Wish the full results were available to look over. I scored 23,300, but they only share the reliability data:
* Correctly avoided fake words (5/6)
* Answered word-meaning checks correctly (6/6)
The fake word I missed was 'ventrel', but come on, 'ventral' (with an 'a') is a word. That's just mean! Anyway, it would be fun to see (and argue about) which of the words I didn't recognize are real.
This is because the ABC system is defined such that MutableMapping is a subtype of Mapping. Which mostly makes sense, except that if we suppose there exist Mappings that aren't MutableMappings (such that it makes sense to recognize two separate concepts in the first place), then Mapping should be hashable, because immutable things generally should be hashable. Conceptually, making something mutable adds a bunch of mutation methods, but it also ought to take away hashing. So Liskov frowns regardless.
It really doesn't make sense for there to be an inheritance relationship between Mapping and MutableMapping if Mapping is immutable (it isn't, of course), but the weirder part is still just that the typing machinery is cool with unhashable key types like:
> "Till this moment I never knew myself." - Sense and Sensibility again? I can't remember off the dome. That's a gorgeous strict Iambic.
"Till this moment I" and "I never knew myself" would be trochaic and iambic, respectively, but they don't strictly scan when you overlay the 'I's. You can of course get them to by e.g. eliding 'moment', or adding a line break and taking '-ment' as a feminine ending, or just scanning according to the writer's idiosyncrasies.
And individual writers can be very idiosyncratic here. Shakespeare, for example, if I remember right, lets monosyllabic words occur in almost any position. Disyllabic words on the other hand can have any combination of stresses (iamb, trochee, spondee, or pyrrhic), but only if they're foot-aligned. And so on.
The field has probably evolved since I was last part of it, but I'll still recommend Kristin Hanson's work in this area: https://linguistica.sns.it/RdL/9.1/Hanson.pdf. (Actually the second time I've recommended Hanson on HN. The last time was, let's see, 6 years ago!)
+1! Hanson is one of the gold-standards on this. It is idiosyncratic, you're right - to the speaker / reader as much as the writer (is my contention with their work).
Personally, I do take 'ment' as a feminine ending there, or - more specifically - the T sound runs into the I sound when I read it, the way it would in the predominantly Italian stuff she's likely referencing.
I'm very much with Gordon Lish on Shakespeare's monosyllabic drift words - that he was educated in Latin, and integrating Germanic vocabulary into that structure relatively freely, and further analysis is almost impossibly complex. That said, there's a lot of moments in those where I'd kill to hear where the stress landed when first performed.
This specific area is really one of those "What if?" moments in literary criticism, I think - I believe it would be incredibly beneficial for the form if this was the dominant focus of critique, rather than thematic stuff. On the rare occasions I teach at universities, this is all completely new to students, which sucks - it's entirely possible to approach prose theory with the same rigour as music theory, and it seems (in the UK, at least) to be very quickly becoming a lost art!
Do people use advisory locks as the actual locking mechanism? I've always used them to synchronize access to a flag on the target resource, so the advisory lock is only held long enough to query or update that resource as locked. The alternative seems, yes, incredibly brittle.
I don't disagree broadly (other than to fault you for not including The Wire!), but the counterpoint is: House of Cards, Queen's Gambit, Stranger Things, Dark, Ozark, Orange is the New Black, Mindhunter, Squid Game, Adolescence, Narcos, The Crown, Godless, Dept Q, etc.
Years ago people routinely uploaded all kinds of sensitive corporate and government docs to VirusTotal to scan for malware. Paying customers then got access to those files for research. The opportunities for insider trading were, maybe still are, immense. Data from AI companies won't be as easy to get at, but is comparable in substance I'm sure.
They are now, although to be clear there was (is?) nothing nefarious going on, just people not understanding that public submissions are available to VirusTotal's paying users. These days VT has private scanning, too, but the issue was always one-offs from random finance or investor relations teams.
