As far as I can read from the article they discuss what happens if you are infected.
Also, isn't running binary files on OS X from let's say "Finder" automatically triggers Security alert ( like App-vendor lock )?
The software described would usually be classified as an Advanced Persistent Threat  or Rootkit Backdoor  usually refers to methods to sidestep authentication added by the vendor.
1: https://en.wikipedia.org/wiki/Advanced_persistent_threat 2: https://en.wikipedia.org/wiki/Rootkit 3: https://en.wikipedia.org/wiki/Backdoor_(computing)
Either the malware targeted very old versions of such software and/or OSX, or somebody between the malware author and the blog writer f###ed up.
In fact, it says it on this current page:
"Because OS X is secure by design, theres no need for IT to install additional tools or lock down functionality for employees. And with an automated zero-touch deployment process, they dont even have to open the box."
No chance of this being misinterpreted.
Invite women you work with for coffee and ask what they like or dislike about their day-to-day. If they mention concerns or problems theyre having, ask if theres any way you could help make it better.
True diversity is complete and utter impartiality. Why are we focusing on all these useless, pretty, inspirational solutions (interviews, diversity name-and-shame, putting females in a zoo) when we really need to be attacking the mental characteristics that lead to sexist thought?
It's interesting she mentions voice so much. We men need to check our emotional responses to stupid inputs like "sound of voice" or "shape of body" or whatever. These things DO NOT MATTER. All that matters is ability. Nothing else!
What does this have to do with being a female? It sounds like every meeting I've ever attended.
1) do you think there are more men in engineering exclusively as a result of men being prejudiced against women?
2) do you think your male co-workers are less qualified to be engineers because they were hired for their gender?
3) one of the engineers in this article said she felt uncomfortable being aware of being the only female. Can anyone explain what causes the discomfort?
I've been working on an initiative to encourage more of my male peers to do more to make their organisations more diverse and was recently criticised by a female software engineer who told me that I shouldn't "come into a feminist space" where "women are already organising, telling stories and advocating for themselves".
All views appreciated!
What Norvig is doing is what we should be teaching. He is tackling this seemingly REALLY hard problem by thinking about it methodically, translating some intuition into code, carefully constructing an argument about how to solve it, and ways that it could be extended. This is what actual engineers look like.
Everything I've seen around "coding" though has become a masochistic exercise in teaching kids random syntax details and then calling them Coders and Geniuses and Computer Scientists when they successfully copy what the teacher showed them.
When you read Norvig's code (big fan of his Sudoku one as well), you realize how the actual "code" is secondary in the sense that what it is really doing is expressing an idea. A very nunanced, elegant idea, but ultimately the product of doing some hard thinking and exploration on a problem domain.
If we taught kids to just think about problems in this way, ohh what a world it would be!
Eye halve a spelling chequerIt came with my pea seaIt plainly marques four my revueMiss steaks eye kin knot sea.
Eye strike a quay and type a wordAnd weight four it two sayWeather eye am wrong oar writeIt shows me strait a weigh.
As soon as a mist ache is maidIt nose bee fore two longAnd eye can put the error riteIt's rare lea ever wrong.
Eye have run this poem threw itI am shore your pleased two noIt's letter perfect awl the weighMy chequer tolled me sew.
Although he does seem to be using doc strings incorrectly
The architecture I used is completely different from what is described here, but the goals are very similar. I had to handle any curse word in any language, including curses from one language translated into another language, as well as offensive phrases, and their translated equals, as well as offensive slang, and mispelt offensive slang translated from other languages.
I ended up with an offense dictionary of about 700K words and phrases. This was back in '99, so my memory may not be 100% here, but I remember using Perfect Hash to generate a compiled hash table for the dictionary, and then a trie to organize the dictionary lookups. The entire system was about 150K of a downloaded exe to access the NHL simulcast chat, as all the offensive language filtering occurred on the client side. Chatting anything that could be offensive turned into a series of words with their interiors all asterisk '*', and it ran in something like 500 ms. Fun times. That company and project died with the dot com bust.
I stumbled across this algorithm which is much faster if you allow some time to pre-process your dictionary. http://blog.faroo.com/2012/06/07/improved-edit-distance-base...
I implemented it here for fun in common lisp. Excuse the ugly code. https://github.com/RyanRiddle/lispell
>>> import spell >>> spell.correction('ducking') 'fucking' >>>
Does anyone know which parts are new in August 2016? I've read this before and it isn't sticking out to me.
I've been interested to know why grammar checking and corrections can't be more accurate.
coumbia,columbia,0.933333333333 argy,argyle,0.8 menomee,menomonee,0.875 newladn,newland,0.857142857143 boulevard way,boulevard,0.818181818182 sherwn,sherwin,0.923076923077 lawrencec,lawrence,0.941176470588
Sam Altman spends his summer advising vote.org in his role as a YC Partner.
Soon after demo day, Sam Altman decides to launch what amounts to a clone knock off of vote.org. Paul Graham tweets about VotePlz at launch calling it the most important thing to happen today, after never mentioning the YC funded vote.org on his twitter all summer as far as I can tell.
Shouldn't YC be as friendly to not-for-profit startup founders as they claim to be to for-profit founders?
I'm all for there being lots of voter-registration organizations. YC should fund lots of startups in this space.
It seems though that the role that YC Partners play as trusted strategic advisors is incompatible with those partners going on to start directly competitive organizations, whatever their tax status might be.
My vote is statistically extremely unlikely to affect the outcome of the election. This is counter-balanced by the extremely large impact affecting the outcome would have. I'm inclined to believe that the two roughly cancel, so that a (say) one-in-several-million chance of affecting the outcome is worth the effort of voting. But I live in California, where my vote is roughly 100x less likely than the average vote to affect the outcome (FiveThirtyEight has done this analysis, though the precise number fluctuates and has considerable uncertainty).
So then what are the effects of my vote? It nudges the statistics a little. It increases turnout, which probably increases confidence in our democracy. It increases turnout among 18-29 year-olds, probably increasing their political clout and furthering causes they support. Do I agree with them on the whole, or in particular on issues where their political clout is likely to tip the scales? I don't know. Say I vote for Clinton, it also increases her popular vote total. If she wins, it slightly improves her electoral mandate. If she loses, it slightly deprives Trump's mandate. It also increases the chance that Trump wins the election but loses the popular vote--a potentially very unpleasant scenario.
