the performance of the web request blocking API.
Their (unstated but suspected) goal is to neuter adblocking chrome extensions.
They should have made extensions get auto-disabled if they 'slow down web page loading too much'. Set the threshold for that to be say more than a 20% increase in page load time, but make the threshold decrease with time - eg. 10% in 2023, 5% in 2024, 2% in 2025, to finally 1% in 2026 etc.
Eventually, that would achieve both of Googles goals - since adblockers would be forced to shorten their lists of regex'es, neutering them, and performance would increase at the same time. Extension developers would have a hard time complaining, because critics will always argue they just have bloated inefficient code.
eWASM opcodes each have a real cost. It's possible to compile {JS, TypeScript, C, Python} to WASM.
What are some ideas for UI Visual Affordances to solve for bad UX due to slow browser tabs and extensions?
- [ ] UBY: Browsers: Strobe the tab tab or extension button when it's beyond (configurable) resource usage thresholds
- [ ] UBY: Browsers: Vary the {color, size, fill} of the tab tabs according to their relative resource utilization
- [ ] ENH,SEC: Browsers: specify per-tab/per-domain resource quotas: CPU, RAM, Disk, [GPU, TPU, QPU] (Linux: cgroups,)
> Their (unstated but suspected) goal is to neuter adblocking chrome extensions.
Except they didn't. There's already 3-4 adblockers that work perfectly as far as blocking ads is concerned. They do lose more advanced features, but 99.9% of people with adblockers installed never ever touch those features.
To claim that this neuters adblocking is truly ridiculous. It also ignores that Safari has the exact same restrictions yet no one complains that Apple wanted to neuter ad blocking.
> 99.9% of people with adblockers installed never ever touch those [advanced features]
Custom matching algorithms and ability to fine tune or expand matching algorithms according to new content blocking challenges are actually a kind of advanced feature that are used by all those users without them ever realizing it since their content blocker work seamlessly on their favorite sites without the need for intervention.
The declarativeNetRequest (DNR) API has been quite improved since it was first announced and its great, but since it's the only one we can use now, it's no longer possible to innovate by coming up with improved matching algorithm for network requests.
If the DNR had been designed 8 years ago according to the requirements of content blockers back then, it would be awfully equipped to deal with the challenges thrown at content blockers nowadays, so it's difficult to think the current one will be sufficient in the coming years.
Nothing stops the API evolving... Anyone can make a build of Chromium with a better API, test it out with their own extension, and if it works better, then they can send a PR to get that API into Chrome.
Obviously, extending an API is a long term commitment, so I can understand the Chrome team wanting to only do it if there is a decent benefit - "it makes my one extension with 10 users work slightly better" probably doesn't cut it.
> Nothing stops the API evolving... Anyone can make a build of Chromium with a better API, test it out with their own extension, and if it works better, then they can send a PR to get that API into Chrome.
This is not at all how API proposals are handled. There are a lot more (time, financial, logical) barriers to a change like this. See the role of the W3C in this: https://www.eff.org/deeplinks/2021/11/manifest-v3-open-web-p...
It is reasonable to expect BPF or a BPF-like filter. https://en.wikipedia.org/wiki/Berkeley_Packet_Filter
bromite/build/patches/Bromite-AdBlockUpdaterService.patch: https://github.com/bromite/bromite/blob/master/build/patches...
bromite/build/patches/disable-AdsBlockedInfoBar.patch: https://github.com/bromite/bromite/blob/master/build/patches...
bromite/build/patches/Bromite-auto-updater.patch: () https://github.com/bromite/bromite/blob/master/build/patches...
- [ ] ENH,SEC,UPD: Bromite,Chromium: is there a url syntax like /path.tar.gz#sha256=cba312 that chromium http filter downloader could use to check e.g. sha256 and maybe even GPG ASC signatures with? (See also: TUF, Sigstore, W3C Blockcerts+DIDs)
Bromite/build/patches/Re-introduce-*.patch: [...]
1Hz CPU made in Minecraft running Minecraft at 0.1fps [video]
Cool! Now build it in Turing Complete and export it to an FPGA
From KiCad https://en.wikipedia.org/wiki/KiCad :
> KiCad is a free software suite for electronic design automation (EDA). It facilitates the design and simulation of electronic hardware. It features an integrated environment for schematic capture, PCB layout, manufacturing file viewing, SPICE simulation, and engineering calculation. Tools exist within the package to create bill of materials, artwork, Gerber files, and 3D models of the PCB and its components.
https://www.kicad.org/discover/spice/ :
> KiCad integrates the open source spice simulator ngspice to provide simulation capability in graphical form through integration with the Schematic Editor.
PySpice > Examples: https://pyspice.fabrice-salvaire.fr/releases/v1.6/examples/i... :
+ Diode, Rectifier (AC to DC), Filter, Capacitor, Power Supply, Transformer, [Physical Relay Switche (Open/Closed) -> Vacuum Tube Transistor -> Solid-state [MOSFET,]] Transistor,
From the Ngspice User's Manual https://ngspice.sourceforge.io/docs/ngspice-37-manual.pdf :
> Ngspice is a general-purpose circuit simulation program for nonlinear and linear analyses.*
> Circuits may contain resistors, capacitors, inductors, mutual inductors, independent or dependent voltage and current sources, loss-less and lossy transmission lines, switches, uniform distributed RC lines, and the five most common semiconductor devices: diodes, BJTs, JFETs, MESFETs, and MOSFETs.
> [...] Ngspice has built-in models for the semiconductor devices, and the user need specify only the pertinent model parameter values. [...] New devices can be added to ngspice by several means: behavioral B-, E- or G-sources, the XSPICE code-model interface for C-like device coding, and the ADMS interface based on Verilog-A and XML.
Turing completeness: https://en.wikipedia.org/wiki/Turing_completeness :
> In colloquial usage, the terms "Turing-complete" and "Turing-equivalent" are used to mean that any real-world general-purpose computer or computer language can approximately simulate the computational aspects of any other real-world general-purpose computer or computer language. In real life this leads to the practical concepts of computing virtualization and emulation. [citation needed]
> Real computers constructed so far can be functionally analyzed like a single-tape Turing machine (the "tape" corresponding to their memory); thus the associated mathematics can apply by abstracting their operation far enough. However, real computers have limited physical resources, so they are only linear bounded automaton complete. In contrast, a universal computer is defined as a device with a Turing-complete instruction set, infinite memory, and infinite available time.
Church–Turing thesis: https://en.wikipedia.org/wiki/Church%E2%80%93Turing_thesis ... Lamda calculus (Church): https://en.wikipedia.org/wiki/Lambda_calculus
HDL: Hardware Description Language > Examples: https://en.wikipedia.org/wiki/Hardware_description_language#...
HVL: Hardware Verification Language: https://en.wikipedia.org/wiki/Hardware_verification_language
awesome-electronics > Free EDA Packages: https://github.com/kitspace/awesome-electronics#free-eda-pac...
https://github.com/TM90/awesome-hwd-tools
EDA: Electronic Design Automation: https://en.wikipedia.org/wiki/Electronic_design_automation
More notes for #Q12:
Quantum complexity theory https://en.wikipedia.org/wiki/Quantum_complexity_theory#Back... :
> A complexity class is a collection of computational problems that can be solved by a computational model under certain resource constraints. For instance, the complexity class P is defined as the set of problems solvable by a Turing machine in polynomial time. Similarly, quantum complexity classes may be defined using quantum models of computation, such as the quantum circuit model or the equivalent quantum Turing machine. One of the main aims of quantum complexity theory is to find out how these classes relate to classical complexity classes such as P, NP, BPP, and PSPACE.
> One of the reasons quantum complexity theory is studied are the implications of quantum computing for the modern Church-Turing thesis. In short the modern Church-Turing thesis states that any computational model can be simulated in polynomial time with a probabilistic Turing machine. [1][2] However, questions around the Church-Turing thesis arise in the context of quantum computing. It is unclear whether the Church-Turing thesis holds for the quantum computation model. There is much evidence that the thesis does not hold. It may not be possible for a probabilistic Turing machine to simulate quantum computation models in polynomial time. [1]
> Both quantum computational complexity of functions and classical computational complexity of functions are often expressed with asymptotic notation. Some common forms of asymptotic notion of functions are \Omega(T(n)) and \Theta(T(n)).
> \Theta(T(n)) expresses that something is bounded above by cT(n) where c is a constant such that c>0 and T(n) is a function of n, \Omega(T(n)) expresses that something is bounded below by cT(n) where c is a constant such that c>0 and T(n) is a function of n, and \Theta(T(n)) expresses both O(T(n)) and \Omega(T(n)). [3] These notations also their own names. O(T(n)) is called Big O notation, \Omega(T(n)) is called Big Omega notation, and \Theta(T(n)) is called Big Theta notation.
Quantum complexity theory > Simulation of quantum circuits https://en.wikipedia.org/wiki/Quantum_complexity_theory#Simu... :
> There is no known way to efficiently simulate a quantum computational model with a classical computer. This means that a classical computer cannot simulate a quantum computational model in polynomial time [P]. However, a quantum circuit of S(n) qubits with T(n) quantum gates can be simulated by a classical circuit with O(2^{S(n)}T(n)^{3}) classical gates. [3] This number of classical gates is obtained by determining how many bit operations are necessary to simulate the quantum circuit. In order to do this, first the amplitudes associated with the S(n) qubits must be accounted for. Each of the states of the S(n) qubits can be described by a two-dimensional complex vector, or a state vector. These state vectors can also be described a linear combination of its component vectors with coefficients called amplitudes. These amplitudes are complex numbers which are normalized to one, meaning the sum of the squares of the absolute values of the amplitudes must be one. [3] The entries of the state vector are these amplitudes.
Quantum Turing machine: https://en.wikipedia.org/wiki/Quantum_Turing_machine
Quantum circuit: https://en.wikipedia.org/wiki/Quantum_circuit
Church-Turing-Deutsch principle: https://en.wikipedia.org/wiki/Church%E2%80%93Turing%E2%80%93...
Computational complexity > Quantum computing, Distributed computing: https://en.wikipedia.org/wiki/Computational_complexity#Quant...
Hash collisions and exploitations – Instant MD5 collision
MD5 > History, Security > Collision vulnerabilities: https://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities
AI Seamless Texture Generator Built-In to Blender
Is there a way to run things like this with an AMD graphics card? Every Stable Diffusion project I've seen seems to be CUDA focused.
That's because Stable Diffusion is built with PyTorch. Which isn't optimized for anything but CUDA. Even the CPU is a second class citizen there. Let alone AMD or other graphics.
Not saying PyTorch doesn't run on anything else. You can but those will lag and some will be hackish.
Looks like Nvidia is on its way to be the next Intel.
From the Arch wiki, which has a list of GPU runtimes (but not TPU or QPU runtimes) and arch package names: OpenCL, SYCL, ROCm, HIP,: https://wiki.archlinux.org/title/GPGPU :
> GPGPU stands for General-purpose computing on graphics processing units.
- "PyTorch OpenCL Support" https://github.com/pytorch/pytorch/issues/488
- Blender re: removal of OpenCL support in 2021 :
> The combination of the limited Cycles split kernel implementation, driver bugs, and stalled OpenCL standard has made maintenance too difficult. We can only make the kinds of bigger changes we are working on now by starting from a clean slate. We are working with AMD and Intel to get the new kernels working on their GPUs, possibly using different APIs (such as CYCL, HIP, Metal, …).
- https://gitlab.com/illwieckz/i-love-compute
- https://github.com/vosen/ZLUDA
- https://github.com/RadeonOpenCompute/clang-ocl
AMD ROCm: https://en.wikipedia.org/wiki/ROCm
AMD ROcm supports Pytorch, TensorFlow, MlOpen, rocBLAS on NVIDIA and AMD GPUs: https://rocmdocs.amd.com/en/latest/Deep_learning/Deep-learni...
RadeonOpenCompute/ROCm_Documentation: https://github.com/RadeonOpenCompute/ROCm_Documentation
ROCm-Developer-Tools/HIPIFY https://github.com/ROCm-Developer-Tools/HIPIFY :
> hipify-clang is a clang-based tool for translating CUDA sources into HIP sources. It translates CUDA source into an abstract syntax tree, which is traversed by transformation matchers. After applying all the matchers, the output HIP source is produced.
ROCmSoftwarePlatform/gpufort: https://github.com/ROCmSoftwarePlatform/gpufort :
> GPUFORT: S2S translation tool for CUDA Fortran and Fortran+X in the spirit of hipify
ROCm-Developer-Tools/HIP https://github.com/ROCm-Developer-Tools/HIP:
> HIP is a C++ Runtime API and Kernel Language that allows developers to create portable applications for AMD and NVIDIA GPUs from single source code. [...] Key features include:
> - HIP is very thin and has little or no performance impact over coding directly in CUDA mode.
> - HIP allows coding in a single-source C++ programming language including features such as templates, C++11 lambdas, classes, namespaces, and more.
> - HIP allows developers to use the "best" development environment and tools on each target platform.
> - The [HIPIFY] tools automatically convert source from CUDA to HIP.
> - * Developers can specialize for the platform (CUDA or AMD) to tune for performance or handle tricky cases.*
Faraday and Babbage: Semiconductors and Computing in 1833
Timeline of Quantum Computing (1960-) https://en.wikipedia.org/wiki/Timeline_of_quantum_computing_...
1960-1883 = 77 years later
From https://news.ycombinator.com/item?id=31996743 https://westurner.github.io/hnlog/#comment-31996743 :
> Qubit#Physical_implementations: https://en.wikipedia.org/wiki/Qubit#Physical_implementations
> - note the "electrons" row of the table
>> See also: "Quantum logic gate" https://en.wikipedia.org/wiki/Quantum_logic_gate
macOS Subsystem for Linux
You can just use Vagrant for this kind of setup. The benefit of that is you can provision so it is able to run your application and you're able to commit it to git and share it with others. Pretty sure it will have a qemu adapter too if you so choose.
brew install vagrant packer terraform
brew install podman-desktop
You get all that put together one time on one box and realize you could have scripted the whole thing, but you need bash 4+ or Python 3+ so it all depends on `brew` first: https://github.com/geerlingguy/ansible-for-kubernetes/blob/m...
The Ansible homebrew module can install and upgrade brew and install and upgrade packages with brew: https://docs.ansible.com/ansible/latest/collections/communit...
And then write tests for the development environment too, or only for container specs in production: https://github.com/geerlingguy/ansible-for-kubernetes/tree/m... :
brew install kind docker
type -a python3; python3 -m site
python3 -m pip install molecule ansible-test yamllint
# molecule converge; ssh -- hostname
molecule test
# molecule destroy
Perhaps not that OT, but FWIW I just explained exactly this in a tweet:
> Mambaforge-pypy3 for Linux, OSX, Windows installs from conda-forge by default. (@condaforge builds packages with CI for you without having to install local xcode IIRC)
conda install -c conda-forge -y nodejs
mamba install -y nodejsGlobal-Chem: A Free Dictionary from Common Chemical Names to Molecules
TIL about #cheminformatics and Linked Data (Semantic Web):
Cheminformatics: https://en.wikipedia.org/wiki/Cheminformatics
https://github.com/topics/cheminformatics :
- https://github.com/hsiaoyi0504/awesome-cheminformatics #Databases #See_also
- https://github.com/mcs07/PubChemPy :
> PubChemPy provides a way to interact with PubChem in Python. It allows chemical searches by name, substructure and similarity, chemical standardization, conversion between chemical file formats, depiction and retrieval of chemical properties.
http://chemicalsemantics.com/introduction-to-the-chemical-se... ... /? chemicalsemantics github ... https://github.com/semanticchemistry/semanticchemistry #See_also :
> The Chemical Information Ontology (CHEMINF) aims to establish a standard in representing chemical information. In particular, it aims to produce an ontology to represent chemical structure and to richly describe chemical properties, whether intrinsic or computed.
Looks like they developed the CHEMINF OWL ontology in Protege 4 (which is Open Source). /ontology/cheminf-core.owl: https://github.com/semanticchemistry/semanticchemistry/blob/...
- Does it -- the {sql/xml/json/graphql, RDFS Vocabulary, OWL Ontology} schema - have more (C)Classes and (P)Properties than other schema for modeling this domain?
- What namespaced strings and URIs does it specify for linking entities internally and externally?
LOV Linked Open Vocabularies maintains a database of many RDFS vocabularies and OWL ontologies (which are represented in RDF) https://lov.linkeddata.es/dataset/lov/terms?q=chemical
- "The Linking Open Data Cloud" (2007-) https://lod-cloud.net/
/? "cheminf" https://scholar.google.com/scholar?hl=en&as_sdt=0,43&qsp=1&q...
/? "cheminf" ontology https://scholar.google.com/scholar?hl=en&as_sdt=0,43&qsp=1&q...
"The ChEMBL database as linked open data" (2013) https://scholar.google.com/scholar?cites=1029919691588310633... ... citations:
"PubChem substance and compound databases" (2017) https://scholar.google.com/scholar?cites=7847099277060264658...
"5 Star Linked Data⬅" https://wrdrd.github.io/docs/consulting/knowledge-engineerin...
Thing > BioChemEntity https://schema.org/BioChemEntity
Thing > BioChemEntity > ChemicalSubstance https://schema.org/ChemicalSubstance
Thing > BioChemEntity > MolecularEntity https://schema.org/MolecularEntity
Thing > BioChemEntity > Protein https://schema.org/Protein
Thing > BioChemEntity > Gene https://schema.org/Gene
Some of the BioSchemas work [1] is proposed and pending inclusion in the Schema.org RDFS vocabulary [2].
[1] https://github.com/bioschemas
[2] https://github.com/schemaorg/schemaorg/issues/1028
Will newer Bioschema terms like BioSample, LabProtocol, SequenceAnnotation, and Phenotype be proposed for inclusion into the Schema.org vocabulary?: https://bioschemas.org/profiles/index#nav-draft
GCC's new fortification level: The gains and costs
Unfortunately not much in the way of performance measurements :(
It's on my TODO list. Watch out for Fedora change proposals for (hopefully) Fedora 38.
What if you develop inside of a Fedora 38 Docker container
FROM quay.io/fedora/fedora:38
RUN dnf install -y <bunch of tools>
It's not a runtime flag, you'll have to patch redhat-rpm-config to use _FORTIFY_SOURCE=3 instead of 2 and then build packages with it.
Of course if you only want to build your application with _FORTIFY_SOURCE=3, you can do it right away even on Fedora 36. The Fedora change will be to build the distribution (or at least a subset of packages) with _FORGIFY_SOURCE=3.
Poor writing, not specialized concepts, drives difficulty with legal language
Which attributes of a person are necessary to answer a legal question?
Python:
def has_legal_right(person: dict, right: str): -> bool
assert person
assert right
#
return NotImplementedError
def have_equal_rights(persons: list): -> bool
return NotImplementedError
function hasRight(person, right) {
console.assert(person);
console.assert(right);
// return true || false;
}
function haveEqualRights(persons) {
// return true || false;
}
... Therefore you've failed at the Law of Reciprocity.
U.S. appeals court rejects big tech’s right to regulate online speech
Does this mean that newspaper Information Service Providers are now obligated to must-carry opinion pieces from political viewpoints that oppose those of the editors in the given district?
Does this mean that newspapers in Texas are now obligated to carry liberal opinion pieces? Equal time in Texas at last.
Must-carry provision of a contract for service: https://en.wikipedia.org/wiki/Must-carry
I imagine they'd have to accept arbitrary submissions first. If you just worked there, probably they'd be forced to put up anything you wrote
no
How limited is the given district court of appeals case law precedent in regards to must-carry and Equal time rules for non-licensed spectrum Information Service providers? Are they now common carrier liability, too?
Equal time rules and American media history: https://en.wikipedia.org/wiki/Equal-time_rule
Who pays for all of this?
> "Give me my free water!"
From "FCC fairness doctrine" (1949-1987) https://en.wikipedia.org/wiki/FCC_fairness_doctrine :
> The fairness doctrine had two basic elements: It required broadcasters to devote some of their airtime to discussing controversial matters of public interest, and to air contrasting views regarding those matters. Stations were given wide latitude as to how to provide contrasting views: It could be done through news segments, public affairs shows, or editorials. The doctrine did not require equal time for opposing views but required that contrasting viewpoints be presented. The demise of this FCC rule has been cited as a contributing factor in the rising level of party polarization in the United States. [5][6]
Because the free flow of information is essential to democracy, it is in the Public Interest to support a market of new and established flourishing information service providers, not a market of exploited must-carry'ers subject to district-level criteria for ejection or free water for life. Shouldn't all publications, all information services be subject to any and all such Equal Time and Must-Carry interpretations?
Your newspaper may not regulate viewpoints: in its editorial section or otherwise. Must carry. Equal time.
The wall of one's business, perhaps.
You must keep that up there on your business's wall.
**
In this instance, is there a contract for future performance? How does Statute of Frauds apply to contracts worth over $500?
Transformers seem to mimic parts of the brain
Sincere question inspired purely by the headline: how many important ML architectures aren't in some way based on some proposed model of how something works in the brain?
(Not intended as a flippant remark, I know Quanta Magazine articles can generaly safely be assumed to be quality content, and that this is about how a language model unexpectedly seems to have relevance for understanding spatial awareness)
I think the response to this has two prongs:
- Some families of ML techniques (SVMs, random forests, gaussian processes) got their inspiration elsewhere and never claimed to be really related to how brains do stuff.
- Among NNs, even if an idea takes loose inspiration from neuroscience (e.g. the visual system does have a bunch of layers, and the first ones really are pulling out 'simple' features like an edge near an area), I think it's relatively uncommon to go back and compare specifically what's happening in the brain with a given ML architecture. And a lot of the inspiration isn't about human-specific cognitive abilities (like language), but is really a generic description of neurons which is equally true of much less intelligent animals.
> I think it's relatively uncommon to go back and compare specifically what's happening in the brain with a given ML architecture.
Less common but not unheard of. Here's one example, primarily on focused on vision: http://www.brain-score.org/
DeepMind has also published works comparing RL architectures like IQN to dopaminergic neurons.
The challenge is that its very cross-disciplinary and most DL labs don't have a reason to explore the neuroscience side while most neuro labs don't have the expertise in DL.
Is it necessary to simulate the quantum chemistry of a biological neural network in order to functionally approximate a BNN with an ANN?
A biological systems and fields model for cognition:
Spreading activation in a dynamic graph with cycles and magnitudes ("activation potentials",) that change as neurally-regulated heart-generated electron potentials (and,) reverberate fluidically with intersecting paths. And a partially extra-cerebral induced field which nonlinearly affects the original signal source through local feedback; Representational shift.
Representational shift: "Neurons Are Fickle. Electric Fields Are More Reliable for Information" (2022) https://neurosciencenews.com/electric-field-neuroscience-201...
Spreading activation: https://en.wikipedia.org/wiki/Spreading_activation
Re: 11D (11-Dimensional) biological network hyperparameters, ripples in (hippocampal, prefrontal,) association networks: https://news.ycombinator.com/item?id=18218504
M-theory String theory is also 11D, but IIUC they're not the same dimensions
Diffusion suggests fluids, which in physics and chaos theory suggests Bernoulli's fluid models (and other non-differentiable compact descriptions like Navier-Stokes), which are part of SQG Superfluid Quantum Gravity postulates.
Can e.g. ONNX or RDF with or without bnodes represent a complete connectome image/map?
Connectome: https://en.wikipedia.org/wiki/Connectome
Wave Field recordings are probably the most complete known descriptions of the brain and its nonlinear fields?
How such fields relate to one or more Quantum Wave functions might entail near-necessity of QFT: Quantum Fourier Transform.
When you replace the Self-attention Network part of a Transformer algorithm with classical FFT Fast Fourier Transform: ... From https://medium.com/syncedreview/google-replaces-bert-self-at... :
> > New research from a Google team proposes replacing the self-attention sublayers with simple linear transformations that “mix” input tokens to significantly speed up the transformer encoder with limited accuracy cost. Even more surprisingly, the team discovers that replacing the self-attention sublayer with a standard, unparameterized Fourier Transform achieves 92 percent of the accuracy of BERT on the GLUE benchmark, with training times that are seven times faster on GPUs and twice as fast on TPUs."
> > Would Transformers (with self-attention) make what things better? Maybe QFT? There are quantum chemical interactions in the brain. Are they necessary or relevant for what fidelity of emulation of a non-discrete brain?
> Quantum Fourier Transform: https://en.wikipedia.org/wiki/Quantum_Fourier_transform
The QFT acronym annoyingly reminds ne rather of Quantum Field Theory than Quantum Fourier Transforms ...
Yeah. And resolve QFT + { QG || SQG }
A more useful query, to Google dork:
/? QFT "field theory" "Superfluid" "quantum gravity" https://www.google.com/search?q=QFT+%22field+theory%22+%22Su... https://scholar.google.com/scholar?q=QFT+%22field+theory%22+...
/? QFT "field theory" "Superfluid quantum gravity" https://www.google.com/search?q=QFT+%22field+theory%22+%22Su... https://scholar.google.com/scholar?q=QFT+%22field+theory%22+...
Chaos researchers can now predict perilous points of no return
This sounds similar to work I did years ago to combine phase-space manifolds with a rule-based expert system to address problems diagnosing failures in mechanical systems exhibiting multi-modal operating regimes.
Hopefully the researchers found a simpler computational method than I did in trying to mate those two systems together. :)
What really caught my attention was the output of a probability curve showing how the system might operate in the never-before-seen regimes once the tipping point was reached. The ability to predict behavior outside the training set is a huge win. My method was only predictive while the the system operated in the training regime; outside that regime it was useless.
Could this detect/predict/diagnose e.g. mechanical failures in engines and/or motors, and health conditions, given sensor fusion?
Sensor fusion https://en.wikipedia.org/wiki/Sensor_fusion
Steady state https://en.wikipedia.org/wiki/Steady_state :
> In many systems, a steady state is not achieved until some time after the system is started or initiated. This initial situation is often identified as a transient state, start-up or warm-up period. [1]
https://github.com/topics/steady-state
Control systems https://en.wikipedia.org/wiki/Control_system
https://github.com/topics/control-theory
Flap (disambiguation) > Computing and networks > "Flapping" (nagios alert fatigue,) https://en.wikipedia.org/wiki/Flap
Perceptual Control Theory (PCT) > Distinctions from engineering control theory https://en.wikipedia.org/wiki/Perceptual_control_theory :
> In the artificial systems that are specified by engineering control theory, the reference signal is considered to be an external input to the 'plant'.[7] In engineering control theory, the reference signal or set point is public; in PCT, it is not, but rather must be deduced from the results of the test for controlled variables, as described above in the methodology section. This is because in living systems a reference signal is not an externally accessible input, but instead originates within the system. In the hierarchical model, error output of higher-level control loops, as described in the next section below, evokes the reference signal r from synapse-local memory, and the strength of r is proportional to the (weighted) strength of the error signal or signals from one or more higher-level systems. [26]
> In engineering control systems, in the case where there are several such reference inputs, a 'Controller' is designed to manipulate those inputs so as to obtain the effect on the output of the system that is desired by the system's designer, and the task of a control theory (so conceived) is to calculate those manipulations so as to avoid instability and oscillation. The designer of a PCT model or simulation specifies no particular desired effect on the output of the system, except that it must be whatever is required to bring the input from the environment (the perceptual signal) into conformity with the reference. In Perceptual Control Theory, the input function for the reference signal is a weighted sum of internally generated signals (in the canonical case, higher-level error signals), and loop stability is determined locally for each loop in the manner sketched in the preceding section on the mathematics of PCT (and elaborated more fully in the referenced literature). The weighted sum is understood to result from reorganization.
