It's obviously, trivially broken. Stores the index before storing the value, so the other thread reads nonsense whenever the race goes against it.
Also doesn't have fences on the store, has extra branches that shouldn't be there, and is written in really stylistically weird c++.
Maybe an llm that likes a different language more, copying a broken implementation off github? Mostly commenting because the initial replies are "best" and "lol", though I sympathise with one of those.
There's no relationship between the two written variables. Stores to the two are independent and can be reordered. The aq/rel applies to the index, not to the unrelated non-atomic buffer located near the index.
> There's no relationship between the two written variables. Stores to the two are independent and can be reordered. The aq/rel applies to the index, not to the unrelated non-atomic buffer located near the index.
No, this is incorrect. If you think there's no relationship, you don't understand "release" semantics.
> A store operation with this memory order performs the release operation: no reads or writes in the current thread can be reordered after this store. All writes in the current thread are visible in other threads that acquire the same atomic variable (see Release-Acquire ordering below) and writes that carry a dependency into the atomic variable become visible in other threads that consume the same atomic (see Release-Consume ordering below).
> write with release semantic cannot be reordered with any other writes, dependent or not.
To quibble a little bit: later program-order writes CAN be reordered before release writes. But earlier program-order writes may not be reordered after release writes.
> Relaxed atomic writes can be reordered in any way.
To quibble a little bit: they can't be reordered with other operations on the same variable.
That's backwards: in C++, a release store to head_ and an acquire load of that same atomic do order the prior buffer_ write, even though the data and index live in different locations, so the consumer that sees the new head can't legally see an older value for that slot unless something else is racing on it seperately. If this is broken, the bug is elsewhere.
If you can get a megawatt into the car batteries without setting them on fire, that's game over for petrol cars. And for the other electric vehicles that haven't worked it out yet. Only reason I'm on petrol is unwillingness to wait an hour to recharge the car.
The rest of the infra is fine if that can be done. Array of batteries and/or capacitors at the supply point and draw continuously from the grid.
Most entertainingly run a diesel generator on site if that doesn't work out. Lines up well with basing them at the existing fuel stations, got the diesel supply already sorted out.
Put a bunch of solar near it when you can. Maybe sell back to grid, nice to have the extra capacity available.
All comes down to capital deployment at that point. Do the calculations on how much to charge for slow car charge vs fast charge, fallback to slow with an apology/discount when the infra is struggling etc.
Huge news. Iff the cars don't catch fire when plugged in.
I have as far as I'm aware the cheapest 800v car on sale in the US (Hyundai Ioniq 5) and in the right weather conditions a 20-80% charge is legitimately 10 minutes.
The weather conditions do unfortunately matter. Travelling during the post-Christmas blizzard last year was very much less than ideal. The battery heaters in my car could not keep up with how bitterly cold and windy it was and I had multiple 30-45 minute charging sessions because it wasn't ever warm enough to accept more than ~120kW.
I'm looking forward to traveling with it in the warm season and seeing how things compare.
Now (in China) there are also cars with sodium-ion batteries, instead of lithium-ion batteries.
Sodium-ion batteries have the disadvantage of a worse energy per weight ratio, but they also have an advantage (besides the fact that they will become cheaper when their production will be more mature): they work much better at low temperatures, not losing capacity or charging speed until minus 40 Celsius degrees.
Therefore, they may become preferable in colder climates, where they will not have the problems described by you.
> If you can get a megawatt into the car batteries without setting them on fire, that's game over for petrol cars
Chinese people are complaining about this. In highway service stops, the megawatt charger is too fast, the 20%-95% charging is done before people returns from the toilet. Realistically, the charging speed should take around 10 minutes in average for everyone.
Or there could be some price surges. You are in a really hurry pay some 1.2x price for 3 min megawatt charge, or flat price for a regular 10 min charge.
For me EVs already won when charging got down to 20 minutes.
EVs charge unattended. It takes less of my own time to leave EV plugged in parked next to a place I want to be at, than to go drive to a gas station and stand there holding a smelly nozzle.