How do I measure and balance these? How is a consequentialist to vote?
EDIT: Mirror: https://i.sli.mg/MsUWXx.jpg
These may be "stupid" questions, and the answers may be buried somewhere, but I'd imagine it would make sense to have this information on the home page.
The rotating status icon beneath the address box proceeded to change the dimensions of the page, making an interesting cyclic pattern of lengthening and shortening my scroll bars.
I've worked with very large amounts of data and high performance computing for most of my career; I mostly had finance related jobs in the last decade or so. I have most of the skill you want, including some you don't know you want. However when salary comes up, that is where we start to part ways. If you are really serious about a shortage, you should be really serious about making offers that can be competitive, but I keep seeing the same $150k offers. That isn't a "shortage" kind of offer.
I have been thrown these projects at work before, where I'm the frontend engineer and I need to make some cool D3 visualization, but low behold the data is shit, and I have to help the backend team make the data useable. It's a mind-numbing job, that nobody wants, because it sounds like a one month task to get a good REST API up and working, but it usually takes three months, because you have to go back and forth making sure the data is right, and there is always 10 tricky edge cases that you have to work some magic on. Not only that but you need to have smart people cleaning the data, so that you don't make some big mistake down the line or your REST API is super slow, and you have to add another couple weeks or month to rework the data again. So that one month becomes three months, and most likely a year, because somebody will say that looks great but can we also add this, and it goes on and on. It's literally a mind-numbing job that most nobody wants. I have found that products like Tableau are the best for this, you still have to clean the data, but it helps speed up the process.
Data cleaning is a super golden problem to solve.
Hm, I wonder why he's having problems hiring janitors.
* How many aren't on LinkedIn?
* Since the whole article is about how the job title is poorly defined and growing in prevalence, why would you assume that people who don't already have such a job would use the term?
* The "growth" charts on the full study are just as bad - how much of that is just from renaming existing generic developer positions, since "data engineer" is clearly a relatively new term?
I've been dealing with large data even before "big data" was a word but i dont call myself "data scientist" or "data engineer". I am still a software engineer working on what benefits my organization.
"Serial Entrepreneur" is the same these days, claimed by anyone who had a lemonade stand as a kid.
So why not change your LinkedIn job title to "data plumber", which is sure to get you some serious recruiter attention ;)
From my experiences working in various contexts (applied machine learning, analytics, policy research, academics, etc...), there are several of factors that contribute to this shortage: (1) "data engineering" often requires a lot of breadth and knowledge, (2) "data engineering" is often (derisively and naively) referred to as the "janitorial work" of data science, (3) the spectrum of roles and requirements within the "data engineering" domain, in terms of job descriptions, can range from database systems administration, to ETL, to data warehousing, curation of data services / APIs, business intelligence, to the design/deployment/operation of pipelines and distributed data processing and storage systems (these aren't mutually exclusive, but often job descriptions fall into one of these stovepipes).
Some of my quick thoughts and anecdata:
Companies have made large investments in creating 'data science' teams, and many of those companies have trouble realizing value from those investments.
A part of this stems from investments and teams with no tangible vision of how that team will generate value. And there are several other contributing factors
"Dirty work." People haven't learned how to, and more often don't want to do it. There's a vast number of tutorials and boot camps out there that teach newcomers how to "learn data science" with clean datasets -- this is ideal for learning those basics, but the real world usually does not have clean or ideal datasets, and the are a number of non-ideal constraints.
There are people that wish to call themselves data scientists that dont want to write code and would prefer to do the analysis and storytelling
Engineering as the application of science with real world constraints: there are a number of factors that we take into account, often acquired through painful experience, that arent part of these tutorials, bootcamps, or academic environments.
Many data scientists Ive met have a hard time adapting to and working with these constraints (e.g. we believe that the application of data science would solve/address __ problem, but: how do we know and show that it works and is useful? what are the dependencies, and costs of developing and applying that solution? is it a one-time solution, or is it going to be a recurring application? does the solution require people? who will use it? what are the assumptions or expectations of those operators and users? is it maintainable? is it sustainable? how long will it take? what are the risks involved and how do we manage them? is it re-usable, and can we amortize its costs over time? is it worth doing?)
Larger teams with more people/financial/political resources can specialize and take advantage of these divisions of labor, which helps recognize the process aspects of applying data science and address some of the above
Short story: if you view data engineering as "janitorial work" you're missing the big picture
Looks like we need more English engineers too.
I can't find the sources for this.
Incomplete, no .lisp file: http://www.s2.org/~chery/projects/lisp500/
Doesn't connect: http://modeemi.cs.tut.fi/~chery/lisp500/
The most accessible source for this currently seems to be a "lisp5000" project in GitHub: https://github.com/jackpal/lisp5000
This is a derivative work whose C code has been blown up to 1600+ lines.
Is this insanely slow to train but extremely fast to do generation?
IIRC someone published an OSS implementation of the deep dreaming image synthesis paper fairly quickly...
2020: We are now discontinuing Apigee.
(Yes, I realize my analogy has limits. Don't get too hung up on it though)
I didn't realize they were a public company though.
Now I'm wondering behind the reasoning of the Apigee brand. Was it an intentional play on Apogee Software of the 80s/90s? If so, why? Something about "playing with APIs" I presume, but that seems confusing.
One thing that has amazed me is that most of these services offer everything but the kitchen sink AND the one thing you need for a minimum viable product, which is the ability to charge for API calls.
> A good API needs to [...] give developers the freedom to work in the development environment of their choice [...] a good API includes testing support
Those are two of the main reasons not to use Apigee.
API Gateways are big deal in API first initiatives.
So, makes sense. They got them cheap as well, only a really small premium of the stock price.
Does that mean there's a chance Apigee will get open sourced? (fingers crossed)
EDIT: I think Apigee has a great product, not wanting to put them down.
It's incredibly fast and the grafana/influx/telegraf stack is really cool to play with. Highly recommended.
Sorry if I'm being ignorant but I couldn't find anything that would've made me think one way or another.
One thing in Telegraf where I didn't figure out a good solution was a way to parse arbitrary log files and generate data points and/or annotations from them.
