wetpaste (u/wetpaste)

wetpaste commented on Boris Spassky: 1937–2025 en.chessbase.com/post/bor... · Posted by u/throwaway81523

Idk, I'm an amateur and that just looks like an obvious terrible move. I don't get it. What's to calculate?

wetpaste · a year ago

I don't think it was purely a calculation error, it was probably also an intuitive evaluation. Bobby was trying to complicate the game and create an imbalance, where there were still winning chances if misplayed by spassky, but obviously it was a bad evaluation and it backfired. I think he was in a bit of a mood and got reckless. He had been making a lot of demands leading up to this and threats to not participate, probably got frustrated by the drawn endgame and took a big risk. I don't think he ever really opened up about his reasoning to be fair, but was asked along the lines of "were you trying to complicate the game" and he said "something like that". After losing those first two games he demanded the cameras to be removed from the playing hall and started to play really well against spassky, so possibly a psychological aspect from the cameras were also to blame. Maybe he knew he was throwing the game and it'd make for an entertaining match... the guy was sort of insane

wetpaste commented on Blunder Free Chess – visualize which squares are attacked taonexus.com/blunderfreec... · Posted by u/logicallee

wetpaste · a year ago

I love the concept. I wouldn't prefer to play chess this way, but I've had a lot of practice, I find it visually a little distracting but I started getting used to it.

I had a situation where my queen was being attacked by a bishop, and the board showed a "safe" space to move my queen, but that queen would have still been attacked by the bishop along that diagonal. Not sure how you solve that, maybe when clicking on a piece, recalculate the board as if the piece is no longer there?

Wonder if simple fork, skewer, or attack counting threats could also be highlighted in some way. I suppose at a certain point it's just too visually busy and the tactics get way deeper than the surface level notions and end up being a distraction, but could be fun exploring an opening or previous game and seeing the "obvious" threats you might not have seen when playing

wetpaste commented on I Didn't Need Kubernetes, and You Probably Don't Either benhouston3d.com/blog/why... · Posted by u/bhouston

wetpaste · a year ago

RE: slow autoscaling

Maybe the cloud companies could do something here by always keeping a small subset of machines online and ready to join the cluster. Provided there is some compromise in what the configuration is for the end user. I guess it doesn't solve image pulling. Pre-warming nodes is an annoying problem to solve.

Best solution I've been able to come up with is: Spegel (lightweight p2p image caching) + Karpenter (dynamic node autoscaling) + pods with low priority to hold onto some extra nodes. It's not perfect though

wetpaste commented on Awsviz.dev simplifying AWS IAM policies awsviz.dev/... · Posted by u/bscript

JackSlateur · 2 years ago

I find IAM to be a great product. I cannot imagine how we could make it different, without removing some of its capabilities: after all, this is nothing but a list of <who, what, on which> permissions

wetpaste · 2 years ago

I think it gets hard when an emergent chain of complex trust relationships need to be built and understood. Things like IAM identity center, workload identity, IRSA on EKS, service principals vs roles for accessing other services from a service, resource policies vs principle-level policies and when to use each. Not necessarily intuitive all the time. I don't think it's THAT hard and I understand why some of these things were built this way, but it's a huge complicated ecosystem of services and I understand why it can get confusing to some. Gotta be disciplined about it.

wetpaste commented on Affinity's Adobe-rivaling creative suite is now free for six months theverge.com/2024/7/8/241... · Posted by u/Tomte

dagmx · 2 years ago

It truly depends what you do and need.

IMHO, as someone who professionally uses the Adobe products and has licenses to all the Affinity suite, none of the apps compare favorably to the Adobe equivalents other than price and a superior iPad version.

They’re all great apps though but they definitely exist in the tier below adobe’s offerings. Which may be fine for most folks but hasn’t been for me, because I literally cannot complete projects in them and I certainly have tried.

Affinity Designer lacks many utilities from illustrator like advanced gradient handling, perspective alignment and repetition automation. Inkscape isn’t that far off from Designer imho.

Affinity Photo is fine as a photo editing tool but it falls apart for more advanced edits where you need to use brushes and advanced masking tools. Again, perspective tools and more granular referencing tools are just missing or broken. It is a significant step up from Gimp though but I would personally push people to Krita instead.