> Engineering control theory is computationally demanding, but as the preceding section shows, PCT is not. For example, contrast the implementation of a model of an inverted pendulum in engineering control theory [27] with the PCT implementation as a hierarchy of five simple control systems. [28]
Structural Equation Modeling: https://en.wikipedia.org/wiki/Structural_equation_modeling https://github.com/topics/structural-equation-modeling
ros2_control https://control.ros.org/master/index.html
Limit cycle https://en.wikipedia.org/wiki/Limit_cycle
Finite Element Analysis https://en.wikipedia.org/wiki/Finite_element_method
> #FEM: Finite Element Method (for ~solving coupled PDEs Partial Differential Equations)
> #FEA: Finite Element Analysis (applied FEM)
awesome-mecheng > Finite Element Analysis: https://github.com/m2n037/awesome-mecheng#fea
GraphBLAS
> When applied to sparse adjacency matrices, these algebraic operations are equivalent to computations on graphs
Sparse matrix: https://en.wikipedia.org/wiki/Sparse_matrix :
> The concept of sparsity is useful in combinatorics and application areas such as network theory and numerical analysis, which typically have a low density of significant data or connections. Large sparse matrices often appear in scientific or engineering applications when solving partial differential equations.
CuGraph has a NetworkX-like API, though only so many of the networkx algorithms are yet reimplemented with some possible CUDA-optimizations.
From https://github.com/rapidsai/cugraph :
> cuGraph operates, at the Python layer, on GPU DataFrames, thereby allowing for seamless passing of data between ETL tasks in cuDF and machine learning tasks in cuML. Data scientists familiar with Python will quickly pick up how cuGraph integrates with the Pandas-like API of cuDF. Likewise, users familiar with NetworkX will quickly recognize the NetworkX-like API provided in cuGraph, with the goal to allow existing code to be ported with minimal effort into RAPIDS.
> While the high-level cugraph python API provides an easy-to-use and familiar interface for data scientists that's consistent with other RAPIDS libraries in their workflow, some use cases require access to lower-level graph theory concepts. For these users, we provide an additional Python API called pylibcugraph, intended for applications that require a tighter integration with cuGraph at the Python layer with fewer dependencies. Users familiar with C/C++/CUDA and graph structures can access libcugraph and libcugraph_c for low level integration outside of python.
/? sparse https://github.com/rapidsai/cugraph/search?q=sparse
Pandas and scipy and IIRC NumPy have sparse methods; sparse.SparseArray, .sparse.; https://pandas.pydata.org/docs/user_guide/sparse.html#sparse...
From https://pandas.pydata.org/docs/user_guide/sparse.html#intera... :
> Series.sparse.to_coo() is implemented for transforming a Series with sparse values indexed by a MultiIndex to a scipy.sparse.coo_matrix.
NetworkX graph algorithms reference docs https://networkx.org/documentation/stable/reference/algorith...
NetworkX Compatibility > Differences in Algorithms https://docs.rapids.ai/api/cugraph/stable/basics/nx_transiti...
List of algorithms > Combinatorial algorithms > Graph algorithms: https://en.wikipedia.org/wiki/List_of_algorithms#Graph_algor...
To give an example of real world sparse matrices, power grids can have thousands and thousands of nodes, but most of those nodes only connect to a few other nodes at most that are local neighbors. Systems are highly sparse as a result
Integer factor graphs are sparse. https://en.wikipedia.org/wiki/Factor_graph#Message_passing_o...
Compared to the Powerset graph that includes all possible operators and parameter values and parentheses in infix but not Reverse Polish Notation, a correlation graph is sparse: most conditional probabilities should be expected to tend toward the Central Limit Theorem, so if you subtract (or substitute) a constant noise scalar, a factor graph should be extra-sparse. https://en.wikipedia.org/wiki/Central_limit_theorem_for_dire...
What do you call a factor graph with probability distribution functions (PDFs) instead of float64s?
Are Path graphs and Path graphs with cycles extra sparse? An adjacency matrix for all possible paths through a graph is also mostly zeroes. https://en.wikipedia.org/wiki/Path_graph
Methods of feature reduction use and affect the sparsity of a sparse matrix (that does not have elements for confounding variables). For example, from "Exploratory factor analysis (EFA) versus principal components analysis (PCA)" https://en.wikipedia.org/wiki/Factor_analysis :
> For either objective, it can be shown that the principal components are eigenvectors of the data's covariance matrix. Thus, the principal components are often computed by eigendecomposition of the data covariance matrix or singular value decomposition of the data matrix. PCA is the simplest of the true eigenvector-based multivariate analyses and is closely related to factor analysis. Factor analysis typically incorporates more domain specific assumptions about the underlying structure and solves eigenvectors of a slightly different matrix.
Common Lisp names all sixteen binary logic gates
From File:Logical_connectives_Hasse_diagram.svg https://commons.wikimedia.org/wiki/File:Logical_connectives_...:
> Description: The sixteen logical connectives ordered in a Hasse diagram. They are represented by:
> - logical formulas
> - the 16 elements of V4 = P^4({})
> - Venn diagrams
> The nodes are connected like the vertices of a 4 dimensional cube. The light blue edges form a rhombic dodecahedron - the convex hull of the tesseract's vertex-first shadow in 3 dimensions.
Hasse diagram: https://en.wikipedia.org/wiki/Hasse_diagram
> A research question for a new school year: (2021, still TODO)
> The classical logical operators form a neat topology. Should we expect there to be such symmetry and structure amongst the quantum operators as well?
From Quantum Logic https://en.wikipedia.org/wiki/Quantum_logic :
> Quantum logic can be formulated either as a modified version of propositional logic or as a noncommutative and non-associative many-valued (MV) logic.[2][3][4][5][6]
> Quantum logic has been proposed as the correct logic for propositional inference generally, [...] group representations and symmetry.
> The more common view regarding quantum logic, however, is that it provides a formalism for relating observables, system preparation filters and states.[citation needed] In this view, the quantum logic approach resembles more closely the C*-algebraic approach to quantum mechanics. The similarities of the quantum logic formalism to a system of deductive logic may then be regarded more as a curiosity than as a fact of fundamental philosophical importance. A more modern approach to the structure of quantum logic is to assume that it is a diagram—in the sense of category theory—of classical logics
Quantum_logic#Differences_with_classical_logic: https://en.wikipedia.org/wiki/Quantum_logic#Differences_with...
Cirq > Gates and operations: https://quantumai.google/cirq/build/gates
Cirq > Operators and Observables: https://quantumai.google/cirq/build/operators
qiskit-terra/qiskit/circuit/operation.py Interface: https://github.com/Qiskit/qiskit-terra/blob/main/qiskit/circ...
tequila/src/tequila/circuit/gates.py: https://github.com/tequilahub/tequila/blob/master/src/tequil...
Pauli matrices > Quantum information: https://en.wikipedia.org/wiki/Pauli_matrices#Quantum_informa...
From Quantum_information#Quantum_information_processing https://en.wikipedia.org/wiki/Quantum_information#Quantum_in... :
> The state of a qubit contains all of its information. This state is frequently expressed as a vector on the Bloch sphere. This state can be changed by applying linear transformations or quantum gates to them. These unitary transformations are described as rotations on the Bloch Sphere. While classical gates correspond to the familiar operations of Boolean logic, quantum gates are physical unitary operators.
Google pays ‘enormous’ sums to maintain search-engine dominance, DOJ says
Google does this yet lies about their searches to maintain an illusion of competence.
For example, you can type in something like "purpose of life" and it will say it has 2 billion results, yet if you try to go to result 500, you can't, it will stop at 400, then change the number to 400 results only on the last page.
This happens for every query. Google lies about the astronomical number of search results, then only shows a few hundred at most.
I work for Google Search. The counts we show for results are estimated. They get more refined when you go deeper into the results. But yes, there are still likely to be millions of results for many things you query -- and most people are not going to be able to go through all millions of those. So we show usually up to around 40 pages / 400 of these. We have a help page about this here: https://support.google.com/websearch/answer/9603785
So when I google "cows" and it says "Page 2 of about 1,210,000,000 results" you know full well you aren't going to show anywhere near 1,201,000,000 results yet you program it to display that? And in fact it only shows "about 231 results" which is 0.000019234% of 1,210,000,000 results.
That doesn't sound like an estimate to me. To me, that is intentional misleading.
How is it misleading? It's an estimate of the total results, it doesn't say it's going to display them
"I'll sell you about 1,201,000,000 paper clips."
"OK."
ships 231 paper clips
"Hey I only got 231 paper clips, not 1,201,000,000."
"That's right. 1,201,000,000 was an estimate."
"You said about. So you estimated 1,201,000,000 paper clips but you actually only had 231?"
"No, I had the full 1,201,000,000. I sold them to you but I didn't say I would ship all of them. What kind of idiot uses more than a few hundred paper clips anyway? Plus, it saves us money on shipping costs."
You haven't paid Google for search: there is no sale of product or service to you, the user using free services for free.
You haven't signed any agreement with Google for search services. Google hasn't signed any agreement for future performance with you.
Google is not obligated to count every search result of every free search query. You are not entitled to such resource-intensive queries.
How much does COUNT() on a full table scan of billions of rows - with snippets - cost you on BigQuery or a similar pay-for-query-resources service?
>> you, the user using free services for free
Absolutely false, it is not free. I have provided them with my data which they will monetize.
It's the same as Hacker News not being free. I have provided Hacker News with my personal data.
For example, if you look through my post history just in the last day or so, you would know that Rufus Foreman owns a killer cis-gendered cat named Mr. Tiddlesworth, that Rufus Foreman is a Warren Buffett fan boy, and that when thinking of a generic search term to use as an example, the first thing to come to Rufus Foreman's mind is "cows".
Now imagine what sort of dark patterns an unscrupulous corporation like say, Hooli, could implement in order to target me with advertising tailored to my preferences!
If you tell the bartender your life story, they don't owe you free drinks (and they might as well sell a screenplay)
While it's true that they sell the data they collect, you can choose to not share such data and still receive the free services. "Bromite" is a fork of Chromium, for example.
If you spend time in their store and cause loss and order a bunch of free waters, do the Terms of Service even apply to you? What can they even do? What can LinkedIn do about scraping and resale of every public profile page?
Give me some free privacy on my free dsl line. (Note that ISPs can sell the entirety of a customer's internet PCAPs, for example, due to Pai's FCC rescinding a Wheeler FCC privacy rule https://www.theverge.com/2017/3/31/15138526/isp-privacy-bill... "Trump signs repeal of U.S. broadband privacy rules" (2017) https://www.reuters.com/article/us-usa-internet-trump/trump-... )
Bromite is not a Google service. It's a false precedence that anything open source from a corporation is a free service and makes their anti-privacy stance good. That's like saying a criminal is a good guy because he did 50 hours of charity work after murdering 2 people.
You can use the Chromium source code that Google contributes to, to browse the internet with and without ads and trackers that use obvious domain names: Microsoft Edge, Opera, Vivaldi, Bromite, ungoogled-chromium, Brave, Chrome.
You choose whether to shop at Google.
Google buying the default search engine position in browsers does not prevent users from changing the - possibly OpenSearch - browser search engine to DuckDuckGo or Ecosia.
You can force an address bar entry to a.tld/search=?${query} search w/:
Ctrl-L
?${query}
?how to change the default search engine
?how to block ads & trackers in {browser name}
?how to provide free search queries on a free search engine and have positive revenue after years of debt obligations to fairly build market share
Why would they now get out of paying for Firefox development using a revenue model, too?
(Competitors can and do use e.g. google/bazel the open source clone of google/blaze, which is what Chromium builds were built with before gn. Here's Chromium/BUILD.bazel, for example: https://source.chromium.org/chromium/v8/v8.git/+/master:BUIL... )
Android (and /e/ and LineageOS) do allow you to install browsers other than the Chrome WebView and Chrome. Is it possible to install anything other than Safari (WebKit) on iOS devices? Maybe from another software repository like F-droid? Hopefully current downstream releases with signed manifests and SafetyNet scanning uploaded apps
> You haven't signed any agreement with Google for search services.
Literally on absolutely every google search page: https://policies.google.com/terms
No one read terms and conditions, yes?
Terms of Service: https://en.wikipedia.org/wiki/Terms_of_service
Statute of Frauds applies to agreements regarding amounts over $500. Is this a conscionable agreement between which identified parties? Does what satisfy chain of custody requirements for criminal or civil admissability if the data is from not a trustless system but a centralized trustful system?
"Victory! Ruling in hiQ v. Linkedin Protects Scraping of Public Data" (2019) https://www.eff.org/deeplinks/2019/09/victory-ruling-hiq-v-l...
And then the interplay between a "Right to be Forgotten" and the community legal obligation to retain for lawful investigative law enforcement purposes. They don't know what they want: easy investigations, compromisable investigations, privacy
Ask HN: Best empirical papers on software development?
There are some good empirical papers, but I only know very few. What is your best empirical paper on software development?
From https://en.wikipedia.org/wiki/Experimental_software_engineer... :
> Experimental software engineering involves running experiments on the processes and procedures involved in the creation of software systems, with the intent that the data be used as the basis of theories about the processes involved in software engineering (theory backed by data is a fundamental tenet of the scientific method). A number of research groups primarily use empirical and experimental techniques.
> The term empirical software engineering emphasizes the use of empirical studies of all kinds to accumulate knowledge. Methods used include experiments, case studies, surveys, and using whatever data is available.
(CS) Papers We Love > https://github.com/papers-we-love/papers-we-love#other-good-... :
- "Systematic Review in Software Engineering" (2005)
-- "The Developed Template for Systematic Reviews in Software Engineering"
- "Happiness and the productivity of software engineers" (2019)
DevTech Research Group (Kibo, Scratch Jr,) > Publications https://sites.bc.edu/devtech/publications/
' > Empirical Research, instruments: https://sites.bc.edu/devtech/about-devtech/empirical-researc...
"SafeScrum: Agile Development of Safety-Critical Software" (2018) > A Summary of Research https://scholar.google.com/scholar?cites=9208467786713301421... (Gscholar features: cited by, Related Articles) https://link.springer.com/chapter/10.1007/978-3-319-99334-8_...
Re: Safety-Critical systems, awesome-safety-critical, and Formal Verification as the ultimate empirical study: https://news.ycombinator.com/item?id=28709239
Why public chats are better than direct messages
As I read this, I got the sinking feeling that I'd read it all before. But then I realised, it's just another case of someone thinking that their specific solution is best, solely on the basis that it worked for them, in their specific circumstances.
But here's the thing: every group is different, has different needs, and will respond differently to different styles of communication. Some people (especially people not using their first language) can find working in public stressful; some people get very stressed by the intensity of 1:1s. It takes all types, and as a manager, understanding how to get the best out of everyone is part of the job.
There is no single, correct way, and we know this because, if there was, then we wouldn't keep hearing about these interminable "solutions".
Yes, but so is which is best for which situation still the question?
Presuming that information asymmetry will hold over time is a bad assumption, regardless of cost of information security controls.
Why have these new collaborative innovative services succeeded where NNTP and > > indented, text-wrapped email forwards for new onboards have not?
Instead of Chat or IM, hopefully working on Issues with checkbox Tasks and Edges; and Pull Requests composed of Commits, Comments, and Code Reviews; with conditional Branch modification rules; will produce Products: deliverables of value to the customer, per the schema:Organization's Mission.
What style of communication is appropriate for a team in which phase of development, regardless of communications channel?
> Why have these new collaborative innovative services succeeded where NNTP and > > indented, text-wrapped email forwards for new onboards have not?
The new tools we have at our disposal are amazing. Of course they are better. But they are just tools. They don’t solve any problems relating to interpersonal communication any more than a hammer solves building a house.
> What style of communication is appropriate for a team in which phase of development, regardless of communications channel?
It’s the job of a manager to work that out. There is no formula. It’s not even possible to write one down. That’s the point.
Well, our societies value these communication businesses as among the most valuable corporations on Earth, so I think that there's probably some value in the tools that people suffer ads on to get for free.
"Traits of good remote leaders" (2019) https://news.ycombinator.com/item?id=24432088 :
"From Comfort Zone to Performance Management" (2009) https://scholar.google.com/scholar?hl=en&as_sdt=0%2C43&q=%E2... :
> "Table 4 – Correlation of Development Phases, Coping Stages and Comfort Zone transitions and the Performance Model" in "From Comfort Zone to Performance Management" White (2008) tabularly correlates the Tuckman group development phases (Forming, Storming, Norming, Performing, Adjourning) with the Carnall coping cycle (Denial, Defense, Discarding, Adaptation, Internalization) and Comfort Zone Theory (First Performance Level, Transition Zone, Second Performance Level), and the White-Fairhurst TPR model (Transforming, Performing, Reforming). The ScholarlyArticle also suggests management styles for each stage (Commanding, Cooperative, Motivational, Directive, Collaborative); and suggests that team performance is described by chained power curves of re-progression through these stages.
Planting trees not always an effective way of binding carbon dioxide
"Hemp twice as effective at capturing carbon as trees, UK researcher says" (2021) https://hempindustrydaily.com/hemp-twice-as-effective-at-cap... :
> “Industrial hemp absorbs between 8 to 15 tonnes of CO2 per hectare (3 to 6 tonnes per acre) of cultivation.”
> Comparatively, forests capture 2 to 6 tonnes of carbon per hectare (0.8 to 2.4 tonnes per acre), depending on the region, number of years of growth, type of trees and other factors, Shah said.
> Shah, who studies engineered wood, bamboo, natural fiber composites and hemp [at Cambridge, UK], said hemp “offers an incredible scope to grow a better future” while producing fewer emissions than conventional crops and more usable fibers per hectare than forestry.
"Cities of the future may be built with algae-grown limestone" (2022) https://www.colorado.edu/today/2022/06/23/cities-future-may-... :
> And limestone isn’t the only product microalgae can create: microalgae’s lipids, proteins, sugars and carbohydrates can be used to produce biofuels, food and cosmetics, meaning these microalgae could also be a source of other, more expensive co-products—helping to offset the costs of limestone production.
Carbon sequestration: https://en.wikipedia.org/wiki/Carbon_sequestration
tonnes of carbon per hectare is not relevant.
What you need is tonnes of carbon per hectare per year.
We don't have enough space to let these plants be there, we need to convert them into coal and throw it back into the mines.
The efficient thing to do is render them into charcoal, yes.
Biochar is a great soil amendment, and doesn't oxidize over decades or even centuries, depending. Putting it back in the mines is an option, if we ever need to stop rebuilding topsoil, which is itself getting urgent.
Biochar is also intensive and only converts a relatively small amount of that carbon into stable charcoal.
Hemp is compostable, though because it's so tough, shredding and waiting for it to compost trades (vertical) space & time for far less energy use than biocharification unless it's waste heat from a different process.
Bioenergy with carbon capture and storage (BECCS) > Biomass feedstocks doesn't have a pivot table of conversion efficiencies?: https://en.wikipedia.org/wiki/Bioenergy_with_carbon_capture_... :
> Biomass sources used in BECCS include agricultural residues & waste, forestry residue & waste, industrial & municipal wastes, and energy crops specifically grown for use as fuel. Current BECCS projects capture CO2 from ethanol bio-refinery plants and municipal solid waste (MSW) recycling center.
> A variety of challenges must be faced to ensure that biomass-based carbon capture is feasible and carbon neutral. Biomass stocks require availability of water and fertilizer inputs, which themselves exist at a nexus of environmental challenges in terms of resource disruption, conflict, and fertilizer runoff.
If you keep taking hemp off a field without leaving some down, you'll probably need fertilizer (see: KNF, JADAM,) and/or soil amendments to be able to rotate something else through; though it's true that hemp grows without fertilizer.
> A second major challenge is logistical: bulky biomass products require transportation to geographical features that enable sequestration. [27]
Or more local facilities
Composting oxidizes a lot of the carbon. And since you have to replant, harvest and fertilise everyyear it is a lot more intensive than forestry where you do that ever 30 (15-100) years
Do you know of any papers investigating how kelp or other seaweeds compare? I've heard some biologists informally claim that they would be even more effective because they can grow incredibly fast.
I thought trees were somewhat ideal because the carbon sequestered in them can be used as long-lived lumber. If the kelp sequesters carbon but then it gets released immediately when it decomposes or someone eats it, then it doesn't really solve the problem.
We need to be putting carbon back into the ground where we got it, or at least converting into forms where it lives a long time on the surface (decades or centuries).
> I thought trees were somewhat ideal because the carbon sequestered in them can be used as long-lived lumber.
This is why hempcrete is ideal. But hemp, by comparison, doesn't result in a root-bound tree farm for wind break and erosion control; hemp can be left down to return nutrients to the soil or for soil remediation as it's a very absorbent plant (that draws e.g. heavy metals out of soil and into the plant)
Why hempcrete when you could use wood?
> Hemp can be left down to return nutrients to the soil or for soil remediation as it's a very absorbent plant (that draws e.g. heavy metals out of soil and into the plant)
It won't remove heavy metals from the soil if you leave it there. You also can't turn it into a product if you leave it there.
Caddyhttp: Enable HTTP/3 by Default
lucaslorentz/caddy-docker-proxy works like Traefik, in that Container metadata labels are added to the reverse proxy configuration which is reloaded upon container events, which you can listen to when you subscribe to a Docker/Podman_v3 socket (which is unfortunately not read only)
So, with Caddy or Traefik, a container label can enable HTTP/3 (QUIC (UDP port 1704)) for just that container.
"Labels to Caddyfile conversion" https://github.com/lucaslorentz/caddy-docker-proxy#labels-to...
From https://news.ycombinator.com/item?id=26127879 re: containersec :
> > - [docker-socket-proxy] Creates a HAproxy container that proxies limited access to the [docker] socket
The point of the link in OP is that now in v2.6, Caddy enables HTTP/3 by default, and doesn't need to be explicitly enabled by the user.
So I'm not exactly sure the point you're trying to make. But yes, CDP is an awesome project!
That is a good point. Is there any way to disable HTTP/3 support with just config?
The (unversioned?) docs have: https://caddyserver.com/docs/modules/http#servers/experiment... :
> servers/experimental_http3: Enable experimental HTTP/3 support. Note that HTTP/3 is not a finished standard and has extremely limited client support. This field is not subject to compatibility promises
TIL caddy has Prometheus metrics support (in addition to automatic LetsEncrypt X.509 Cert renewals)
Yeah those docs are for v2.5. The experimental_http3 option is removed in v2.6 (which is currently only in beta, stable release coming soon). To configure protocols and disable HTTP/3, you'll now use the "protocols" option (inside of the "servers" global option), and it would look like "protocols h1 h2" (the default is "h1 h2 h3").
Yes, the docs have been updated at https://github.com/caddyserver/website but haven't been deployed yet. There is a new protocols option:
protocols h1 h2
For HTTP/3 support with python clients:
- aioquic supports HTTP/3 only now https://github.com/aiortc/aioquic
- httpx is mostly requests-compatible, supports client-side caching, and HTTP/1.1 & HTTP/2, and here's the issue for HTTP/3 support: https://github.com/encode/httpx/issues/275
Make better decisions with fewer online meetings
Hi! I am the cofounder TopAgree. We have created TopAgree to help teams make faster decisions with fewer meetings. My friend Linus and I are developing it together because we often don't make the important decisions until the last five minutes of a meeting. And then, unfortunately, we often make the wrong decisions. I have a big request for you: Please comment when you like to test the product and give us feedback. Thanks so much! Kind regards, Bastian
Does it integrate into MS Teams? Or some other established enterprise platform?
Otherwise it’s really hard to introduce it to a corporation, where it’s probably most needed.
Webhook integrations: Slack/Mattermost; Zulip; Zapier Platform; GitHub Pull Requests
Another issue/checkbox:
Re: collaboration engineering, Thinklets: "No Kings: How Do You Make Good Decisions Efficiently in a Flat Organization?" (2019) https://news.ycombinator.com/item?id=20157064
Thank you westurner for the link. Super helpful. Kind regards, Bastian
Great idea. IMHO, Feedback is necessary for #EvidenceBasedPolicy; for objective progress.
Evidence-based policy: https://en.wikipedia.org/wiki/Evidence-based_policy (Jupyter, scikit-learn & Yellowbrick, Kaggle,)
Town hall meeting: https://en.wikipedia.org/wiki/Town_hall_meeting
awesome-ideation-tools: https://github.com/zazaalaza/awesome-ideation-tools :
> Awesome collection of brainstorming, problem solving, ideation and team building tools. From foresight to overcoming creative blocks, this list contains all the awesome boardgames, canvases and deck of cards that were designed to help you solve a certian problem.
Europe’s energy crisis hits science
How come there is nobody held responsible on the side of European regulators/politicians that led the continent into such dependency on fossil fuels with no backup supplier
Basically, the entire European green and anti-global warming movement was either delusional or bought off and there was (and still is) not really much of a counterbalance to this within the mainstream. They pushed for renewables that required a huge amount of natural gas as backup for when the wind dropped or the sun went behind clouds and for the shutdown of alternatives like coal and nuclear, whilst simultaneously campaigning to block new natural gas exploration and investment in Europe. This made energy supplies completely dependent on imports from totalitarian dictatorships. In addition, Germany chose to make themselves completely dependent on Russia specifically despite attempts by the US and eastern European countries to stop them and somehow arm-twisted the EU into letting them go ahead with this - but even if it wasn't for that, the natural gas capacity just isn't there to cope with Russia refusing to supply and there hasn't been the willingness to invest in building more.
I don't think they've stopped this campaign even after it ended in catastrophe either. It's certainly still going on in the UK - for example just yesterday I saw a BBC article telling people that building more natural gas production here is pointless because wind and solar are cheaper, presumably based on the raw per-MWh number with no storage to fill in the gaps when it doesn't produce. That is not a useful replacement for natural gas at all.
Germany produced 48% of its electricity via renewables this year so far. The surpluss energy will soon be used to electrolyze hydrogen that will be fed into our vast gas infrastructure.