There is a particularly annoying log file format from a proprietary application containing data I like to monitor which contains time series values in a multiline format as well as error messages. What I'd like to do is to have Telegraf tail the log file and pass it through a script that generates actual influxdb data from that. So something similar like the telegraf tail plugin, but with a data transformation in between.
What was it?
When it comes to disability, I might refuse someone whose disability would cause risk in using the apartment and might have an accident because the apartment is not safe for someone who's disabled (the building is 300 years old, there's no elevator, the stair in the duplex apartment doesn't have handrails)... It's a risk if the person then has an accident...
Similarly in term of age, I would not rent to couples with young children because it's too risky.
So, it's discrimination but it's mostly because this is not an hotel, it's an apartment in which I live part of the year and it's not adapted for disabled people or couples with young children because I'm not in those categories.
That said, as someone whose wife is asian, I fully understand the problem. It's annoying and painful when people discriminate based on race.
In our case, we show both my face and wife face on our Airbnb profile photo because we prefer to have a host refuse on the basis of wife's nationality than to give money or stay at the house of a racist host. I've had a bad experience before that with a host who was nice to me when I met him and then wasn't as nice 5 minutes later once my wife arrived... The fact that he earned money from our stay galls me...
At the end of the day, either airbnb lets hosts decide who stays or doesn't. If they don't let hosts decide, they'll likely lose a ton of hosts, since having someone stay in your home is a very personal thing and a huge risk. If they do, then they're going to have significant discrimination problems as long as people are discriminatory, i.e., basically forever.
Maybe I'm naive but it seems like that policy would be perceived by hosts as extremely hostile. Homeowners have both a financial and emotional vested interest in their homes so letting strangers book it without a cursory check isn't going to work. Having no checks would work for real estate holders who aren't emotionally attached to their homes but not homeowners who live in the same house they rent.
Even if it's irrational and discriminatory, homeowners want to maintain some semblance of control over who stays at their home. It's the homeowner who has to pay for damages/misbehavior -- whether directly or by home insurance deductibles and higher premiums. (As I understand it, AirBnb's coverage guarantee only kicks in after the homeowner exhausts his personal insurance.)
Does anyone know the bulk of AirBnb's business revenue? Is it homeowners renting out a spare bedroom? Or is it people renting out non-owner occupied beach houses and lofts?
EDIT ADD: Every time an AirBnb thread about racism comes up, many commenters are confused or ignorant about what the law actually says. To copypaste a previous comment:
Those anti-discrimination laws don't apply to hosts' private homes or bedrooms. Paraphrase of law: "All persons shall be entitled ..., and accommodations of any place of public accommodation,..., without discrimination ... other than ... a building which contains not more than five rooms for rent ... which is actually occupied by the proprietor ... as his residence"
In other words, if a homeowner has a spare bedroom across the hall from her 13-year-old son's room, and doesn't want to rent to transgender, black, or 65-year-old guests, it is legal for her to discriminate on those attributes.
On the other hand, if the AirBnb host is renting out a non-owner-occupied beach house, the discrimination laws would apply.
For example, you especially see this on sites like Craigslist when people are seeking roommates. This policy seems to overturn the ability of hosts to do this. If I were a female in an all female home renting out one room, it would make me uncomfortable. Perhaps other do not see this as an issue in short-term renting, but I do.
Lots of these new companies have as part of their secret sauce the hiding of racial discrimination and avoiding regulations and fees that their old style competitors can't. once/if the govt cracks down a lot of these valuations must be reimagined
Some guests may avoid to stay with hosts of certain life styles, gender, race or religion. This discrimination must be stopped.
It's an intractable problem, and I don't see a good way forward for AirBNB.
For people who are renting out their primary home (and especially if they'll be there at the same time as the guest), I don't think it's ever right to challenge their decision to accept or deny a guest.
But someone running a number of units as full-time rentals should be held to anti-discrimination laws.
"Contract conditions should never be violated during execution of a bug-free program. Contracts are therefore typically only checked in debug mode during software development. Later at release, the contract checks are disabled to maximize performance." - https://en.wikipedia.org/wiki/Design_by_contract
fun_call('string1', 'string2' 'string3')
It will actually pick up a number of security issues listed in the post. It's useful in real world too - led to a number of CVEs being reported.
So, basically, I can write such a list for every language I know.
"Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments".
Why would you change the order of the subject in such an unreadable way? Isn't much easier to say:
"Python is becoming increasingly ubiquitous in computing environments, as it's easy to pick up and progress quickly towards developing larger and more complicated applications"
I'm not expert in writing, it just sounded weird. If anyone can explains what's going on there, really appreciated.
It's because the comparison operators are defined for every value. That is, "True < " is valid in Python 2.7, along with any other 2 values, regardless of type. This is a surprising instance of weak typing in Python, which is otherwise strongly typed, which is why this was fixed in Python 3 (https://docs.python.org/3.0/whatsnew/3.0.html#ordering-compa...).
This is also not a case of Python doing something useful, like with '"foo"*2'. The result of the comparison is defined, but it's not useful. I suppose it was useful for making sure that you can always sort a list, but there are better ways to do that.
There are nonetheless good remarks about poor design choices of Python which can lead to misconceptions to newbies, such as naming `input` the function that does `eval(raw_input(prompt))` (as casually documented), and the existence of such function in a first place.
The feature is just some syntactic sugar.
When within a class, private fields such as:
class Foo: def __init__(self): self.__bar
So from the outside "world", including `hasattr()`, you can still access `self.__bar` as `Foo()._Foo__bar`.
>>> class Foo(): ... def __init__(self): ... self.__bar = 'hello' ... def show(self): ... print(1, self.__bar) ... print(2, getattr(self, '__bar')) ... >>> foo = Foo() >>> foo._Foo__bar True >>> foo.show() 1 hello Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<stdin>", line 6, in show AttributeError: 'Foo' object has no attribute '__bar' >>> foo.__bar = 'world' >>> foo.show() 1 hello 2 world
From within the code doing `getattr('X', '__private')` will return the `__private` setup from outside the class, and `getattr('X', '_X__private')` the one defined from within the class.
The whole point of that feature is to ensure that members defined within a class that are not part of the public API are left untouched when that class get subclassed, to avoid unexpected behaviours.