Agreed. Right now EVs are almost strictly superior for day to day usage (only real downside is that the higher weight goes through tires faster). But for road trips, combustion vehicles blow them out of the water. If I'm taking a 12 hour road trip, no way am I going to take an EV if that means I will have to spend an extra hour or two charging it.
My wife has an EV and it's genuinely really nice. But until they get the charging experience on par with the speed of filling up a gas tank, we will always have one of our two cars be a combustion car, to give us that extra flexibility for long trips.
Or just eat an extra few minutes of charging time once or twice a year; it's simply not a big deal. Charging at home saves me so much time relative to getting gas that the occasional road trip wait is already overcompensated for. ICE/hybrid only saves you time if you can't charge at home or do lots of road trip type driving.
"Fair" or "insane" ideas on price vary a lot between people. See also "competitive" salary on job posts.
You might think $10 an hour is fair. Or you might think $1000 an hour is fair. If the developers you're trying to contact can't guess where you are on pricing, they'll probably ignore you.
Internet traffic today is estimated to be a few tens of exabytes per day. Even if you assume 100000 Starlink satellites (we're far from that), each satellite would have to handle hundreds of terabytes per day. That's tens of gigabits per second per satellite, assuming traffic is split evenly among them (will never happen in real situations).
Starlink V3 can pump out some seriously impressive speeds and handle thousands of clients. Starlink is both a great leap forward in rocketry and radio technology.
I do still think funny how we are going back to the pre war technology tree for a re-visit
That's not even sufficient to handle the needs of a single large city. The limitation is that even with the much larger constellation they hope to deploy there won't be enough satellites visible at once from any given large metro area.
So gain access to a machine that can ask microsoft intune to eviscerate the company, ask it to do so, done. Bit of a shame all the machines had that installed really. Reminds me of crowdstrike.
My 95% bet is that the attacker just gained access to an account with suitable privileges and then went on to use existing automation. The fact that it’s intune is largely irrelevant - I’m not aware of any safeguards that any provider would implemen.
So the options here are MDM or no MDM and that’s a hard choice. No MDM means that you have to trust all people to get things as basic as FDE or a sane password policy right. No option to wipe or lock lost devices. No option to unlock devices where people forgot their password. Using an MDM means having a privileged attack vector into all machines.
How does that look exactly? Someone has to be able to use MDM to manage devices or there’s no point in having it. This scenario is firmly in rubber hose/crescent wrench cryptanalysis territory. Can updates have delays with approval gates built in? Does MDM need a break glass capability?
Do not use global admin or admin account as daily driver for one. Dont save it in browser etc either.
Limit roles, even within the application, here Intune.
Office 365 also has conditional access and many policy leavers to tweak, many cases of people locking themselves OUT of 365. So the gates work but you need to configure them.
For Stryker specifically? We don't and probably won't know details.
For companies in general? Background checks, security clearance etc are done if the company determines this necessary and are willing to pay for the process and higher salary.
I’m asking if it’s possible to secure the MDM process in a way that Iranian operatives can’t simply torture an administrator into pushing the big red MDM button.
Well, all the machines in the current outfit are Linux as far as I know. Services are self hosted. Seems to be fine, teams et al run adequately in a browser for talking to people on other stacks.
Previous place had a corporate controlled windows laptop that made a very poor thin client for accessing dev machines. One before that had a somewhat centrally managed macbook that made a very poor thin client for accessing dev machines.
You don't have to soul bond to Microsoft to get things done.
I don't see how Linux would prevent anything if company wants similar controls on their machines. Like tracking update status, forcing updates when needed, potentially wiping entire device when stolen and so on. Fault really is not the OS but the control corporate wants over their devices. And it does make some sense.
Indeed. You'd expect a corporate IT system to be able to ssh as root into all their devices. And the cloud is even worse: if you get hold of the right IAM role, you can simply delete everything! That does usually get locked behind proper 2FA, but it's not impossible to phish even experienced admins once in a while.
All the Linux kernel development work is organized around a mailing list, and some private IRC chats for the core people. It's the technology of the nineties but it works for them.
A lot of corporate stuff seems to be much worse than even a random vibe coded web app. I have to book holiday through something called "HR Connect", watching pages load laboriously and redirect every login through several very long URLs. Slowly.
