The difference is that most/all sugars are not inherently harmful, and we believe that they can be consumed safely at reasonable doses. A bit of glucose or fructose won't kill you, and is a (small) natural component of your diet. So banning sugar would be rather hard, compared to complex toxic chemicals which can't be processed by our bodies, decay slowly, and where we really have fairly limited reason to put in products.
Very impressive stuff. We should see more and more of this sort of assistive technology, to alleviate and improve on the manual labour of programming. This isn't a language issue, although perhaps this sort of branch annotation in production systems is the sort of thing a futuristic language runtime might offer.
Good work, Daniel. A laboriously-gathered overview of current practice, and discussion of how to determine whether uses of illegally-obtained data are justified.
That's a different field entirely. Just because some American hospitals have trouble organising medical ethics reviews, does not mean that European or even American CompSci researchers will run into the same problems. Indeed, Daniel is (I think) positive perhaps based on good interactions with the ethics committee here (my wife is certainly happy with the ethics reviews she's had).
Even in that SSC discussion linked, many SSC commenters agree that their own ethics system was far easier, even in medicine.
You seem to be extrapolating from an extremely small sample, and one that mostly makes fun of things that would exist (eventually) in any such process. It's not really a useful rebuttal, and you probably should not draw strong conclusions from it.
Brilliant spot! I hadn't read that in the local papers - there was simply criticism of the 'boxy' design. I live right by that station, and used it for the first time this weekend (only a few days after it opened) and my wife and I commented on the attractive appearance of it.
Despite some controversies (are there enough ticket machines, enough toilets, enough train services, and so on...) Cambridge North is going to become a popular station.
Why should it bundle the kitchen sink - I wouldn't expect all codecs to come with their own container format! You can put it in Ogg or use its own more-limited native metadata handling.
> I wouldn't expect all codecs to come with their own container format!
Huh? That seems totally wrong to me.
I wouldn't expect a codec to develop their own, unique, incompatible container format, and I would hope very much that they would not (!!), but it's a real mistake to develop a codec and not specify at least some sort of preferred container format.
Otherwise, people are going to do what is often done with FLAC: not put it into a container format and just treat the raw output from the codec as a distribution format. And then complain that the whole thing sucks because there's no support for multiple streams, metadata, lyrics, subtitles, album covers, cuesheets, whatever.
The way to avoid that is not to set users up for failure by releasing the bare codec without some sort of preferred container format that's used by default. If the FLAC encoder had always used OGG containers (or Matroska or Quicktime or AVI or whatever) by default there'd be a whole lot fewer bare FLAC files floating around, convincing everyone that "FLAC sucks because there's no metadata".
That said, there are some issues with container formats as they are frequently implemented, which tends to drive users towards not using them and just exchanging bare codec output: if you separate the user from the codec with an intermediate container layer, you can create a ton of frustration when users get files that they think they can use, based on the file extension, but then get an error because they don't have the codec du jour... but there was no obvious way to tell that when they were looking at the file. The codec used is far more important to the average user than the type of container format, most of the time. (And yeah the ideal solution would be for filesystems to stop sucking so badly at metadata; MacOS and HFS was better at this stuff in 1996 than most modern computers are today -- at least it had the idea of both a file "type" and its "creator" as distinct things from the extension.) But in our world, the result is some containers being perceived as "unreliable" or "fussy" because they're used for a diversity of codecs that not all implementations have.
I don't have a great solution to that second problem, but at the very least I think that the file extension should follow the codec combination used inside the file, and not the container format. E.g. an AVI container with AVC compressed video inside shouldn't have the same file extension as an AVI container with Sorenson Video inside it; those two things are not interchangeable as far as a user is concerned. Since file extensions are the only metadata users get, they need to somehow represent the combination of both codec+container.
It's good for the library to be robust, but four code cleanliness issues (not triggerable remotely) hardly counts as news in the world of vulnerabilities!
Keep them coming, I'm glad that so many of us who use mbedTLS are reporting these little issues and getting a better library (with an excellent track record of very few serious problems).