Here's an example of why this has been designed:
>>> class A: ... def __init__(self): ... self.__internal = "this is a" ... def show(self): ... print(1, "A", self.__internal) ... >>> class B(A): ... def __init__(self): ... super(B, self).__init__() ... self.__internal = "this is b" ... def show(self): ... super(B, self).show() ... print(2, "B", self._A__internal) ... print(3, "B", self.__internal) ... >>> B().show() 1 A this is a 2 B this is a 3 B this is b >>>
* https://docs.python.org/3/faq/programming.html#i-try-to-use-spam-and-i-get-an-error-about-someclassname-spam * https://docs.python.org/3/reference/expressions.html#atom-identifiers
Now I like python, it has many useful libraries, in fact it is one of the language that has the most libraries for any purpose. I wish, even as a dynamically typed language, it was stricter sometimes though.
> Input function
Yes, in Python 2, input() is a shortcut for eval(raw_input(...)), and documented as such. Obviously that is not a safe way to parse user input, and therefore it has been changed in Python 3. So this has been fixed, but if you don't read the documentation you probably will keep introducing security issues with whatever programming language.
> Assert statement
If you want to effectively protect against a certain condition, raise an exception! Asserts, on the other hand, exist to help debugging (and documenting) conditions that should never occur by proper API usage. Stripping debugging code when optimizing is common practice, not only with Python.
> Reusable integers
First of all, this behavior isn't part of the Python programming language, but an implementation detail, and a feature as it reduces memory footprint. But even when small integers wouldn't be cached, you would still have the same situation when using the is operator on variables holding the same int object. On the other hand, caching all integers could easily cause a notable memory leak, in particular considering that ints in Python 3 (like longs in Python 2) can be as large as memory available. But either way, there is no good reason to check for identify if you want to compare values, anyway.
> Floats comparison
floats in Python use essentially the native "double" type. Hence they have whatever precision, your CPU has for double precision floating point numbers, actually it is specified in IEEE 754. That way floating point numbers are reasonable fast, while as precise as in most other programming languages. However, if that still isn't enough for your use case, Python also comes with the decimal module (for fixed-point decimal numbers) and the fractions module (for infinite precision fractions).
And as for infinity, while one would expect float('infinity') to be larger than any numerical value, the result of comparing a numerical value with a non-numerical type is undefined. However, Python 3 is more strict and raises a TypeError.
> Private attributes
Class-private attributes (those starting with __) exist to avoid conflicts with class-private attributes of other classes in the class hierarchy, or similar accidents. From my experience that is a feature that is rarely needed, even more rarely in combination with getattr()/setattr()/delattr(). But if you need to dynamically lookup class-private attributes you can still do so like hastattr('_classname__attrname'). After all, self.__attrname is just syntactical sugar for self._classname__attrname.
Also note that private attributes aren't meant as a security mechanism, but merely to avoid accidents. That's not specific to Python; in most object-oriented languages it is possible to to access private attributes, one way or another. However, Python tries to be transparent about that fact, by keeping it simple.
> Module injection
Yes, Python looks in a few places for modules to be imported. That mechanism is quite useful for a couple of reasons, but most notably it's necessary to use modules without installing them system-wide. It can only become a security hole if a malicious user has write access to any location in sys.path, but not to the script, importing the modules, itself. I can hardly think about a scenario like that, and even then I'd rather blame the misconfiguration of the server.
> Code execution on import
Yes, just like every other script language, Python modules can execute arbitrary code on import. That is quite expected, necessary, and not limited to Python. Even if module injection is an issue, it doesn't make anything worse, as you you don't necessarily have to run malicious code on module import but could do it with whatever API is being called. But as outlined above, this is a rather theoretical scenario.
> Shell injection via subprocess
Yes, executing untrusted input, is insecure. That is why the functions in Python's subprocess module, by default, expect a sequence of arguments, rather than a string that is parsed by the system's shell. The documentation clearly explains the consequences of using shell=True. So introducing a shell injection vulnerability by accident, in Python, seems less likely than with most other programming languages.
> Temporary files
If anything, Python is as unsecure as the underlying system, and therefore as most other programming languages too. But CWE-377, the issue the author is talking about, isn't particular easy to exploit in a meaningful way, plus it requires the attacker to already have access to the local temporary directory. Moreover, Python's tempfile module encourages the use of high-level APIs that aren't effected.
> Templating engines
The reason jinja2 doesn't escape HTML markup by default is that it is not an HTML template engine, but a general purpose template engine, which is meant to generate any text-based format. Of course, it is highly recommended to turn on autoescaping when generating HTML/XML output. But enforcing autoescaping would break other formats.
However, it had also never occurred to me to make anything I cared about the security of in python. Perhaps this article is aimed at people who are writing system utilities for linux distributions, and are considering Python? Presumably some such utilities are written that way already.
It comes down to doing a proper security analysis before you define the requirements of the software: Specifically what attack vectors you want to defend against. A valid conclusion for some types of software, given the list of "bugs" in the post, would be don't write it in Python. (Indeed, I have done exactly this before writing 200 lines of C instead of 20 lines of Python.)
Assert is a statement, not an expression, so do not use it as an expression.
One should never compare floats. This is taught in any freshman CS course. The limitation is due to the standard encoding of floats - IEEE 754 - not Python's fault.
Everything else are features of a truly dynamic language, designed for a really quick prototyping. Python3.x got rid of many inconsistencies and caveats of 2.x
Shall we re-read the classic now?
Also input is truly baffling to me. Such a small mistake that could allow write access to your code.
$ echo 'multiuser on' > .screenrc $ screen
$ screen -x ID_OF_SCREEN
We've been using Teleconsole internally quite a bit as we have a distributed team of developers and ops folks. Now we hope you'll enjoy it too! :)
It has a web site too: https://www.teleconsole.com
We believe we made the session IDs sufficiently hard to guess...
The only thing that concerns me is the ease with which somebody can join a session maliciously. Have you considered adding an additional form of verification for joining sessions?
BTW typo on https://www.teleconsole.com - "on-premise infrastructue" near the bottom.
I understand that the assumption is that the first person I trust is you ;)
Never ever, ever curl redirect to bash.
Another poor (paranoid) man solution is 1/ to rely on Tor to expose your local SSH server through NAT/firewalls, 2/ to use ephemeral classic SSH keys to allow the guest to login on the host 3/ to share the session with screen -x.