What surplus? 48% is less than half, isn't it?
So, another way of looking at it is - Germany is still producing most of its electricity from non-renewable sources. Adding nuclear, it's still ~40% from coal and gas [0]. So again, what surplus?
In contrast, France is producing ~70% of its electricity just from nuclear, with another ~19% from renewables.
Note that either way, the major energy expenditure that ties all of these countries to Russian gas is not electricity, it is heating.
[0] https://ourworldindata.org/energy/country/romania?country=DE...
There often is a renewable energy surplus at night (wind /hydro) and more recently even around noon, thanks to solar. And renewables are constantly expanding.
The whole problem with renewables is the temporal variation and lack of large scale storage.
Producing hydrogen (and potentially converting that into more traditional gasses) is a perfectly viable solution, but of course such infrastructure can only be stood up over years and decades. It's not relevant for this winter.
TIL that apparently Compressed Air Energy Storage (CAES) has the lowest cost of any method of energy storage? "Techno-economic analysis of bulk-scale compressed air energy storage in power system decarbonisation" (2021) https://www.sciencedirect.com/science/article/pii/S030626192... https://www.pv-magazine.com/2022/07/21/compressed-air-storag... :
> They found the former has a considerably lower Capex and a payback time of only two years. [compared with Lead Acid batteries]
I wouldn't thought that a Gravity Battery would've been more efficient than compressed air: https://en.wikipedia.org/wiki/Gravity_battery
Also TIL about geothermal heat pump energy storage: https://techxplore.com/news/2022-09-geothermal-ideal-energy-... :
The Risks of WebAssembly
Don't there need to be per- CPU/RAM/GPU quotas per WASM scope/tab? Or is preventing DOS with WASM out of scope for browsers?
IIRC, it's possible to check resource utilization in e.g. a browser Task Manager, but there's no way to do `nice` or `docker --cpu-quota` or `systemd-nspawn --cpu-affinity` to prevent one or more WASM tabs from DOS'ing a workstation with non-costed operations. FWIU, e.g. eWASM has opcode costs in particles/gas: https://github.com/ewasm/design/blob/master/determining_wasm...
Pypi.org is running a survey on the state of Python packaging
I didn't take the survey because I've never packaged anything for PyPI, but I wish all of the package managers would have an option for domain validated namespaces.
If I own example.com, I should be able to have 'pypi.org/example.com/package'. The domain can be tied back to my (domain verified) GitHub profile and it opens up the possibility of using something like 'example.com/.well-known/pypi/' for self-managed signing keys, etc..
I could be using the same namespace for every package manager in existence if domain validated namespaces were common.
Then, in my perfect world, something like Sigstore could support code signing with domain validated identities. Domain validated signatures make a lot of sense. Domains are relatively inexpensive, inexhaustible, and globally unique.
For code signing, I recognize a lot of project names and developer handles while knowing zero real names for the companies / developers involved. If those were sitting under a recognizable organizational domain name (example.com/ryan29) I can do a significantly better job of judging something's trustworthiness than if it's attributed to 'Ryan Smith Inc.', right?
That's a really interesting idea, but I worry about what happens when a domain name expires and is re-registered (potentially even maliciously) by someone else.
CT: Certificate Transparency logs log creation and revocation events.
The Google/trillian database which supports Google's CT logs uses Merkle trees but stores the records in a centralized data store - meaning there's at least one SPOF Single Point of Failure - which one party has root on and sole backup privileges for.
Keybase, for example, stores their root keys - at least - in a distributed, redundantly-backed-up blockchain that nobody has root on; and key creation and revocation events are publicly logged similarly to now-called "CT logs".
You can link your Keybase identity with your other online identities by proving control by posting a cryptographic proof; thus adding an edge to a WoT Web of Trust.
While you can add DNS record types like CERT, OPENPGPKEY, SSHFP, CAA, RRSIG, NSEC3; DNSSEC and DoH/DoT/DoQ cannot be considered to be universally deployed across all TLDs. Should/do e.g. ACME DNS challenges fail when a TLD doesn't support DNSSEC, or hasn't secured root nameservers to a sufficient baseline, or? DNS is not a trustless system.
EDNS (Ethereum DNS) is a trustless system. Reading EDNS records does not cost EDNS clients any gas/particles/opcodes/ops/money.
Blockcerts is designed to issue any sort of credential, and allow for signing of any RDF graph like JSON-LD.
List_of_DNS_record_types: https://en.wikipedia.org/wiki/List_of_DNS_record_types
Blockcerts: https://www.blockcerts.org/ https://github.com/blockchain-certificates :
> Blockcerts is an open standard for creating, issuing, viewing, and verifying blockchain-based certificates
W3C VC-DATA-MODEL: https://w3c.github.io/vc-data-model/ :
> Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable
W3C VC-DATA-INTEGRITY: "Verifiable Credential Data Integrity 1.0" https://w3c.github.io/vc-data-integrity/#introduction :
> This specification describes mechanisms for ensuring the authenticity and integrity of Verifiable Credentials and similar types of constrained digital documents using cryptography, especially through the use of digital signatures and related mathematical proofs. Cryptographic proofs enable functionality that is useful to implementors of distributed systems. For example, proofs can be used to: Make statements that can be shared without loss of trust,
W3C TR DID (Decentralized Identifiers) https://www.w3.org/TR/did-core/ :
> Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) as determined by the controller of the DID. In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party. DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions associated with that subject.
> Each DID document can express cryptographic material, verification methods, or services, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Services enable trusted interactions associated with the DID subject. A DID might provide the means to return the DID subject itself, if the DID subject is an information resource such as a data model.
For another example of how Ethereum might be useful for certificate transparency, there's a fascinating paper from 2016 called "EthIKS: Using Ethereum to audit a CONIKS key transparency log" which is probably way ahead of its time.
Abstract: https://link.springer.com/chapter/10.1007/978-3-662-53357-4_...
Certificate Transparency: https://en.wikipedia.org/wiki/Certificate_Transparency
/? "Certificate Transparency" Blockchain https://scholar.google.com/scholar?q=%22Certificate+Transpar... https://scholar.google.com/scholar_alerts?view_op=list_alert...
- Some of these depend upon a private QKD [fiber,] line
- NIST PQ algos are only just now announced: https://news.ycombinator.com/item?id=32281357 : Kyber, NTRU, {FIPS-140-3}?
/? Ctrl-F "Certificate Transparency" https://westurner.github.io/hnlog/ :
"Google's Certificate Transparency Search page to be discontinued May 15th, 2022" https://news.ycombinator.com/item?id=30781698
- LetsEncrypt Oak is also powered by Google/trillian, which is a trustful centralized database
- e.g. Graph token (GRT) supports Indexing (search) and Curation of datasets
> And what about indexing and search queries at volume, again without replication?
My understanding is that the s Sigstore folks are now more open to the idea of a trustless DLT? "W3C Verifiable Credentials" is a future-proof standardized way to sign RDF (JSON-LD,) documents with DIDs.
Verifiable Credentials: https://en.wikipedia.org/wiki/Verifiable_credentials
# Reproducibile Science Publishing workflow procedures with Linked Data:
- Sign the git commits (GPG,)
- Sign the git tags (GPG+Sigstore, ORCID & DOI (-> W3C DIDs), FigShare, Zenodo,)
- Sign the package(s) and/or ScholarlyArticle & their metadata & manifest ( Sigstore, pkg_tool_xyz,CodeMeta RDF/JSON-LD, ),
- Sign the SBOM (CycloneDx, Sigstore,)
- Search for CVEs/vulns & Issues for everything in the SBOM (Dependabot, OSV,)
- Search for trusted package hashes for everything in the SBOM
- Sign the archive/VM/container image (Docker Notary TUF, Sigstore,)
- Archive & Upload & Restore & Verify (and then Upgrade Versions in the) from the dependency specifications, SBOM, and/or archive/VM/container image (VM/container tools, repo2docker (REES),)
- Upgrade Versions and run unit, functional, and integration tests ({pip-tools, pipenv, poetry, mamba}, pytest, CI, Dependabot,))
All poverty is energy poverty
"The Limits to Growth" https://en.wikipedia.org/wiki/The_Limits_to_Growth
Carrying capacity https://en.wikipedia.org/wiki/Carrying_capacity
> The carrying capacity of an environment is the maximum population size of a biological species that can be sustained by that specific environment, given the food, habitat, water, and other resources available. The carrying capacity is defined as the environment's maximal load, which in population ecology corresponds to the population equilibrium, when the number of deaths in a population equals the number of births (as well as immigration and emigration). The effect of carrying capacity on population dynamics is modelled with a logistic function. Carrying capacity is applied to the maximum population an environment can support in ecology, agriculture and fisheries. The term carrying capacity has been applied to a few different processes in the past before finally being applied to population limits in the 1950s.[1] The notion of carrying capacity for humans is covered by the notion of sustainable population.
Sustainable population https://en.wikipedia.org/wiki/Sustainable_population :
> Talk of economic and population growth leading to the limits of Earth's carrying capacity for humans are popular in environmentalism.[16] The potential limiting factor for the human population might include water availability, energy availability, renewable resources, non-renewable resources, heat removal, photosynthetic capacity, and land availability for food production.[17] The applicability of carrying capacity as a measurement of the Earth's limits in terms of the human population has not been very useful, as the Verhulst equation does not allow an unequivocal calculation and prediction of the upper limits of population growth.[16]
> [...] The application of the concept of carrying capacity for the human population, which exists in a non-equilibrium, is criticized for not successfully being able to model the processes between humans and the environment.[16][20] In popular discourse the concept has largely left the domain of academic consideration, and is simply used vaguely in the sense of a "balance between nature and human populations".[20]
Practically, if you can find something sustainable to do with brine (NaCL; Sodium Chloride and), and we manage to achieve cheap clean energy, and we can automate humanoid labor, desalinating water and pumping it inland is feasible; so, global water prices shouldn't then be the limit to our carrying capacity. #Goal6 #CleanWater
Water trading > Alternatives to water trading markets (*) https://en.wikipedia.org/wiki/Water_trading
LCOE: Levelized Cost of Electricity https://en.wikipedia.org/wiki/Levelized_cost_of_electricity
LCOW: Levelized Cost of Water: https://en.wikipedia.org/wiki/Levelized_cost_of_water
TIL about modern methods for drilling water wells on youtube: with a hand drill, with a drive cap and a sledgehammer and a pitcher-pump after a T with valves for an optional (loud) electric pump, or a solar electric water pump
Drinking water > Water Quality: https://en.wikipedia.org/wiki/Drinking_water#Water_quality :
> Nearly 4.2 billion people worldwide had access to tap water, while another 2.4 billion had access to wells or public taps.[3] The World Health Organization considers access to safe drinking-water a basic human right.
> About 1 to 2 billion people lack safe drinking water.[4] Water can carry vectors of disease. More people die from unsafe water than from war, then-U.N. secretary-general Ban Ki-moon said in 2010.[5] Third world countries are most affected by lack of water, flooding, and water quality. Up to 80 percent of illnesses in developing countries are the direct result of inadequate water and sanitation. [6]
A helpful risk hierarchy chart: "The risk hierarchy for water sources used in private drinking water supplies": From Lowest Risk to Highest Risk: Mains water, Rainwater, Deep groundwater, Shallow groundwater, Surface water
TIL it's possible to filter Rainwater with an unglazed terracotta pot and no electricity, too
Also, TIL about solid-state heat engines ("thermionic converters") with no moving parts, that only need a thermal gradient in order to generate electricity. The difference between #VantaBlack and #VantaWhite in the sun results in a thermal gradient, for example
Is a second loop and a heat exchange even necessary if solid-state heat engines are more efficient than gas turbines?
Any exothermic reaction?! FWIU, we only need 100°C to quickly purify water.
100°C will sterilise water but it won't purify it if there are inorganic pollutants in it.
One Serverless Principle to Rule Them All: Idempotency [video]
What does idempotency have to do with serverless?
That seems more like a general systems principle.
x ° x = x
> Idempotence is the property of certain operations in mathematics and computer science whereby they can be applied multiple times without changing the result beyond the initial application. The concept of idempotence arises in a number of places in abstract algebra (in particular, in the theory of projectors and closure operators) and functional programming (in which it is connected to the property of referential transparency).
"A comparison of idempotence and immutability" [immutable infrastructure] https://devops.stackexchange.com/questions/2484/a-comparison...
Ansible Glossary > Idempotency https://docs.ansible.com/ansible/latest/reference_appendices... :
> Idempotency: An operation is idempotent if the result of performing it once is exactly the same as the result of performing it repeatedly without any intervening actions
Ask HN: IT Security Checklist for Startups?
Hi HN,
Does anyone have a list of IT security stuff that you should setup for your early stage startup?
Like for example DNSSEC, VPN, forcing employees to use 2-factor etc.
--- CIS Top 18: --- CIS have a top 18 critical security control checklist, which is pretty incredible.
https://www.cisecurity.org/controls/cis-controls-list
CIS Top 18 Version 8 works sequentially too, so you implement control 1 and it sets you up in a good place to then implement control 2, and so on.
--- Cyber Essentials: --- The UK's Cyber Essentials scheme is a certification standard (but you can ignore that and just use it as a checklist if you'd like).
It's designed for small to medium size organizations, and focused on getting the foundations right.
This would be a useful place to start but it won't cover some of the specific threats and risks associated with software/app development. See @snowstormsun's comment about OWASP Top 10 for that.
https://www.ncsc.gov.uk/cyberessentials/overview
--- There's loads of other standards like this out there, that are free to use and are each focused on different security challenges etc.
I've shared these two standards as they both setup a solid foundation.
https://dev-sec.io/baselines/ has executable implementations of CIS and other guides
From https://news.ycombinator.com/item?id=30906310 :
> "The SaaS CTO Security Checklist [Redux]" https://github.com/vikrum/SecurityChecklists
> "The Personal Infosec & Security Checklist" https://www.goldfiglabs.com/guide/personal-infosec-security-...
> "The DevOps Security Checklist Redux" https://www.goldfiglabs.com/guide/devops-security-checklist/
Fed expects to launch long-awaited Faster Payments System by 2023
I'm starting to feel more hopeful about the US's digital infrastructure.
If this goes well instant payments will be available with no ACH 2 day withdrawal delay.
The IRS is exploring a system for people to file taxes online.
The State Department is building a system to renew your passport totally online.
I think the last two items are a result of the Inflation Reduction Act. I hope this momentum continues and we can continue making as many government services available digitally. While some will complain how bad these systems will be - I'd rather at least have them than not and allow them to improve.
The sooner the better.
Extremely sad we need to give the IRS $80 billion to accomplish something they should have provided decades ago.
You’re way off. The money earmarked for that project is $15 million, and it’s for a study on how the IRS would implement such a system.
$15 Million to “study”… “how they would implement it”
How should I say it, “come on man”?
Hey, I don't disagree government spending numbers can be crazy, but building a system for 330,000,000 people across 50 states that works flawlessly (and is responsible for trillions of dollars) isn't easy. I'm personally okay with $15M... that's like salaries for 25 people for two years.
To put that number into perspective, TurboTax spent about that much money on lobbying alone from 2018-2012.
> building a system for 330,000,000 people across 50 states that works flawlessly (and is responsible for trillions of dollars) isn't easy
Which is why they should pay real experts to do it. For less.
If I were an expert and the government came to me and my team with this project, I'd definitely charge at least $15M.
What do you think has been spent on developing Blockchain/DLT from 2007 to present? Is it more than $15m? Mostly amateur open source or corporate open source contributions?
- Bitcoin has an MIT License, for example
- XRPL and Stellar can do the payments volume; the TPS report; whereas otherwise you're building another Layer 2 system without Interledger.
- Flare does EVM (Ethereum Virtual Machine) Smart Contracts with XRPL; $<0.01/tx, network tx fees are just burned, 5 second transaction/ledger close time.
Notes re: Interledger addresses, SPSP, WebMonetization: https://westurner.github.io/hnlog/#comment-32515531 ,
> From "NIST Special Publication 800-181 Revision 1: Workforce Framework for Cybersecurity (NICE Framework)" (2020) https://doi.org/10.6028/NIST.SP.800-181r1 :
>> 3.1 Using Existing Task, Knowledge, and Skill (TKS) Statements
> (Edit) FedNOW should - like mCBDC - really consider implementing Interledger Protocol (ILP) for RTGS "Real-Time Gross Settlement" https://interledger.org/developer-tools/get-started/overview...
> From https://interledger.org/rfcs/0032-peering-clearing-settlemen... :
> Peering, Clearing and Settling; The Interledger network is a graph of nodes (connectors) that have peered with one another by establishing a means of exchanging ILP packets and a means of paying one another for the successful forwarding and delivery of the packets.
> […] Accounts and Balances: The edge between any two nodes (peers) is a communication link (for exchanging ILP packets and other data), and an account held between the peers (the Interledger account). The Interledger account has a balance denominated in a mutually agreed upon asset (e.g. USD) at an agreed upon scale (e.g. 2). The balance on the account is the net total of the amounts on any packets “successfully” routed between the peers.
> The balance on the Interledger account can only change as a result of two events:
> 1. The “successful” routing of an ILP packet between the two peers
> 2. A payment made between the peers on the underlying payment network they have agreed to use to settle the Interledger account
And then you realize you're sharing payment address information over a different but comparably-unsecured channel in a non-stanfardized way; From https://github.com/interledger/rfcs/blob/master/0009-simple-... :
> Relation to Other Protocols: SPSP is used for exchanging connection information before an ILP payment or data transfer is initiated
To do a complete business process, there's – e.g. TradeLens, GSBN, and – signaling around transactions, which then necessarily depends upon another - hopefully also cryptographically-secured and HA Highly Available - information system with API version(s) and database schema(s) unless there's something like Interledger SPSP Simple Payment Setup Protocol and Payment Pointers, which also solve for micropayments to accountably support creators; https://WebMonetization.org/ .
> What do you think has been spent on developing Blockchain/DLT from 2007 to present? Is it more than $15m? Mostly amateur open source or corporate open source contributions?
Are you kidding me? Hundreds of billions. a16z's last fund alone as $4.6B.
That money goes directly to developers.
What percentage (%) of the market cap, daily volume, or price gets contributed to, OTOH: (a) open source software development like code, tests, and docs; PRs: Pull Requests; (b) free information security review such as static and dynamic analysis; (c) marketing; (d) an open source software foundation; (e) offsetting long-term environmental costs through sustainable investment?
Are there other metrics for Software Quality & Infosec Assurances?
Honestly none of that is relevant.
The entirety of the investment made by VCs is given directly to developers. That's got nothing to do with daily volume, market cap, etc - that's cash in hand. Human dollars. What developers choose to spend that money on is up to them but they sure do seem to have found a way. Arbitrarily constraining the analysis to the 'free' part is disingenuous.
As for offsets, the entire model is bogus and I encourage you to look into it. It's generally just a way to prop up bad business models. You can't buy crime offsets from someone who promises not to do a crime they would have otherwise so that you can do it - and yet that's exactly how carbon offsetting works. That's to say nothing of that blockchain carbon offsetting company that set fire to the forest they were planting twice. [1]
[1] https://boingboing.net/2022/07/23/blockchain-based-carbon-of...
In your opinion, high quality Open Source Software is the result of VC money?
Chainslysis sells Blockchain/DLT analysis and investigation software and services to investigative agencies in multiple countries: https://en.wikipedia.org/wiki/Chainalysis
How do they estimate their potential market?
"Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity" https://blog.chainalysis.com/reports/2022-crypto-crime-repor...
> In fact, with the growth of legitimate cryptocurrency usage far outpacing the growth of criminal usage, illicit activity’s share of cryptocurrency transaction volume has never been lower.
> […] Transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021 despite the raw value of illicit transaction volume reaching its highest level ever. As always, we have to caveat this figure and say that it is likely to rise as Chainalysis identifies more addresses associated with illicit activity and incorporates their transaction activity into our historical volumes. For instance, we found in our last Crypto Crime Report that 0.34% of 2020’s cryptocurrency transaction volume was associated with illicit activity — we’ve now raised that figure to 0.62%. Still, the yearly trends suggest that with the exception of 2019 — an extreme outlier year for cryptocurrency-based crime largely due to the […] scheme — crime is becoming a smaller and smaller part of the cryptocurrency ecosystem. Law enforcement’s ability to combat cryptocurrency-based crime is also evolving. We’ve seen several examples of this throughout 2021, […]
> However, we also have to balance the positives of the growth of legal cryptocurrency usage with the understanding that $14 billion worth of illicit activity represents a significant problem. Criminal abuse of cryptocurrency creates huge impediments for continued adoption, heightens the likelihood of restrictions being imposed by governments, and worst of all victimizes innocent people around the world. In this report, we’ll explain exactly how and where cryptocurrency-based crime increased, dive into the latest trends amongst different types of cybercriminals, and tell you how cryptocurrency businesses and law enforcement agencies around the world are responding. But first, let’s look at a few of the key trends in cryptocurrency-based crime […]
"Mid-year Crypto Crime Update: Illicit Activity Falls With Rest of Market, With Some Notable Exceptions" (August 2022) https://blog.chainalysis.com/reports/crypto-crime-midyear-up...
More concerned about the climate impact; about environmental sustainability: https://cryptoclimate.org/supporters/
And still, 99%+ of the market is incapable of assessing the software quality of the platforms underpinning the assets themselves, so we reach for some sort of market fundamentals technical data other than software quality and information security asurances.
> In your opinion, high quality Open Source Software is the result of VC money?
Some of it? Oh most definitely. It just depends on your business model and whether you need to keep your code proprietary. If you don't, good to go.
REPL Driven Minecraft
It would be interesting to render the images from the POV of a player in the world onto a large movie screen in game. Then other players could join in, go to the cinema and watch the live stream. Might be fun for game lobbies.
It's been done. See https://m.youtube.com/watch?v=_VBO2WRpBrQ
"Public Minecraft: Pi Edition API Python Library" https://github.com/martinohanlon/mcpi
rendering-minecraft w/ mcpi might do offline / batch rendering? https://pypi.org/project/rendering-minecraft/
Jupyter-cadquery might be worth a look: https://github.com/bernhard-42/jupyter-cadquery :
> View CadQuery objects in JupyterLab or in a standalone viewer for any IDE [w/ pythreejs]
If there's a JS port or WASM build of Minecraft, Minecraft could be rendered in a headless browser?
Nice, I wonder if the open source Minetest can be used instead of Minecraft.
Not really a REPL, but can inject code into a running minetest instance: https://github.com/Quiark/mtrepl/
A Jupyter kernel for Minecraft would be neat: https://jupyter-client.readthedocs.io/en/latest/wrapperkerne... :
> You can re-use IPython’s kernel machinery to easily make new kernels. This is useful for languages that have Python bindings, such as Hy (see Calysto Hy), or languages where the REPL can be controlled in a tty using pexpect, such as bash.
Looks like there's a pytest-minecraft, too: https://pypi.org/project/pytest-minecraft/
/? Minecraft site:pypi.org https://pypi.org/search/?q=minecraft
SensorCraft is just the voxel designer part of Minecraft (like original Minecraft) with Pyglet for OpenGL: https://github.com/AFRL-RY/SensorCraft
Awhile back I looked into creating a Jupyter kernel for LDraw / LeoCAD / Bricklayer (SML) to build LEGO creations with code in the input cell of a notebook and render to the output cell, and put together some notes on Jupyter kernels that might be of use for creating a Minecraft / mcpi / SensorCraft Jupyter kernel: https://github.com/westurner/wiki/blob/master/bricklayer.md#...
- [ ] DOC: Jupyter-cadquery & pythreejs inspiration
- [ ] ENH: Minecraft Jupyter kernel (pytest-minecraft?,)
- [ ] ENH: mcpi Jupyter kernel
- [ ] ENH: SensorCraft Jupyter kernel
- [ ] ENH,BLD,DOC: SensorCraft: conda-forge environment.yml (target Mambaforge for ARM64 support, too)
- [ ] ENH,BLD,DOC: SensorCraft: build plaform-specific binary installer(s) with {CPython, all packages from environment.yml, Pyglet & OpenGL, } with e.g. Conda Constructor
- [ ] ENH,BLD,DOC: SensorCraft: reformat tutorials as Jupyter notebooks; for repo2docker, jupyter-book (template w/ repo2docker requirements.txt and/or conda/mamba environment.yml), & jupyter-lite, & VScode (because VSCode works on Win/Mac/Lin/Web and has Jupyter notebook support)
- [ ] ENH,BLD,DOC: SensorCraft: build a jupyter-lite build to run SensorCraft & Python & JupyterLab in WASM in a browser tab with no installation/deployment time cost
- [ ] ENH: SensorCraft: replace Pyglet (OpenGL) with an alternate WebGL/WebGPU implementation
Fast.ai's Practical Deep Learning for Coders Has Been Updated
"Practical Deep Learning for Coders" 2022: https://github.com/fastai/course22
"Deep Learning for Coders with Fastai and Pytorch: AI Applications Without a PhD" (2020) https://github.com/fastai/fastbook
There's also a new nbdev; nbdev v2: https://github.com/fastai/nbdev and nbdev-template to start new projects with: https://github.com/fastai/nbdev-template
Reducing methane is the fastest strategy available to reduce warming
Can we 3d print e.g. geodesic domes to capture the waste methane (natural gas) from abandoned well sites?
"NASA Instrument Tracks Power Plant Methane Emissions" (2020) https://www.jpl.nasa.gov/images/pia24019-nasa-instrument-tra... :: https://methane.jpl.nasa.gov/ (California,)
> NASA conducts periodic methane studies using the next-generation Airborne Visible/Infrared Imaging Spectrometer (AVIRIS-NG) instrument. These studies are determining the locations and magnitudes of the largest methane emission sources across California, including those associated with landfills, refineries, dairies, wastewater treatment plants, oil and gas fields, power plants, and natural gas infrastructure.
"NASA 3D Printed Habitat Challenge" (2019) @CentennialChallenge: 3d print [habitats] with little to no water and local ~soil. https://www.google.com/search?q=NASA+3D+Printed+Habitat+Chal...
What about IDK ~geodesic domes for capturing waste methane from abndanoned wells?
VS Code – What's the deal with the telemetry?
A warning for people who, like me, long ago disabled telemetry in Visual Studio Code: Microsoft introduced a new setting that deprecates the two older settings... and the new setting defaults to "all"[1]. I just noticed this now after double-checking my settings. Sneaky, sneaky, Microsoft (but still totally expected).
[1] https://imgur.com/a/RbrsuyA
You will want these three settings in your default settings JSON (the first two just to be safe):
{
"telemetry.enableTelemetry": false,
"telemetry.enableCrashReporter": false,
"telemetry.telemetryLevel": "off"
}Or just use VSCodium, the actually open source build, with no added closed source blobs and of course no telemetry.
