Your concerns apply equally to software aggregations generally -- e.g. every Linux distribution.
Import paths are not the appropriate method of providing "credit". That's the sort of thing that is handled by copyright notices, documentation, and metadata.
It's generally preferred that if you're using a software distribution, you either test bugs against a "pure" upstream version before reporting them, or report them to the maintainers of the distribution, who can triage and, when appropriate, forward bug reports upstream (possibly with patches).
> I'm confused, is this a curated set of existing Go libraries, or a brand-new set of libraries?
Toward the bottom of the page they talk about contributing back to open source projects and sponsoring the development of some packages, so it certainly appears to be a curated set of existing Go libraries.
> If the former, how are they going to guarantee their "3 years of bug fixes"?
Red Hat provides 10+ years on the code they ship. What's so shocking about 3?
All Linux distributions consist primarily of third-party code.
I don't know what you mean by "arbitrary", though. It makes no sense in context, and is notably at odds with your earlier use of the word "curated". Nobody ships random code. That wouldn't be curated, nor would it be useful.
Whatever justice is, it cannot be the vengeful, racist, wealth-centered system we have now. Nor can it possibly be found in the the mind of anyone prone to uttering the phrase "fuck this guy".
Whatever justice is, it cannot be forfeiting our own empathy and humanity.
Where is the empathy of a well off white boy who runs over people with his car while drunk and gets away with merely a scolding - beceause his parents are rich and connected enough to get him a good lawyer.
One straw man argument after another... We're talking about a bank robber. We're talking about crimes committed during the robbery (preventing his accomplice from getting medical care, which resulted in his accomplice's death) being added to his list charges.
And I don't disagree with you! I hate injustice like you're referring to as well. But injustice is not some exchangeable capital. We can't correct one by neglecting to punish another.
Having a man locked up for 100 years for robbing two stores without actually hurting anyone is hardly justice. And the case of the bank robber is also hardly justice.
And it seems that this type of systemic overcompensation is exactly what is going on in your justice system.
I wish that persecutors would use same zeal to persecute all the crimes. Including police crime and white collar crime. Then, perhaps it would dawn on you that such random and strict distribution of justice is no justice at all.
I think you've confused this thread with the OP's article. My comment was in reference to a bank robber who was charged with the murder and kidnapping of his accomplice when he ran away from police with his friend (who was shot). His friend died and he was charged with robbery (the original crime) as well as the subsequent crimes, as is policy in American juris prudence.
I am responsible for my actions. I own my mistakes rather than blame society. Lots of people come from nothing and don't resort to crime. Your view is one of the worst types of liberal elitism and I honestly am repulsed by it.
The offenses were not against the United States. This man is in a Colorado prison for crimes under Colorado law. The President has no authority in this case.
The Colorado governor may pardon any Colorado conviction other than those for treason or impeachment. The entire point of this thread is that the governors are culpable for the injustice of the system. Their opinions don't absolve them of that.
The comment I responded to said "And mass pardons of federal prison could hint the governors about their power too.". This suggests two mistaken beliefs:
1) That governors as a whole have these powers.
2) That "hints about their power" would prompt them to act in the manner he wishes.
The governors don't need hints about their power in this area, they are well aware of it. They don't fail to exercise it as he wants them to because they need a "hint", they fail to exercise it as he wants them to because they do not agree with him.
I'm not addressing the thread as a whole. I'm addressing this little corner of it. I'm under no obligation to address the thread as a whole in every comment I make, and doing so would be both pointless and tiring.
There is only one correct response: "We thank the researchers who pointed out our mistakes, and apologize to all voters for our failure to adequately secure a vital system.".
The only correct response now, on the other hand, is the immediate firing of this "CIO", who clearly does not have the mentality necessary to be a CIO or a public servant.
They should also thank the researchers for not making 66,000 votes count towards something ridiculous, because unless I thought they would freak out about my way of proving a point, I would probably have did that when I told them how to secure their thing.