Much more secure IMHO, but probably slower and also a bit more complex to setup as the host and the guest must have Tor installed.
Take the truffle oil offered by 3 big UK supermarkets . All three stores describe it as having:
> Ingredients: > Extra Virgin Olive Oil, Truffle Extract
Sainsbury's describes it as "Truffle flavour"  which I guess I could see as not actually stating it contains truffles (aside from the previously mentioned ingredients list). But Tesco describes it as "Truffle Flavoured" , which seems to me to more strongly imply it actually contains some truffle, and Asda describes it as "Flavoured with White Truffle"  which to me sounds like an unambiguous statement that it contains at least some white truffle.
If this article is accurate, it seems like a complete and utter con.
Jet Tela (judge): truffle oil, man, there's just no place for it in the kitchen.
Alton Brown (host): yes there is. throws the bottle in the garbage.
(I do agree that using truffle oil is a sign of an amateur chef)
Often times, the molecules used to flavor these foods are a major component of a flavor of a given fruit, vegetable, nuts, or fungus. However, it is sometimes cheaper to produce them synthetically rather than extract them. In many cases the stuff used to flavor the food was never in the thing whose flavor is being imitated.
- https://en.wikipedia.org/wiki/Isoamyl_acetate is used to imbue a banana flavor.
- https://en.wikipedia.org/wiki/Benzaldehyde gives you an almond flavor
- https://en.wikipedia.org/wiki/Vanillin is pretty much what you get in most vanilla-flavored things
- https://en.wikipedia.org/wiki/2,4-Dithiapentane is used to make truffle-flavored oil
The list goes on and on.
It's great to be aware that there is an industry in making things that taste like other things. If you walk down your supermarket isle and pay attention, you will notice that many things are not what they seem. You will first feel surprised, maybe cheated, and perhaps angry.
Is truffle oil with truffles a scam? I don't know. I was certainly fooled once.
I now try to pay attention to these types of things more. Things flavored with actual extracts tend to cost more and are harder to find. However, with many things, once you taste the real thing, you will notice that the fake stuff is off. Often times, the synthetically flavored food taste flat, sometimes chemically, and fake.
Don't get angry. Get educated, spread the knowledge, and pay attention to what you eat!
MSG is great for cooking, it is the taste of "Umami". Umami/Truffle/Parmesan are all just means of adding this msg taste to things without triggering the anti-MSG rhetoric.
The Family Seasoning for Steak: Lowry's Garlic Salt, black pepper, msg. Delicious.
In other news:
> Historically, there is at least some mention of Italians infusing olive oils with real truffles, and Urbani Truffles sells truffle oil that it says is made from real truffles
I actually do that myself. Get a truffle, cut it in a couple of pieces and leave it soaking for a month or two in good olive oil. Not that hard, not even that expensive either if you live remotely close to where they grow. It's a bit funny how they try to make this look like if it was some arcane secret.
Synthetic 2,4-dithiapentane is associated with some laboratory somewhere, whereas "Californian food", whatever that is, isn't necessarily "local and organic". It's not local if I'm enjoying it in New York rather than in California, and it's not organic if it didn't come from an organic farm.
I does say olive oil, flavored, but also has a dehydrated truffle in it. Does the dehydrated truffle not contribute anything to the taste?
Also, it tastes pretty good.
Now I know what to blame when my roommate pours a couple tablespoons of truffle-oil on whatever it is she is cooking.
Sometimes one wants to go whole hog and buy organic this and prime that and create all components of a dish from scratch. And there are many time when one simply wants an easy dish that tastes great and doesn't cost a mint.
To me the real confusion in truffedom is caused by truffles being funghi and there also being chocolate truffles. That's just wrong.
> Truffles are the worlds most expensive food because they resist all our efforts to control them. They cannot be mass produced or meaningfully eaten out of season.
So, what this is saying is 2,4-dithiapentane has little more to do with a laboratory than any other randomly selected ingredient, despite being linked to it in popular culture? (Or, more likely, that this is an extremely poorly chosen analogy...)
Do yourself a favor and just buy some high quality olive oil if you want a better finishing oil for your food. Oilve-oil and vinegar taprooms seem to have exploded in popularity in the US over the past few years.
I usually buy this one http://www.edelices.co.uk/olive-oil-flavored-black-truffles.... which is quite good...
This comes up time and again on HN. Most recently Apple not recognising the iPhone 6 faults. US consumer protections appear to be none existant. I've long known things were more "relaxed" over there, but it seems relaxed to point of no longer even basically functional.
What the hell happened since the start of the 20th C when there were efforts both sides of the Atlantic to ensure that the food you buy is what it claims to be, unadulterated and safe? That stemmed from widespread adulteration, short measures, and often horrific safety.
Why are American consumers (Republicans included) not picketing and email bombing the Whitehouse or Congress? Do you not want to buy what you expect you're buying? Do you like paying expensive restaurants for Artisan food when they apparently buy the lot from the nearest discount wholesaler?
UK has the Tory party, who also love the market as the solution to everything, even what it patently cannot solve. Every now and then they suggest some industry voluntary agreement, or to relax some aspect of labelling. These ideas rarely hit statute, as the Tory voters are consumers too and don't want safety to be simply handed to multinationals. It's going to lose them voters, so we usually end up with something fairly acceptable. EU legislation helps greatly on this too.
We had the piece about restaurants in the US recently. That gave the impression restaurants able to lie to such an extent that the expensive "organic locally sourced salmon" you order from the menu might be none of those things.
If it were the UK, and you sold Truffle Oil containing no truffle, the retailer has broken the law and would be liable to fines and recalls(usually used for safety issues, or discovering beef isn;t). The retailer can then claim against the supplier or manufacturer.
There are legally mandated amounts where you can name something Chocolate Spread (min % choc), reduce it below and you end up in the band where you have to call it Chocolate Flavoured Spread (As found in cheaper ranges). Keep going to the point of no chocolate and you have to switch to "flavour" which can be artificial flavourings (bottom of the heap discounters). Those wordings correlate to whatever percentages or weights have been mandated.
Large retailers therefore test products for safety, legality, labelling before first sale, and they'll periodically randomly check. When this comes up, Americans often claim this isn't possible, there's simply too much stuff. Walmart (Asda) do it here, and if you look at supplier guidlines for any large UK retailers they'll all have details of the testing process you as a supplier are expected to meet.