There are not code cleanliness issues. These are all public API functions. Whether any of these bugs can be triggered remotely depends on the application and which API functions it chooses to expose to untrusted data (or how it deals with the results of the multi-precision integer functions). From the limited number of open-source projects that use mbed TLS, it's difficult to gauge how widespread the overall use of these functions is. That said, you are right in saying that it they are not critical in the sense that they are reachable through the library's public-facing TLS state machine.
You can probably find the same or similar bugs in lots of crypto libraries. I occasionally fix similar issues in ring and BoringSSL so that the BoringSSL/LibreSSL/OpenSSL/ring community can discover and fix the issues.
Arguably, the real bug is that these crypto libraries even try to represent negative numbers at all in the first place. In ring I'm close to removing all support for negative numbers.
It is possible already - you can do `command 2>&4` to separate the output from one command in a pipeline into its own stream, then do `command2 <&4` to pull from the further down the pipeline.
This would allow many things, for example searching for multiple terms across all files in the whole file system in one go without opening each file more than once, and then grouping the different results together in accordance with the term that they matched.
I agree, Cassandra is doing here exactly what I (as a user) would expect.
When using a DB like C*, you always have to ask yourself, "does this update happen before or after this one - have I done anything to ensure that's the case?"
In this example, the second query (the UPDATE) is being partially applied before the first query (the INSERT) - and that's OK, because there's no ordering or dependency in the second query that forces it to run second. So the reordering of the queries that he's observing is legal, and can be simply avoided with "UPDATE ... IF revision = :last-rev".
My biggest complaint about C: SQL-like interface. These seems like a terrible decision to me.
If you are used to relational databases and SQL, it's a real struggle to get your head in the right place. Some of the gotchas:
Cell level vs row level consistency/locking (as stated in this article)
* Grouping / counting isn't really a thing.
* WHERE statements are actually used for identifying the key/value pair you want and not for filtering the rows.
* Indexes aren't really indexes. They are definitions of partitions and sort order.
> the second query (the UPDATE) is being partially applied before the first query (the INSERT) - and that's OK
"Partially applied" is ok with a database?
The description of Cassandra on it's site is "Linear scalability and proven fault-tolerance on commodity hardware or cloud infrastructure make it the perfect platform for mission-critical data."
If it's mission-critical data, I wouldn't do arbitrary things with it for conflict resolution that can corrupt data.
Cassandra is perfectly fine. If you want your writes to be consistent, learn to use LWTs properly. The same way, if you want your data to be fully consistent in RDBMS, learn to use SERIALIZABLE isolation level (which is not default in most RDBMSes for performance reasons). If, in an RDBMS, you use SERIALIZABLE for half of the updates and READ UNCOMMITTED for another half, guess what consistency guarantees do you really get?
This is not arbitrary. It may be not intuitive coming from a rdbms background, but it isn't arbitrary.
As Johnathon pointed out, it's like properly using synchronized or volatile half the time. I don't call it sometimes not working as arbitrary. I call it expected for not following the rules of the system.
If I follow your argument correctly, it is basically the same argument as "your C compiler is correct, what you've written is invalid and the standard allows undefined behaviour here".
Which may be a technically valid argument against the compiler/database system, but it's not a valid argument for defending the system as a whole: if a standard allows arbitrary execution instead of bailing out on non-standard (ambiguous) input, it is unreliable.
Is variable assignment in c/java/... unreliable? It behaves very similar to what C* does. Concurrent access and modification will produce undefined behaviour if you don't explicitly protect it.
Getting access to things like concurrent locks is HARD to get right. That is why there are so many simple languages that don't let you touch concurrency.
Doesn't mean there is no need for it in the world, and no one should be able to use it.
RDBMSes can cause similar inconsistencies if you don't know what you're doing. It is like setting read uncommitted and then complaining about dirty reads.
Let's pretend I'm leading a blind child by telling them which direction they should go, and if they don't step carefully, they could be hurt.
If I can't see the child, should I continue to give them direction, or tell them to stop?
In this use case, the database makes changes to data without knowing what is correct and what is harmful. That is not the user's fault. It's a code choice.
