1. docker

Last 5 email alerts sent for docker on Hacker News

exactly. It's amazing how many things bypass on-device firewalls. Docker is a good example.
by m463 2020-10-01 00:36:10 | link | parent | submission

I assume you mean this because I can't find any mention in the article about 2nd highest prio rules: "How it leaks WSL2 uses Hyper-V virtual networking and therein lies the problem. The Hyper-V Virtual Ethernet Adapter passes traffic to and from guests without letting the host’s firewall inspect the packets in the same way normal packets are inspected. The forwarded (NATed) packets are seen in the lower layers of WFP (OSI layer 2) as Ethernet frames only. This type of leak can happen to any guest running under Windows Sandbox or Docker as well if they are configured to use Hyper-V for networking." That is how virtual machines are supposed to work. Hyper-V is a virtualisation thing. Whatever Mullvad is doing is immaterial - they are only worrying about the host. If you use full on virty stuff, you need to treat each VM as a VM, not a container.
by gerdesj 2020-09-30 22:56:25 | link | parent | submission

Alternative perspective: author tried to market his kickstarter project on an Docker issue from 2017 some 4 hours ago and then went to HN to complain about suppressed speech when it got deleted.
by mtmail 2020-09-30 21:28:46 | link | parent | submission

> Other interesting note, Docker Windows does some funky stuff with firewalls too. It puts and any/any exception in the firewall when you install it It does something similar on Linux, actually. Huge pain when trying to firewall servers only to discover that Docker happily bypasses all of your rules.
by yjftsjthsd-h 2020-09-30 19:37:29 | link | parent | submission

2. Kubernetes

Last 5 email alerts sent for Kubernetes on Hacker News

Most of those technologies are deployment and infrastructure. There's Twitter the server program, and then there's Twitter the business. But whether or not an app runs on docker, or kubernetes, or is version-controlled by git, or what database it speaks to, is orthogonal to the technologies used in the app itself (or at least it should be). I wonder if one had a source package for the Twitter server if you could just run it on an arbitrary device with an arbitrary configuration, or if it actually was bound at the hip to docker or mysql or whatever configuration they choose for their own servers. Ideally, they should be separate concerns.
by moth-fuzz 2020-09-28 17:09:17 | link | parent | submission

How to Reduce Your Kubernetes Cost (itnext.io)
by thiry 2020-09-28 15:18:12 | comments

Hadoop, Kafka, Kubernetes, Angular, React, GraphQL, TensorFlow, TypeScript, Android. A lot of the Apache projects came from companies. Although some of these were more like one person at the company developed it and the company funded and maintained it.
by nwsm 2020-09-28 12:55:17 | link | parent | submission

3. aws

Last 5 email alerts sent for aws on Hacker News

I caught that, but I still appreciate your taking the time to explain. The thing I was actually getting at with my sarcasm there is Cloudflare (along with Google, Akamai, AWS, etc) essentially being the entire web .
by uniqueid 2020-09-29 18:23:51 | link | parent | submission

> ...paying for AWS/GCP DDOS protection GCP offers free protection for web properties falling under select categories through Jigsaw's Shield program: https://projectshield.withgoogle.com/ AWS does offer freemium DDoS protection with some of their products, like Global Accelerator: https://aws.amazon.com/global-accelerator/features/
by ignoramous 2020-09-29 18:04:22 | link | parent | submission

There are viable competitors, but none of them are willing to offer dirt-cheap service like Cloudflare is, and that's really a shame. Fastly, akamai, etc. focus entirely on Enterprise and don't see making their product accessible to small business/personal project sites as a worthy business venture (which it probably isn't), so that leaves most SMB/personal sites the choice of either hoping they don't get attacked, using/paying for AWS/GCP DDOS protection, just not running their site, or using Cloudflare.
by judge2020 2020-09-29 17:58:24 | link | parent | submission

What's the (pre-Ampere) GCP price for a V100? On AWS it was $3/hr, so at 100% use and market prices a Titan V would pay for itself vs the cloud inside a month. Is GCP significantly cheaper? Or are we talking about pricing at ~0% utilization?
by jjoonathan 2020-09-29 17:52:16 | link | parent | submission

Is the most relevant metric bandwidth, page views, or websites? They may not have the bandwidth as you point out, but they have a pretty big chunk of websites. (Obv not 100%) (That said, AWS has a lot more than “just” the TLS connection on a large fraction of the web, including all of my web properties, so yeah, who are you going to trust and for how long?)
by jacobn 2020-09-29 17:27:19 | link | parent | submission

4. coreos

Last 5 email alerts sent for coreos on Hacker News

> The problem is not in any particular stack. It’s system design overall. Are you aware that unlike Windows, Chromium OS has been designed from the ground up with security in mind[1]? And that it can run on almost any hardware[2]? > All your mentioned alternatives could just as easily fail if not properly secured. Software has to be designed and chosen with security in mind from the beginning. If a hospital is running something like Windows Server instead of self-updating Container Linux, it has much larger attack vector space. [1] https://www.chromium.org/chromium-os/chromiumos-design-docs/... [2] http://www.neverware.com/enterprise
by krn 2020-09-18 23:27:49 | link | parent | submission