It uses https://open-vsx.org, an open source host for VSX plugins.
Here's open-vsx's page for the Microsoft/vscode-jupyter extension: https://open-vsx.org/extension/ms-toolsai/jupyter
I think it's great that open license terms enable these sorts of forks and experiments so that the community can work together by sending pull requests.
Is there a good way to install code-server (hosted VSCode/vscodium in a browser tab) plugins from openvsx?
(E.g. the ml-workspace and ml-hub containers include code-server and SSH, which should be remotely-usable from vscodium?)
Learn to sew your own outdoor gear
I guess this is a good place to share my open source large format laser cutter design for sewing projects. It’s cheap to make, works pretty well, and the whole gantry assembly slides right off leaving just a sheet of plywood with low profile 3D printed rails on the sides. So I throw my rug over it and it becomes my floor when not in use. Important because the laser cutter can cut a full 60” wide piece of fabric two yards long. It’s basically 5 foot by 6 foot, and I don’t have space in my apartment for a dedicated machine that takes up all that space. But since this doubles as my floor it works great! Also includes a raspberry pi camera on the laser head which serves as a pattern scanner. I really want to finish my video on this thing, I’ve just been busy. But please take a look and considering building it! If you have any questions open a GitHub issue and I will do everything I can to help. I think it’s a great starting point (designed in three weeks) and I’d LOVE for other people to reproduce it and extend the design! The machine has a few hiccups but I use it all the time for my sewing projects and it is SO nice to get all the cutting done repeatably and automatically. You can even scan existing clothes often without disassembly and turn those in to digital patterns!
Could it tape seams for waterproofing?
This Solar LED umbrella could be a different fabric than cotton.
Just picked up a few tarps with a bunch of loops all around the sides and through the center for guidelines.
TIL hemp is antimicrobial and it can be mixed with {rayon,}.
Hmm I don’t know! That would be a great thing to experiment with!
FedNow FAQ
In India, we have UPI, a tokenized peer to peer payments network powered by the National Payments Corporation of India (NPCI).
Banks participate on the NPCI payment network.
I can assign a Virtual Payment Address (VPA) such as payxyz@mybank and give that VPA to anyone that needs to transfer funds to me. At the moment, there are no transaction fees with a transaction limit of INR 200,000 (approx. $2500). This makes it unnecessary to share any sensitive bank routing numbers / account numbers etc., One can create different VPAs for different purposes/payers.
UPI has had impressive growth in transaction volume (both # and monetary value) since its inception in 2016. https://www.npci.org.in/what-we-do/upi/product-statistics
The transfers are instantaneous (i.e., completed within seconds) and accounts debited/credited. The system works transparently across banks due to the network being managed by NPCI.
W3C ILP Interledger Protocol [1] specifies addresses [2]:
> Neighborhoods are leading segments with no specific meaning, whose purpose is to help route to the right area. At this time, there is no official list of neighborhoods, but the following list of examples should illustrate what might constitute a neighborhood:
> `crypto.` for ledgers related to decentralized crypto-currencies such as Bitcoin, Ethereum, or XRP.
> `sepa.` for ledgers in the Single Euro Payments Area.*
> `dev.` for Interledger Protocol development and early adopters
From "ILP Addresses - v2.0.0" [2]:
> Example Global Allocation Scheme Addresses
> `g.acme.bob` - a destination address to the account "bob" held with the connector "acme".
> `g.us-fed.ach.0.acmebank.swx0a0.acmecorp.sales.199.~ipr.cdfa5e16-e759-4ba3-88f6-8b9dc83c1868.2` - destination address for a particular invoice, which can break down as follows:
> - Neighborhoods: us-fed., ach., 0.
> - Account identifiers: acmebank., swx0a0., acmecorp., sales, 199 (An ACME Corp sales account at ACME Bank)
> - Interactions: ~ipr, cdfa5e16-e759-4ba3-88f6-8b9dc83c1868, 2
And from [3] "Payment Pointers and Payment Setup Protocols":
> The following payment pointers resolve to the specified endpoint URLS:
$example.com -> https://example.com/.well-known/pay
$example.com/invoices/12345 -> https://example.com/invoices/12345
$bob.example.com -> https://bob.example.com/.well-known/pay
$example.com/bob -> https://example.com/bob
<meta
name="monetization"
content="$<a href="<a href="<a href="<a href="<a href="<a href="<a href="<a href="<a href="<a href="<a href="<a href="http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">http://wallet.example.com/alice" rel="nofollow noopener" target="_blank">wallet.example.com/alice">
[2] https://github.com/interledger/rfcs/blob/master/0015-ilp-add...
[3] "Payment Pointers and Payment Setup Protocols" https://interledger.org/rfcs/0026-payment-pointers/
This is one of the best things about living in Southeast Asia.
Instant bank transfers.
Because of this you csn just scan the QR code of your taxi, the fruit seller on the street, transfer to your friends.
Everyone gets it instantly.
Now this is not third party services. It’s bank account to bank account. As a result things like PayPal or Cash app make no sense in this part of the world and have no uptake here.
In fact it’s a downgrade to use those kinds of services.
Remembering the bank issues in North America is quite painful. Hope it really happens next year.
FedNow is for US, interbank transactions only.
Do your country's favorite banks implement ILP Interledger Protocol; to solve for more than just banks' domestic transactions between themselves? https://github.com/interledger/rfcs/blob/master/0001-interle...
Ask HN: Why are bookmarks second class citizens in browsers?
so much of my time is spent in chrome tabs / windows / and searches. someone's average chrome tab count is a badge of honor / horror. Chrome now hides the bookmark bar by default. you can create tab groups for a session, or pin them so that they consume all your bandwidth and memory next time you open your session.
But that's not what i want.
i want rich bookmark behavior.
i want to be able to quickly load common favorite news sites & blogs.
or load a window with all my productivity SaaS sites.
or pick up where i left off on a research rabbit hole.
and i want it to be intuitive, efficient, and a prominent UX feature set.
i'm not alone right?
I thought it was a commonly held thought that Google didn't want Chrome users using bookmarks because it directly competed with their search (and advertising).
I think that's venturing into tinfoil hat territory. More likely telemetry told them that some percentage > 50 always toggle the bookmark bar off and they decided to make it the default. It's still there on new tabs after all. Companies like Google are long term greedy, they don't make unpopular UX decisions for scraps.
Companies like Google are long term greedy, they don't make unpopular UX decisions for scraps.
Like not letting you add tags? not tagging definitely makes you use google search more.
"Do you like the browser bookmark manager?" https://news.ycombinator.com/item?id=24511454 :
> Things I'd add to browser bookmark managers someday:
> - Support for (persisting) bookmarks tags. From the post re: the re-launch of del.icio.us: https://news.ycombinator.com/item?id=23985623
>> "Allow reading and writing bookmark tags" https://bugzilla.mozilla.org/show_bug.cgi?id=1225916
>> Notes re: how [browser bookmarks with URI|str* tags] could be standardized with JSON-LD: https://bugzilla.mozilla.org/show_bug.cgi?id=1225916#c116 *
***
WICG/scroll-to-text-fragment "Integration with W3C Web Annotations" https://github.com/WICG/scroll-to-text-fragment/issues/4
***
W3C Web Share API & W3C Web Target API https://news.ycombinator.com/item?id=30449716
Millet, a Language Server for SML
Cool project!
I always thought SML was a great language for teaching computer science and functional programming.
A lot more fun than learning Java. With ML, you got glimpses of aesthetic beauty in code.
The bricklayer IDE and bricklayer-lite are SML IDEs FWIU [1]. Could Millet and/or three Millet VSCode extension and/or the SML/NJ Jupyter kernel [2] be useful for creating executable books [3][4] for learning?
[1] https://bricklayer.org/level-1/ :
> Bricklayer libraries provide support for creating 2D and 3D block-based artifacts. Problem-solving and math are used to exercise creative and artistic skills in a fun and innovative environment. Bricklayer integrates with third-party software including: LEGO Digital Designer, LDraw, Minecraft, and 3D Builder (LeoCAD; `dnf install -y leocad`)
[2] https://github.com/matsubara0507/simple-ismlnj
[3] https://github.com/executablebooks
[4] https://executablebooks.org/en/latest/ (Jupyter-Book: Sphinx (Docutils (.rst ReStructuredText), .md)), MyST-Parser (.md MyST Markdown), Jupyter Kernels (.ipynb Jupyter Notebooks),)
The Cha Cha Slide Is Turing Complete
Turing completeness: https://en.wikipedia.org/wiki/Turing_completeness
Church-Turing thesis: https://en.wikipedia.org/wiki/Church%E2%80%93Turing_thesis
Is Church-Turing expected to apply to concurrent, quantum computers? To actual quantum physical stimulation, or qubits, or qudits? Presumably there's already a quantum analog
What is quantum field theory and why is it incomplete?
Still the basis of the most precise prediction by a Physics theory:
https://physicstoday.scitation.org/doi/10.1063/PT.3.2223
I'm always amazed by quantum field theories, with a particular taste for the two dimensional ones (as string theorist :))
Also the basis of the least precise prediction made by a physics theory: https://en.wikipedia.org/wiki/Cosmological_constant_problem
> Depending on the Planck energy cutoff and other factors, the discrepancy is as high as 120 orders of magnitude
yes and no. physical theories always have a domain of validity where their prediction make sense and QFT and QM do not give an absolute value of energy (density). sure you can do QFT on curved spacetime (Hawking had some success w/ it) but comparing the QFT vacuum energy with the cosmological constant is sloppy at best.
but yeah, sure, it doesn't work for that :)
The Dymaxion car: Buckminster Fuller’s failed automobile
Car Talk drove a replica.[1] "You’ve pushed shopping carts with broken casters that handle better. ... No one in his or her right mind would ever venture above 45 miles per hour because of the lousy handling."
[1] https://www.cartalk.com/blogs/jamie-lincoln-kitman/test-driv...
Good old Car Talk.
What about with biopolymer superstructure at least, batteries in the surfboard floor, an elegant teardrop airfoil, regenerative braking with natural branching carbon anodes, and an awning?
Those are all solutions to problems the Dymaxion car didn't have?
The main complaints of the Car Talk article are the awful handling resulting from rear wheel steering (giving a bad caster angle resulting in no self-centering-- all modern tricycle motor vehicles put the steer tires at the front, even if it complicates the linkages) and the aerodynamic shape that resulted in a large car with surprisingly little usable interior room. (a classic Buckminster problem, as this is still the big downside of geodesic domes)
All the big compromises of the Dymaxion car came from the shape, which let it hit a drag coefficient of 0.25. But modern car engineering has simply passed it by: a Prius is 0.24 and a Model S is 0.208. There's no reason to accept the downsides of a Dymaxion car today, which is why nobody ever copied the design.
Top Secret Rosies: The Female “Computers” of WWII
Similar ones:
"Code girls : the untold story of the American women code breakers of World War II" (2017) https://g.co/kgs/CBSxQv https://en.wikipedia.org/wiki/Code_Girls
"Hidden Figures" (2016) https://en.wikipedia.org/wiki/Hidden_Figures https://g.co/kgs/m2fFvN
Women in science : https://en.wikipedia.org/wiki/Women_in_science
Also, the British Women Royal Naval Service serving in Western Approaches Tactical Unit during WWII, who developed a great number of extremely effective tactics for fighting U-boats, as well as effectively reverse engineering bits and pieces of German technology that had never been physically seen by analyzing the tactics of their employment.
https://en.wikipedia.org/wiki/Western_Approaches_Tactical_Un...
The associated documentary is "free" to stream on Kanopy. We enjoyed it.
"Top Secret Rosies: The Female “Computers” of WWII" (2010) https://www.kanopy.com/en/product/122786 https://g.co/kgs/49A9bD
There are at least hundreds of mostly all masculine dude war movies. As said films are about just regular dudes in war, and historical, is there any appropriate gender outrage?
A person can simply superimpose a whole separate identity and preference agenda to the storyline, which - if non-historical - may be all characters from one writer, whose paintings at least aren't at all obligated to be representative samples.
I recall that most war movies I seen tend to have women in the resistance movements, especially the french one. The only place where there are only men is those that were drafted since the military draft only forced men to go to war.
For shots focusing on the factories, again women tend to be featured. With most young men was drafted into the military front, and much of the civil industry being diverted to produce war material, women was critical to fill in the need for workers. Top Secret Rosies seem to be illustrating that fact.
One major demographic that old war movies tend to not show is children. When half the work group is drafted, and the other half is diverted to do both the civil and the war production (and everything else in private life), children were not just playing in the fairground or studying in school. It is however not very nice to illustrate child labor, so old and new war films tend to avoid that.
Rehabilitation and reintegration of child soldiers > See also: https://en.wikipedia.org/wiki/Rehabilitation_and_reintegrati...
> Children in the military, History of children in the military, Impact of war on children, Paris Principles (Free Children from War Conference), Children in emergencies and conflicts, Children's rights, Stress in early childhood
Disaster Relief procedures for us all: https://www.ready.gov/plan :
> How will I receive emergency alerts and warnings?
> What is my shelter plan?
> What is my evacuation route?
> What is my family/household communication plan?
> Do I need to update my emergency preparedness kit?
The World Excel Championship is being broadcast on ESPN
TIL about Excel e-Sports. From https://www.fmworldcup.com/excel-esports/ :
> No finance, just Excel and logical thinking skills. Use IFS, XLOOKUP, SUM, VBA, Power Query: anything is allowed, and the strategy is up to you.
It says VBA, so presumably named variables are allowed in the Excel spreadsheet competition.
What about Python and e.g. Pandas or https://www.pola.rs/ ?
> Some events are invitational, some are open for everyone to participate in.
> All battles are live-streamed and can be spectated on our Youtube channel.
> What about Python and e.g. Pandas or https://www.pola.rs/ ?
I think it is safe to assume that only Microsoft Excel is allowed. The features they listed are all built in features.
Kaggle speed runs as a sport would be interesting.
They really would. I feel like kaggle is mostly teams slowly grinding for very small incremental improvements over each other. Adding a time component would really sort the wheat from the chaff.
It would certainly change the dynamic. Not sure about wheat from the chaff - faster != better.
If you can write it in 20 minutes, I'd be impressed. Excel has everything integrated with macros already so it is easier to use VBA.
There are many ways to do ~no-code GUI analysis with [Jupyter] notebooks (e.g. with the VSCode jupyter notebook support) pretty quickly; with some pointing and clicking of the mouse if you please.
Computational Notebook speedrun competition ideas:
- Arithmetic w/ `assert`: addition/subtraction, multiplication/division, exponents/logarithms; and then again with {NumPy, SymPy, Lean Mathlib}
- Growth curve fitting; data modeling with linear and better models
- "Principia" work-along notebooks
- "Princeton Companion to [Applied] Mathematics" work-along notebooks
- Khan Academy work-along notebooks
> - Arithmetic w/ `assert`: addition/subtraction, multiplication/division, exponents/logarithms; and then again with {NumPy, SymPy, Lean Mathlib}
"How I'm able to take notes in mathematics lectures using LaTeX and Vim" https://news.ycombinator.com/item?id=19452752 ...
"How should logarithms be taught?" https://news.ycombinator.com/item?id=28519356
Any good recommendations for starting points to learn how to work with these? I'm not a programmer, but do have programming ability, and use excel all the time. Having a more flexible system with better inputs (tying in web scraping, data pipelines, etc) sounds like a great idea.
Kaggle learn: https://www.kaggle.com/learn
"Python Data Science Handbook" (O'Reilly) http://jakevdp.github.io/PythonDataScienceHandbook
awesome-python#web-content-extracting: https://github.com/vinta/awesome-python#web-content-extracti...
https://learnxinyminutes.com/docs/python/
"What is the best way to learn to code from absolute scratch?" https://news.ycombinator.com/item?id=16299880
I would assume you have to use stock. Excel/Office ships with a VBA IDE that you get to with alt-F11 (and I think by viewing macro source through the menus.)
Alt-F11, thanks. Is there a macro recorder built into Excel that could make learning VBA syntax and UI-API equivalencies easy?
There's a macro recorder, but the code it generates isn't meant to be efficient or readable.
VBA is easy, you can just google it. It's very bad, but once you know it well, and if you stick to a functional style, you can do what you want. For Excel, get to know Range objects well, and to wring some polymorphism out of VBA, learn interfaces.
I've seen basically Mario in VBA in Excel, so I know it's real. "Show formulas" && [VBA, JS] vs an app with test coverage.
Are unit and/or functional automated tests possible with VBA; for software quality and data quality?
GSheets has Apps Script; which is JS, so standard JS patterns work. It looks like Excel online can run but cannot edit VBA macros; and Excel online has a JS API, too.
Quantum in the Chips and Science Act of 2022
> […] Grow a diverse, domestic quantum workforce: The expansion of the Federal Cyber Scholarship-For-Service Program to include artificial intelligence and quantum computing will bolster the Nation’s cyber defense against threats from emerging technologies, while quantum’s addition to the DOE Computational Science Graduate Fellowship program will expand the current workforce. The NSF Next Generation Quantum Leaders Pilot Program authorized by this legislation, and which builds upon NSF’s role in the Q-12 Education Partnership, will help the Nation develop a strong, diverse, and future-leaning domestic base of talent steeped in fundamental principles of quantum mechanics, the science that underlines a host of technologies. […]
From #Q12 > QIS K-12 Framework: https://q12education.org/learning-materials/framework :
> When relevant to the STEM subject, employ a learning cycle approach to develop models of quantum systems and phenomena, plan and carry out investigations to test their models, analyze and interpret data, obtain, evaluate and communicate their findings
Where does energy go during destructive interference?
From Wave_interference#Quantum_interference https://en.wikipedia.org/wiki/Wave_interference#Quantum_inte... :
> Here is a list of some of the differences between classical wave interference and quantum interference:
> - In classical interference, two different waves interfere; In quantum interference, the wavefunction interferes with itself.
> Classical interference is obtained simply by adding the displacements from equilibrium (or amplitudes) of the two waves; In quantum interference, the effect occurs for the probability function associated with the wavefunction and therefore the absolute value of the wavefunction squared.
> The interference involves different types of mathematical functions: A classical wave is a real function representing the displacement from an equilibrium position; a quantum wavefunction is a complex function. A classical wave at any point can be positive or negative; the quantum probability function is non-negative.
> In classical optical interference the energy conservation principle is violated as it requires quanta to cancel. In quantum interference energy conservation is not violated, the quanta merely assume paths per the path integral. All quanta for example terminate in bright areas of the pattern.
From Conservation_of_energy https://en.wikipedia.org/wiki/Conservation_of_energy :
> Classically, conservation of energy was distinct from conservation of mass. However, special relativity showed that mass is related to energy and vice versa by E = mc2, and science now takes the view that mass-energy as a whole is conserved. Theoretically, this implies that any object with mass [e.g. photons, and other massful particles] can itself be converted to pure energy, and vice versa. However this is believed to be possible only under the most extreme of physical conditions, such as likely existed in the universe very shortly after the Big Bang or when black holes emit Hawking radiation.
From Conservation_of_energy#Quantum_theory https://en.wikipedia.org/wiki/Conservation_of_energy#Quantum... :
> In quantum mechanics, energy of a quantum system is described by a self-adjoint (or Hermitian) operator called the Hamiltonian, which acts on the Hilbert space (or a space of wave functions) of the system. If the Hamiltonian is a time-independent operator, emergence probability of the measurement result does not change in time over the evolution of the system. Thus the expectation value of energy is also time independent. The local energy conservation in quantum field theory is ensured by the quantum Noether's theorem for energy-momentum tensor operator. Due to the lack of the (universal) time operator in quantum theory, the uncertainty relations for time and energy are not fundamental in contrast to the position-momentum uncertainty principle, and merely holds in specific cases (see Uncertainty principle). Energy at each fixed time can in principle be exactly measured without any trade-off in precision forced by the time-energy uncertainty relations. Thus the conservation of energy in time is a well defined concept even in quantum mechanics.
[deleted]
Adding Auditing to Pip
Looks like I'm a little bit late to this article about mailing list discussion about adding ~CVE search to pip.
The broader trend here is to identify the names, versions, and hashes of all software installed packages in all languages and present an SBOM [1][2]. Does/would `pip audit` also lookup CVE vulns for extension modules written in other programming languages like C, Go, and Rust; or do existing tools that also already lookup vulns for Python packages
[1] https://westurner.github.io/hnlog/ ; Ctrl-F "SBOM"
[2] "Existing artifact vuln scanners, databases, and specs?" https://github.com/google/osv.dev/issues/55#issue-802542447
FWIW, from the OSV README https://github.com/google/osv.dev:
> This is an ongoing project. We encourage open source ecosystems to adopt the OpenSSF Vulnerability format to enable open source users to easily aggregate and consume vulnerabilities across all ecosystesm. See our blog post for more details.
> The following ecosystems have vulnerabilities encoded in this format:
> GitHub Advisory Database (CC-BY 4.0), PyPI Advisory Database (CC-BY 4.0), Go Vulnerability Database (CC-BY 4.0), Rust Advisory Database (CC0 1.0), Global Security Database (CC0 1.0) OSS-Fuzz (CC-BY 4.0)
> Together, these include vulnerabilities from:
> npm, Maven, Go, NuGet, PyPI, RubyGems, crates.io, Packagist, Linux, OSS-Fuzz
> Does/would `pip audit` also lookup CVE vulns for extension modules written in other programming languages like C, Go, and Rust
For the time being, the plan is to focus `pip-audit` on vulnerabilities in Python packages themselves, not native dependencies of packages that happen to contain binary extensions. The line is, however, blurry: if a Python package is written in C or Rust and has a vulnerability therein, that would be considered a Python ecosystem vulnerability for the purposes of the PYSEC DB. A vulnerability in libssl that happens to be exposed via a Python extension, however, would not be.
So something more comprehensive for the complete SBOM for all languages and extension modules is also advisable for "[Software] Component Inventory and Risk Assessment".
From the article:
> The PyPA maintains an advisory database that stores vulnerabilities affecting PyPI packages in YAML format. For example, pip-audit reported that the version of Babel on my system is vulnerable to PYSEC-2021-421, which is a local code-execution flaw. That PYSEC advisory refers to CVE-2021-42771, which is how the flaw is known to the wider world.
> As it turns out, my system is actually not vulnerable to CVE-2021-42771, as the Ubuntu security entry shows. The pip-audit tool looks at the version numbers of the installed PyPI package to decide which are vulnerable, but Linux distributions regularly backport fixes into earlier versions so the PyPI package version number does not tell the whole story—at least for those who get their PyPI packages from distributions rather than via pip.
pypa/advisory-database: https://github.com/pypa/advisory-database
Tesla’s self-driving technology fails to detect children in the road, tests find
Here is a comparison of this test with an older video:
https://twitter.com/TaylorOgan/status/1478802681141645322 (This is January 5th 2022)
Same author, same test, months later:
https://twitter.com/TaylorOgan/status/1556991029814886404 (This is August 9th 2022)
The difference? There is absolutely no improvement.
Expecting that the FSD (Fools Self Driving) beta software would get better over time as promised by Elon, this video shows that it doesn't look good at all with this latest failure which drivers on the road, and even pedestrians were no better off and are no safer with these updates.
It is not early days anymore and even with these updates, it is still an unsafe contraption which not only has been falsely and deceptively advertised by Tesla, it is not even near the claims of the robo-taxi level of FSD (Level 4 - 5) with the number of price increases over the years with a product which doesn't work looks more like a scam.
At this point, FSD is essentially Fools Self Driving.
Accident rate per million miles of driving.
Which competing EVs do you like and why?
FSD needs to be substantially better than the average human driver - not on par or worse (which this is).
Nobody is going to tolerate FSD vehicles bugging out and randomly driving into parked cars or pedestrians, killing people in the process.
You can tout millions of miles all day ever day, but it doesn't matter. When these vehicles are put into even semi-tricky situations, they fail far too often. Tesla's software doesn't even require tricky situations... it'll just randomly drive you into a wall or fire truck without warning.
Why? Human drivers do all of those things. Why should I care if I'm killed by a computer or a human? At least if I'm killed by a computer, the data will go into the training set and make future computers safer. But human drivers will learn nothing.
Despite the narrative being spun by FSD companies like Tesla and the rest - human drivers are actually really good at navigating complex, dynamic situations.
These systems however, are not.
I think most folks would rather not be killed because Elon's ego decided a decade ago that Tesla would never consider Lidar sensors, for example, despite the mounting evidence simple cameras are not sufficient.
Recall the Toyota stuck accelerator pedal issue years back? There are people who still refuse to own a Toyota.
What about the Boeing 737-MAX fiasco? An entirely software related bug caused a statistically trivial and insignificant amount of people to lose their lives - yet today there are still people who will never fly on a Boeing aircraft again, despite the issue being resolved.
People will not tolerate loss of life from these systems. They must be substantially better than the average human for the public to be interested.
> human drivers are actually really good at navigating complex situations. These systems however, are not.
This determination needs to be made with data. As far as I can tell there is no conclusive evidence that Teslas on autopilot are involved in more crashes per mile than human drivers, and some evidence that it is safer, though that comes from Tesla, so not giving that much weight. So either it's somewhere close to as safe as human drivers, or data collection in this area is just really bad. I don't know which.
The evidence provided by the likes of Tesla does not compare to real-world driving. They cannot produce that evidence yet, despite however many millions of miles on test circuits and well-known roads they want to tout - it's a false statistic designed to deliberately mislead the public into thinking the software is better than it really is.
The burden of proof is on the FSD companies, not average drivers. The likes of Tesla have to prove their software is far superior to human drivers - and so far they have failed to do so.
There are far too many FSD beta videos out recorded by real users that demonstrate obvious safety issues. The software is just not there yet, and may not be there for a long time, if ever.
Articles like this come out far too often to just be discarded as media "hit" pieces.
>Accident rate per million miles of driving.
Are all driving miles equivalent? Do you think accidents that occur with FSD enabled are the same as where they most often occur under normal human control? What proportion of miles are driven in sunny US states?
> Are all driving miles equivalent?
Which metric is proposed?
Is this an argument supported by data? What about a sound experimental design?
Perhaps we could look to medicine (instead of automotive engineering) for guidance regarding which reductions in stratified accident incidence rate are significant and warrant continued investment in sensor fusion and assistive AI?
Why do tree-based models still outperform deep learning on tabular data?
AlphaFold's database grows over 200x to cover nearly all known proteins
Much discussion a few days ago: https://news.ycombinator.com/item?id=32262856
The top comment there (from a structural biologist) is worth reading. Here's my opinion, as a computer scientist that worked in this area.