Yes, the Linux kernel people can be trusted to manage their own machines. Random corp employees cannot. Also corp machines are corp property, not the employees own. If you have 1000 or 10,000 machines you need to manage them. Full stop.
Yes, many corporate websites are bad. Like ERP or HR systems. None of that has to do with device management, RMMs/MDMs or Intune.
Microsoft keeps disappointing and chief technology officers keep paying them. Wasn’t Elon Musk supposed to prove you could vibe code their entire product line? What happened to all that?
An alternative is people install the software they choose to on the machines they're using. Optionally write a list of suggested programs down somewhere.
In that world, there is no central IT team pushing changes to machines and arguing with developers about whether they really need to be able to run a debugger.
I don't know how to keep windows machines alive. It's probably harder.
- Ensure the machines are up-to-date and users are not just indefinitely postponing OS updates?
- Same as above but with programs/software
- How do you ensure correct settings configuration in terms of security? Say default browser, extensions, program access etc?
- Re-image or reinstall the OS when there are issues or PC handover to another employee? Manually with a USB stick?
This kind of control exists and is needed for Linux and MacOS too. RMM is not a Windows only thing...
The critics here see Intune but what if they used another RMM and they compromised another cloud RMM account? Same issue.
Also, here there is no "arguing". They order the software from our portal and it gets pushed into Company Portal via Intune...
Write down a list you say... idk what to say. You have only worked for small startups I gather? Nothing wrong with that but please recognize that these types of limits and programs are not deployed for fun or to ruin your day.
I hear zero-trust is a trendy buzzword at the moment, so let's apply the basic idea here: having a hard shell and a soft and chewy center is not a security posture that works, in practice. You need to harden at every level. RMM uber-admin credentials are the ultimate soft center: you compromise those, you can kill the entire IT infrastructure. The only alternative is to distribute access: have multiple smaller IT teams that adminster small parts of the system, with more 'central' roles providing services but not having full control of most machines. It's not a fun option, but it might also work a lot better if each team can actually adjust policies for the environment they're working in as opposed to trying to have one completely unified policy for an entire multi-thousand employee company. And, for critical systems, I would seriously consider the wisdom of having a remote 'wipe and reformat' button at all.
At a bare minimum, your backup systems should have a completely disjoint set of credentials to your main systems, stored and controlled differently, ideally by a seperate team, if you have the resources.
(And the arguing becomes a problem when IT ceases to consider their job to be solving problems for users within some constraints, and just starts to consider their job to be enforcing those constraints. This also mixes badly with incompetence, which tends to turn everything into a tedious tick-box exercise that neither improves security nor solves user's problems. It's not a good time to have an IT department that can't resist any new security checkbox a vendor offers but can't figure out how to work any of their fancy tools to make life even the slightest bit smoother for their users)
Everyone doing it doesn't make it a good idea. The big tech companies and governments are I think a little more paranoid about rouge admins, so they do at least try to limit the blast radius of any given credential, but almost no-one else has that level of maturity, which creates this pretty big chasm in the resiliance of IT organisations as you go from small to large.
(There's also a certain irony about IT complaining that a change to improve security would mean they can't do their job as easily)
I think you do not understand what a massive undertaking even securing a tenant in GSuite or Office 365 can be. Plus networking. Plus end user computing.
On top of this you want companies and governments to make their own tools?
You have a vision... of something zero trust. Now make it and implement it. Oh, not so easy?
S3 buckets used to be open by default. Office 365 had MFA as optional for a looooong time. So things are improving.
I, for one, don't really want employees to install video games, porn cam clients, torrenting apps, shady vpn clients, crypto miners, remote access tools, dns "optimizers" and more generally viruses on their work computers.
On HN, if you have a valid point but get unnecessarily aggressive about it, people will downvote you for attitude. This mostly keeps the forum under control.
I am sorry and I get carried away sometimes but it is frustrating seeing comments from cowboy devs saying to just give everyone admin, have an excel sheet of software and have people manage their own PC and to get rid of IT just because as here they got phished or breached.
That works for a 5 person company but not a 1000 person company. Or a 10 person company with 1000 machines.