Then again, thanks to the wonders of the group voting ticket, the bar for getting a clearly ridiculous result is pretty high:
"In the New South Wales Legislative Council election of 1999, the Outdoor Recreation Party's Malcolm Jones was elected with a primary vote of 0.19%, or 0.042 of a quota."
This kind of result is perfectly valid. If candidates A and B are polarising, and candidate C is a compromise candidate, and you have a preferential voting system, then it makes sense that many people would put A or B first, and C second, producing a victory for C despite almost zero of the primary vote.
Of course, realistically, what probably happened in this case was more to do with party preferences and backroom deals, because you can give the voters an awesome voting system but then they'll just turn around and ask someone else to tell them what preferences to give anyway...
The prediction is in the title, and it's that laptops are a drying (or dead) trend because they are #1 too heavy, #2 do not have good software, #3 are too expensive.
I feel like we read vastly different articles. I read an article where the author discussed the limitations of laptops as they existed thirty years ago (when, I'll remind you, this[0] 12-pound beast was state-of-the-art), discussed some advancements that would need to be made for them to have more widespread appeal, and discussed some realities of how, when, and where people use computers that remain essentially accurate today.
If that was the case, I wouldn't have had a problem with the authors viewpoint but it statements like,
For the most part, the portable computer is a dream machine for the few.
that really miss.
And then their is the conclusion, which comes after the author acknowledges the possibility of improvements in laptops.
But the real future of the laptop computer will remain in the specialized niche markets. Because no matter how inexpensive the machines become, and no matter how sophisticated their software, I still can't imagine the average user taking one along when going fishing.
What?! To me that just shows the author downplaying the idea of the technology. He just couldn't imagine any laptop ever being more than a "niche".
> "For the most part, the portable computer is a dream machine for the few."
I would say that 30 years ago, this was an objective statement of fact.
> He just couldn't imagine any laptop ever being more than a "niche".
And you'll see he was and is correct if you consider, as the author was, the usage model. People largely use modern laptops the same way they use desktop PCs. They simply transport them between their regular workspaces. Multiple devices have been collapsed to one, but the way people use them remains the same.
You are focusing very narrowly on the physical devices that the (then and now) inaccurate label "laptop" has been applied to. The article makes much more sense if you abstract to the concept of a laptop, particularly as pushed by marketers 30 years ago.
You are ignoring the line "But the real future of the laptop computer will remain in the specialized niche markets..." That's the part that's a prediction, which informs the tone of the whole article, which turned out false.
The false prediction indeed comes largely from the author's inability to believe that such technological advances could come, within only about 10-15 years, that would completely erase all the downsides he correctly identified (size, cost, etc).
I think we're less likely to make such false predictions today, because we've seen such rapid technological advances. This sunk in for me about 10 years ago, before the iphone, talking about digital book readers with a professor, who said to many students who didn't believe digital book readers were in our future: Imagine what you _would_ need in a digital book reader. Smaller and lighter than a paperback? Cheap? Can be read in sunlight? Because all of those things are coming, only in the next few years. Then do you think digital book readers will take off? Lightbulb moment.
Even though the author of this OP continues with "Because no matter how inexpensive the machines become, and no matter how sophisticated their software...", I think if he really believed inexpensive, cheap, small, light, sophisticated computers were coming, and soon, he would have had a different prediction.
> You are ignoring the line "But the real future of the laptop computer will remain in the specialized niche markets..." That's the part that's a prediction, which informs the tone of the whole article, which turned out false.
I'm not ignoring it, see my other comment[0]. Consider lessening your adherence to excessive literalism, and then reviewing the author's points free of the bias instilled by the unfortunate label of "laptop" that has been slapped on devices that are rarely used on people's laps.
See if you can't bring yourself to understand that the author was right a lot more than he was "wrong".