We then have Trading Standards who randomly check products on sale for safety, especially food, and including restaurants. Breach those rules and you can go to prison, or have the business closed. They can, and do, test for the foods being what are claimed, the presence of allergens, labelling and even whether it's organic or not.
All is not perfect here, of course. The Conservatives reduced the number of Trading Standards such that the public are at higher risk (not enough to go around), and some labelling has minor loopholes such as get outs for country of origin, and the assorted terms "farm fresh", "free range" and the like. They sometimes don't legally mean what common sense and the public think they do.
So if I buy a bottle of Truffle Oil here and it has none, I can sue Tesco (not for very much I expect). Realistically I'd take it back for a refund, or more sensibly send it to Trading Standard who can send a letter with legislative force.
Something rare and expensive is used to give the appearance of quality, undercut by not only the lack of the underlying element within the good (a chemical imposter is substituted), but with either an implication or outright false representation that the aspirationally desired quality is in fact present.
There's a tremendous amount of criticism of the concept of market function in this story.
The oil being artificially flavored is much less of a con than not being any different from olive oil.
I love it!
Seems a very bold move to offer this for source code that's freely available. I like it.
But using HTTPS doesn't make a website magically secure, that is not enough. Thus there might be a false sense of security via this option.
> My mom opens browser
> Goes to http://www.example.com
> Sees "insecure" flag, ok moves on.
> Than goes to https://shady.example.com
> Oh nice padlock icon you got there
> It's secure, I can give my credit card info.
Maybe I'm exaggerating. Anyway, it's a good start. HTTPS everywhere, let's encrypt!
This makes me happy to read.
EDIT: I take the above comment back. The chrome.exe processes match with the process running in the Chrome's Task Manager. I stand corrected.
However, I think there's something new about the latest upgrade. The interface looks heavy and different. This is the same upgrade which has removed the green colored SSL identifier in the URL bar.
Labeling HTTP as insecure is just plain wrong. I would beg to differ, sometimes HTPS is more insecure than HTTP: think of Hearthbleed bug that made servers with HTTPS vulnerable or certs that shouldn't be trusted, or the day when all LetsCrypt users were vulnerable, etc. Also you will loose a lot of ad-money. Of course Google with their search monopoly wants HTTPS because they profit from it. It's sad that Mozilla is influenced by some lobbyist. Well hopefully the popular forks on Linux distros remove that stupid warning label.
- What is the algorithm called 'SHA'? Is it the algorithm now commonly called 'SHA-0' , specified in NIST's FIPS PUB 180 (without revisions), published in 1993, and later withdrawn in FIPS PUB 180-1 in 1996 where SHA-1 was offered in its stead?
- I like your thorough coverage of all the myriad varieties of CRCs. In many casual usages, the differences between CRCs are glossed over, and I like that you chose the rigorous approach.
- I'm happy that you included SHA-3 and BLAKE2.
- Consider including support for all of the FIPS 180-4 algorithms. The ones missing from this implementation are 'SHA-512/224' and 'SHA-512/256'.
 http://rhash.anz.ru/  https://tools.ietf.org/html/rfc6194
Pulsar backs major Yahoo applications like Mail, Finance, Sports, Gemini Ads, and Sherpa, Yahoos distributed key-value service.
On the scale front:
- Deployed globally, in 10+ data-centers, with full mesh replication capability
- Greater than 100 billion messages/day published
- More than 1.4 million topics
- Average publish latency across the service of less than 5 ms
Edit- Got wrong product.
from the looks of it, it just seems to be a slightly different take on Kafka. From what I gather, looks like Pulsar allows for scaling of producers/brokers independently?
The last 4-5 companies I've been at value bullet points over anything else (for what that's worth). If you're 40+ and coming in showing off your PHP skills, JQuery or WinForms experience you'll get dumped, but the same goes for the 23 year old with that skill set.
My advice is always the same for developers my age: Keep with the times! If you aren't passionate enough about this work to continue learning and advancing on your own time get out. Go do something slower paced. Don't expect the industry to change.
Mechanical/chemical/electrical engineers have a similar problem that 30 years experience isn't much more useful than 10, wages tend to top out early and you're vulnerable to being laid off and never hired again in your 40s/50s. One advantage over software is that the skills change perhaps less frequently but that is offset by lower overall demand.
While you're in your 20's think about what you're going to do at the end of your 20 year window. Are you moving up to management? Have extensive business knowledge to add to tech skills? Have a second career planned? Or saved enough money to retire or semi-retire? Of course you can actively stay up to date with latest technology but that is much tougher than it sounds. You need to have thought a lot about this before you hit 40.
For all the young guys out there. Don't think it wont happen to you. If you just follow day by day one day you'll wake up with a big mortgage, a couple of expensive kids, maybe a divorce and a bunch of recruiters that never return your phone calls. You need to avoid that place.
I understand only some of why ageism is more rife in tech than other fields. But even in young app companies, with young founders, some experience of software engineering or complementary fields gained through experience can be useful.
Personally I prefer a relatively young environment - I don't like large company formality and I enjoy the atmosphere of startups and app companies. But I have increasingly few contacts in the right places for an in...
It's not like we're all "old" like our parents, grandparents were from 45 onwards, or that we're all increasingly irrelevant mainframe COBOL programmers. We aren't all set in our ways like was more common in previous generations - but we're not in a job for life so that's expected, surely. We're not expecting to be dead at 70 either. I hope I haven't "grown up" even then!
As a side note: I'm over 40 now, but I do recall being 27 and interviewing someone in their early 40s who was qualified and enthusiastic. I passed on them in part because I felt guilty hiring them; to work on my team the person would have to move their family to a new city, and I didn't want the karma of bringing that many people into a world where the team/project I was on was staffed and led by 20-somethings -- and therefore chaotic and unlikely to survive long in any particular form.
Yeah, you're going to have a really hard time getting a programming job in Silicon Valley if you show up in looking like a security guard in a tie, let alone looking like a waiter in a bowtie. It's the same story as showing up for an interview for an enterprise sales job in ripped jeans and a T-shirtit undermines your credibility. It shouldn'tour meritocratic hacker values place no value on surface appearances, and we fail them when we are influenced by what people are wearing or their gender or skin color or agebut it absolutely does. Raymond Chen can get away with wearing a suit and tie all the time, but you probably can't.