Cuckoo filters can do even better with the small adjustment of using windows instead of buckets. See "3.5-Way Cuckoo Hashing for the Price of 2-and-a-Bit": https://scispace.com/pdf/3-5-way-cuckoo-hashing-for-the-pric.... (This significantly improves load factors rather than changing anything else about the filter, and ends up smaller than the semi-sorted variant for typical configurations, without the rigmarole.)
My fairly niche use case for these kinds of data structures was hardware firewalls running mostly on SRAM, which needed a sub one-in-a-billion false positive rate.
I'm not sure an overwhelming majority of Python developers care one way or the other. Like, I'm sure uv is nice, but I've somehow never had an issue with pip or conda, so there's just no reason to futz with uv. Same deal with Jujutsu. It's probably great, but git isn't a problem, so jj isn't a priority.
A majority of HN users might agree with you, but I'd guess that a majority of developers, to paraphrase Don Draper, don't think about it at all.
Tim Cappalli is thoroughly misguided throughout that discussion, but he's not threatening anything. Okta lets users require attestation, but it will never, ever force attestation on anyone.
Tim's not threatening, but he is saying quite clearly that sites on the internet (Relying Parties) might just not accept Passkeys from KeePassXC:
> The unfortunate piece is that your product choices can have both positive and negative impacts on the ecosystem as a whole. I've already heard rumblings that KeepassXC is likely to be featured in a few industry presentations that highlight security challenges with passkey providers, the need for functional and security certification, and the lack of identifying passkey provider attestation (which would allow RPs to block you, and something that I have previously rallied against but rethinking as of late because of these situations).
Tim's talking the reality of KeePassXC and the reality is that this specification is being built in a way where the user is fundamentally out of control. Where the industry at large has total control over your material, gets to say how you can store your keys, and will refuse you credential managers that they don't like.
The proposed Credential Exchange Protocol draft also does not allow you to backup your key. A credential manager will only Export the key to another credential manager service, across public endpoints on the internet. Never transiting the user's control. So you have to trust your credential manager that they actually will let you export your credentials, to someone you can trust, at a future point in time. There's an issue open for this, but no real hope this ever gets better. https://github.com/fido-alliance/credential-exchange-feedbac...
Passkeys seem designed to never be trustable by users. There's always some online service somewhere holding your materials that governments will be able to legally strongarm the service into getting access to. You won't be able to Export when you need it. The security people seem intent on making sure computers are totally controlled by corporations and governments, in the worst ways. The top post is right. https://news.ycombinator.com/item?id=45737608
Correct, individual sites could make that choice. They won't, but they could. (Love the mention in the linked comment of Netflix and Disney, two services that don't even support proper MFA.)
We're completely on the same side, to be clear. I just have zero fear of KeePassXC (which I sometimes use with Okta!) being blocked by anything consumer-facing.
To your edit: I suppose this is strictly true, but it's relevant that Apple's own devices satisfy the attested hardware requirement. These are the same devices you need to have a full-fledged Apple account in the first place. That's more Apple doing Apple things than anything to do with passkeys, but it is indeed an example of not being able to use KeyPassXC. Will there be more than epsilon cases like that? I still don't think so, for what seem like obvious market reasons.
The specific part that I consider a threat is "which would allow RPs to block you, and something that I have previously rallied against but rethinking as of late because of these situations".
Sorry, to clarify: Okta is not for our purposes a relying party and won't do anything to force attestation on relying parties. The second bit of what he wrote is ambiguous, but charitably, could simply mean "I used to argue against requiring attestation, but now I'm not sure". Which is fine, since he has absolutely no pull when it comes to how Okta's product works (and to be fair, I don't think he implied otherwise or even mentioned Okta).
Wish the full results were available to look over. I scored 23,300, but they only share the reliability data:
* Correctly avoided fake words (5/6)
* Answered word-meaning checks correctly (6/6)
The fake word I missed was 'ventrel', but come on, 'ventral' (with an 'a') is a word. That's just mean! Anyway, it would be fun to see (and argue about) which of the words I didn't recognize are real.
reply