I used to work in test automation for a huge company with terribly annoying IT. I can tell you for a fact that our entire department had well-developed workarounds for the most annoying policies. We even had a few intune 0-days that we literally kept to ourselves to be able to do our jobs properly.
Because in the end, it’s not IT on the line for their odious policies causing late delivery, it was us.
What was so annoying? Having to reboot for Windows updates/programs and MS Defender running?
Also, if the company is certified in some way there are audits for these things, you understand? Such as updates, backups, security, PAM, antivirus etc :)
Subvert these controls intentionally, especially security ones = bye bye. Logs don't lie. We see you.
We never got caught or fired. I won’t detail the 0-days we used because I’m pretty sure the team is still using them, but I can assure you that the logs DID lie.
Some bigco jobs have felt that way to me: I don't know if I'm actually creating anything valuable, but I'm getting paid. I think the people who are most anxious right now are the ones who suspect they're not really creating anything of real-world value, and they're terrified that they're about to stop getting paid as well.
It's often way easier to capture value than to get compensated for creating it.
It's definitely indicative of an unhealthy organization or society when this happens but generally I've still found this to be the norm.
Indeed, maybe one of the reasons why free market capitalism functions is because it has a built in check (bankruptcy) against this natural human organizational tendency.
I think a large part of why software devs were so well compensated in the last decade was because we were helping build the systems which made the capture of value more efficient (whether from taxi drivers, smbs, property rentals or whatever), not because we were facilitating its creation.
Maybe in the first 10 years of your career, after that you totally have the skills needed to create value from nothing - something no value extracting actor will ever be able to learn.
Might take a while but the milk surely becomes butter. His point is valid, maybe your pov is a bit clouded because his baseline is quite high (fame, money) but its not that different at a lower baseline. You bring 1.x to the world that fights over a deemed finite set with 0.x tools.
Who creates value in the art market? Is it the artist who creates the work? Or the dealer who persuades the buyers that the work has value? As a builder I’m attracted to the fantasy that I can create value with my bare hands just by writing code (or telling the AI to write the code), without needing any of those horrible slimy people in suits to build a business around it. Rock n roll man. If you build it, they will come. Is that the reality though? Or just survival bias based on the fact that a few geeks got lucky during the original dotcom boom when they had no competition from actual businessmen?
you can create value by preventing damage in the future, this will get rewarded by the ecosystem itself. That's really hard to describe, but you can try simply removing a danger or annoyance in an ecosystem like your hood or local park then be attentive about what will be better in your own life.
Art creates value with measurable 1.9x in my country, its studied and thus gets funding because they know every 100€ funded will create 190€ of economic value. This means if you give an artist 100€ doesn't matter how - the local economy will grow by 190€. Magic? Well it's just many soft factors - higher quality of life leads to more educated and productive people!
Understand these are all tools to make more of WHAT IS ALREADY THERE and has nothing to do with extracting resources and selling them or bartering. I think your dotcom bubble is an extreme with no value for general advice.
So you think that engineers that maintain and write the FOSS that runs most of the world IT infrastructure ( Linux, Curl, GIT etc. ) do it for the returns ?
They don't, and as a result most don't get much if any.
For them to survive, they have to have got returns from somewhere - maybe welfare, inheritance, a day job. Someone has to have worried about the returns so they can be free from thinking about it.
And if you don't worry about returns, you will let someone extract it ruthlessly from you, that you contribute millions of value to a company that gives you nothing back. This may be fine to you at some level, but many of the people who you allow to exploit you use the resources they gain as leverage to further their selfish ends, like a certain richest man in the world who helped a certain politician buy an election at the most powerful country in the world.
No, that's exactly parent's point. The premise of the title can be read as "just create value, don't worry about monetizing, things will work out (financially)". Which is invalidated by FOSS
It isn’t. FOSS doesn’t just create value it gives it away for free usually in a not so friendly way to the point entire companies exist to streamline and support projects (eg redhat)
I am pretty sure not most of them. In something like linux, that is the case, but I think there are so many other projects that barely receive financial or any other kind of support
> If you don't worry about the returns, you won't get any.
He was focusing on value, not returns.
That being said, his take is still a dumb take - if you focus on creating value you may not capture any of that value for yourself. If you don't capture that value, someone else certainly will.
