Readit News logoReadit News
anonacct37 commented on Amazon ditches 'just walk out' checkouts at its grocery stores   gizmodo.com/amazon-report... · Posted by u/walterbell
madeofpalk · 2 years ago
> Though it seemed completely automated, Just Walk Out relied on more than 1,000 people in India watching and labeling videos to ensure accurate checkouts. The cashiers were simply moved off-site, and they watched you as you shopped.

Wow - I did not know this. This makes it all a whole lot less impressive and interesting that it was just people off shore watching you.

anonacct37 · 2 years ago
What I think is funny is that circa 2008 I had a manager who used to work at Amazon who told me that "a surprising amount of Amazon artificial intelligence is artificial artificial intelligence, low paid workers".

I heard this was behind mechanical turk. Sounds like the playbook remained the same.

anonacct37 commented on Sudo-rs dependencies: when less is better   tweedegolf.nl/en/blog/119... · Posted by u/marbu
anonacct37 · 2 years ago
I really think that they bury the lede:

> As a setuid program meant for elevating privileges, all code that is compiled into sudo-rs has the potential to accidentally (or intentionally) give access to system resources to people who should not have that access. The setuid context additionally puts some constraints on how code is executed, and dependencies might not have accounted for that context. We could not expect any of our dependencies to take into account such a context either.

This is the real problem. I've come to the conclusion that setuid programs basically shouldn't be using most libraries. The setuid environment is just fundamentally different. A normal library can have a debug output file who's location is controlled by an environment variable without that being a security risk. But the instant that program becomes setuid, that's an arbitrary file overwrite security bug. Most libraries aren't built with that in mind. They shouldn't have to be. Setuid is poorly designed.

anonacct37 commented on CFEngine's Star Trek and AI Origins (2023)   mark-burgess-oslo-mb.medi... · Posted by u/refset
NewJazz · 2 years ago
Have you used Salt? I've heard very good things about it, and it is an agent-based tool.

I'm curious how it compares.

anonacct37 · 2 years ago
I used it and even took a class taught by salt stack employees.

I really was not a fan. I think one of the core problems I ran into was that the tool attempted to layer on rpc behavior to what was fundamentally a broadcast.

So you'd apply something to everything with a web role. The tool would attempt to make it appear as if you executed apply on n nodes and return after n responses. But since this was all just a broadcast what really happened is the tool dropped a message on the bus and then guessed how many responses it would get. If it guessed wrong the cli invocation would just hang.

anonacct37 commented on How the wrong side won at Boeing   backofmind.substack.com/p... · Posted by u/viburnum
bediger4000 · 2 years ago
I recall hearing "If it's not Boeing, I'm not going" maybe 25 years ago.

Consolidation in the aircraft industry has failed the country. We've got no other vendors.

I'll also admit to working for McDonnell Douglas Aerospace, 1984-86. Sandy McDonnell was CEO, and John McDonnell III had been an engineer in various divisions and disciplines for a while, and was waiting in the wings. McDonell Douglas was a family company. I had to get a manager's signature to get office supplies, Sandy was so thrifty. If, as this article claims, MD accounting based culture was the problem, it hadn't been in place too long before the 1997 Boeing acquisition.

anonacct37 · 2 years ago
I'm not sure if I follow but it does occur to me that being thrifty and changing from a aerospace engineering company to a financial engineering company can be two different things that might end up categorized as "accountants are in control".
anonacct37 commented on Nuke: A memory arena implementation for Go   github.com/ortuman/nuke... · Posted by u/thunderbong
aranw · 2 years ago
Be really interested to know and understand when and how to use these in real workloads
anonacct37 · 2 years ago
This is a very sharp tool and I find it's really rare to need it.

I do alot of profiling and performance optimization. Especially with go. Allocation and gc is often a bottleneck.

Usually when that happens you look for ways to avoid allocation such as reusing an object or pre allocating one large chunk or slice to amortize the cost of smaller objects. The easiest way to reuse a resource is something like creating one instance at the start of a loop and clearing it out between iterations.