A protein sequence is analogous to a computer program, but the "machine" is a mostly-water solution, and the instructions are interpreted by summing up all the intermolecular forces at play as the sequence is squirted out of a little extruder as a string (as in the stuff your clothes are made of, not text). Bits of the string repel and attract each other and it globs up in some biologically useful structure. The folding problem is the problem of predicting that structure from the string.
Unlike the halting problem, there is no way to generate an execution trace saying a particular glob would be formed in reality. In fact, there is no way to perform a polynomial time check of the result, so we've already escaped the land of P and NP.
Also, things like temperature and proximity to other proteins mean that there might not be a unique fold for a given sequence. Therefore, like the halting problem, we have unknown inputs, and we need to figure out which states an arbitrary program can reach.
When someone claims to have "solved" folding, you should be as skeptical as you would be if someone claimed to have solved the halting problem for arbitrary machine code, and that they don't need any extra information about the machines that run that code. Although their program runs on conventional computers, it also works on programs written for quantum computers.
(Edit: That's not to say this work isn't useful, or that this press release overclaims. I've been hearing some pretty wild claims about this work elsewhere...)
For an unrelated reason, shortly after making that comment, I put 31 genes from a viral genome (the whole genome, assuming we have the reading frames correct and nothing else funky is going on) through AlphaFold. We're getting ready to do some proteomics to see what's in the capsid, and I wanted to inform the proteomics by doing some sequence analysis. Only three genes of the 31 came back with any sort of confidence. Two of the three were crystallized and solved by my group a few years back.
Is the AlphaFold team winning Folding@home? (which started at Washington University in St. Louis, home of the Human Genome Project)
FWIU, Folding@home has additional problems for AlphaFold, if not the AlphaFold team;
> Install our software to become a citizen scientist and contribute your compute power to help fight global health threats like COVID19, Alzheimer’s Disease, and cancer. Our software is completely free, easy to install, and safe to use. Available for: Linux, Windows, Mac
> which started at Washington University in St. Louis, home of the Human Genome Project
While Wash U was a contributor, I am confused about why you call it the home of the Human Genome Project. The Project seems a lot more strongly linked to the Whitehead/MIT in terms of press and the site of key figures.
https://en.wikipedia.org/wiki/Human_Genome_Project #History
"The Cost of Sequencing a Human Genome" https://www.genome.gov/about-genomics/fact-sheets/Sequencing...
If we're just sharing links, I have one too:
Both projects tackle related problems, but each is trying to answer a different question: https://news.ycombinator.com/item?id=32264059
> Folding@home answers a related but different question. While AlphaFold returns the picture of a folded protein in its most energetically stable conformation, Folding@home returns a video of the protein undergoing folding, traversing its energy landscape.
Is there any NN architectural reason that AlphaFold could not learn and predict the Folding@home protein folding interactions as well? Is there yet an open implementation?
I think it would be much harder to do that, since it probably requires modelling physics at some level, while AlphaFold is really just mining statistical correlations of structures and sequences.
Yes, there are open implementations of nearly-AlphaFold at this point.
FWIU there's no algorithmic reason that AlphaZero-style self play w/ rules could not learn the quantum chemistry / physics. Given the infinite monkey theorem, can an e.g. bayesian NN learn quantum gravity enough to predictively model multibody planetary orbits given an additional solar mass in transit through the solar system? (What about with "try Bernoulli's on GR and call it superfluid quantum gravity" or "the bond yield-curve inversion is a known-good predictor, with lag" as Goal-programming nudges to distributedly-partitioned symbolic EA/GA with a cost/error/survival/fitness function?)
E.g. re-derivations of Lean Mathlib would be the strings to evolve.
Django 4.1
The most anticipated Django release for me personally. Async ORM access is a massive quality of life improvememt, same for async CBV. The later is also a blocker for Django Rest Framework going async.
Sure most CRUD applications work perfectly fine using WSGI, but for anyone using other protocols like WS or MQTT in their app this is kind of a big deal.
## Asynchronous ORM interface
https://docs.djangoproject.com/en/4.1/releases/4.1/#asynchro... :
`QuerySet` now provides an asynchronous interface for all data access operations. These are named as-per the existing synchronous operations but with an `a` prefix, for example `acreate()`, `aget()`, and so on.
> The new interface allows you to write asynchronous code without needing to wrap ORM operations in `sync_to_async()`:
async for author in Author.objects.filter(name__startswith="A"):
book = await author.books.afirst()
## Asynchronous handlers for class-based views
> View subclasses may now define async HTTP method handlers:
import asyncio
from django.http import HttpResponse
from django.views import View
class AsyncView(View):
async def get(self, request, *args, **kwargs):
# Perform view logic using await.
await asyncio.sleep(1)
return HttpResponse("Hello async world!")I don't fully understand the sync_to_async() operation here. So the underlying database is not async, then is Django just tossing the sync DB call onto a thread or something?
Yes, it is just being put on a thread. A future Django release will use async database drivers. Django is very incrementally adding support for async. I don't believe they have started work on async templates yet, which will be one of the last major areas before the framework is fully async.
Yes, they're working from the top of the stack down, so first it was views+middleware, now it's the top layer of the database stack, and in future releases they'll work on pushing native async lower and lower in the stack.
Basically every function call that does db-queries needs an "a"-prefixed version. aget(), acreate(), aget_or_create(), acount(), aexists(), aiterator(), __aiter__, etc. And in future versions they'll work on the lower level, undocumented api, like _afetch_all(), aprefetch_related_objects(), compiler.aexecute_sql(), etc.
Eventually you'll probably need to switch database drivers to something that actually supports async.
Why do they need Async templates? When a template renders it should be pure data and fully on the CPU. It seems Async templates would encourage a bad behavior of doing n+1 queries inside the HTML.
Django makes a lot of use of lazy evaluation. You'll often construct a QuerySet object in a Django view like this:
entries = Entry.objects.filter(
category="python"
).order_by("-created")[:10]
{% for entry in entries %}...
Async template rendering becomes necessary if you want the templates to be able to execute async SQL queries in this way.
Jinja has this feature already with the enable_async=True setting - I wrote a tiny bit about that in https://til.simonwillison.net/sqlite/related-content
My immediate thought would be custom template tags. Like `{% popular_articles %}` would have to connect to the DB and load the articles. I am sure there are other reasons too.
exactly, it fires database call in a separare thread with coroutine awaiting this threads result.
Ask HN: Is there a tool / product that enables commenting on HTML elements?
I'm searching for a commercial product that enables commenting on HTML elements on a product so it can be shared with an org. Think google comments connected to Inspect Element in chrome that can be shared with an organization.
I want to get away from creating tickets or sending emails highlighting UX concerns. This is cumbersome and not very transparent or collaborative.
Does a tool like this already exist?
Hypothesis/h is a (Pyramid) web app with a JS widget that can be added to the HTML of a page manually or by the Hypothesis browser extension, which enables you to also comment on PDFs, WAVs, GIFs: https://github.com/hypothesis/h
From the W3C Web Annotation spec that Hypothesis implements https://www.w3.org/TR/annotation-model/ :
> Selectors: Fragment Selector, CSS Selector, XPath Selector, Text Quote Selector, Text Position Selector, Data Position Selector, SVG Selector, Range Selector, Refinement of Selection
> States: Time State, Request Header State, Refinement of State
Coinbase does not list securities. End of story
Of course Coinbase will say they're not securities.
All crypto should be treated as securities. The rampant insider trading, lack of transparency in project finances and decision making is insane.
I've consulted for a few crypto projects. In most of them, the founders completely misused ICO funds for personal gains and traded their own tokens with inside info.
If your project token is available to be purchased and sold in the US, they should be subject to the same rules other securities follow.
Scamming people shouldn't be this easy.
Just because you can insider trade doesn't make something a security in my view. You can do insider trading around gold or palladium or any other commodity for instance. You can do insider trading with property and land. You can even do insider trading with currencies.
They're not securities because you can insider trade them -- they're securities because they fairly clearly meet the Federal definition;
> The term “security” means any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security”, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.
Your comment has not contributed anything. Which of those many categories do you think crypto falls within?
For example, foreign currency is not a security, and an intuitive stance would be that crypto is far closer to foreign currency than it is to stocks. Other sources have a more useful definition in my opinion [1]:
> Firstly, a security is simply a financial instrument that represents a specific ownership position in either a corporation, a creditor related to a governmental body, a publicly traded corporation, or rights to ownership as represented by an option. The security must represent some type of financial value. Securities are generally categorised as either debts or equities, with a debt security indicating money that has been borrowed and must be repaid.
Under this definition, it is hard to see how the average "boring" cryptocurrency is a security.
Is "must be an agreement for future performance" a fair first test of whether something is a securities contract?
1) If there is no contractual agreement for future performance, it cannot be a securities contract (a "security").
That we can test before applying 2) the Howey Test, and then 3) assessing whether it's a Payment, Utility, Asset, or Hybrid coin/token
From https://en.wikipedia.org/wiki/SEC_v._W._J._Howey_Co. :
> "In other words, an investment contract for purposes of the Securities Act means a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party, it being immaterial whether the shares in the enterprise are evidenced by formal certificates or by nominal interests in the physical assets employed in the enterprise."[1]
> "The test is whether the scheme involves an investment of money in a common enterprise with profits to come solely from the efforts of others. If that test be satisfied, it is immaterial whether the enterprise is speculative or non-speculative or whether there is a sale of property with or without intrinsic value."[1]
Collectible coins, trading cards, beanie babies, real estate, and rare earth commodities, for example, are not securities per US securities law. Do these things fail a hypothetical and hopefully helpful "must be an agreement for future performance" litmus test for whether a thing is a security per US case law precedent?
What must be fed into the FTC CAT is a different set of policies.
From "Guidelines for enquiries regarding the regulatory framework for ICOs [pdf]" (2018) https://news.ycombinator.com/item?id=16406967 https://westurner.github.io/hnlog/#comment-16407277 :
> This is a helpful table indicating whether a Payment, Utility, Asset, or Hybrid coin/token: is a security, qualifies under Swiss AML payment law.
> The "Minimum information requirements for ICO enquiries" appendix seems like a good set of questions for evaluating ICOs. Are there other good questions to ask when considering whether to invest in a Payment, Utility, Asset, or Hybrid ICO?
> Are US regulations different from these clear and helpful regulatory guidelines for ICOs in Switzerland?
As well, do investors have any responsibility for evaluating written agreements for future performance before investing?
Does a person have the responsibility of evaluating contracts before entering into them; for example, with the belief that it's a securities agreement for future performance? What burden of responsibility has a securities investor?
Does that business sell any registered securities at all? Why did you think they were selling you a security? Were you presented with a shareholders agreement? A securities agreement? Any sort written contract? Why did you think you were entering into a securities contract if there was no contract?
If someone makes hopeful, pumping, forward-looking statements, does that obligate them to perform?
When does the Statute of Frauds apply to phantom contractual agreements for future performance?
Statute of Frauds: https://www.investopedia.com/terms/s/statute-of-frauds.asp :
> The statute of frauds (SOF) is a legal concept that requires certain types of contracts to be executed in writing. The statute covers contracts for the sale of land, agreements involving goods worth over $500, and contracts lasting one year or more.
> The statute of frauds was adopted in the U.S. primarily as a common law concept—that is, as unwritten law. However, it has since been formalized by statutes in certain jurisdictions, such as in most states. In a breach of contract case where the statute of frauds applies, the defendant may raise it as a defense.* Indeed, they often must do so affirmatively for the defense to be valid. In such a case, the burden of proof is on the plaintiff. The plaintiff must establish that a valid contract was indeed in existence.
Statute of Frauds: https://en.wikipedia.org/wiki/Statute_of_frauds
Q: When should you check for a contractual agreement for future performance, for future returns? A: At least before you give more than $500.
In the US, cryptoasset exchanges have gained specific legal approval from each and every state where those assets are listed for sale.
What process does your state have for approving assets for listing by cryptoasset exchanges? When or why does a state reject a cryptoasset exchange's application to list a cryptoasset?
Is it the case that we have 50 state-level procedures for getting a cryptoasset approved for list by an exchange?
Is it the case that SEC does not provide a "formally reject an unregistered security which is thus not SEC jurisdiction" service?
If some 50 states failed to red flag a cryptoasset, I find it unreasonable to fault cryptoasset exchanges for choosing to list, or retail investors for failing to review a contract for future performance and investing.
I Looked into 34 Top Real-World Blockchain Projects So You Don’t Have To
I keep saying this, but:
Bitcoin is well over 10 years old by now. In 10 years, the internet was already clearly adding a ton of value all over the place. Bitcoin is not really a 'young technology' anymore, and the only thing it has enabled so far is risky, unregulated investment strategies, and an staggering amount of crime.
When the Internet was 10 years old the year was 1987.
Having heard this argument a nauseating number of times, it's fairly clear that people on both sides who say this use "the internet" when they mean "the web." So 1999 is a better "after 10 years'" benchmark here.
The web was the killer app built on the infrastructure of the internet. The blockchain ecosystem is still building it's infrastructure.
# 1970s: The Internet (US Research Institutions, ARPA, IETF, IEEE,)
TCP/IP, DNS (/etc/hosts), Routing Protocols for multiple DUN (Dial-Up Networking) links between schools, Gopher
# The Web (TimBL (@CERN), IETF, W3C)
HTTP, HTML: "Hyperlinks" between "Hypertext" documents; edges with "anchor text" types.
[No-crypto P2P]
# Web 2.0 (CoC Web Frameworks, AJAX, open source SQL, LAMP,)
Interactive HTML with user-contributed-content to moderate
# ~~Web 3.0~~ (W3C,)
Linked Data; RDF, RDFa
5-Star Linked Data: https://5stardata.info/
- Use URIs in your datasets; e.g. describe the columns of the CSVs with URIs: CSVW
# Web3 ("Zero-Trust")
SK: Secret Key
PK: Public Key
Crypto P2P: resilient distributed system application architectures with no points of failure
ENS (Ethereum Name Service) instead of DNS. ENS binds unique strings to accounts; just like NFTs.
(A non-fungible-token is a like a coin where each bill has a unique serial number. A fungible-token is a thing that there are transactable fractions of that needn't have unique identities: US coinage, barrels of oil, ounces of gold/silver. Non-fungible tokens are indivisible: you can't tear a bill in half because there's only the one serial number (and that's actually a federal crime in the USA, to deface money). Similarly, ENS entries - which map a string to an account id (hash of a public key) - can't be split into fractions and sold, so they're Non-FTs; NFTs)
(DNS is somewhat unfixably broken due to the permissiveness necessary to interact with non-DNSSEC-compliant domains resulting in downgrade attack risks: even with e.g. DNS-over-TLS, DNS-over-HTTPS, or DNS-over-QUIC securing the channel; if the DNS client does not reject DNS responses that do not have DNSSEC signatures, a DNS MITM will succeed. If you deny access to DNSSEC-unsigned domains at your DNS client config or the (maybe forwarding) DNS resolver on the router, what is the error message in the browser?)
NIST announces preliminary winners of post-quantum competition
After EC DRBG who cares about what NIST does?
Those who have to comply with their standards (e.g. FIPS 140-3), at the very least.
OP does have a point though, especially with DJB's thoughts (and others) on the matter.
https://nitter.net/hashbreaker?lang=en
For FIPS in particular, they've first gotta sunset the traditional algorithms for anyone to strictly need to care (and even then, parallel constructions of PQC+traditional could let other PQC algorithms in -- like the Chrome experiments -- from a FIPS perspective, you can treat the PQC like plaintext). And for them to be useful, adoption needs to occur in the IETF communities (PKIX, TLS, SSH, IKE, ...).
You're probably looking at least 5 years on the adoption window to customers running the lastest updates. NIST's blessing might help some of the IETF conversations that now need to happen. But not listening to DJB, given his track record, likely will anger a subset of IETF contributors and might hinder adoption.
It'll be interesting to see if IETF takes the more conservative approach advocates by DJB or if they continue on with NIST's blessing alone. But I'm just a watcher... :-)
Edit: and for the record, FIPS never mandated Dual EC DRBG but it was still a mistake for NIST to rubber stamp.
From https://news.ycombinator.com/item?id=31995535 :
> (IDK what the TLS (and FIPS) PQ Algo versioning plans are: 1.4, 2.0?)
Kyber, NTRU, {FIPS-140-3}?
Sorry, reading NIST is worse than reading tea leaves and I don't actively participate in the IETF TLS mailing lists enough to say any more than the next person :-) Just stating that the process (NIST to enterprise customer) takes time for complete PQC adoption across the entire stack.
It shouldn't take long to change software: how long does it take to add a dependency on an open implementation and add an optional config file const pending a standardized list of algos like TLS 1.3+ and FIPS, and fallback to non-PQ; like DNSSEC (edit: and WPA2+WPA3)? Do mining rig companies that specialize in ASICs and FPGAs yet offer competitively-priced TLS load balancers -- now with PQ -- or are they still more expensive than mainboards?
RStudio Is Becoming Posit
At first I thought they were renaming the IDE, which seemed like a clearly bad idea. Makes sense to rename the company I guess.
It tickles my brain every time I see it when I am reminded that the same guy who made ColdFusion and a diet app just decided to build a small company based upon a weird stats language 13 years ago. Good for him.
Those all sound like good names. From the article:
> To avoid this problem and codify our mission into our company charter, we re-incorporated as a Public Benefit Corporation in 2019.
> Our charter defines our mission as the creation of free and open source software for data science, scientific research, and technical communication. This mission intentionally goes beyond “R for Data Science” — we hope to take the approach that’s succeeded with R and apply it more broadly. We want to build a company that is around in 100 years time that continues to have a positive impact on science and technical communication. We’ve only just started along this road: we’re experimenting with tools for Python and our new Quarto project aims to impact scientific communication far beyond data science.
> [...] What does the new name mean for our commercial software? In many ways, nothing: our commercial products have supported Python for over 2 years. But we will rename them to Posit Connect, Posit Workbench, and Posit Package Manager so it’s easier for folks to understand that we support more than just R. What about our open source software? Similarly, not much is changing: our open source software is and will continue to be predominantly for R. That said, over the past few years we’ve already been investing in other languages like reticulate (calling Python from R), Python features for the IDE, and support for Python and Julia within Quarto. You can expect to see more multilanguage experiments in the future.
Apache Arrow may be the best solution for data interchange in "polyglot notebooks" with multiple programming languages where SIMDJSON-LD isn't fast enough to share references to structs (with data type URIs and quantity and unit URIs) with IPC and ref counting. https://github.com/jupyterlab/jupyterlab/issues/2815
This feels weird at first glance, but the IDE is staying as RStudio. I love the company and all they’ve done to make data analysis more accessible, so good on them and may they succeed even more in the future.
Still not sure what Quarto is above and beyond a normal RStudio notebook, though.
Quatro is a tool for converting notebooks into shareable formats (like PDF, HTML, Docx). Notebooks are very hard to share. You can't send it to your stakeholders, because Python code will scare them. You can use Quatro to convert notebooks into other formats and easily hide the code. It is like nbconvert on steroids.
I'm working on solution for notebooks sharing with non-technical users. Similar to Quatro it has YAML header, but it can also add widgets to the notebook and serve notebook as interactive web app. My framework is called https://github.com/mljar/mercury
You can use RISE (https://rise.readthedocs.io/en/stable/) for Jupyter notebooks to use it for presentations and also export to PDF.
FWIW repo2docker installs everything listed in /install.R or /.binder/install.R. I'll just cc this here because of the integration potential:
> repo2docker fetches a repository (from GitHub, GitLab, Zenodo, Figshare, Dataverse installations, a Git repository or a local directory) and builds a container image in which the code can be executed. The image build process is based on the [#REES] configuration files found in the repository.
Docs: https://repo2docker.readthedocs.io/en/latest/
python3 -m pip freeze | tee requirements.txt
conda env export -f environment.yml
conda env export --from-history -f environment.yml
python3 -m pip install jupyter-repo2docker
repo2docker .
# git branch -b mynewbranch; git commit; git push
repo2docker https://github.com/binder-examples/conda
repo2docker https://github.com/binder-examples/requirements
repo2docker https://github.com/binder-examples/voila #dashboards #ContainDS
python -m webbrowser https://mybinder.org/
https://repo2docker.readthedocs.io/en/latest/config_files.ht...
repo2jupyterlite (WASM) sure would be useful for presentations, too.
Ask HN: Why are there so few artificial sunlight or artificial window products?
The demand for "natural light" in homes and offices is very high, and higher than the availability of actual daylight. And there seems to be a pretty feasible way to create a fake window (a light panel that mimics sunlight through a window), using LEDs and a fresnel lens. There's no shortage of videos around showing how to DIY such a thing, such as https://www.youtube.com/watch?v=8JrqH2oOTK4 and https://www.youtube.com/watch?v=GDeEuzKXCH4
So, why can't I find many such products for sale? There are a couple of high-end companies like https://www.coelux.com/, but where's the mass market stuff? Is there an opportunity being overlooked here, or am I just missing something?
The nuclear reaction at the center of our solar system, our sun, emits EM radiation of various wavelengths. FWIU, there are various devices for phototherapy (light therapy) which are more common in more non-equatorial lattitudes.
Light therapy: https://en.wikipedia.org/wiki/Light_therapy
There are various "corn bulb" LED products, but FWIU few of the products verifiably produce UVC light; and even fewer still are built from relatively new (full spectrum) UVC LEDs.
The Broan bath fans with SurfaceShield by Vyv bath fans produce ~"ultrablue" but not UVC or a detachable Chromecast Audio.
There are bulbs that switch from normal UVA to ultrablue and/or UVC on the second flIP of the circuit.
UVC causes cancer and cataracts and is blocked by the Earth's atmosphere so almost none reaches the surface. Do NOT shine UVC light on your eyes or skin!
From "Accidental Exposure to Ultraviolet-C (UVC) Germicidal Lights: A Case Report and Recommendations in Orthodontic Clinical Settings" (2021) https://journals.sagepub.com/doi/full/10.1177/03015742211013...
> While UVA radiation is the least hazardous and most associated with skin ageing, UVB is known to cause DNA damage and is a risk factor in developing sunburn, skin cancer, and cataracts. UVC is a “germicidal” radiation with the ability to penetrate deeper, killing bacteria and inactivating viruses.6 There are various types of UVC germicidal lamps—cold cathode germicidal UV lamps, hot cathode germicidal UV lamps, slimline germicidal UV lamps, high output germicidal UV lamps, UV LEDs, and UV lamp shapes with lamp connectors. The latter two are the safest to be used with the utmost precautions.
> This case report describes a vital observation of adverse effects produced by exposure to UV germicidal lamps. There are very few studies reporting accidental exposures to UVC at work in hospital settings. 7 [...]
> Importantly, overexposure to UVC radiation causes ocular and epidermal signs and symptoms. Typical skin reactions in a welder and acute sunburn produced by an electric insect-killing device with an irradiance of as much as 46 mW m-2 have been reported previously in the literature.13, 14 As for germicidal lamps, adverse effects include facial erythema, burning sensation, irritation, pain, keratoconjunctivitis, sunburn, conjunctival redness, blurry vision, photophobia, and irritation to the airway due to the generation of ozone from UVC lamps.
LiteFS a FUSE-based file system for replicating SQLite
LiteFS author here (also Litestream author). I'm happy to answer any questions folks have about how it works or what's on the roadmap.
Given a situation where replication is desirable, is using SQLite + LiteFS a better choice than just replicated Postgres?
Postgres is great and replicating it can work as well. One benefit to SQLite is that it's in-process so you avoid most per-query latency so you don't have to worry as much about N+1 query performance issues. From my benchmarks, I see latency from an application node to a Postgres node as high as 1 millisecond -- even if both are in the same region. SQLite, on the other hand, has per-query latency overhead of about 10-20µs.
Another goal is to simplify deployment. It's a lot easier and cost-effective to just deploy out 10 application nodes across a bunch of regions rather than having to also deploy Postgres replicas in each of those regions too.
SQLite v Postgres here is apples v oranges. Postgres is multi-reader multi-writer whereas SQLite is single-writer multi-reader among other things. They are both very fine databases but solve different use cases.
From https://www.sqlite.org/isolation.html :
> Isolation And Concurrency: SQLite implements isolation and concurrency control (and atomicity) using transient journal files that appear in the same directory as the database file. There are two major "journal modes". The older "rollback mode" corresponds to using the "DELETE", "PERSIST", or "TRUNCATE" options to the journal_mode pragma. In rollback mode, changes are written directly into the database file, while simultaneously a separate rollback journal file is constructed that is able to restore the database to its original state if the transaction rolls back. Rollback mode (specifically DELETE mode, meaning that the rollback journal is deleted from disk at the conclusion of each transaction) is the current default behavior.
> Since version 3.7.0 (2010-07-21), SQLite also supports "WAL mode". In WAL mode, changes are not written to the original database file. Instead, changes go into a separate "write-ahead log" or "WAL" file. Later, after the transaction commits, those changes will be moved from the WAL file back into the original database in an operation called "checkpoint". WAL mode is enabled by running "PRAGMA journal_mode=WAL".
> In rollback mode, SQLite implements isolation by locking the database file and preventing any reads by other database connections while each write transaction is underway. Readers can be active at the beginning of a write, before any content is flushed to disk and while all changes are still held in the writer's private memory space. But before any changes are made to the database file on disk, all readers must be (temporarily) expelled in order to give the writer exclusive access to the database file. Hence, readers are prohibited from seeing incomplete transactions by virtue of being locked out of the database while the transaction is being written to disk. Only after the transaction is completely written and synced to disk and committed are the readers allowed back into the database. Hence readers never get a chance to see partially written changes.
> WAL mode permits simultaneous readers and writers. It can do this because changes do not overwrite the original database file, but rather go into the separate write-ahead log file. That means that readers can continue to read the old, original, unaltered content from the original database file at the same time that the writer is appending to the write-ahead log. In WAL mode, SQLite exhibits "snapshot isolation". When a read transaction starts, that reader continues to see an unchanging "snapshot" of the database file as it existed at the moment in time when the read transaction started. Any write transactions that commit while the read transaction is active are still invisible to the read transaction, because the reader is seeing a snapshot of database file from a prior moment in time.
> An example: Suppose there are two database connections X and Y. X starts a read transaction using BEGIN followed by one or more SELECT statements. Then Y comes along and runs an UPDATE statement to modify the database. X can subsequently do a SELECT against the records that Y modified but X will see the older unmodified entries because Y's changes are all invisible to X while X is holding a read transaction. If X wants to see the changes that Y made, then X must end its read transaction and start a new one (by running COMMIT followed by another BEGIN.)
Or:
ROLLBACK; // cancel the tx e.g. because a different dbconn thread detected updated data before the tx was to be COMMITted.
// Replay the tx
BEGIN;
// replay the same SQL statements
COMMIT;This is saying that SQLite allows reads and writes to happen simultaneously, but it's still single-writer. There's a WIP branch to add concurrent writes.
