Readit News logoReadit News
ffk commented on MIT study explains why laws are written in an incomprehensible style   news.mit.edu/2024/mit-stu... · Posted by u/keepamovin
pavel_lishin · 9 months ago
> By contrast some of the most fundamental laws in the nation, the Constitution's Bill of Rights, are generally just a sentence or two - and that works just fine.

I don't think that's an accurate representation of the Constitution. I'd that we've seen clear examples of when the plain language of even the first two amendments has not worked just fine, and resulted in harm and litigation all the way to the Supreme Court.

ffk · 9 months ago
Since the 90s, New Zealand laws have been written in clear, modern, accessible English. The end result is the broader population understands it more and can also reason about it while it’s up for debate before being passed.

I think the ambiguity in the first two amendments has to do more with the specific text rather than plain English itself being deficient.

ffk commented on Compromising OpenWrt Supply Chain   flatt.tech/research/posts... · Posted by u/udev4096
nrvn · 9 months ago
Loving this. I wonder how people even come up with an idea of truncating hashes. For what purpose or benefit?
ffk · 9 months ago
Sometimes it’s done to fit into an existing tool/database that has a preexisting limit. Or when the hash is used only as a locator rather than for integrity.

Not a good practice imo but people are pragmatic.

ffk commented on Bocker: Docker implemented in around 100 lines of Bash (2015)   github.com/p8952/bocker... · Posted by u/emersonrsantos
ffk · 9 months ago
Fun fact: docker started as bash, then moved to python before settling on golang.

Also, in a 2013 docker meetup, someone wrote a docker clone in bash.

People want to learn! Hopefully things like this help them.

ffk commented on You can help Anna's Archive by seeding torrents   annas-archive.org/torrent... · Posted by u/FabHK
r3trohack3r · a year ago
Interesting.

IIRC, libgen used IPFS for preservation efforts.

Anna's Archive (seemingly the successor) appears to have migrated to BitTorrent.

I wonder what motivated the move?

Edit: asking as someone who works daily on building p2p software. We've abandoned mainline BitSwap (IPFS) in our work for similar reasons as the rest of the rust-libp2p community, but haven't found a particularly good "successor" protocol for a generalized use case yet. We are currently using our own ad-hoc hand-rolled chunking/transfer protocol as needed.

ffk · a year ago
I'm guessing the decision comes down to ease of use for people to participate in mirroring. My underestanding is IPFS tends to require more infrastructure, and still requires someone to pin the data.

Many bittorrent clients let you click a button to continue seeding the data over time.

ffk commented on Open Policy Agent   openpolicyagent.org/... · Posted by u/julien040
shriek · a year ago
This feels very much like OpenFGA[0]. I've been evaluating authorization tool for one of my side projects and honestly most tools feels like creating relationships in a graph-like database and querying to see if there is/isn't relationship between two entities. Is there more to this (besides the implementation details) or am I missing something from these tools?

[0] https://openfga.dev/

ffk · a year ago
On the first point, OPA is much older than OpenFGA. To really illustrate the point, OPA became a graduated project about a year before OpenFGA had their first code drop in the public GitHub repo. The OpenFGA people are aware of OPA and I'm sure they learned from the tradeoffs OPA made.

To the main point, what you described reflects the current trends of authorization. Define a data model, define data that adheres to that model, write declarative rules that consume that model, make a decision based on those rules.

Where things really start to differ is the kind of data that they bind against and how do you write rules. E.g. OPA is often used for either ABAC (Attribute) or RBAC (Roles) while OpenFGA is looking at ReBAC (Relationships). Each has their complexity tradeoffs, depending on the system being implemented. How easy or difficult a system makes these kinds of checks has a significant impact on how you write policies.

Hope this helps!

ffk commented on A revelation about trees is messing with climate calculations   wired.com/story/a-revelat... · Posted by u/bilsbie
archsurface · 2 years ago
Does the term "seeding" have two meanings? I understood it to mean dropping particles into clouds to trigger rain. The article uses it to mean using particles to induce cloud formation.
ffk · 2 years ago
Good question! The term is more generic, introducing something to an existing system to begin a chain reaction.
ffk commented on Surpassing 10Gb/S over Tailscale   tailscale.com/blog/more-t... · Posted by u/mssdvd
ilyt · 2 years ago
It's not "kernel is slow", kernel when left to its own devices is plenty fast, the reason is that when you want to make decision about packet in userspace (vs telling kernel what to do with it via various interfaces) that kernel logic would just be overhead.

It's similar for applications; if you can, say, decode whole DNS packet in one go, you don't really want kernel to spend time decoding UDP packet, then you decoding the rest of the packet; doing it in one step is much faster.

ffk · 2 years ago
There are some applications where the ability to vectorize the headers and operate on them with SIMD help. These types of apps tend to pin a full core to do only packet processing though. Also, syscall are expensive. A lot of work is going into making the APIs async while avoiding syscalls.
ffk commented on Surpassing 10Gb/S over Tailscale   tailscale.com/blog/more-t... · Posted by u/mssdvd
arghwhat · 2 years ago
Kernel bypass in DPDK grants the application direct access to DMA buffers so that the kernel is no longer involved. This is not because the kernel is slow, but because many small syscalls are expensive and putting your entire app in the kernel is a bad idea.

There is no kernel bypass in wireguard-go, just a user-space implementation fast implementation with smart use of syscalls to minimize the overhead of being split between user-space and kernel-space.

With io_uring, DPDK-style kernel bypass might stop making sense altogether.

ffk · 2 years ago
It depends on what you are trying to do though. I don’t think the kernel has an easy path to operating on a set of packet headers as a vector at this point. Not saying it can’t happen, but it’s an area where user space is already ahead.

For reference, there was a previous test that demonstrated 40gbps with ipsec between two pods on separate nodes in k8s where the encap/decap achieved 40gbps which was the line rate for the Intel NICs used.

Details were published here: https://medium.com/fd-io-vpp/getting-to-40g-encrypted-contai...

I do agree that io_uring will negate the need for DPDK for many use cases though, it will likely be a much simpler path and more secure path than DPDK.

ffk commented on Surpassing 10Gb/S over Tailscale   tailscale.com/blog/more-t... · Posted by u/mssdvd
ThePhysicist · 2 years ago
Pretty amazing that you can achieve such a throughput in a Golang userspace program. I wonder if other UDP based protocols like QUIC can attain those numbers as well.
ffk · 2 years ago
Interestingly, the fastest CPU based network switches tend to do full kernel bypass. The kernel is generally slow compared to OVS and VPP, especially when they traverse over something like DPDK.
ffk commented on 700k car insurance prices show why you can't insure a Kia   coveragecat.com/blog/car-... · Posted by u/remotecar
ffk · 3 years ago
If you secure a loan for or lease a car, isn’t insurance mandatory for completion of the transaction? If so, how are most people still driving Kias off the lot if they can’t get insurance?

Ora are people getting insurance and finding their policies unrenewable?

f

u/ffk

KarmaCake day826October 13, 2011
About
[ my public key: https://keybase.io/fkautz; my proof: https://keybase.io/fkautz/sigs/rhNdE-CF-1xbpdi6s78rC2nonO5KNtd_wVsXHo2Kl1A ]
View Original