The compiler and gc can be smart enough to do alot of this work on their own, but they don't always see (a common example is that when you pass a byte slice to a io.Reader go has to heap allocate it because it doesn't know if a reader implementation will store a reference and if it's stack allocated that's bad.

If you can't have a clean "process requests in a loop and reuse this value" lifecycle, it's common to use explicit pools.

I've never really had to do more than that. But one observation people make is that alot of allocations are request scoped and it's easier to bulk clean them up. Except that requires nothing else stores pointers to them and go doesn't help you enforce that.

Also this implementation in particular might not actually work because there are alignment restrictions on values.

anonacct37 commented on My productivity app is a never-ending .txt file (2020)   jeffhuang.com/productivit... · Posted by u/yarapavan
anonacct37 · 2 years ago
Going on 5+ years using a single giant org file. It's the only system I've ever been able to stick with for more than a couple days.

I think of it as my labbook.

anonacct37 commented on If you're just going to sit there doing nothing, at least do nothing correctly   devblogs.microsoft.com/ol... · Posted by u/AndrewDucker
anonacct37 · 2 years ago
I love and hate this. On a visceral level I don't like dealing with issues via malicious compliance.

OTOH I absolutely agree this is a good call if your goal is for more users to be able to run more software on your platform, even if printing is broken.

anonacct37 commented on OpenBSD System-Call Pinning   lwn.net/SubscriberLink/95... · Posted by u/rwmj
akira2501 · 2 years ago
> I say arguable because DNS without CGO is still a common cause of issues and incompatibility

DNS without CGO works perfectly. The vendor specific ad hoc mechanisms for extending DNS in a site local context are not well supported. If they were implemented more sensibly, then Go, or any other language, would have no problem taking advantage of them even without the "C Library Resolver."

Speaking of which, that "C Library Resolver," in my opinion, has one of the worst library interfaces in all of unix. It's not at all a hill worth new projects dying on.

anonacct37 · 2 years ago
> DNS without CGO works perfectly

It does not. I know this because it impacts my daily work and the work of others. Honestly if you could make my day and go figure out exactly what's going wrong with the pure go DNS implementation it would make my life alot simpler and I wouldn't have to maintain shell scripts that update etc/hosts to hard code in ipv4 addresses for the APIs I access with terraform.

https://github.com/hashicorp/terraform-provider-google/issue...

anonacct37 commented on OpenBSD System-Call Pinning   lwn.net/SubscriberLink/95... · Posted by u/rwmj
yobert · 2 years ago
> The direct-syscalls-inside-the-binary model used by go (and only go, noone else in the history of the unix software does this) provided the biggest resistance against this effort".

I know this annoys unix people. But I have to say I actually really like that Go shakes this up. I believe the C function monopoly just isn't healthy for things. You should be able to make a new completely unrelated language. The Go developers were the first in a long time to do this, not because they are stupid, but because they were ambitious.

anonacct37 · 2 years ago
I do like this about go. And on Linux it arguably makes sense (I say arguable because DNS without CGO is still a common cause of issues and incompatibility).

But Linux has, to the best of my understanding said "yes, we are ok with users using syscalls". Linux doesn't think that glibc is the only project allowed to interface with the kernel.

But for other platforms like OpenBSD and windows they are quite simply relying on implementation details that the vendors consider to be a private and unsupported interface.

This whole thing is also separate from "is making libc the only caller of the syscalls instruction" a good and meaningful security improvement.

anonacct37 commented on Ruby on Rails load testing habits   rorvswild.com/blog/2024/r... · Posted by u/a12b
nomilk · 2 years ago
I've never done load testing before, but would it be hard to write a script in pure ruby (maybe with a few libraries) that makes a lot of concurrent requests to whatever endpoints and using whatever params you like?
anonacct37 · 2 years ago
There's a lot of subtleties. It's really easy to accidentally load test the wrong part of your web application due to differences in compression, cache hit ratios, http settings, etc.

Shameless self promotion but I wrote up a bunch of these issues in a post describing all the mistakes I have made so you can learn from them: https://shane.ai/posts/load-testing-tips/

a

u/anonacct37

KarmaCake day1156March 26, 2015View Original