The age of creating value for the public good is well and truly over - any value you create for the public good in the form of intellectual output is immediately captured by profit-maximising companies for training your replacement.
It's not just a case of having your value captured by someone else, the AI corps are actually taking your captured value and then using it against you.
Well yeah, business has literally always extracted value from open source software, that’s one of the main benefits of it… (although license violations have been unprecedented with AI)
“Creating value” in open source has never been about capturing value at all, it’s always been about volunteering and giving back, and recognising the unfathomable amount of open-source software that runs the modern world we live in
“Capturing value” is the opposite of this, wall-gardens, proprietary API’s, vendor lock-in, closed-source code… it’s almost antithetical to the idea of open source
> “Creating value” in open source has never been about capturing value at all, it’s always been about volunteering and giving back
I disagree; the GPL has always been transactional. You capture the value in your product by ensuring improvements come back to you. The user "pays" by not being able to close the product off.
> If clean-room re-engineering a MIT code base starting from a GPL one is legit, then AI has just made that the status quo for everything.
I agree; this is what I meant by "the value is being captured by someone else".
GPL provides the author with a specific value - you get back improvements. Using AI to launder that IP so that improvements don't have to be upstreamed is effectively capturing the value.
> The age of creating value for the public good is well and truly over
It's not a zero sum game. Someone putting my open-source contributions (for example) in their dataset isn't subtracting value from me, or the rest of society.
I just do my job to the best of my ability. If I can help a colleague I do. I don't expect to get explicitly credited for everything I do.
If my employer can't see or don't care about the value I bring, I simply go to one who values me higher. I refuse to participate in office politics and that kind of BS.
This. First, the employer has to worry about the returns from which they draw some money to pay you. And for you to even get paid for doing a job, the company has to fear that you won't do it if you don't get paid - in most cases, it's not from the good of heart, but an implicit or explicit threat made by you or on your behalf by other people.
The current problem is automating yourself out of the job. You creating value compounds but as soon as you’re no longer needed the fruit of that compounded value is cut off from you.
Well if you want to spend your days doing something trivial enough to be automated I guess that might be a concern.
I mean I'm not sitting around doing data entry. If I'm automating something it's not my job it's someone else's. Ad a lot of the time that someone else really has other stuff they'd rather do as well.
I work on a product, I see sales generated by my work. By me specializing in my role and sales specializing their role we both benefit. Is that outsourcing the the worries? I don’t know, but when we get a client email it’s both product and sales collaborating that resolves it.
There are also co-ops, worker owned companies, etc.
Not necessarily true. If you're employed by e.g. a contracting company or consulting firm, your value to your employer is in #hours_billable because you are their product.
Not really sure what your point is. The employer is worried about getting good return on their investment in me, I am worried about getting good return on the time I'm investing in the company.
So my interest is that they recognize that I provide value, and pay me accordingly. It's possible that they recognize my value but choose to underpay.
I want them to pay me as much as possible, they want to pay me as little as possible. We reach a compromise, and if a different company offers a better deal I take it. That's their incentive to pay me a competitive salary. Doesn't matter what I say or how well I play office politics, they are most likely going to try to get a bargain and I am most likely going to leave for a better deal because there's always someone willing to pay more.
A square foot is bigger than the area used by a person standing and people mostly weigh more than 40 pounds so that seems unlikely to be the design criteria for places people walk.
You're confusing the concept of concentrated load and the uniform load for a floor or room. See page 7 of the HUD guide [1], but local building codes may be stricter. Materials like floor boards must be able to support 250-300 lbs in the center between supports, but that's very different from a whole floor supporting 250 psf.
If you manage to squeeze 400 people weighing an average 150 lbs each into the average 400 sq ft apartment room, it will probably suffer structural damage unless it's a on a solid ground floor. That's one of the factors that goes into calculating the room and building "occupancy limit" signs you see in public places.
Also doesn't have fences on the store, has extra branches that shouldn't be there, and is written in really stylistically weird c++.
Maybe an llm that likes a different language more, copying a broken implementation off github? Mostly commenting because the initial replies are "best" and "lol", though I sympathise with one of those.
reply