Affinity Publisher is the weakest of the trio. But then again, so is InDesign. These two aren’t too far off but InDesign has better tools around multi page layout and quickly updating templates references. I don’t know of a good OSS equivalent.

Again, I think these tools are great for people who value the price over the feature set. Most people don’t need more than they offer. But if you’re a professional, the Adobe products are yet unmatched.

wetpaste · 2 years ago

Coming from the world of audio software I've always wondered why it seemed like Adobe has such a stranglehold on visual work and nothing really catches up to photoshop or illustrator. In audio there are several big DAWs (digital audio workstations) that I would classify as popular and competent enough for serious work, each of which has artists or producers that have built successful careers around. Yes there are endless wars about what is better but more or less can do the same things and most experienced people say, choose one, learn it, decide what works for you. I feel like with photoshop it's always like "oh it's missing critical feature x, y, and z compared to photoshop so it's a dealbreaker". The closest analogy I could think of is pro-tools being a popular "de-facto" standard in many pro recording studios, but most hobbyists don't use pro-tools and agree that it's popular in pro studios mostly due to tradition.

I'm surprised there aren't at least a handful of adobe competitors that carved a niche and are significantly popular because they made some key workflows faster, more intuitive, or more powerful.

Maybe this difference is because of ubiquitous plugin formats like VST that translate across different DAWs?

wetpaste commented on You cannot simply publicly access private secure links, can you? vin01.github.io/piptagole... · Posted by u/vin10

victorbjorklund · 2 years ago

Can someone smarter explain to me what is different between?

1) domain.com/login user: John password: 5 char random password

2) domain.com/12 char random url

If we assume both either have the same bruteforce/rate limiting protection (or none at all). Why is 1 more safe than 2?

wetpaste · 2 years ago

In the context of this article, it is that security scanning software that companies/users are using seem to be indexing some of the 12-char links out of emails which ends up in some cases on public scan. Additionally, if domain.com/12-char-password is requested without https, even if there is a redirect, that initial request went over the wire unencrypted and therefore could be MITM, whereas with a login page, there are more ways to guarantee that the password submit would only ever happen over https.

wetpaste commented on Square is down issquareup.com... · Posted by u/philip1209

wetpaste · 3 years ago

I'm kind of surprised at the statement that Terraform is bad at bootstrapping things like Kubernetes, not the statement on it's own, but in context of using Talos. Yes, for a lot of roll-your-own Kubernetes cluster distributions, it isn't great at it and implementations are somewhat badly maintained, but for Talos specifically it's actually a very nice experience. They've done a good job on the provider and made it possible to bootstrap in an idempotent way, and it helps manage the lifecycle, upgrades, going forward by talking to the Talos control plane after it's bootstrapped. It's still being actively developed but I think their approach works better than most, and in some ways feels nicer than trying to bootstrap something like EKS with terraform. https://github.com/siderolabs/terraform-provider-talos

wetpaste commented on Engineer says Google fired her for notifying co-workers of right to organize nbcnews.com/news/all/secu... · Posted by u/danso

thu2111 · 6 years ago

Probably a bit naive?

Security tools, and especially extensions that run with full browser access, are in an exceptionally trusted position. Employees who can inject code into arbitrary websites can in effect get administrator access to anything in the company, as Google is run almost entirely off of web apps of various kinds. It's actually hard to get more trusted than that: without a doubt this woman effectively had a greater level of access than Sundar Pichai or other senior executives.

If there's one thing you don't screw around with in any firm, its mis-using administrator access. Mis-use here means doing things that aren't related to your job description. You just don't do it! What she did would be like a logs engineer deleting internal access logs to cover up activity by political allies, or a GMail engineer spying on conversations between executives. It's complete madness to think you can abuse such a high level of trust in such a direct way and get away with it!

I used to have a certain type of Google account system administrator access. The way I used it was watched very closely, and deservedly so. Eventually it was removed because Google built better security systems that could restrict employee access more, and in my team were happy about this (for one, it meant we were less likely to be hacking targets). The idea of anyone abusing this sort of access for political reasons was unthinkable.

I honestly can't believe people here are defending this kind of behaviour. If Googlers feel it's OK to abuse root@chrome for unionisation related purposes, what else might they start doing? What about people perceived as 'bad'? Google needs to explain what happened here pronto, because apparently she was able to get this change through code review? So she had internal allies who approved her abuse of access? That is tremendously worrying.