> Usually, SQLite allows at most one writer to proceed concurrently. The BEGIN CONCURRENT enhancement allows multiple writers to process write transactions simultanously if the database is in "wal" or "wal2" mode, although the system still serializes COMMIT commands.
https://www.sqlite.org/cgi/src/doc/begin-concurrent/doc/begi...
Shit. I was wrong. Thank you for sharing.
Heaviest neutron star on record is 2.35 times the Solar mass
What percentage of black holes are formed by neutron star events? What percentage of black holes are formed by gamma ray fluid field interactions?
"What If (Tiny) Black Holes Are Everywhere?" (@PBSSpaceTime) https://youtu.be/srVKjWn26AQ :
> ~ every 30 km
How does the gravitational spacetime fluid field disturbance of our comparatively baby non-neutron-star Sun compare in diameter and non-viscosity?
https://en.wikipedia.org/wiki/Sun :
> The Sun's diameter is about 1.39 million kilometers (864,000 miles), or 109 times that of Earth. Its mass is about 330,000 times that of Earth, comprising about 99.86% of the total mass of the Solar System. [20] Roughly three-quarters of the Sun's mass consists of hydrogen (~73%); the rest is mostly helium (~25%), with much smaller quantities of heavier elements, including oxygen, carbon, neon, and iron. [21]
> The Sun is a G-type main-sequence star (G2V). As such, it is informally, and not completely accurately, referred to as a yellow dwarf (its light is actually white). It formed approximately 4.6 billion [a] [14][22] years ago from the gravitational collapse of matter within a region of a large molecular cloud. Most of this matter gathered in the center, whereas the rest flattened into an orbiting disk that became the Solar System. The central mass became so hot and dense that it eventually initiated nuclear fusion in its core. It is thought that almost all stars form by this process.
> Every second, the Sun's core fuses about 600 million tons of hydrogen into helium, and in the process converts 4 million tons of matter into energy. This energy, which can take between 10,000 and 170,000 years to escape the core, is the source of the Sun's light and heat. When hydrogen fusion in its core has diminished to the point at which the Sun is no longer in hydrostatic equilibrium, its core will undergo a marked increase in density and temperature while its outer layers expand, eventually transforming the Sun into a red giant. It is calculated that the Sun will become sufficiently large to engulf the current orbits of Mercury and Venus, and render Earth uninhabitable – but not for about five billion years.
G2V "G Star": Hydrogen + Fusion => Helium https://en.wikipedia.org/wiki/G-type_main-sequence_star :
> A G-type main-sequence star (Spectral type: G-V), also often called a yellow dwarf, or G star, is a main-sequence star (luminosity class V) of spectral type G. Such a star has about 0.9 to 1.1 solar masses and an effective temperature between about 5,300 and 6,000 K. Like other main-sequence stars, a G-type main-sequence star is converting the element hydrogen to helium in its core by means of nuclear fusion, but however can also fuse helium when hydrogen runs out. The Sun, the star to which the Earth is gravitationally bound in the center of the Solar System, is an example of a G-type main-sequence star (G2V type). Each second, the Sun fuses approximately 600 million tons of hydrogen into helium in a process known as the proton–proton chain (4 hydrogens form 1 helium), converting about 4 million tons of matter to energy. [1][2] Besides the Sun, other well-known examples of G-type main-sequence stars include Alpha Centauri, Tau Ceti, Capella and 51 Pegasi. [3][4][5][6]
https://en.wikipedia.org/wiki/Neutron_star :
> A neutron star is the collapsed core of a massive supergiant star, which had a total mass of between 10 and 25 solar masses, possibly more if the star was especially metal-rich. [1] Except for black holes and some hypothetical objects (e.g. white holes, quark stars, and strange stars), neutron stars are the smallest and densest currently known class of stellar objects. [2] Neutron stars have a radius on the order of 10 kilometres (6 mi) and a mass of about 1.4 solar masses. [3] They result from the supernova explosion of a massive star, combined with gravitational collapse, that compresses the core past white dwarf star density to that of atomic nuclei.
Show HN: Pg_jsonschema – A Postgres extension for JSON validation
pg_jsonschema is a solution we're exploring to allow enforcing more structure on json and jsonb typed postgres columns.
We initially wrote the extension as an excuse to play with pgx, the rust framework for writing postgres extensions. That let us lean on existing rust libs for validation (jsonschema), so the extension's implementation is only 10 lines of code :)
https://github.com/supabase/pg_jsonschema/blob/fb7ab09bf6050...
happy to answer any questions!
Nice work, however, I am structurally dubious of putting too much functionality onto a classical centralized RDBMS since it can't be scaled out if performance becomes a problem. It's CPU load and it's tying up a connection which is a large memory load (as implemented in postgres, connections are "expensive") and since this occurs inside a transaction it's holding locks/etc as well. I know it's all compiled native code so it's about as fast as it can be, but, it's just a question of whether it's the right place to do that as a general concern.
I'd strongly prefer to have the application layer do generic json-schema validation since you can spawn arbitrary containers to spread the load. Obviously some things are unavoidable if you want to maintain foreign-key constraints or db-level check constraints/etc but people frown on check constraints sometimes as well. Semantic validity should be checked before it gets to the DB.
I was exploring a project with JSON generation views inside the database for coupling the DB directly to SOLR for direct data import, and while it worked fine (and performed fine with toy problems) that was just always my concern... even there where it's not holding write locks/etc, how much harder are you hitting the DB for stuff that, ultimately, can. be done slower but more scalably in an application container?
YAGNI, I know, cross the bridge when it comes, butjust as a blanket architectural concern that's not really where it belongs imo.
In my case at least, probably it's something that could be pushed off to followers in a leader-follower cluster as a kind of read replica, but I dunno if that's how it's implemented or not. "Read replicas" are something that are a lot more fleshed out in Citus, Enterprise, and the other commercial offerings built on raw Postgres iirc.
All this does is make writing a CHECK constraint for a JSON blob relatively straightforward. And yes you should use CHECKs in the database. In practice, it is very easy for application code to either not check or screw it up. It is much harder to find and clean up bad data in the database than prevent it from being inserted. By making it a schema config, it is much easier to audit by other engineers and more likely to be correct.
If CHECKs are causing perf issues, then okay maybe put the problematic ones somewhere else.
You could cost the stored procedures' deployment costs in cryptographically-signed-redundant-data-storage bytes and penalize unnecessary complexity by Costing Opcodes (in the postgres database ~"virtual machine runtime", which supports many non-halting programming languages; such as rust, which is great to see.) and paying for redundant (smart contract output) consensus where it's worth it.
TIL about https://github.com/mulesoft-labs/json-ld-schema: "JSON Schema/SHACL based validation of JSON-LD documents". Perhaps we could see if that's something that should be done in pgx or in the application versions deployed alongside the database versions?
Computer science proof unveils unexpected form of entanglement
I always said that computer science was going to be the method to complete physics, whether it be finishing the Standard Model or proving finally Dark Matter is fiction, which is why we can't detect it. Maybe it's still not entirely clear, but just trust me.
Good lord no, just no. Computer Science is not going to be the method to "complete physics." "Complete physics" isn't even a sensible phrase. Source: me, (former) physicist.
Evolutionary algorithm https://en.wikipedia.org/wiki/Evolutionary_algorithm
Related techniques > Particle swarm optimization:
> Particle swarm optimization is based on the ideas of animal flocking behaviour.[7] Also primarily suited for numerical optimization problems
Symbolic EA will surpass all of human physics in the next 10 years.
To complete physics, which spacetime predictions can or must have zero error?
The notion that physics can ever be complete is...not even wrong.
Prove it.
Bazinga.
Perhaps the oracle could indicate when the Career().solve_physics() routine will halt. https://en.wikipedia.org/wiki/Halting_problem
Securing name resolution in the IoT: DNS over CoAP
The "Matter" (fka "Project Chip") IoT protocol (which succeeds OpenThread FWIU) Wikipedia SeeAlso links to CoAP. https://en.wikipedia.org/wiki/Matter_(standard)
What are the functional differences and opportunities in regards to name resolution?
Matter: https://github.com/project-chip/connectedhomeip
Are any of the "Certificate Transparency on a blockchain / dlt / immutable permissioned distributed ledger" approaches applicable to this problem domain? Solve DNS again for IoT?
Technically Matter can run purely local, no external web requests (well there are some attestation and certs that are confirmed by the Controller). Then Matter devices use Endpoints and Clusters for control, device to device or Controller to device. Matter devices' Commissioning process is done in 2 ways - for Thread devices, they require the operational dataset of the Thread network, which is held by the Border Router, then the Border Router needs information about the Thread Device (Device ID, Discriminator, and PIN Code). This can be exchanged over BLE or NFC with the Controller (smartphone app like Homekit, Google Home, etc). If you have WiFi only devices then Commissioning is done via the Controller only. In both of these cases any DNS lookup would be done by the Controller.
> Technically Matter can run purely local, no external web requests (well there are some attestation and certs that are confirmed by the Controller).
So Matter should work when the [W]LAN is up but there is no external DNS or IP connectivity?
> Then Matter devices use Endpoints and Clusters for control, device to device or Controller to device. Matter devices' Commissioning process is done in 2 ways - for Thread devices, they require the operational dataset of the Thread network, which is held by the Border Router, then the Border Router needs information about the Thread Device (Device ID, Discriminator, and PIN Code). This can be exchanged over BLE or NFC with the Controller (smartphone app like Homekit, Google Home, etc). If you have WiFi only devices then Commissioning is done via the Controller only. In both of these cases any DNS lookup would be done by the Controller.
Does the Controller optionally run DoH (DNS-over-HTTPS), DoT (DNS-over-TLS), DoQ (DNS-over-QUIC; which is easy to load-balance because it's UDP), DNS-over-CoAP, or plain-old unsecured DNS with optional DNSSEC validation? What about ENS (Ethereum Name Service; "web3 dns"; why was DNS reinvented for the smart-contract world? And what about Matter and IoT?
Found this which explains ENS, which is perhaps less obtusely more complex than your DNS-over-CoAP thing: https://www.cryptohopper.com/blog/6536-what-is-the-web3-doma... ( https://web3py.readthedocs.io/en/stable/ens_overview.html )
> ENS domains work similar to traditional domain names, but with the new web 3.0 infrastructure, they can create decentralized applications and websites, and store data or files on the blockchain.
> The ENS is the new domain naming system built on top of the Ethereum network that enables users to create memorable and distinctive addresses or usernames. It utilizes Ethereum's smart contracts to provide supplementary services to the conventional DNS and manage domain name registration and resolution. ENS allows users to create a single username for all their wallet addresses, decentralized apps, and websites in a distributed ecosystem.
> ENS utilizes three types of smart contracts: the registry, the registrars, and the resolvers.
And of course there are better than PIN codes and CRL-less x.509 certs for entropy there. DLTs are specifically designed to be resilient to [mDNS] DDoS.
Maybe powers of π don't have unexpectedly good approximations?
I wonder what happens for powers of e. This should be different than pi, since e has continued fraction coefficients that make a nice pattern [2, 1, 2, 1, 1, 4, 1, 1, ...]. e^2 does as well (https://oeis.org/A001204). (I know this fact but have never understood any of the proofs.)
But e^3 (https://oeis.org/A058282) does not have a "nice pattern", and neither does e^4 (https://oeis.org/A058283)
/? 3blue1brown e^ipi https://m.youtube.com/results?sp=mAEA&search_query=3blue1bro...
Given:
e = limit((1 + 1/n)^n, +∞) # Euler's number
i = √-1 # orthogonal; i_0^2 = -1
pi = (666/212 - 22/7)*π # circle circumference / diameter
e^iπ + 1 = 0
e^ix = cos(x) + i*sin(x)
e (Euler's number) https://en.wikipedia.org/wiki/E_(mathematical_constant)
Is there something fundamental here - with e.g. radix base e - about countability and a continuum of reals, and maybe constructive interference?
When EM waves that are in phase combine, the resultant amplitude of the combined waveform is the sum of the amplitudes; constructive interference is addition. And from addition, subtraction & multiplication and exponents and logarithms.
And then this concept of phase and curl ( convergence and divergence ) in non-orthogonal, probably not conditionally-independent fluid fields that combine complexly and nonlinearly. Define distance between (fluid) field moments. A coherent multibody problem hopefully with unitarity and probably nonlocality.
Can emergence of complex adaptive behavior in complex nonlinear systems of fields emerge from such observable phenomena as countability (perhaps just of application-domain-convenient field-combinatorial multiples in space Z)?
Freezing Requirements with Pip-Tools
Did you ever try poetry[1]?
It is a great tool that I use in all my projects. It effectively solves dependency management for me in a very easy to use way.
Dependency management using requirements.txt used to give me such a headache, now I just have a pyproject.toml that I know works.
[tool.poetry.dependencies]
python = ">=3.8,<3.9"
pandas = "^1.4.3"
What I like about poetry is that it makes sure that the whole dependency graph of the packages that you add is correct. If it can not solve the graph, then it fails fast and it fails hard, which is a good thing.
This is probably a very bad explainer of what poetry does, but be sure to check it out! :)
Isn't that the same as adding version constraints to setuptools' setup.cfg? [1] pip will use these in its dependency resolver.
You can also constrain the Python version in there if you want.
[1] https://setuptools.pypa.io/en/latest/userguide/quickstart.ht...
Maybe it is the same, but the idea is to take that selected version of the dependency and store a hash checksum for it, so that one can later get the exact same dependencies. Poetry only does not source setup.cfg, but its tool-specific config file. This way it stays out of the way of any other tool.
pip-tools can hash as well: https://pip-tools.readthedocs.io/en/latest/#using-hashes
Using a tool specific config file seems like a design choice with upsides and downsides, which I respect
A Pipfile can store hashes for multiple versions of a package built for multiple architectures; whereas requirements.txt can only store the hash of one version of the package on one platform.
Can a requirements.txt or a Pipfile store cryptographically-signed hashes for each dependency? Which tool would check that not PyPI-upload but package-builder-signing keys validate?
FWIU, nobody ever added GPG .asc signature support to Pip? What keys would it trust for which package? Should twine download after upload and check the publisher and PyPI-upload signatures?
Are cryptographically-signed hashes really necessary in this case (why?)? What would be the secret, which is used for signing?
If the hashes are retrieved over the same channel as the package (i.e. HTTPS), and that channel is unfortunately compromised, why wouldn't a MITM tool change those software package artifact hash checksums too?
Only if the key used to sign the package / package manifest with per-file hashes is or was retrieved over a different channel (i.e. WKD, HKP (HTTPS w/w/o Certificate Pinning (*))), and the key is trusted to sign for that package, then install the software package artifact and assign file permissions and extended filesystem attributes.
From the sigstore docs: https://docs.sigstore.dev/ :
> sigstore empowers software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests [SBOM] and more. Signing materials are then stored in a tamper-resistant public log.
/? sigstore sbom: https://www.google.com/search?q=sigstore+sbom
> It’s free to use for all developers and software providers, with sigstore’s code and operational tooling being 100% open source, and everything maintained and developed by the sigstore community.
> How sigstore works: Using Fulcio, sigstore requests a certificate from our root Certificate Authority (CA). This checks you are who you say you are using OpenID Connect, which looks at your email address to prove you’re the author. Fulcio grants a time-stamped certificate, a way to say you’re signed in and that it’s you.
https://github.com/sigstore/fulcio
> You don’t have to do anything with keys yourself, and sigstore never obtains your private key. The public key that Cosign creates gets bound to your certificate, and the signing details get stored in sigstore’s trust root, the deeper layer of keys and trustees and what we use to check authenticity.
https://github.com/sigstore/cosign
> our certificate then comes back to sigstore, where sigstore exchanges keys, asserts your identity and signs everything off. The signature contains the hash itself, public key, signature content and the time stamp. This all gets uploaded to a Rekor transparency log, so anyone can check that what you’ve put out there went through all the checks needed to be authentic.
Qubit: Quantum register: Qudits and qutrits
To just quote from Wikipedia:
"Qubit > Quantum register > Qudits and qutrits" https://en.wikipedia.org/wiki/Qubit#Qudits_and_qubits
> ## Qudits and qutrits
> The term qudit denotes the unit of quantum information that can be realized in suitable d-level quantum systems.[8] A qubit register that can be measured to N states is identical[c] to an N-level qudit. A rarely used[9] synonym for qudit is quNit, [10] since both `d` and N are frequently used to denote the dimension of a quantum system.
> Qudits are similar to the integer types in classical computing, and may be mapped to (or realized by) arrays of qubits. Qudits where the d-level system is not an exponent of 2 can not be mapped to arrays of qubits. It is for example possible to have 5-level qudits.
> In 2017, scientists at the National Institute of Scientific Research constructed a pair of qudits with 10 different states each, giving more computational power than 6 qubits.[11]
> Similar to the qubit, the qutrit is the unit of quantum information that can be realized in suitable 3-level quantum systems. This is analogous to the unit of classical information trit of ternary computers.
> ## Physical implementations [of qubits,]
> Any two-level quantum-mechanical system can be used as a qubit. Multilevel systems can be used as well, if they possess two states that can be effectively decoupled from the rest (e.g., ground state and first excited state of a nonlinear oscillator). There are various proposals. Several physical implementations that approximate two-level systems to various degrees were successfully realized. Similarly to a classical bit where the state of a transistor in a processor, the magnetization of a surface in a hard disk and the presence of current in a cable can all be used to represent bits in the same computer, an eventual quantum computer is likely to use various combinations of qubits in its design.
> The following is an incomplete list of physical implementations of qubits, and the choices of basis are by convention only: [...]
See also: "Quantum logic gate" https://en.wikipedia.org/wiki/Quantum_logic_gate
>> Quantum Monte Carlo: https://en.wikipedia.org/wiki/Quantum_Monte_Carlo :
>> Quantum Monte Carlo encompasses a large family of computational methods whose common aim is the study of complex quantum systems. One of the major goals of these approaches is to provide a reliable solution (or an accurate approximation) of the quantum many-body problem. [...] The difficulty is however that solving the Schrödinger equation requires the knowledge of the many-body wave function in the many-body Hilbert space, which typically has an exponentially large size in the number of particles. Its solution for a reasonably large number of particles is therefore typically impossible,*
> What sorts of independent states can or should we map onto error-corrected qubits in an approximating system?
> Propagation of Uncertainty ... Numerical stability ... Chaotic convergence, ultimately, apparently: https://en.wikipedia.org/wiki/Propagation_of_uncertainty
> Programming the Universe: https://en.wikipedia.org/wiki/Programming_the_Universe :
> Lloyd also postulates that the Universe can be fully simulated using a quantum computer; however, in the absence of a theory of quantum gravity, such a simulation is not yet possible. "Particles not only collide, they compute."
> Quantum on Silicon looks cheaper in today dollars.
Morello's,
> Devide [sic] the universe in QFT field-equal halves A and B, take energy from A to make B look like A, then add qubit error correction, and tell me if there's enough energy to simulate the actual universe on a universe QC with no instruction pipeline.
Due to error correction; propagation of uncertainty.
"Quantum computing in silicon hits 99% accuracy" (2022) https://www.eurekalert.org/news-releases/940321 :
> Quantum computing in silicon hits the 99% threshold
> Morello et al achieved 1-qubit operation fidelities up to 99.95 per cent, and 2-qubit fidelity of 99.37 per cent with a three-qubit system comprising an electron and two phosphorous atoms, introduced in silicon via ion implantation.
> A Delft team in the Netherlands led by Lieven Vandersypen achieved 99.87 per cent 1-qubit and 99.65 per cent 2-qubit fidelities using electron spins in quantum dots formed in a stack of silicon and silicon-germanium alloy (Si/SiGe).
> A RIKEN team in Japan led by Seigo Tarucha similarly achieved 99.84 per cent 1-qubit and 99.51 per cent 2-qubit fidelities in a two-electron system using Si/SiGe quantum dots.
>> The following is an incomplete list of physical implementations of qubits, and the choices of basis are by convention only: [...]
Qubit#Physical_implementations: https://en.wikipedia.org/wiki/Qubit#Physical_implementations
- note the "electrons" row of the table
> See also: "Quantum logic gate" https://en.wikipedia.org/wiki/Quantum_logic_gate
To improve search results on YouTube, use the search prefix “intitle:”
YouTube's search is horrible. No, I don't want "related results" that are completely unrelated to my query, neither results from my country when I specifically type in English and my whole UI is in English and I never watch non-English content while logged in.
- [ ] ENH: yt mobile app: Share search query urls
- [ ] ENH,SCH: https://schema.org/MediaObject and search cards
- [ ] UBY: search: transcript search snippets
OpenSSL Security Advisory
Here's a good summary of the flaw:
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-...
Note that the bug is only in 3.0.4, which was released June 21, 2022. So if you didn't update to this version, it's unlikely you're vulnerable.
You're talking about the first CVE. The second one affects 1.1 too.
Thankfully I can't imagine anyone using AES-OCB.
As a non-crypto-nerd: How viable is it to make a “safe” OpenSSL, which just doesn’t support all the cipher modes (?) that the HN crowd would mock me for accidentally using?
OpenSSL > Forks: https://en.wikipedia.org/wiki/OpenSSL#Forks
TLS 1.3 specifies which curves and ciphers: https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1...
(IDK what the TLS (and FIPS) PQ Algo versioning plans are: 1.4, 2.0?)
Mozilla [Open]SSL Config generator: https://ssl-config.mozilla.org/
Axial Higgs mode spotted in materials at room temperature (2022)
From the article "Axial Higgs mode spotted in materials at room temperature" https://physicsworld.com/a/axial-higgs-mode-spotted-in-mater... :
> The two pathways of interest to the team were the excitation of a Higgs mode with no intrinsic angular momentum and the excitation of an axial Higgs mode. By varying the polarization of the incoming laser light and the polarization of the detected light, the team was able to observe this interference and confirm the existence of the axial Higgs mode in the material. What is more, the observations were made a room temperature, whereas most other quantum phenomena can only be seen at very low temperatures.
> The team now hopes that their relatively simple experimental approach could be used to identify axial Higgs modes in other materials including superconductors, magnets, and ferroelectrics. This could prove useful for future technologies because materials containing axial Higgs modes could be used as quantum sensors. And because the mathematics of the axial Higgs mode is analogous to that used in particle physics, studying the quasiparticles could provide clues for what lies beyond the Standard Model of particle physics.
- [x] Room temperature quantum experiment
- [x] Superfluidity (see also Superfluid Quantum Gravity)
- [x] Angular momentum
"https://cosmosmagazine.com/science/new-particle-higgs-axial-... :
> “The detection of the axial Higgs was predicted in high-energy particle physics to explain dark matter. However, it has never been observed. Its appearance in a condensed matter system was completely surprising and heralds the discovery of a new broken symmetry state that had not been predicted.
> “Unlike the extreme conditions typically required to observe new particles, this was done at room temperature in a tabletop experiment where we achieve quantum control of the mode by just changing the polarisation of light.”
> Burch believes the simple setup provides opportunities for using similar experiments in other areas. “Many of these experiments were performed by an undergraduate in my lab,” he says. “The approach can be straightforwardly applied to the quantum properties of numerous collective phenomena, including modes in superconductors, magnets, ferroelectrics and charge density waves. Furthermore, we bring the study of quantum interference in materials with correlated and/or topological phases to room temperature, overcoming the difficulty of extreme experimental conditions.”
"Axial Higgs mode detected by quantum pathway interference in RTe3" (2022) https://www.nature.com/articles/s41586-022-04746-6
> [...] Here we discover an axial Higgs mode in the CDW system RTe3 using the interference of quantum pathways. In RTe3 (R = La, Gd), the electronic ordering couples bands of equal or different angular momenta4,5,6. As such, the Raman scattering tensor associated with the Higgs mode contains both symmetric and antisymmetric components, which are excited via two distinct but degenerate pathways. This leads to constructive or destructive interference of these pathways, depending on the choice of the incident and Raman-scattered light polarization.
New study shows highly creative people’s brains work differently from others'
Creativity #Neuroscience https://en.wikipedia.org/wiki/Creativity#Neuroscience
awesome-ideation-tools in re: neuroimaging https://github.com/zazaalaza/awesome-ideation-tools
/? creativity forgetting rate and instability in the brain: https://www.google.com/search?q=creativity+forgetting+rate+a...
Catastrophic interference is proposed as one cause of maybe pathological forgetting in the brain. This forgetting in the brain may be strongly linked with creativity. Are there links to hippocampal neurogenesis?
Catastrophic interference > Proposed solutions > Orthogonality: https://en.wikipedia.org/wiki/Catastrophic_interference :
> Input vectors are said to be orthogonal to each other if the pairwise product of their elements across the two vectors sum to zero. For example, the patterns [0,0,1,0] and [0,1,0,0] are said to be orthogonal because (0×0 + 0×1 + 1×0 + 0×0) = 0. One of the techniques which can create orthogonal representations at the hidden layers involves bipolar feature coding (i.e., coding using -1 and 1 rather than 0 and 1). [10] Orthogonal patterns tend to produce less interference with each other. However, not all learning problems can be represented using these types of vectors and some studies report that the degree of interference is still problematic with orthogonal vectors. [2]
Visualizing quantum mechanics in an interactive simulation
See a full description of the simulation software at:
https://www.spiedigitallibrary.org/journals/optical-engineer...
Practical and neat. It says TypeScript and "optical table"? Where are the sources? https://lab.quantumflytrap.com/lab
"Visualizing quantum mechanics in an interactive simulation – Virtual Lab by Quantum Flytrap" Optical Engineering (2022) https://www.spiedigitallibrary.org/journals/optical-engineer... :
> Abstract: Virtual Lab by Quantum Flytrap is a no-code online laboratory of an optical table, presenting quantum phenomena interactively and intuitively. It supports a real-time simulation of up to three entangled photons. Users can place typical optical elements (such as beam splitters, polarizers, Faraday rotators, and detectors) with a drag-and-drop graphical interface. Virtual Lab operates in two modes. The sandbox mode allows users to compose arbitrary setups. Quantum Game serves as an introduction to Virtual Lab features, approachable for users with no prior exposure to quantum mechanics. We introduce visual representation of entangled states and entanglement measures. It includes interactive visualizations of the ket notation and a heatmap-like visualization of quantum operators. These quantum visualizations can be applied to any discrete quantum system, including quantum circuits with qubits and spin chains. These tools are available as open-source TypeScript packages – Quantum Tensors and BraKetVue. Virtual Lab makes it possible to explore the nature of quantum physics (state evolution, entanglement, and measurement), to simulate quantum computing (e.g., the Deutsch-Jozsa algorithm), to use quantum cryptography (e.g., the Ekert protocol), to explore counterintuitive quantum phenomena (e.g., quantum teleportation and the Bell inequality violation), and to recreate historical experiments (e.g., the Michelson–Morley interferometer).
