>Republicans as well as Democrats in the California Legislature voted for Mr. Ting’s latest proposal, which will punish institutions that flout the law by publishing their names on a California Department of Justice website. An earlier version had proposed that schools face civil penalties for violating the law, but that provision was removed in the State Senate.
The law already states the penalty for breaking the law. How are you gonna get anything extra?
Fair enough but Lenovo doesn't solder their SSD. Nothing prevents you from buying the cheapest option and upgrading yourself, e.g. Lenovo thinkpad X1 Extreme has even 2 SDD m.2 slots. You also don't have to max out you storage when buying because you can always upgrade it in the future once you need more storage or when SSD gets even cheaper few years later. On top of that those 2 m.2 slots allows you to put disk in raid 0 or use second one with optane memory once its cheaper and worth it.
In case you haven't realized you can buy comparable 1TB NVMe SSDs in today's market for around $100. I see the budget Intel 660p hit $80 for 1TB on sale, or high-end Phison E12 drives at $115 for 1TB on sale.
FWIW the 660p has significantly lower throughput (though not 6x by any stretch of the imagination), it's listed and benched around 1800 for reads and writes.
The listed performances are those are that of a 970 EVO (and the 970 EVO Plus improved on write speed, to almost par with read speed at 3500 and 3300).
The 1TB EVO Plus is $250 on newegg. Not as replacement for an existing 500GB, just retail price for the drive. The 2TB EVO is listed at $550, the 2TB EVO Plus is listed at $650.
Most current era laptops use NVMe. Bargain basement laptops might still use SATA, but lets not pretend that the MBP, while extremely fast, is at all unique.
Not to mention that it’s basically 4 SSDs on 4 PCIe buses.
Edit: I don’t really understand downvotes. SSD on recent Macbook Pros does connect to the northbridge via 4 PCIe lanes. And this is not what “but look I can the same for £50” SSD does.
So… they charge half the price Apple does, and if you don't want to pay it you don't have to care because it's a standard m.2 so you can swap it with a retail drive (at which point you have both the original and the replacement for 50% more storage at a lower price), which you can't do with a soldered Apple drive.
Looks like the test is done by just copying a large file and measuring the time it took. This, of course, gives some idea of performance, but they are quite many things that can affect the results.
On the original article[1] the table also shows results from a synthetic benchmark. This shows 2.6GB/s for Macbook and 1.2GB/s for Dell XPS. They also mention that it's a bit apple vs oranges, since different tools were used for the benchmark.
Your article is comparing against non workstation class laptops. Other laptops in the same class put two NVME SSDs in a RAID configuration for double the throughout.
I was really annoyed when my wife’s doctor freely prescribed her oxi after her delivery even though my wife never asked for it and never showed any sign of needing it.
Having free flowing prescriptions is how we end up with so many addicts.
about 7 years ago my wife got sand in her eye - was problematic enough that we went to a local clinic. she wasn't going to go blind, but it was irritated enough that after flushing it out, it still looked... bad. and she indicated it was a bit sore, that she wanted to get home to just try to get to sleep.
The doctor there offered a prescription for percocet. We said "no, no need - we'll call if there's a problem". They handed us a prescription for... either 7 or 14 pills. we took it and didn't use it.
A few years later I ended up with extreme lower back pain. I could hardly move - was bed/chair-bound for 4 days. Had called around to see if any clinic would see me to prescribe some pain killer. NOPE. Don't want to create any addicts. Clinics all have signs on them saying 'no prescriptions for...' then a list of 4-5 things.
We were basically force-fed a prescription for something way out of line with what was necessary, then when something was necessary... not available.
Yep, just my anecdote, but it's stuck with me, mostly because I don't have that many medical interactions in the first place, so the outliers tend to stick out.
Asking for a prescription for a painkiller will make doctors label you as a drug seeker.
Asking for a referral for an x-ray/ultrasound for your back pain will often make them go "Here, why don't you try this opioid first and see if it gets better?"
I'm sorry for your pain. Back problems are the worst.
Oversteer is the norm. Precautionary principle and all that.
Patients with chronic pain have to train their care givers, just as they have to train you. You're building relationships, trust. Just like dating, jobs. Unhappy or uncomfortable? Move on to others you can work with.