The good news is that Peredo got a job immediately when he stopped wearing the bowtie to interviews. It's not gonna be as easy if you're black.
For interview processes trying to avoid false positives a negative mark will hurt you much more in the final sum.
So the bar is set differently for two candidates applying to the same position. I'm sure it doesn't account for every aspect but certainly seemed to explain some of it.
Learning should be multifaceted and a lifestyle; intellectual and physical. If you think you can just coast after college then you will be passed up.
Also - I read about Shel Kaphan the other day - employee #1 at Amazon - he must have been in his 40s when he started there if he was studying in 1975. Obviously his age didn't deter Jeff Bezos.
I've worked in places where older employees become irrelevant to the business because they get stuck in their ways and don't want to / can't change.If you're not prepared to re-skill, or you think your job is safe - you're in for a rough time if someone else controls your destiny. That's not to say people don't get badly treated by organisations - they do, and that's wrong. But still, working life is a struggle and a balancing act.
Perspective is what the Valley needs if ageism is an issue, because we aren't getting younger.
Their resumes are longer, their skills can be older, some of the companies they've worked for might not even exist anymore. It's even more important to be able to search/narrow down/focus your decades of experience/accomplishments to those that matter in this new ageist landscape.
And the truth is, you've probably done whatever SV recruiters/managers say you require. You've been the self-starting, chaos riding, new tech stack conquering machine. You've lived at the cutting edge. It's just not on your resume, and you don't bring it up in interviews because you haven't been that person in a while and all your (maybe) recent job search experience is in displaying the breadth and length of your career.
This is why I would propose that the strongest cocktail is pairing young people with older people.
Ha! I love it! What ZUCKERGUY means is that young people are smart in a way that he, another young person, can recognize and understand.
Whereas older people are smart in ways that young people don't yet recognize or understand. It's just one great big Dunning-Krueger Effect. Young people don't know how much they don't know.
Fortunately for them, old people are a totally different species from young people. It's not like young people turn into old people or anything. Can you imagine the horrors? Like what if life were one big continuum where you start out young and slowly turn old? Scary stuff!
It seems clear to me that age is just a state of mind. Some people act old and are cautious fucks that recoil from change. Others try very hard to appear as if they "get it", though they obviously don't, and the fact that they're trying so hard ends up looking pathetic to me.
Then there are the ones who don't give a fuck, and they are the best. I think they're the ones who are truly the wisest, and their vitality is infectious, they don't "seem" old.
My point is this: if you're 40 years old and are all butthurt that no Silicon Valley company wants to hire you, your butthurt only proves that the company was right not to hire you in the first place.
As I grow older, I notice these changes, and while I do regret not being able to remember IP addresses after switching to a different window (get a larger monitor, or just copy&paste), I am very happy with the overall shift.
Many of the over-40 crowd I've worked with just plain don't want to learn anything new. They have settled, and are passive in their learning. This is the #1 reason they won't be relevant.
First of all, these articles are sensational and divisive. Folks over (or nearing) middle age are sensitive. They worry about being outmoded and removed/downsized. My hunch is that they read these articles out of fear. For younger folks, I suspect its reassuring to know that you have something to offer that older folks might not. So, for the publisher, these produce clicks/views.
However, when you get past the personal examples of exclusion, and some of the reductive arguments (e.g. Younger people are just smarter.) little of this is as simple as it first seems.
Fact is, for a long time, older workers were less technically competent than their younger counterparts. That said, for a generation that grew up with technology, this isnt so much the case any longer. This became painfully obvious to me, while sitting with an Apple Genius one day. He was very hip; however, I needed to explain to him how to use the Find function in his browser. (Seriously.)
Young and older people both have something to contribute. Young ones often bring new ideas and perspectives because theyve grown up differently. They lend enthusiasm and energy that older staff sometimes dont. Frankly, older ones often dont want to work marathon hours (this isnt always the case, but tends to be). That said, older workers typically bring more knowledge and experience to the table.
I suspect that part of the bias in favor of younger workers comes from younger business owners (common in startups). I ran into this when we started our design studio. I was 26. At the time, it was scary to hire a 50-year-old to come in, because I didnt feel comfortable directing someone that much older than me (I probably wouldnt have admitted this at the time).
Additionally, those people typically wanted to earn moreand we didnt think we could afford them. So, we hired younger folks who worked at a lower hourly rate, but often needed an inordinate amount of training and support.
Were I to start that company all over again, Id do the opposite. Id hire more skilled people and pay more than market rate. Id then gauge their performance, and retain/dismiss solely based on that. In my experience, a skilled person at a higher rate of pay was always more valuable/profitable for our company than a less-skilled worker at a lower rate of pay.
My point is that the companies which use age as a barometer of value are approaching HR in a flawed way. The contribution of a staff member is more important than the date on his/her birth certificate. Meanwhile, the garment choices and pop-culture references one uses shouldnt have any bearing on the value of the individual (unless were talking about a company who traffics in such matter).
That said, I think the real problem is the employee mindset. So long as your livelihood depends on one single organization, you put yourself at risk.
This is doubly-so for those who remain loyal to a company for a decade or more. HR departments are notoriously short-sighted when it comes to assessing skills. They like seeing candidates who fulfill the specific requirements of a job. Meanwhile, they often dont understand which skills are transferrable (because they typically dont actually understand the work/technology).
So, if youve worked in print publishing for the past 20 years, an HR person might not hire you to work in a digital content shop. However, web technologies arent that hard to master. Knowing a good story, understanding what attracts an audience, and having strong people skills are all much more valuable (and difficult to learn skills). But, still, those hiring often wont see thiswhich puts such a person at a disadvantage.
There are many reasons why running your own startup, studio, consultancy are difficult. That said, all of these pursuits force you to be nimble. Most of them also allow you to distribute your income sources among multiple groupswhich builds resilience.
And, after youve done any of these things, you tend to be more employablebecause you have a stronger sense of what companies need. (Additionally, those whove done it on their own often exhibit characteristics that are attractive to managementespecially those whose current staff is comprised primarily of box fillers.)