Quantum-Flytrap/quantum-tensors https://github.com/Quantum-Flytrap/quantum-tensors :
> A TypeScript package for sparse tensor operations on complex numbers in your browser - for quantum computing, quantum information, and interactive visualizations of quantum physics.
Quantum-Flytrap/bra-ket-vue https://github.com/Quantum-Flytrap/bra-ket-vue :
> An interactive visualizer for quantum states and matrices.
#Q12 /? q12 quantum: https://www.google.com/search?q=q12+quantum
This is pretty cool - quantum behavior is really not intuitive and being able to play with it helps clarify it
I do wish each level had more explanation about the concept it's teaching. You can figure things out if you know a small amount about how quantum mechanics work (like knowing once you measure something the superposition collapses) but the game would be a better teaching tool if there were explanations before/after you complete a level
For people interested in QM but without a physics/math background Carlo Rovelli has a book called Helgoland that explains a lot of the basics in a non-technical way
> if you know a small amount about how quantum mechanics work (like knowing once you measure something the superposition collapses)
FWIU it's possible to infer from nearby particles without incurring Heisenberg (and/or Bell's?) with Quantum Tagging?
"Helgoland" (2020) https://g.co/kgs/wZXRKQ
The other day I found a quantum circuit puzzle game called "QuantumQ" that has you add a Hadamard gate - statistical superposition - without requiring really any QM at all; which may imply that applied EA could solve the defined problems.
ray-pH/quantumQ: https://github.com/ray-pH/quantumQ
Quantum logic gate https://en.wikipedia.org/wiki/Quantum_logic_gate #Hadamard_gate
Show HN: CSVFiddle – Query CSV files with DuckDB in the browser
By no means am I crapping on what you've created — it looks great, and I've always wanted to try DuckDB and now you've made a frictionless entrypoint — just wanted to point out in general that querying CSV with SQL is more accessible than some people might have assumed. e.g. here's a recent TIL blogpost from Simon Willison about him discovering how to do sqlite queries against CSV from the command line: https://til.simonwillison.net/sqlite/one-line-csv-operations
One suggestion I would make: the Uber trips data is interesting, but might be too big for this demo? I was getting a few loading errors when trying it (didn't investigate where in the process the bottleneck was though)
On HN: "One-liner for running queries against CSV files with SQLite" https://news.ycombinator.com/item?id=31824030
A fast in-place interpreter for WebAssembly
Wizard: An advanced WebAssembly Engine for Research - https://github.com/titzer/wizard-engine
- [ ] SIMD? https://github.com/titzer/wizard-engine/search?q=simd
Wizard supports parsing and typechecking of SIMD instructions (passing all the spec tests for them) but no interpreter implementation yet, so it can't execute them. Help wanted :)
One-liner for running queries against CSV files with SQLite
SQLite's virtual table API (https://www.sqlite.org/vtab.html) makes it possible to access other data structures through the query engine. You don't need to know much if anything about how the database engine executes queries, you only need to implement the callbacks it needs to do its job. A few years ago I wrote an extension to let me search through serialized Protobufs which were stored as blobs in a regular database.
And in fact there is a CSV virtual table available from SQLite but it's not built in the normal client: https://www.sqlite.org/csv.html
It really should be, as the code is tiny and this functionality is not overly exotic.
In my experience [1], the CSV virtual table was really slow. Doing some analysis on a 1,291 MB file, a query took 24.7 seconds using the virtual table vs 3.4 seconds if you imported the file first.
The CSV virtual table source code is a good pedagogical tool for teaching how to build a virtual table, though.
[1]: https://cldellow.com/2018/06/22/sqlite-parquet-vtable.html
https://github.com/liquidaty/zsv/blob/main/app/external/sqli... modifies the sqlite3 virtual table engine to use the faster zsv parser. have not quantified the difference, but in all tests I have run, `zsv sql` runs faster (sometimes much faster) than other sqlite3-on-CSV solutions mentioned in this entire discussion (unless you include those that cache their indexes and then measure against a post-cached query). Disclaimer: I'm the main zsv author
What are the differences between the zsv and csv parsers?
Is csvw with linked data URIs also doable?
Not sure what you mean by csvw. But, zsvlib is a CSV parser, and zsv is a CLI that uses zsvlib. zsv also uses the sqlite3 vtable based on the example in the original sqlite3 code, but it modifies it to use the zsvlib parser instead of the original CSV parser. The zsv parser is different from most CSV parsers in how it uses SIMD operations and minimizes memory copying. zsvlib parses CSV based on the same spec that Excel implements, so having data URIs in the CSV is fine, but if you wanted a compound value (e.g. text + link), you would need to overlay your own structure into the CSV text data (for example, embed JSON inside a column of CSV data). Not sure that answers your question but if not, feel free to add further detail and I'll try again...
## /? sqlite arrow
- "Comparing SQLite, DuckDB and Arrow with UN trade data" (2021) https://news.ycombinator.com/item?id=29010103 ; partial benchmarks of query time and RAM requirements [relative to data size] would be
- "Introducing Apache Arrow Flight SQL: Accelerating Database Access" (2022) https://arrow.apache.org/blog/2022/02/16/introducing-arrow-f... :
> Motivation: While standards like JDBC and ODBC have served users well for decades, they fall short for databases and clients which wish to use Apache Arrow or columnar data in general. Row-based APIs like JDBC or PEP 249 require transposing data in this case, and for a database which is itself columnar, this means that data has to be transposed twice—once to present it in rows for the API, and once to get it back into columns for the consumer. Meanwhile, while APIs like ODBC do provide bulk access to result buffers, this data must still be copied into Arrow arrays for use with the broader Arrow ecosystem, as implemented by projects like Turbodbc. Flight SQL aims to get rid of these intermediate steps.
## "The Virtual Table Mechanism Of SQLite" https://sqlite.org/vtab.html :
> - One cannot create a trigger on a virtual table.
Just posted about eBPF a few days ago; opcodes have costs that are or are not costed: https://news.ycombinator.com/item?id=31688180
> - One cannot create additional indices on a virtual table. (Virtual tables can have indices but that must be built into the virtual table implementation. Indices cannot be added separately using CREATE INDEX statements.)
It looks like e.g. sqlite-parquet-vtable implements shadow tables to memoize row group filters. How does JOIN performance vary amongst sqlite virtual table implementations?
> - One cannot run ALTER TABLE ... ADD COLUMN commands against a virtual table.
Are there URIs in the schema? Mustn't there thus be a meta-schema that does e.g. nested structs with portable types [with URIs], (and jsonschema, [and W3C SHACL])? #nbmeta #linkedresearch
## /? sqlite arrow virtual table
- sqlite-parquet-vtable reads parquet with arrow for SQLite virtual tables https://github.com/cldellow/sqlite-parquet-vtable :
$ sqlite/sqlite3
sqlite> .eqp on
sqlite> .load build/linux/libparquet
sqlite> CREATE VIRTUAL TABLE demo USING parquet('parquet-generator/99-rows-1.parquet');
sqlite> SELECT * FROM demo;
//
sqlite> SELECT * FROM demo WHERE foo = 123;
sqlite> SELECT * FROM demo WHERE foo = '123'; // incurs a severe query plan performance regression without immediate feedback
`EXPLAIN QUERY PLAN` https://www.sqlite.org/eqp.html :
> The EXPLAIN QUERY PLAN SQL command is used to obtain a high-level description of the strategy or plan that SQLite uses to implement a specific SQL query. Most significantly, EXPLAIN QUERY PLAN reports on the way in which the query uses database indices. This document is a guide to understanding and interpreting the EXPLAIN QUERY PLAN output. [...] Table and Index Scans [...] Temporary Sorting B-Trees (when there's not an `INDEX` for those columns) ... `.eqp on`
The SQLite "Query Planner" docs https://www.sqlite.org/queryplanner.html list Big-O computational complexity bound estimates for queries with and without prexisting indices.
## database / csv benchmarks
Show HN: Easily Convert WARC (Web Archive) into Parquet, Then Query with DuckDB
How does this compare with SQLite approaches shared recently?
Well there's a virtual table extension to read parquet files in SQLite. I've not tried it myself. https://github.com/cldellow/sqlite-parquet-vtable
Could this work with datasette (which is a flexible interface to sqlite with a web-based query editor)?
It appears so: https://github.com/simonw/datasette/issues/657
Bundling binary tools in Python wheels
The Python wheel "ecosystem" is rather nice these days. You can create platform wheels and bundle in shared objects and binaries compiled for those platforms, automated by tools like auditwheel (Linux) and delocate-wheel (OSX). These tools even rewrite the wheel's manifest and update the shared object RPATH values and mangle the names to ensure they don't get clobbered by stuff in the system library path. The auditwheel tool converts a "linux" wheel into a "manylinux" wheel which is guaranteed by the spec to run on certain minimum Linux kernels.
Wheels are merely zips with a different extension, so worst case for projects where these automation tools fail you you can do it yourself. You simply need to be careful to update the manifest and make sure shared objects are loaded in the correct order.
On the user side, a `pip install` should automatically grab the relevant platform wheel from pypi.org, or, if there is not one available, fall back to trying to compile from source. With PEP 517 this all happens in a reproduceable, isolated build environment so if you manage to get it building on your CI pipeline it is likely to work on the end user's machine.
I'm not sure what the state of wheels on Windows is these days. Is it possible to bundle DLLs in Windows wheels and have it "just work" the way it does for (most) Linux distros and OSX?
FWICS, wheel has no cryptographic signatures at present:
The minimal cryptographic signature support in the `wheel` reference implementation was removed by dholth;
The GPG ASC signature upload support present in legacy PyPI and then the warehouse was removed by dstufft;
"e2e" TUF is not yet implemented for PyPI, which signs everything uploaded with a key necessarily held in RAM; but there's no "e2e" because packages aren't signed before being uploaded to PyPI. Does twine download and check PyPI's TUF signature for whatever was uploaded?
I honestly haven't looked at conda's fairly new package signing support yet.
FWIR, in comparison to legacy python eggs with setup.py files, wheels aren't supposed to execute code as the user installing the package.
From https://news.ycombinator.com/item?id=30549331 :
https://github.com/pypa/cibuildwheel :
>>> Build Python wheels for all the platforms on CI with minimal configuration.
>>> Python wheels are great. Building them across Mac, Linux, Windows, on multiple versions of Python, is not.
>>> cibuildwheel is here to help. cibuildwheel runs on your CI server - currently it supports GitHub Actions, Azure Pipelines, Travis CI, AppVeyor, CircleCI, and GitLab CI - and it builds and tests your wheels across all of your platforms
You're right, both the infrastructure and metadata for cryptographic signatures on Python packages (both wheels and sdists) isn't quite there yet.
At the moment, we're working towards the "e2e" scheme you've described by adding support for Sigstore[1] certificates and signatures, which will allow any number of identities (including email addresses and individual GitHub release workflows) to sign for packages. The integrity/availability of those signing artifacts will in turn be enforced through TUF, like you mentioned.
You can follow some of the related Sigstore-in-Python work here[2], and the ongoing Warehouse (PyPI) TUF work here[3]. We're also working on adding OpenID Connect token consumption[4] to Warehouse itself, meaning that you'll be able to bootstrap from a trusted GitHub workflow to a PyPI release token without needing to share any secrets.
[1]: https://www.sigstore.dev/
[2]: https://github.com/sigstore/sigstore-python
Quantum Algorithm Implementations for Beginners
See the “Quantum Algorithm Zoo” for a comprehensive list of quantum algorithms.
https://quantumalgorithmzoo.org/
Massive amounts of work is needed to make these comprehensible.
> Tequila is an Extensible Quantum Information and Learning Architecture where the main goal is to simplify and accelerate implementation of new ideas for quantum algorithms. It operates on abstract data structures allowing the formulation, combination, automatic differentiation and optimization of generalized objectives. Tequila can execute the underlying quantum expectation values on state of the art simulators as well as on real quantum devices.
https://github.com/tequilahub/tequila#quantum-backends
Quantum Backends currently supported by tequilahub/tequila: Qulacs, Qibo, Qiskit, Cirq (SymPy), PyQuil, QLM / myQLM
tequila-tutorials/Quantum_Calculator.ipynb https://github.com/tequilahub/tequila-tutorials/blob/main/Qu... :
> Welcome to the Tequila Calculator Tutorial. In this tutorial, you will learn how to create a quantum circuit that simulates addition using Tequila. We also compare the performance of various backends that Tequila uses.
A problem that could possibly be quantum-optimized and an existing set of solutions: Scheduling
Optimize the scheduling problem better than e.g. SLURM and then generate a sufficient classical solution that executes in P-space on classical computers.
SLURM https://en.wikipedia.org/wiki/Slurm_Workload_Manager :
> Slurm uses a best fit algorithm based on Hilbert curve scheduling or fat tree network topology in order to optimize locality of task assignments on parallel computers.[2]
Additional applications and use cases: "Employee Scheduling" > "Ask HN: What algorithms should I research to code a conference scheduling app" https://news.ycombinator.com/item?id=22589911
> [Hilbert Curve Scheduling] https://en.wikipedia.org/wiki/Hilbert_curve_scheduling :
> [...] the Hilbert curve scheduling method turns a multidimensional task allocation problem into a one-dimensional space filling problem using Hilbert curves, assigning related tasks to locations with higher levels of proximity.[1] Other space filling curves may also be used in various computing applications for similar purposes.[2]
How to create a dashboard in Python with Jupyter Notebook
Surprised I hadn't heard of mplfinance. Similar code for econometric charts with bands and an annotation table with dated events would be useful and probably already exists somewhere. Maybe Predictive Forecasting libraries for time series already have something that could be factored out into a maintained package for such common charts? E.g. seaborn has real nice confidence intervals with matplotlib, too; though the matplotlib native color schemes are colorblind-friendly: "Perceptually Uniform Sequential colormaps" https://matplotlib.org/3.5.0/tutorials/colors/colormaps.html
awesome-jupyter > Rendering/Publishing/Conversion https://github.com/markusschanta/awesome-jupyter#renderingpu... :
> ContainDS Dashboards - JupyterHub extension to host authenticated scripts or notebooks in any framework (Voilà, Streamlit, Plotly Dash etc)
IIRC, ContainDS and Voila spawn per-dashboard and/or per-user Jupyter kernels with JupyterHub Spawners and Authenticators; like Binderhub ( https://mybinder.org/ ) but with required login and without repo2docker?
Streamlit lists Bokeh, Jupyter Voila, Panel, and Plotly Dash as Alternative dashboard approaches: https://github.com/MarcSkovMadsen/awesome-streamlit#alternat...
Says here that mljar/mercury is dual-licensed AGPL: https://github.com/mljar/mercury
From the readme I can't tell what powers the cited REST API functionality. From setup.py > mercury/requirements.txt it's DRF: Django REST Framework. https://github.com/mljar/mercury/blob/main/mercury/requireme...
E.g. BentoML is built on FastAPI which is async (sanic) and built by the DRF people, but FastAPI doesn't yet have the plethora of packages with tests/ supported by the Django community and DSF Django Software Foundation.
The REST API functionality allows to execute the notebook by POST request. It is powered by DRF. You can read more in the docs https://mercury-docs.readthedocs.io/en/latest/notebook-as-re...
The Y Combinator in Go with generics
I admire how someone passionate about a subject can provide in-depth explanation of _how_ that thing works. But to me, I still have absolutely no idea _why_ or _when_ I would need to apply this (even after reading the original post[0]). A motivating practical example would go a long way as an introduction before getting into the nitty-gritty details.
[0] https://eli.thegreenplace.net/2016/some-notes-on-the-y-combi...
The problem is marrying two ideas: lambda calculus (where all computation is done implicitly via anonymous functions), and recursion (where some set of functions call each other by name in a cycle).
This is a bit more interesting than it looks because ostensibly you're using the name of a function in its definition before that name ever has a meaning -- you're not really saying that you should literally call that symbol, but that the compiler should produce a function according to some set of rules that fills in the self references.
That doesn't work in lambda calculus though, where definitions are concrete and you don't have compiler magic to resolve the undefined symbol in your definition. A solution is to pass some function to itself as an argument, and you have a code pattern that goes along with it (the Y combinator).
This retains some "usefulness" in the sense that lambda calculus is still being explored for various purposes as a foundation for other things, and also in that languages based on that line of thought might benefit from using that structure explicitly. If you have some sort of syntactic sugar for recursion in your language of choice though and don't care about foundations then it's probably not very applicable.
Thanks, that helps a bit. So I get the what: a way to make an anonymous function recursive. As for the why, it seems to me it's because "lambda calculus doesn't have named functions." So this tells me this is a programming language design concern, as opposed to a pattern that can be used in everyday programming. Based on this, providing examples of how to implement a Y combinator in Clojure, Python, and Go is of questionable value IMO. And that's OK, since a lot of things we do don't need to have practical value (e.g. learning, understanding, etc).
Even if it doesn't have value for everyday programming, translating it into Clojure/Python/Go/whatever can make it easier to understand. Most explanations I've seen of the Y combinator just work in lambda calculus, which I at least find somewhat difficult to read; translating it into a more familiar language can make it easier to understand.
Fixed-point combinator > Y Combinator, Implementations in other languages: https://en.wikipedia.org/wiki/Fixed-point_combinator
Y-combinator in like 100 languages: https://rosettacode.org/wiki/Y_combinator #Python
Show HN: Pixie, open source observability for Kubernetes using eBPF
"Sysdig and Falco now powered by eBPF" too; https://sysdig.com/blog/sysdig-and-falco-now-powered-by-ebpf...
- "Linux Extended BPF (eBPF) Tracing Tools" https://www.brendangregg.com/ebpf.html lists eBPF commands, [CLI] frontends, relevant kernel components
- awesome-ebpf#manual-pages https://github.com/zoidbergwill/awesome-ebpf links to the kernel eBPF docs
- eBPF -> BPF Berkeley Packet Filter: https://en.wikipedia.org/wiki/Berkeley_Packet_Filter :
> Extensions & optimizations: Since version 3.18, the Linux kernel includes an extended BPF virtual machine with ten 64-bit registers, termed extended BPF (eBPF). It can be used for non-networking purposes, such as for attaching eBPF programs to various tracepoints.[5][6][7] Since kernel version 3.19, eBPF filters can be attached to sockets,[8][9] and, since kernel version 4.1, to traffic control classifiers for the ingress and egress networking data path.[10][11] The original and obsolete version has been retroactively renamed to classic BPF (cBPF). Nowadays, the Linux kernel runs eBPF only and loaded cBPF bytecode is transparently translated into an eBPF representation in the kernel before program execution.[12] All bytecode is verified before running to prevent denial-of-service attacks. Until Linux 5.3, the verifier prohibited the use of loops.
- ... EVM/eWASM opcodes have a cost in gas/particles; https://github.com/crytic/evm-opcodes ... (dlt) Dataset indexing curation signals & incentives
"Tracing in Kubernetes: kubectl capture plugin." https://sysdig.com/blog/tracing-in-kubernetes-kubectl-captur...
kubectl-capture: https://github.com/sysdiglabs/kubectl-capture.git
Is it possible to do this sort of low level distributed tracing with Pixie e.g. conditionally when a pattern expression matches?
Pixie contributor here. Lots of great eBPF resources there!
For the question of whether it's possible to trace conditionally when a pattern expression matches, Pixie's philosophy is to trace everything and then allow you to use the querying language (called PxL) to query for the conditions you were looking for. The idea is that you may not know what you should have been looking for until you need to troubleshoot.
To be able to drop into an (e.g. rr) debugger on condition (e.g. by replicating that node's state ~State Share ) might result in a less appropriately comprehensive automated test suite, or faster tests?
Looks like Jaeger (Uber contributed to CNCF) supports OpenTracing, OpenTelemetry, and exporting stats for Prometheus. https://github.com/cncf/landscape
Implementing strace in Rust
awesome-ebpf lists a few ebpf libs for rust; it looks like there are a few ~strace+ebpf tools: https://github.com/zoidbergwill/awesome-ebpf
Gitsign
Src: https://github.com/sigstore/gitsign
> Keyless Git signing with Sigstore!
> This is heavily inspired by [github/smimesign], but uses keyless Sigstore to sign Git commits with your own GitHub / OIDC identity
Physicists discover never-before seen particle sitting on a tabletop
Imagine the claim is justified, and pools of quantum fluids can transition into a phase that is decoupled from electromagnetic fields, and become dark matter. It would still be baryonic and would become ordinary matter just by heat. We don't have a lot of experience with what happens when quantum mechanical effects expand to a cosmological scale. Who would be surprised to find new physics there.
TIL about (models of) Superfluid Quantum Gravity: https://news.ycombinator.com/item?id=31377395 https://westurner.github.io/hnlog/#comment-31383784
> How is "GR on Bernoulli", GM cannot describe n*x*oo more precisely than oo, and Conway's surreal infinities aren't good axioms either (for GR or for QM with (chaotic) fluids which perhaps need either infinities plural or superfluid QG (instead of QFT fwics); not making sense?
Is this coherent after so much constructive interference in fluids?
The case for expanding rather than eliminating gifted education programs (2021)
>I agree that it is unacceptable to have eighth grade Algebra I classes and gifted education programs that disproportionately exclude Black and brown children. But if equity is the goal, we should be mandating that every eighth grader takes Algebra I—and then structure the entire pre-K to seventh grade student experience to ensure this is a legitimate possibility for every child. Since when does equity mean everyone gets nothing?
I don't know whether Algebra I is above or below what eighth graders can be expected to do, but raising the difficulty of every class to what the most advanced student is capable of is not the answer either. Everybody knows someone else that is better at math than they are, and someone who is not as good. It is universal common knowledge that the ease with which one takes to math is different for different people. Why can't we just admit it and quit trying to make people who are unique the same?
Subject categories such as "math" are also very broad. I struggled with math in elementary school, because it was mostly about memorization. 3 + 5 = 8. 6 x 7 = 42. Learning and being able to spit out those facts as quickly and flawlessly as possible was most of what I remember about math as a young kid. I was never good at that. I still am not good at that. I got Cs and sometimes lower grades in math.
Somehow, though, I passed a test in 7th grade to qualify to take algebra in 8th grade. Suddenly stuff started making sense, and I could see a point to it. You could actually solve an interesting problem. It wasn't just regurgitation of facts. It became more about thinking and connecting concepts and even being creative. I started getting As in math, and continue to do well in High School with geometry, trig, and calculus, but up until algebra was introduced I would certainly not have demonstrated a gifted ability in "math".
You struggled with math in elementary school because of deeply flawed teaching. Even at that early age, it's not hard to understand that "3 + 5 = 8" is not something that you'd need to literally memorize. Of course, the fact that teaching quality can vary to such an extent is itself noteworthy.
I don't think I agree. 3 + 5 = 8 isn't something you need to literally memorize, but if you don't memorize such facts of basic arithmetic you're at a disadvantage when it comes to doing homework and tests. It's easier and less error-prone to memorize 8*7 than it is to work it out manually every time you see it until it sticks.
For what it's worth, I struggled with math in elementary school and especially high school -- I failed algebra I, then passed it with a D; then I failed algebra II before passing it* with a D. It wasn't until I was forced to take a business calculus class in my 20s that it started clicking, and I assure you the quality of instruction wasn't any better at the college level than it was in high school. (I did eventually graduate with honors with a math degree.)
Agreed. It does need memorization. Anyone who don't think so can try to add and multiply in hexadecimal, what is 0xA + 0xC and what is 0x8 * 0x6? It becomes quite obvious memorization is required when you try it in any other radix other than decimal(which is memorized already).
It might be quite obvious that memorization is convenient, but 'required' means "you can't do it any other way" and that's obviously incorrect.
IDK why we'd assume that there's a different cognitive process for learning mathematics with radix 10 than with radix 16?
Mathematics_education#Methods https://en.wikipedia.org/wiki/Mathematics_education#Methods :
> [...] Rote learning: the teaching of mathematical results, definitions and concepts by repetition and memorisation typically without meaning or supported by mathematical reasoning. A derisory term is drill and kill. In traditional education, rote learning is used to teach multiplication tables, definitions, formulas, and other aspects of mathematics.
I think they mean that it is very useful to “cache” these primitive results, but it is absolutely possible to regenerate them if one is missing or the like.
Beautiful Soup
I found lxml.html a lot easier to work with than bs4, in case that helps anyone else.
On the off chance you were not aware, bs4 also supports[0] getting parse events from html5lib[1] which (as its name implies) is far more likely to parse the text the same way the browser would
0: https://www.crummy.com/software/BeautifulSoup/bs4/doc/index....
BeautifulSoup is an API for multiple parsers https://beautiful-soup-4.readthedocs.io/en/latest/#installin... :
BeautifulSoup(markup, "html.parser")
BeautifulSoup(markup, "lxml")
BeautifulSoup(markup, "lxml-xml")
BeautifulSoup(markup, "xml")
BeautifulSoup(markup, "html5lib")
(EDIT: Is xml/html5 a good format for data serialization? defusedxml ... Simdjson, Apache arrow.js)
I was curious, so I tried that performance test you linked to on my machine with the various parsers:
==== Total trials: 100000 =====
bs4 lxml total time: 110.9
bs4 html.parser total time: 87.6
bs4 lxml-xml total time: 0.5
bs4 xml total time: 0.5
bs4 html5lib total time: 103.6
pq total time: 8.7
lxml (cssselect) total time: 8.8
lxml (xpath) total time: 5.6
regex total time: 13.8 (doesn't find all p)
You want a proper html 5 parser that can handle non valid documents. And the fastest one is https://github.com/kovidgoyal/html5-parser over 30x faster than html5lib
Formal methods only solve half my problems
From "Discover and Prevent Linux Kernel Zero-Day Exploit Using Formal Verification" https://news.ycombinator.com/item?id=30194993 :
> Can there still be side channel attacks in formally verified systems? Can e.g. TLA+ help with that at all?
Side-channel attack https://en.wikipedia.org/wiki/Side-channel_attack
Yes, there can still be side-channel and out-of-band attacks in FV systems. For example, pouring water into the server rack. That’s a cheeky example, but things like timing side-channels via speculative execution and cache hits wouldn’t be addressed by FV at the software level. I think there is some ongoing research for verifying software/hardware interactions but I’m not aware of a product in widespread use that checks this.
The use of constant-time algorithms for crypto is a way to mitigate things like timing side-channels, and there are other techniques like disabling hyper-threading that can help.
The depressing fact is that side channels exist any time there’s a shared computing resource. The question is how noisy the channel is, the data rate, etc.
It might be argued that side channels exist whenever there is a shared channel; which is always, because plenoptic functions, wave function, air gap, ram bus mhz, nonlocal entanglement
Category:Side-channel attacks https://en.wikipedia.org/wiki/Category:Side-channel_attacks
Show HN: An open source alternative to Evernote (Self Hosted)
For me, Evernote’s killer feature is automatic OCR. (Subs that I can just upload a doc through my phone’s camera).
