This reminds me of this [1] talk at 28c3 (Ang Cui on how to exploit HP printers by sending a modified PDF to them). Which lead to one of the most hilarious IT-Sec headlines [2]
Just commenting in the hope that the Purism team also reads HN: I can totally second this, with an 2kish resolution and nice i7 w/4-6 cores + HT I’ll immediately replace my aged MBP with a Purism Librem 15. On a second note: Your offer of a privacy first notebook is worth to me as much of a premium as apple‘s OS and design are.
I have great experience with agreeing on the features to be delivered in a two-week sprint. You provide and estimate in hours and have a hourly rate for your work. This allows you a) to outperform your estimate and gives b) your customer some planning security. If you screw up, a the content of a two week sprint won't brake your neck. If you outperform you have more time for your project.
Additionally you get rid of the discussion if dev a is worth 1.2456 more than dev b.
Thanks for posting this. I'm currently running a similar setup and to me it's a horrible technical debt. Any ideas how to migrate multiple mailboxes for multiple domains to a managed solution?
Quite a few frameworks use redis et. al to manage websocket sessions. I can recommend Django Channels [1] with redis for chat and real time object binding.
Does anyone know how software quality is handled in complex supply chains, e.g. automotive? From my point of view software is a 2nd grade citizen in areas dominated by manufacturing and classical engineering.
I guess testing an over-the-update for a car that was build by ann OEM and thousands of suppliers must be quite a task.
It's getting better, but hardware companies tend to view software as second-class. They think it's "easy", though they're finally accepting that it's not. It's taken decades of fatalities, cost overruns, and missed deadlines for them to realize this, but they're realizing it.
If someone dies because of a preventable bug in your software, shouldn't that be considered manslaughter?
Obviously you formed a corporation in order to shield yourself from legal action (among other things). Fine, so you personally don't get charged with manslaughter. But in that case the corporation should be charged, and if convicted should be sentenced to the corporate equivalent of 25 years in jail. That would be a strong enough incentive to care about software. Of course, it never works like that in real life.
Is this as ridiculous as it sounds to me or is my outrage misplaced somehow?
As Hoare so elegantly described at his Turing award speech, regarding Algol compilers, back in 1981.
"Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interests of efficiency on production runs. Unanimously, they urged us not to--they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980, language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law. "
It's as ridiculous as it sounds, but they go through a lot of effort on the corporate side to make sure they're in the clear. It's a lot of CYA paperwork and stuff demonstrating they've done what they could have. And then out-of-court civil suit settlements that are sealed so no one knows the details and can't form class action suits or coordinate well enough to initiate a criminal investigation (their family member's accident seems like a one-off to them, they don't know the extent of the problems).
Typically the software has to be developed according to some ISO standard like https://en.wikipedia.org/wiki/ISO_26262 and the supplier has to have some proof like from the UL or the German TÜV that they followed the procedures.
John C. Bogle, the founder of Vanguard (mentioned in the article) wrote a book called "The battle for the soul of capitalism" [1] where he describes his motivation to found Vanguard. In summary he sees that funds managers add little value but extract too much money from risk takers (=investors) and thereby turn capitalism up side down. Sounds like his thesis is winning.
Neither mutual funds nor hedge funds as a whole can match a low fee index like Vanguard. Of course there are individual outliers that outperform, but predicting which funds will win in the future is no easier than picking individual securities that will win in the future.
It's becoming pretty clear that Buffett will win his 10-year bet that the Vanguard would beat what Protege Partners thought were the five best hedge funds.
It'll be interesting to see what the new equilibrium settles out to as more and more people index. It's pretty obvious everyone can't index and as more people do, there are more opportunities for smart money. But what form is that smart money going to mostly take? Large institutional investors -- pension funds, charitable endowments, sovereign wealth funds, etc. -- either investing directly or via outside money managers? Partnership style hedge funds? Family offices for ultra high net worth individuals? Or will the mass market long only mutual fund make a comeback?
[1] https://django-extensions.readthedocs.io/en/latest/graph_mod...