My point here (and I know Ive carried on) is that the age discussion is a red herring. The real matter is how one remains relevant/valuableregardless of age. Continual learning is a part of that. Another is ones ability to adapt to less familiar roles (e.g., planning, sales, management, guidance). More importantly, though, no one should treat their employer as the gatekeeper to their future.
Were all free agents. Some of us are mostly independent. Others play for teams. Those who play for teams should always knowand buildtheir value, so they dont end up marooned.
>If youve worked at a large company for 10 years and get laid off, chances are your skills are six generations behind, says Jonathan Nelson, chief executive officer of the Valley social network Hackers/Founders, which organizes meetups for startup developers.
10 years? To quote the character Samir from the film Office Space "It would be nice to have that kind of job security." I've grown up in a US workforce where staying in the same job for more than 2 years is essentially taking a pay-cut because raises / bonuses don't keep up with real-world inflation (milk & brisket, for instance). To further belabor my point, I joined the work force during a Recession, and statistics indicate my lifetime take-home (salary, benefits, etc) will be significantly lower than...well, what these folks enjoyed during their prime earning years. I won't even have a decent interest rate environment for my savings to grow without joining in the equities casino.
For the life of me I have a lot of trouble feeling sorry for their plight, and wish them all the best of luck packing up their possessions, their savings, and moving to a place they can afford, like Mississippi or Indiana. As Sick Boy might say, "You had it, you lost it, and it's gone forever." Such is one theory of life.
The conference was excellent. Thanks to all involved. Haven't experienced that much energy around any segment of the programming community in a very long time.
I also found this little review from a first-timer nice.
Even videos are s-l-o-w compared to reading.
It's no surprise that BBC and ABC have jumped on this rubbish and push it with the obligatory wink-wink "isn't this fun" journalism plaguing these media outlets.
There is no widespread belief in the existence of this animal. Human activity has sent many a creature packing its bags from this world. The thylacine is just one on a long list.
"In 1900, an attempt to introduce moose into the Hokitika area failed; then in 1910 ten moose (four bulls and six cows) were introduced into Fiordland. This area is considered a less than suitable habitat, and subsequent low numbers of sightings and kills have led to some presumption of this population's failure. The last proven sighting of a moose in New Zealand was in 1952."
Fiordland is a wild and remote part of the country...
Come on... we're past those crappy photos of the Loch Ness monster, Big Foot, etc. Like Dr. Karl Kruszelnicki commented - "It's remarkable that it is out of focus in a time that we have autofocus cameras."
like in other similar situations, for example with wolves in Montana, i wonder why just not use the shepherd dogs, i mean this is how it worked for thousands years before.
The success of Pokmon Go, and this new Mario game as well, is showing that Nintendo is taking a different strategy: they're creating custom-made mobile games for the purposes of driving attention and vigor to the main games on their hardware platforms. You can see this with Pokmon: the success of Pokmon Go has been driving sales of the 3DS and the currently-released Pokmon games, and will surely help bolster the hype for the next-generation games that are due out later this year. As far as strategy goes, these mobile games are more similar to the TV shows and movies Nintendo makes than the DS games they came from.
I think this is a good strategy for them. An iPhone or Android will never be as tailor-made for gaming as the Gameboy or DS were, so it's good to see Nintendo sticking to their principles.
They've correctly identified that mobile gaming is done with one hand, and even if this is not the first runner game on an iPhone, it's the right choice for a Mario game.
It would have been easy for them to whack up a virtual d-pad in a traditional 2d platform scroller, but I'm glad they've attempted something new.
> Shares in Nintendo Co tumbled as much as 18 percent on Monday after the company said Pokemon GO would have a limited impact on its earnings - their biggest setback so far after a huge run-up on the smash-hit game.
They even mentioned not putting Mario on smartphones in 2014:
But hey, here we have a Mario platformer on smartphones which basically acts exactly as people would expect it to. How times change!
BUT, I personally believe, should they decide to make it, a Nintendo Universe game will be the biggest thing to ever hit mobile. If I can create my own massive Nintendo land, with Mario and Luigi's house, tubes, Koopa Castles, goombas running around, and then there are mini games to earn "coins", etc.... I think I'd finally play a game on my phone again, the nostalgia-pull would just be too intense to resist.
And now it's announced Super Mario Run will be a Nintendo game on IOS.
Nintendo needs a share of the mobile gaming market, beyond handheld consoles. This is why they invested in DeNA (and DeNA invested in Nintendo).
People aren't interested in investing in Nintendo, they just want short term profit.
While everyone interviewed seems to speak of freedom, I feel like their body language and state of their living quarters say otherwise. You have one person who breaks down when he mentions he's been there for 11 years. Why? The workers seem like they're making the best of their situation, dealing with it, but not necessarily reveling in it the way #vanlife Instagrammers would have us believe.
But I suppose, if you're only home a couple nights a week, you're not using tons of electricity, water or sewage capacity in any case.
I wonder how laundry works? Maybe they take care of that at hotels when they're overnighting on the road?
EDIT: From reading responses here, it looks like the average is about 4-weeks for a single person, obviously reduced by half for every person you add.
If you're just a single person, only there 20% of the time, it seems like you might really only be dumping and filling your tanks every 4-5 months.
My family, and all my parent's friends (most of which were pilots or air attendants), all had what you could call normal a house with normal lives etc. etc.
By most means life was pretty much the same as anyone else.
Time and peace of mind are often underrated.
Using trailers and employee parking lots sounds expensive for the employees and airlines too. Beyond that, guessing it's noisy and that theirs not much of use close to the parking lot.
I got on the phone with the engineer responsible for the firmware and sent him my code, but I never did find out what the problem was (sorry for the letdown, maybe someone at Parallax remembers and reads Hacker News?). They acknowledged it as a bug, and made a fix. Unfortunately the fix made was to always draw 300uA at sleep!
Fast forward 18 years (!) and from their website it looks like their latest modal draws 50uA, so it was a happy ending after all. The end.
"The real answer is clearly because hashes are faster than b trees."
The first thing I can think of is that if you're writing a flood-filling algorithm (finding connected components) you should fill with #s instaed of Bs, even if filling with Bs is more conventional. Specially if you're doing competitive programming and need to overkill the optimization process in order to pass the run time.
As for production coding, I can't think of anything. Any ideas?
BTW, this is probably speculation, but it's still worth discussing in my humble opinion.
I don't know how it works but it's insanely fast.