I know that you have likely shortened the story for reading, making the phone call sound different to how it really went, but if you want to set off alarm bells, ringing around asking about a script for strong pain meds is a way to do it.
when you're in intense pain, it's difficult to drive around to too many places (wife drove me to one), she called a few others, no one would even agree to schedule me to come in for a consultation/exam.
one office offered to schedule an appointment for about 4 weeks later, which I didn't take.
This situation has happened to me twice, both times this pain came out of nowhere, and first time it took me out of commission the better part of 4 days. Tried to get any medication (per above story) - nothing. Second time this happened, 2 years later, it lasted about 3 days, and I didn't even bother trying to get anything - just took a lot of OTC stuff. If this happened regularly, I might be able to figure out if there's some trigger to avoid, but... 2x in the last 6 years - hard to pinpoint!
I should add that this gave me a little bit of insight as to how people who live with chronic pain might feel all the time. Just a few days of that was maddening. Thinking it might be the 'new normal' - constant intense pain that rarely lapses - would really have been difficult to cope with, and I probably can emphathize (or is it sympathize?) a bit more with the prescription drug abuse situation.
I second this. I did this for my surgeries. If I took meds at all, I took them only early when likely pain was highest on in minimal, prescribed dose. Then as little as I could from that moment forward just enduring the discomfort, being careful about how I moved, etc. I got over it. Sometimes, the pain was low enough for OTC drugs should I have wanted to use them.
I third this. Vicodiene when you need it is a lifesaver after surgery, but it can tempting to continue with it beyond when you need it. Just beware and stop.
I did something similar when I broke my ribs. I was prescribed Vicodin and Ibuprofen. I’d only take the minimum amount of Vicodin twice a week, and the other days would use Ibuprofen only. I also made sure I never took more than the minimum required dose two days in a row.
Yeah, I remember when I got a wisdom tooth out, afterwards I got a prescription for something pretty strong. Vicodin, I think? It was years ago, and I don't remember.
But I do remember that, even though I filled the prescription, I never ended up taking it. A few days of higher-dose ibuprofen (taken with food) was enough.
I got a prescription for hydrocodone after having a wisdom tooth taken out. I never bought it, and I didn't take any other medication either. There was mild discomfort for 12 to 18 hours, but it's crazy they're prescribing pain meds by default for no reason. And there was no instruction from the doctor to limit the pain med to only if absolutely necessary.
DocuSign is changing how business gets done by empowering hundreds of thousands of companies and tens of millions of users in most countries around the world to sign, send and manage documents anytime, anywhere, on any device with confidence.
We are looking for multiple fullstack, backend and frontend engineers (junior to senior level) for a v1 product. The team has an ambitious charter that is centered around DocuSign's post IPO growth strategy. Our stack is NodeJS, C# and React.
DocuSign had a steller IPO last week. It's an awesome time to join us.
As a new parent, this is the use case I investigated spectacles for. I enjoy sending pictures and videos to my new born's grandparents but the phone does distract him.
It is unfortunate that spectacles don't work well outside of snapchat.
I love that the Node community enjoys innovating for convenience, but ideas like this one are less than half-baked from a security perspective. Just make a few typo'd popular packages, and use npm install scripts [1] and you have a very easy remote code execution vector on developer workstations.
The bigger problem I see is that npm is a circus. No package signing and a ridiculous debate on why that's been going on for a year and a half [2]. Credentials leaks of popular modules. [3]
When everything is a module and everyone is supposed to include modules vs. writing their own very simple functionality for things even like isArray polyfills [4] (24MM downloads a month!), you end up with the same attack surface that gives WordPress such a shitty reputation for security. It's not usually core, it's all the plugins by authors of unknown provenance and skill. WordPress gets pwned because there are a lot of plugins hastily written by new developers and used without audit by mom-and-pop web app shops and/or those that trust the code because they aren't capable of auditing it meaningfully.
When you use an npm dependency, you are taking on all of their dependencies. You are trusting they don't leak creds, that npm has not been compromised, and that the chain underneath has been audited for malicious behavior. In reality this is impractical: go npm install express and see just how deep the dependency chain goes. Things like Snyk are required to just understand what might be vulnerable.
> It's not usually core, it's all the plugins by authors of unknown provenance and skill.
This is otherwise known as an active developer community and is a good thing. In any open library ecosystem, it's ultimately up to the developer to carefully choose and vet third-party modules. There isn't any substitute for that.