Even false prediction have truth behind them. Just because the author mentions some truths doesn't mean that his conclusion is right. This is his case, and though he mentions some truths, his conclusion is "laptops will remain in niche markets".
> 30 years later you can't go outside without seeing someone with a laptop computer.
You certainly can, particularly outside tech hubs. Even in SV, when I was out and about, I don't think I ever saw more than perhaps 10-20% of people in my sight line using a laptop.
It is a small minority of people who routinely use laptops outside their home or office. Unfortunately, they will be disproportionately represented on HN.
I think the article's underlying thesis remains correct today. "Computers" are mostly used at a person's home or the office. Regular on-the-go use is niche, both because few people have the need, and because laptops are awkward to use without at least a decent table and chair (and tray tables don't qualify!). It is smartphones and tablets, with a vastly different interaction model, that have become a constant presence, and even those chiefly for entertainment and personal communication -- not work.
The most "wrong" thing in the article is simply overlooking that laptops would eventually become small enough, light enough, and powerful enough that they could usefully substitute for desktop computers without being meaningfully less convenient to haul back and forth than "a few floppy disks".
But the ability to use one computer both at home and the office -- or even from a hotel room -- does not significantly detract from the author's point, which has much more to do with usage model.
Certainly the author can't really be faulted for not foreseeing the mass popularity of the Web and Internet email and the spread of the Internet in an article about laptops in 1985, and certainly carrying a laptop with you is still far from being something that everyone does. But the writer went further, to claim that by and large even the people who were already regular users of word processors and spreadsheets would have little desire to work on them anywhere but in the office and at home: not that it was still infeasible or not worth the trouble, but that they just weren't interested in doing so. It wasn't that he didn't foresee hardware and price improvements, he just largely dismissed them as pushing on that rope. That really was just a classic prediction clanger, and it was already disconfirmed by about 1989 when the Compaq LTE https://en.wikipedia.org/wiki/Compaq_LTE began the modern notebook era.
> But the writer went further, to claim that by and large even the people who were already regular users of word processors and spreadsheets would have little desire to work on them anywhere but in the office and at home: not that it was still infeasible or not worth the trouble, but that they just weren't interested in doing so.
As far as I can tell, he was right, and still is. I see no evidence that more than a few percent of such people do so to this day.
I don't see how that "disconfirms" anything at all. Is it your claim that the mere existence of the modern laptop proves regular work outside the home or office is not niche? Because I don't believe that at all.
You wouldn't agree that more than a few percent of the kind of people who were already heavy office PC users back in 1985 now use laptops on aeroplanes, in hotel rooms or at conferences or other people's offices? In fact the author was even more specific than that, and suggested that the kind of people who read the business section of the newspaper on the train, or the kind of people who used to fly to Comdex, would have no serious interest in using the time to get some work done on a computer instead. If we need evidence on this, here's a 2013 USA Today story http://www.usatoday.com/story/hotelcheckin/2013/04/30/more-t... reporting on a small decline in the "vast majority" of US business travellers who travel with a laptop.
> Is it your claim that the mere existence of the modern laptop proves regular work outside the home or office is not niche?
I promise you that the market for laptops back around 1989-90, when they started to be a real commercial hit, was not dominated by people who only wanted to shuttle theirs back and forth between home and work, still less by people who were only going to use it at home. The Macintosh Portable was excoriated for its poor battery life, heavy weight and lack of a backlight because so many of the potential users wanted something to use on the road.
> You wouldn't agree that more than a few percent of the kind of people who were already heavy office PC users back in 1985 now use laptops on aeroplanes, in hotel rooms or at conferences or other people's offices?
No, I wouldn't. Hotel room is more likely, but is just substituting for home/office.
Huge numbers of heavy office PC users exist. Only a tiny fraction use a laptop anywhere but home or the office, and a tinier fraction of those do so routinely. It is a niche market.