It looks like this doesn’t have that, unfortunately.
Noted! I'll see if this feature can be added.
https://www.elastic.co/guide/en/elasticsearch/plugins/curren... :
> [Teh ElasticSearch Core Ingest Attachment Processor Plugin]: The ingest attachment plugin lets Elasticsearch extract file attachments in common formats (such as PPT, XLS, and PDF) by using the Apache text extraction library Tika.
> The source field must be a base64 encoded binary. If you do not want to incur the overhead of converting back and forth between base64, you can use the CBOR format instead of JSON and specify the field as a bytes array instead of a string representation. The processor will skip the base64 decoding then
Apache Tika supported formats > Images > TesseractOCR: https://tika.apache.org/2.4.0/formats.html https://tika.apache.org/2.4.0/formats.html#Image_formats :
> When extracting from images, it is also possible to chain in Tesseract, via the TesseractOCRParser, to have OCR performed on the contents of the image.
/? Meilisearch "ocr" GitHub;
Looks like e.g. paperbase (agpl) also implements ocr with tesseractocr: https://docs.paperbase.app/
tesseract-ocr/tesseract https://github.com/tesseract-ocr/tesseract
/? https://github.com/awesome-selfhosted/awesome-selfhosted#sea... ctrl-f "ocr"
Would be good to have:
- Search results on a timeline indicating search match occurrence frequency; ability to "zoom in" or "drill down"
- "Find more like these" that prepopulates a search query form
- "Find more like these" that mutates the query pattern and displays the count for each original and mutated query along with the results; with optional optimization
The name needs to change.
This tool commits the cardinal sin of choosing a name GitSomething, where Git is only incidental to the domain that the product is concerned with (notetaking) and which is made worse by being yet another project that says "Git" where what it means is "we're using the GitHub API".
> You may not use the Marks in the following ways:
...
> In any way that indicates that Git favors one distribution, platform, product, etc. over another except where explicitly indicated in writing by Conservancy.
...
> In addition, you may not use any of the Marks as a syllable in a new word or as part of a portmanteau (e.g., "Gitalicious", "Gitpedia") used as a mark for a third-party product or service without Conservancy's written permission. For the avoidance of doubt, this provision applies even to third-party marks that use the Marks as a syllable or as part of a portmanteau to refer to a product or service's use of Git code.
http://git-scm.com/about/trademark
> Let's say as an example that it does backups. We'd prefer it not call itself GitBackups. We don't endorse it, and it's just using the name to imply association that isn't there. You can come up with similar hypotheticals: GitMail that stores mailing list archives in Git, or GitWiki that uses Git as a backing store.
https://public-inbox.org/git/20170202022655.2jwvudhvo4hmueaw...
What's also notable is that it conflicts with what is permitted: 'Commands like "git-foo" (so you run it as "git foo") are generally OK. This is Git's well-known extension mechanism[...]' When "git-foo" exists, we've approved "Git Foo" as a matching project name'. This combined with the fact that Git itself already ships with the "git-notes" command baked right in...
How do GitHub and Gitlab get away with this? Have they been given permission by Conservancy? Or are they in violation?
IIRC GitHub, (BitBucket), and GitLab existed before this new (license-addendum?) Trademark policy; but may be wrong. Which is to say that I don't recall there having been such a trademark policy at the time. Isn't it actually the "Old BSD License" that retains the "may not spaketh the name" clause?
(Bitcoin is also originally a LF project; in Git, like BitTorrent, and similar to BitGold only in name, for a reason. Bitcoin initially lacked a Foundation to hold trademarks, in particular.)
The choosealicense.com table of licenses in the appendix is a service of GitHub, and GitLab also donates free CI build runner minutes for Open Source projects: https://choosealicense.com/appendix/#trademark-use :
> Trademark use
> This license explicitly states that it does NOT grant trademark rights, even though licenses without such a statement probably do not grant any implicit trademark rights.
> IIRC GitHub, (BitBucket), and GitLab existed before this new (license-addendum?) Trademark policy
Trademarks are like copyright licenses where if you haven't been given explicit permission, then you don't have any. (The difference is that you can lose your trademark if you don't actively police misuse, but that's beside the point.)
Trademark > Registration: https://en.wikipedia.org/wiki/Trademark#Registration
Speak in complete sentences.
How are you using your whiteboard at home?
"How to teach technical concepts with cartoons" https://news.ycombinator.com/item?id=15575411 https://westurner.github.io/hnlog/#story-15574890 :
> I learned about visual thinking and visual metaphor in application to business communications from "The Back of the Napkin: Solving Problems and Selling Ideas with Pictures" [ https://www.danroam.com/my-books ]
California parents could soon sue for social media addiction
Creating regulations like this may end up acting as a regulatory moat for existing social network companies. This probably makes the overall social media pie smaller overall but guarantees incumbents slice of the pie.
We've seen this happen in other highly regulated areas such as healthcare, telecommunications, etc.
I suspect the way things are trending, in 10 years, very few entrepreneurs would be willing to start a new social media company.
Clearly the regulators see this as a potential downside, which is why the $100 million in gross revenue provision was added.
On the other hand, we want to prevent new companies forming on the premise they can make money from gamifying their product so much it becomes addictive. Now, addictiveness has to have some definition to be useful. It can't be some odd random user who suffers from some kind of condition that prevents them from self-regulating their particular addiction whereas for example other people don't get addicted. There have to be some thresholds and milestones which indicate some service is "addictive" and then regulate against that.
I think when companies consult with behavioral, and other, psychologists in order to craft better ways to wring more engagement out of their users, those companies are intentionally making their products addictive. I don't see it as being much different than exploiting the addictive potential of new nicotine salts, or exploiting additives to cigarettes to do the same.
It can be spun however anyone wants to spin it, but at the end of the day, that's exploiting biology to subvert the will of others. And yes, I know this can describe advertising, as well.
Agreed. This is why the "metaverse" needs oversight as well. It will be a new frontier ripe for gamification, explication and general behavioral control.
No, every business optimizes yield.
Smart businesses optimize UX for conversion. FREE with no revenue is loss.
What's next? Suing vegas for the lights? You don't want to gamble? Don't go to Vegas.
They already have "How much time have I spent in here?" features.
You may not optimize yield because the children are compulsive addictive and it's the internet's fault.
What's next? Suing the bar for allowing you to spend time there? You'll have to make it more unbearable.
Just do a little more censorship for me too, mmkay?
How about the movies? Are they allowed to optimize for engagement by screen testing, or no?
It's not Art it's Ari: You want to sell an art film? Take it to an art film festival.
How are they supposed to know that you don't want to be in the store anymore?
So, just {Facebook,} has to have a timer at the top? Above the fold? Indicating cumulative time spent? What about Amazon?
For context here, there are many existing methods for limiting ones access to certain DNS domains and applications at the client. A reasonable person can:
- Add an /etc/hosts file entry: `etchosts='/etc/hosts' echo '127.0.0.1 domain.com www.domain.com' >> "${etchosts}`
- Install a browser extension for limiting time spent by domain
- Buy a router that can limit access by DNS domain and time of day (with regard for the essential communications of others who could bypass default DNS blocking with a VPN that can be expected to also regularly fail)
- Install an app (with access to the OS process space of other programs in order to restrict them) to limit time spent by application and/or DNS domain
-- Enable "Focus Mode" in Android; with the "Digital Wellbeing" application
-- Enable "Screen Time" in iOS; and also report on and limit usage of apps [and also to limit access to DNS domains, you'd also need required integration with a required browser]
You can install just an IM (Instant Messenging) app, and only then learn strategies for focusing amidst information overload and alert fatigue.
Some users do manage brands and provide customer service and support non-blocked but blocking essential communications, while managing their health at a desk all day. Some places literally require you to check your mobile device at the door. What should the default timer above the fold on just facebook be set to?
>What's next? Suing the bar for allowing you to spend time there?
Well, actually: https://en.m.wikipedia.org/wiki/Dram_shop
> How are they supposed to know that you don't want to be in the store anymore?
Is the store - who you are not paying - a 1) business of public accomodation; or 2) obligated to provide such detection and ejection services; or 3) required to provide service?
You can't cut them off, they're Donny (who TOS don't apply to). You must cut them off, they can't they're not even. You are responsible for my behavior!
Best of luck suing the game publisher for optimizing the game, the author of a book you got for FREE for your time lost, suing the bar that you chose to frequent; do you think they're required to provide service to you? Did they prevent you from leaving? Did they prevent you from choosing to do something else, like entering a different URL in your address bar at will?
You should instead pay someone to provide the hypothetical service you're demanding fascist control over. CA is not a shareholder; and this new policy will be challenged and the state must apply said policy to all other businesses equally: you may not dog just {business you're trying to illegally dom} with an obligation to put a countdown or countup timer above the fold because they keep taking so much of your time.
EDIT: I just can't f believe they thought that only {Facebook} would have to check real name IDs at the door, run a stopwatch for each user with a clock above the fold, profile your mental health status, allow Donny to keep harassing just whoever, and tell you when it's time to go because you can't help yourself when it's time to leave the store they continued to optimize.
Microsoft Flight Simulator – Top Gun: Maverick Expansion
https://www.xbox.com/en-US/games/microsoft-flight-simulator
Wikipedia: https://en.wikipedia.org/wiki/Microsoft_Flight_Simulator
/? "Microsoft Flight Simulator – Top Gun: Maverick Expansion" https://www.google.com/search?q=%22Microsoft+Flight+Simulato...
Generating websites with SPARQL and Snowman, part 1
Cool to see a project(Snowman[0]) I'm the creator of mentioned here on HN.
I created Snowman to allow one to use RDF/SPARQL even in the user-facing parts of ones stack(and to learn Go).
E.g. Hugo-academic has Microdata RDF (Go) Templates; and supports Markdown, Jupiter, LaTeX: https://github.com/wowchemy/starter-hugo-academic
"Build pages from data source" https://github.com/gohugoio/hugo/issues/5074
Index funds officially overtake active managers
Index fund: https://en.wikipedia.org/wiki/Index_fund
> Comparison of index funds with index ETFs: In the United States, mutual funds price their assets by their current value every business day, usually at 4:00 p.m. Eastern time, when the New York Stock Exchange closes for the day. [40] Index ETFs, in contrast, are priced during normal trading hours, usually 9:30 a.m. to 4:00 p.m. Eastern time. Index ETFs are also sometimes weighted by revenue rather than market capitalization. [41]
Survivorship bias > Examples > In business, finance, and economics: https://en.wikipedia.org/wiki/Survivorship_bias
Why building profitable trading bot is hard?
I wants know why 90% of trading bots are fails. What's the reason behind it.
The stock market is very efficient - aka, the price reflects most, if not all available information at the time.
Therefore, a trading bot would need to trade on information that is not available to other bots, for it to be profitable. This is hard to achieve, and each bot that _do_ achieve it is making the market even more efficient.
Two investors can look at the same balance sheet and come to opposite conclusions. 90% of actively managed investment funds underperform the market. It's a hard problem, full stop. If you're good at solving hard problems, you could solve something less boring and probably make more.
Managed funds must pay managers; probably out of the returns.
ETFs (Electronically Traded Funds) have no fund management fees; like Class B stock, ETFs typically are not voting shares (which you don't have when you buy a mutual fund anyways).
Algotraders reference e.g. an S&P 500 ETF as the default benchmark for comparing a portfolio's performance.
Quarterly earnings reports are filed as XBRL XML. A value investor might argue that you don't need to rebalance a portfolio until there is new data about technical fundamentals for technical analysis.
The average bear trades on sentiment and comparatively doesn't at all appropriately hedge; this is part of Behavioral economics, the technical reason why some people actually can outperform the market, imho.
If the financial analyst does not have a (possibly piecewise) software function to at least test with backtesting and paper trading, do they even have an objective relative performance statistic? Your notebook or better should also model fees and have a parametrizable initial balance.
Here's the awesome-quant link directory: https://github.com/wilsonfreitas/awesome-quant
The Good Ol' Days of QBasic Nibbles
FWIU, QB64 will run nibbles.bas.
Nibbles (video game) https://en.wikipedia.org/wiki/Nibbles_(video_game)
Here's a PyGame version of snake/nibbles: https://github.com/caffeinemonster/python-pygame-nibbles/blo...
For in-browser games in Python with JupyterLite and the pyodide WASM kernel, there are now the pyb2d bindings for box2d: https://twitter.com/ThorstenBeier/status/1523573928702087169
Can we make a black hole? And if we could, what could we do with it?
I admit I know next to nothing about this stuff, but something doesn't add up. If everything has a Schwarzchild radius determined by its mass, then should we conclude that particles like electrons and protons also have a (very small) Schwarzchild radius? If the smaller it is, the sooner it explodes, then shouldn't atomic particles have all finished exploding a long time ago? When they explode, what do they eject, if not more subatomic particles like themselves? Alternatively, is the explanation that atomic particles are extended bodies whose sizes exceed their Schwarzchild radii instead being of point masses? If so, then what kind of stuff fills the interior of an electron? I don't have any answers but I have a feeling we're on shaky ground when we start trying to extrapolate general relativity concepts to atomic scales.
edit: typo
> If everything has a Schwarzchild radius determined by its mass, then should we conclude that particles like electrons and protons also have a (very small) Schwarzchild radius?
https://en.m.wikipedia.org/wiki/Black_hole_electron
> If the smaller it is, the sooner it explodes, then shouldn't atomic particles have all finished exploding a long time ago?
See my other comment here: https://news.ycombinator.com/item?id=31378092
> I have a feeling we're on shaky ground when we start trying to extrapolate general relativity concepts to atomic scales.
Correct. We know nothing about how to marry General Relativity with atomic-scale physics (quantum mechanics). That's why everyone and their dog are looking for a theory of quantum gravity.
> https://en.m.wikipedia.org/wiki/Black_hole_electron
Very interesting link - I suppose this could potentially make the problem slightly moot for electrons. Still, I don't think this works for other elementary particles, as black holes can't have color charge or weak hypercharge as far as I know (so they can't behave like quarks, gluons, W or Z bosons etc.)
> We know nothing about how to marry General Relativity with atomic-scale physics (quantum mechanics). That's why everyone and their dog are looking for a theory of quantum gravity.
True, though I think this is not even a problem in matching GR and QM, it is a problem in GR itself. The math of GR has infinities when looking at the center of a black hole, so we know there must be some other math that prevents the curvature from reaching infinity. We can of course easily invent infinitely many solutions to this problem, but there is no way to choose between them on an empirical basis, even in principle (since we can't ever experiment with the inside of a black hole).
A theory of quantum gravity would solve a different problem: GR is nonlinear, while QM is linear (if we ignore the Born rule) - so they can't describe the same system. Relatedly, if applying GR to a system described by a wave function, we are not able to compute how space time will curve given that a single particle(with its mass) is usually present at many points in space-time.
It is hoped that solving the second problem will also solve the first, but I'm not sure this is guaranteed.
> Still, I don't think this works for other elementary particles, as black holes can't have color charge or weak hypercharge as far as I know (so they can't behave like quarks, gluons, W or Z bosons etc.)
I think it is expected they can. The simple reason there are no explicit BH solutions with color charge is that, in contrast to electrodynamics, there's no classic field theory for the strong interaction that we could put into our Einstein-Hilbert action.
> I think this is not even a problem in matching GR and QM, it is a problem in GR itself.
Yes and no.
All kinds of theories have singularities and infinities. Classic electrodynamics is full of them and quantum field theory is, too. Nevertheless we still say the theories are fine and treat the singularities as pretty much nonphysical. ("Point particles don't really exist / a better theory will get rid of them", "We don't see the bare particles anyway, so let's remove the infinities using renormalization", et cetera.) Yes, spacetime singularities seem somewhat more severe, but I think we have good reasons to believe (e.g. the uncertainty relations) that a theory of quantum gravity would solve this conundrum. I mean, every single singularity we worry about in GR comes with infinite curvature and/or infinite energy densities, hence necessarily requires quantum mechanics to study.
On an unrelated note: Why is no one complaining that quantum field theory, from a mathematical point of view, is completely ill-defined? It surprises me time and again that people ascribe severe issues to GR ("It has singularities", "It's not quantum") and yet completely forget that the issues in quantum mechanics (both philophical and mathematical) are much more severe. GR, at the very least, is a mathematically absolutely rigorous theory, with well-defined objects and axioms and such. QFT, in turn, to this day is a toolbox of weird "shut-up-and-calculate" heuristics.
> We can of course easily invent infinitely many solutions to this problem, but there is no way to choose between them on an empirical basis, even in principle (since we can't ever experiment with the inside of a black hole).
There is one way: Come up with candidate theories of quantum gravity and with experiments to test quantum-gravitational effects outside a black hole (there are a few ideas) and select the right theory based on the experimental results and then have the theory predict what happens inside a black hole. Boom. If you say this approach is not valid as it'll remain a theoretical prediction and we still won't be able to peek inside a black hole, you're somewhat right. But right now we're having a discussion about spacetime singularities, which are a purely theoretical problem, too. No one has ever seen them.
> GR is nonlinear, while QM is linear (if we ignore the Born rule) - so they can't describe the same system.
We already know they are incompatible but linearity has nothing to do with it. The equations of motion of interacting quantum fields are non-linear, too. In fact, electrodynamics is, too, in some sense (backreaction & self-force), and we still managed to quantize it.
> Relatedly, if applying GR to a system described by a wave function, we are not able to compute how space time will curve given that a single particle(with its mass) is usually present at many points in space-time.
I wouldn't say this is just a related problem. This is the problem of quantum gravity.
> It is hoped that solving the second problem will also solve the first, but I'm not sure this is guaranteed.
Again, I think the reason people are hopeful are the uncertainty relations. A theory of quantum gravity necessarily has to incorporate them somehow.
/? Quantum gravity fluid
https://scholar.google.com/scholar?q=related:FV3voSY5-kYJ:sc...
"Gravity as a fluid dynamic phenomenon in a superfluid quantum space. Fluid quantum gravity and relativity." (2017)
> The hypothesis starts from considering the physical vacuum as a superfluid quantum medium, that we call superfluid quantum space (SQS), close to the previous concepts of quantum vacuum, quantum foam, superfluid vacuum etc. We usually believe that quantum vacuum is populated by an enormous amount of particle-antiparticle pairs whose life is extremely short, in a continuous foaming of formation and annihilation. Here we move further and we hypothesize that these particles are superfluid symmetric vortices of those quanta constituting the cosmic superfluid (probably dark energy). Because of superfluidity, these vortices can have an indeterminately long life. Vorticity is interpreted as spin (a particle's internal motion). Due to non-zero, positive viscosity of the SQS, and to Bernoulli pressure, these vortices attract the surrounding quanta, pressure decreases and the consequent incoming flow of quanta lets arise a gravitational potential. This is called superfluid quantum gravity. In this model we don't resort to gravitons. Once comparing superfluid quantum gravity with general relativity, it is evident how a hydrodynamic gravity could fully account for the relativistic effects attributed to spacetime distortion, where the space curvature is substituted by flows of quanta. Also special relativity can be merged in the hydrodynamics of a SQS and we obtain a general simplification of Einstein's relativity under the single effect of superfluid quantum gravity.
IIRC, when I searched gscholar for "wave-particle-[fluid]" duality" a few weeks ago there were even more recent papers.
Does Quantum Chaos describe fluids or superfluids? https://en.wikipedia.org/wiki/Quantum_chaos
Do CAS tools must stop reducing symbolic expressions describe infinity such that?:
assert n*x*oo == oo
Sorry, but I'm afraid you're not making a lot of sense.
How is "GR on Bernoulli", GM cannot describe nxoo more precisely than oo, and Conway's surreal infinities aren't good axioms either (for GR or for QM with (chaotic) fluids which perhaps need either infinities plural or superfluid QG (instead of QFT fwics); not making sense?
No, I'm afraid not. You might want to provide some background on what you're trying to say and, also, on your notation.
DNS over Dedicated QUIC Connections
> Abstract: This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet-loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC 7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DoQ as a general-purpose transport for DNS and includes the use of DoQ for stub to recursive, recursive to authoritative, and zone transfer scenarios.
> [...] DNS over HTTPS (DoH) [RFC8484] can be used with HTTP/3 to get some of the benefits of QUIC. However, a lightweight direct mapping for DoQ can be regarded as a more natural fit for both the recursive to authoritative and zone transfer scenarios, which rarely involve intermediaries. In these scenarios, the additional overhead of HTTP is not offset by, for example, benefits of HTTP proxying and caching behavior.
[deleted]
Twitter Deal Temporarily on Hold
I strongly feel that the spammers thing is smoke and mirrors.
The deal at $54.20 was maybe OK for him a month ago (it was great for Twitter because nobody else was interested at that price). Since then, Twitter reported disappointing numbers for the past quarter, and the entire market took a nose dive, with tech hit especially hard.
TWTR stock price was in the mid-30s before Musk's offer. Without the offer, and with the disappointing numbers, and with the recent market development, one could reasonably assume that the stock would be below 30 today.
Musk should just pay the break fee of $1bn, and renegotiate for $42.69 or whatever meme number he fancies. Why pay $42bn total for something when you can get it for $30bn.
When Musk started selling his TSLA shares to buy Twitter, TSLA fell by like $200 or like 20%.
It was becoming obvious that to buy Twitter, TSLA value would have to decline severely. IIRC, Musk only got around to selling $8 Billion pretax before quitting.
Musk thought he could afford Twitter. He sells some TSLA and the market collapses, and he suddenly decides against it.
Everything else is smoke and mirrors. Musk doesn't have the cash for the deal anymore (maybe he never had the cash for the deal). I guess Musk is looking at the $1 Billion ejection clause now and trying to weasel around it.
But at this rate, it looks like Musk owes Twitter $1 billion cash for this broke deal.
This is the pretty good point to all the "richest person" "net worth XX Billion" lists and calculations.
Most if not all of these people can't liquidate even close to their "net worth"
If you can get several tens of millions of dollars, liquid, on fairly short notice, there's almost nothing you can't buy on a whim. You may as well have infinite money. It doesn't matter that you can't liquidate another 90-99% of your net worth easily. You borrow $60m for that second yacht, then pay it off as soon as the tax situation looks favorable for realizing some gains. No big deal. Live like (er, better than) a king, pay taxes like a pauper. It's the American way.
Larger sums are only really useful for making big-splash investments. Like this. As far as personal spending goes, it's no obstacle, so it doesn't matter that they can't easily turn their entire net worth into a literal billions-of-dollars balance in a checking account.
Show HN: Pythondocs.xyz – Live search for Python documentation
Hi everyone!
I've been working on a web search interface for Python's documentation as a personal project, and I think it's ready for other people to use...
Please give it a go (and join me in praying to the server gods):
Here's the tech stack for those interested:
- Parser: Beautiful Soup + Mozilla Bleach
- Database: in-memory SQLite (aiosqlite) + SQLAlchemy
- Web server: FastAPI + Uvicorn + Jinja2
- Front end: Tailwind CSS + htmx + Alpine.js
I have ideas for future improvements but hopefully the current version is useful to someone.
Let me know what you think!
Does python not have built in documentation search? In R I use `??searchterm`.
It has help(), but I don't think there's a nice search feature included.
I mean you could use string methods to search for something of course, help just returns a string.
Then again, it's Python. There's probably some kind of
import search from helpTools
The `pydoc` / `python -m pydoc` module doesn't do search; it would be O(n) for every search like grep without e.g. a sphinx searchindex: https://docs.python.org/3/library/pydoc.html
Sphinx searchindex.js does Porter stemming for English and other languages: https://github.com/sphinx-doc/sphinx/blob/5.x/sphinx/search/...
sphinxcontrib.websupport.search supports Xapian, Whoosh (Python), and null: https://github.com/sphinx-doc/sphinxcontrib-websupport/blob/...
sphinx-elasticsearch https://github.com/zeitonline/sphinx_elasticsearch :
> This is a stand-alone extraction of the functionality used by readthedocs.org, compatible with elasticsearch-6.
MeiliSearch (rust) compared with ElasticSearch (java), Algolia, TypeSense (C++): https://docs.meilisearch.com/learn/what_is_meilisearch/compa...
Is there a good way to index each sphinx doc set's searchindex.js?
Colleges where everyone works and there's no tuition
Sorry to depart from the feel-good narrative, but this kind of student labor is token or symbolic at best.
The kinds of jobs that students can perform are not nearly the kind of jobs that a college with a physical plant to maintain, professors to pay, finances to administer, etc. can make a meaningful dent in. (By and large), students are not going to be doing electrical work, maintenance, financial accounting, administration, etc. -- the day to day necessary jobs that keep an institution running -- at all, or enough to be offsetting the costs of those professionals and paying for salaries of the faculty. And you wouldn't want students to be handlin
From "Argonne invents reusable sponge that soaks up oil, could revolutionize oil spill and diesel cleanup" (2017) https://www.anl.gov/article/argonne-invents-reusable-sponge-... :
> [...] The scientists started out with common polyurethane foam, used in everything from furniture cushions to home insulation. This foam has lots of nooks and crannies, like an English muffin, which could provide ample surface area to grab oil; but they needed to give the foam a new surface chemistry in order to firmly attach the oil-loving molecules.
> Previously, Darling and fellow Argonne chemist Jeff Elam had developed a technique called sequential infiltration synthesis, or SIS, which can be used to infuse hard metal oxide atoms within complicated nanostructures.
> After some trial and error, they found a way to adapt the technique to grow an extremely thin layer of metal oxide “primer” near the foam’s interior surfaces. This serves as the perfect glue for attaching the oil-loving molecules, which are deposited in a second step; they hold onto the metal oxide layer with one end and reach out to grab oil molecules with the other.
> The result is Oleo Sponge, a block of foam that easily adsorbs oil from the water. The material, which looks a bit like an outdoor seat cushion, can be wrung out to be reused—and the oil itself recovered.
> At tests at a giant seawater tank in New Jersey called Ohmsett, the National Oil Spill Response Research & Renewable Energy Test Facility, the Oleo Sponge successfully collected diesel and crude oil from both below and on the water surface.
From "Reusable Sponge for Mitigating Oil Spills" https://www.energy.gov/science/bes/articles/reusable-sponge-... :
> A new foam called the Oleo Sponge was invented that not only easily adsorbs oil from water but is also reusable and can pull dispersed oil from an entire water column, not just the surface. Many materials can grab oil, but there hasn't been a way, until now, to permanently bind them into a useful structure. The scientists developed a technique to create a thin layer of metal oxide "primer" within the interior surfaces of polyurethane foam. Scientists then bound oil-loving molecules to the primer. The resulting block of foam can be wrung out to be used, and the oil itself recovered.