The alternative is a tightly controlled standard library, but that isn't npm's stated goal. Such a controlled, curated, audited standard library is, however, something that could be built on top of npm, but obviously not vice versa.
So npm being a circus is, in the grander scheme of things, a good thing. Novice programmers will necessarily produce novice code.
edit: if it wasn't clear, I completely agree about the security risks of this project.
> The alternative is a tightly controlled standard library, but that isn't npm's stated goal.
What npm says it is doing on paper and in its charter is not necessarily what npm gets used for. At this point in the ecosystem's maturity, npm developers are doing their users a massive disservice and opening them up to a lot of risk. Maintaining this line of a vibrant active community, and "developers should be responsible for their own security", rings hollow.
As I see it, npm appears to be acting like there are a lot of unsolved problems in this realm, and in doing so are endangering a developer community that is absolutely full of amateurs.
I would argue that JavaScript is the most accessible language of the current era, and Node.js is being pushed by a lot of third parties as the new easy way into programming. These new guys don't know security and want to contribute to the community, and the npm gatekeepers seem to be doing little to stop naïveté from causing virus-like consequences in their dependency chains. When I was a teenager writing code I had no idea what security issues I needed to patch against. I wasn't educated on it and didn't care. I just wanted to make cool stuff. The problem with npm is that the cost of entry of your "cool stuff" into the hands of a thousand trusting others is too low; there is no delineation between what is authoritative and what isn't.
Debian solved this problem years ago. Restrict npm defaults to vetted packages, and have people add repositories as need be (e.g. multiverse, Ubuntu PPA, etc.) for packages that aren't audited or by trusted parties.
The Node user experience often ignores most security issues for ease of use; this is OK when you are guarding people against the most likely mistakes. This is a problem of setting insecure defaults and expecting the Internet to play nice. The user experience, the marketing message, and the community at large defends its openness to the death. I'm all for openness, but at some point senior developers should be attempting to shepherd their new developers into making secure decisions, and thinking in a way that is somewhat security minded.
> As I see it, npm appears to be acting like there are a lot of unsolved problems in this realm, and in doing so are endangering a developer community that is absolutely full of amateurs.
> The problem with npm is that the cost of entry of your "cool stuff" into the hands of a thousand trusting others is too low; there is no delineation between what is authoritative and what isn't.
I agree that npm has been a bit slow with a bunch of important features like package signing, sandboxing post-install scripts, etc. but as a counterpoint to the authoritativeness issue, I would argue that vetting and defining "authoritative" packages is a difficult problem. I'm not aware of any open/semi-open package ecosystem that has solved this problem (please do correct me if I'm wrong).
As an example in the JS world, which of lodash/ramda/underscore/functionaljs should be the/an authoritative javascript FP library? Should they all be marked authoritative? If so, what is the criteria for a new library to also be authoritative? What happens when a library is abandoned? How do you even define abandoned in an open ecosystem?
These are solvable problems, but not easy ones to reach consensus on.
The Redhat-like alternative is to have a central entity employ/pay contributors to audit and maintain libraries, but it's debatable whether npm would have grown to its current size with that model.
Lodash is not a "FP" library—it's just a utility belt. And yes, it should be the authoritative IMO as it has the most support, users, and is worked on almost full time. It can be modular and each method can be installed separately, which is awesome.
Ramda is a utility belt that sticks to pure functional practices wherever it can, something the JS community doesn't do, so it shouldn't be the authoritative.
Underscore is dead and was replaced by Lodash.
While it's hard to do the above with all kinds of libraries, there are some where it's easy.
It's taboo in npm culture (as in, the actual npm employees) to stop anyone at the gate. In fact, they actively encourage experiments of all kinds into it.
What kind of vetting is occurring when you're automatically installing npm modules as you code?
But, "Novice programmers will necessarily produce novice code."
Having had my own variety of experience with CPAN, PEAR, Tcl's package thing, C by way of building my own RPMs and DEBs, and now watching the ongoing trainwreck that is npm, yes. You're right about that.
This is one of the benefits of using a container-based system like the one we designed for https://tonicdev.com . On Tonic, you get the same conveniences displayed here (actually better since all the packages already exist, so no install-wait time), but the entire development process happens in a container. Once you're ready to move on, you can download the project with shrink-wrap to get identical behavior, but until then you can more freely try whatever you'd like.