> the "vast majority" of US business travellers who travel with a laptop
There aren't that many business travelers in the first place. You're already looking at a niche market.
> I promise you that the market for laptops back around 1989-90, when they started to be a real commercial hit, was not dominated by people who only wanted to shuttle theirs back and forth between home and work
My argument: On-the-go laptop use is niche.
Your apparent reply: Early laptop users used them on-the-go.
It's a non sequitur. That the ideal market for a product adopts the product does not mean that the market is not niche. The two have no relationship.
I specifically set a request number that would be below most thresholds.
That said, a one-time request from 100 hosts would still use 100 CPU-seconds of work. Other than preemptively blocking hosts (such as all of AWS), there is no way that a "per-ip attempt throttle" is going to catch a single request from 100 different hosts.
If you had a server with maxed out with 8 intel E7-8870V2 CPUs (15 cores @ 8 CPUs = 120, $32k server cost just in CPUs), and set for a work factor that gave a normal "1 second" work factor, then someone just DOS'd you for most of a second. On a more reasonable 8 core server, that DOS would last 12.5 seconds (actual CPU time, not including the fact that they are stacked on top of each other). And on a dual core system that's almost 2 minutes.
If there was any other part of a website that could be DOS'd for so long with so few requests, then most people would also suggest the application had "far more gaping holes in it." Moxie's point above is that the advice presented is to just put bcrypt/scrypt/PBKDF2 in place, and no advice is given at all on how to deal with these issues that come up, or even that they exist at all, and thus systems end up being misconfigured or work factors relaxed to a point where only a false sense of security is gained.
> I specifically set a request number that would be below most thresholds.
No legitimate user will be logging in once per second. If you're specifically throttling logins and don't set it higher, you're so incompetent you shouldn't be writing production code in the first place.
> That said, a one-time request from 100 hosts would still use 100 CPU-seconds of work. Other than preemptively blocking hosts (such as all of AWS), there is no way that a "per-ip attempt throttle" is going to catch a single request from 100 different hosts.
So you've successfully DDoS'd an application for the few seconds that it takes a couple dozen cores to chew through 100 CPU seconds. Um, congratulations? I don't think there's a reward for "most pathetic DDoS attempt in history", but it should go to this.
> And on a dual core system that's almost 2 minutes.
You're very confused. When we say "1 CPU second", we're speaking of a single CPU core. 100 CPU seconds on a dual-core system takes ~50 real seconds. Your hypothetical 120-core server would be theoretically capable of processing nearly 120 logins per second at a 1-second work factor. bcrypt et. al are not multi-threaded.
There are botnets with hundreds of thousands of hosts in them. There are proxies and NATs with hundreds or thousands of users behind them. How do you balance those out?
> There are botnets with hundreds of thousands of hosts in them.
Which have a wide array of other mechanisms by which to DDoS your application. If that level of force is being directed at you, you need professional DDoS mitigation assistance. The CPU time cost of your login mechanism is immaterial.
> There are proxies and NATs with hundreds or thousands of users behind them.
You do not need to throttle an IP if it is not the source of an attack. But it remains inevitable that a serious DDoS will sometimes break legitimate users, even with intelligent mitigation strategies. Welcome to the real world, it ain't pretty!
Which have a wide array of other mechanisms by which to DDoS your application.
Why use any of those other mechanisms, which might require a few thousand hosts, when a method exists where a hundred hosts can do just as much damage by getting the server to punch itself in the face.
Because a method does not exist where a hundred hosts can do just as much damage. It is utterly trivial to detect and block anomalous login activity from 100 hosts.
Import paths are not the appropriate method of providing "credit". That's the sort of thing that is handled by copyright notices, documentation, and metadata.
It's generally preferred that if you're using a software distribution, you either test bugs against a "pure" upstream version before reporting them, or report them to the maintainers of the distribution, who can triage and, when appropriate, forward bug reports upstream (possibly with patches).