Google is very rapidly burning the trust it requires for its business models to function. How can anyone trust the firm when 21 year old activists are able to manipulate Chrome for political causes and Google's own security procedures are unable to stop them?

wetpaste · 6 years ago

This is reprimanding for the content of the message, not the scope of the code which would have actual security implications. Furthermore, it is a warning about not violating an actual company policy. This is not far off from the scope this pop-up tool is designed for. While it is clear that this was done as a response to google hiring this firm to dissuade folks from organizing, I could argue that it could be done to warn managers not to use the firms presence as permission to violate a specific policy + law. IANAL but this seems like extremely grey legal area. For example, this could be aimed at managers to remind them that even though this firm is hired, they cannot enforce a ban on organization according to that specific policy in the handbook. I think that's an appropriate use IMO, it would save the company some serious money and headache if it stopped a manager from illegally retaliating against organization.

I would not characterize this as evidence that this person is a security risk. It takes existing culture of google, including past incidents like changing the default desktop wallpaper for a protest that was happening, etc.

Also if this is true it is totally insane. Sounds like intimidation tactics to stop exactly what the pop-up warned against.

> They also dragged me into three separate interrogations with very little warning each time. I was interrogated about separate other organizing activities, and asked (eight times) if I had an intention to disrupt the workplace. The interrogations were extremely aggressive and illegal. They wouldn’t let me consult with anyone, including a lawyer, and relentlessly pressured me to incriminate myself and any coworkers I had talked to about exercising my rights at work.

wetpaste commented on Game developer loses multiplayer service code steamcommunity.com/games/... · Posted by u/eropple

gustavorg · 7 years ago

Why would you back up the server?

Because the rule number one of the programmers club, is backup everything, everywhere, all the time, if you don't remember do it again, and if you're sure you have enough backups do it again anyway. I even do backup of my backups everyday (in pendrives, in cds, in ancient scrolls, etc)

wetpaste · 7 years ago

In the age of treating servers (or containers) like cattle instead of pets, the "Back up everything" mantra has fallen by the wayside. In order to get away with selective backups you have to know exactly where long-term state is stored and you need to have the infrastructure in place to manage re-provisioning everything and restoring snapshots. It's not something you can tack on later. Iterate, test, integrate, document, audit, review. It ends up being much more complicated than periodic wholesale snapshots on a server.

There's a certain elegance and assurance you get from this that has been lost with the times, akin to how monolithic server software with all functionality natively available in the code has gone away in favor of microservices. Now you have message queues, k/v stores, caches, search engines as a microservices that are tacked on to the core services and rarely fully understood by the engineering team and containing more functionality than the codebase ever really utilizes. Ends up being more complicated in manage in a lot of ways. I think the emergence of microservices is one of the driving forces behind selective state backups, because you can never back up the entire state at once, everything is too spread out. You're not going to back up the running state of the k8s node, or whatever

wetpaste commented on Cadence: Uber's Workflow Orchestration Engine github.com/uber/cadence... · Posted by u/vruiz

redact207 · 7 years ago

I've been working on a similar workflow engine for node at https://www.npmjs.com/package/@node-ts/bus-workflow

The main objective of workflows is to manage long running processes. By processes I mean business processes like coordinating the activities of fulfilling a customer order (settling charges, picking inventory, packing, dispatching, email receipts etc). It's a way to keep all those individual commands decoupled but coordinate them at a higher level.

This isn't a new concept by any means, and is often paired with Domain Driven Design and message based systems. Doing so gives you a library of events everytime something happens in your system that can be reacted to in a workflow.

If you've ever dealt with microservices, or even a monolith where two internal services are incorrectly coupled together then this approach may be worth looking into.

wetpaste · 7 years ago

Thank you. I feel kind of silly about this but I feel like I've had a hard time understanding when an org should, or could use something like this. I have seen them mentioned but every time it's explained it's explained with more abstract language on top of it that confuses me. I keep hearing "it manages business processes" but then it fails to mention if this means like, a human being's process within an org, or something coupled with an application of some sort that has business processes in the application? Does this type of thing replace sort of what Jira does, make a ticket and then pass it off to the next team or whatever? Do you ship it with the app for on-premise deployments of a software product? I have a hard time seeing the big picture with things like this sometimes. Then I hear workflow orchestrator and I think, oh okay so like ansible, but for, work...flows? But what is a workflow really exactly?