> They got dozens of servers with patient data hacked and encrypted and had to shutdown their intensive care and reroute patients elsewhere. Wouldn't simply using a cloud-based B2B service with something like Chrome OS / Cloudready instead of Windows solve the entire problem? If that wouldn't work for data privacy or network availability reasons, it could be an open-source self-hosted server application, accessible locally only through a REST API. > I don't think there is a single hospital that completely fulfills those standards. Why can't a single technical solution be designed and supported for all state-owned hospitals in Germany?
by krn 2020-09-18 22:41:46 | link | parent | submission

1. Having an “entrypoint to your application” isn’t the right way to think about a Erlang release. An Erlang release is like a virtual appliance: an OS (ERTS) with a set of “service” packages installed in it (your apps and libraries.) And, just like when assembling a VM instance using Terraform or the like, you can set up/install multiple root-level applications/services within that VM. Like systemd service-units on a Linux box. Each one has its own entrypoint, configured by the unit. (Equivalently, each Erlang app has its own entrypoint, configured by the .app manifest.) 2. Those config files are the config files for the “OS”, not for your app. They’re things that — in a different “multitenant” abstract-machine runtime, e.g. Smalltalk — would be hiding within the “image” (virtual block-device) that the emulator works with. 3. And that’s also why there’s so many executables: a good few of them are different (static-compiled) emulators for the different deployment scenarios, e.g. single-core vs. multi-core, where all this detail is abstracted away by detections made at runtime by those batch files. 4. The C header files are something you’ll see with any runtime that both ‘vendors’ the emulator itself; and ships a compiler accessible at runtime; and where that compiler supports FFI/building runtime extensions. In Erlang, you can run relups against a deployed release, that will install new Erlang applications into that release. If those Erlang apps contain native C code that needs to be compiled, the header files need to come from somewhere — if they came from the host, they’d not be guaranteed to be compatible with the destination. Better to grab them from the running target itself, during the relup build process. ————— PS: Even what I said before (an Erlang release being a VM) is a bad abstraction — an Erlang release is an atomic patch of a VM, that the VM itself can then switch to. Like a base-image in CoreOS... but where the VM can switch to it without needing to reboot. That has a lot of complications. Some languages (e.g. Go) are “closed-world”: they assume that no more code will be loaded at runtime, and so can execute Whole Program Optimizations. Other languages (e.g. Java) are “open-world”: they assume that code will be loaded at runtime, and therefore optimization can only occur per module, since modules can be swapped out, or symbols from them newly referenced when they were originally “dead” at compile time. And then there’s Erlang, which takes “open-world” to a whole different level. What you’re basically talking about is a version of ERTS that takes a “closed-world” assumption. No relups, no runtime module loading, maybe even burning the whole system into a single BEAM file with WPO. This would disable much of what makes Erlang, Erlang — but it would be possible. It’s just not possible to build this on top of the current OTP version of ERTS, since the open-world/closed-world assumption of a runtime is baked into basically every design decision at a deep level.
by derefr 2020-09-17 13:50:03 | link | parent | submission

it's too late to improve. 1. update wasn't possible - that basically means that customers can't count on you 2. some decisions favored OpenShift instead of being general purpose 3. you rebuild the whole stack?! from scratch?! 4. the documentation is twice as bad as from CoreOS (which was already pretty bad) these are probably the worst things
by merb 2020-09-02 16:34:08 | link | parent | submission

I don't think. Fedora CoreOS is more coupled to be an OpenShift node than a plain Container/K8s node. it's sad what they did. And I was a Fedora user for my whole life, but that made me reconsider.
by merb 2020-09-02 16:28:29 | link | parent | submission

5. machine learning

Last 5 email alerts sent for machine learning on Hacker News

Has anyone tried a machine learning approach to glyph generation?
by amelius 2020-09-30 03:29:23 | link | parent | submission

Some guy below you: > I work at Amazon, we are hiring all the top ML people to work on this problem. Legions of ML PhDs. It doesn't take legions of PhDs in machine learning to fix a basic counterfeit problem on a glorified online shopping store.
by HenryKissinger 2020-09-29 21:17:03 | link | parent | submission

Accelerating Machine Learning with a Feature Store (info.splicemachine.com)
by phltech 2020-09-29 18:53:59 | comments

just make sure it's NVidia. whatever graphics card you want -- all their consumer cards will work great for deep learning. make sure your motherboard and processor support whatever the newest version of PCIe is -- a major factor with deep learning is bandwidth moving data on/off the GPU. AMD GPUs can theoretically be used for machine learning, but right now software support is lacking -- you will spent more time configuring and installing than learning. (AMD CPUs are fine though.) it doesn't really matter that much though -- any gaming PC with a new-ish NVidia card can be used to do quite a bit of interesting ML.
by currymj 2020-09-29 17:39:53 | link | parent | submission

“ With machine learning, you spent most of the time copying memory between the CPU and GPU” - this is a sign that you are most likely doing it wrong. Yes, some operations are inherently bandwidth bound, but most important ones such as larger matrix multiplies (transformers) and convolutions are compute bound.
by option 2020-09-29 17:30:25 | link | parent | submission

6. python

Last 5 email alerts sent for python on Hacker News

I've got some useless PRs during month of October. I archived the repo two days back since I'm not actively working on it anyway and who wants to deal with spam? https://github.com/learnbyexample/Python_Basics/pulls?q=is%3... I'll have to see if this prompts useless PRs to my other repos. Hope not.
by asicsp 2020-10-01 03:12:25 | link | parent | submission

We are doing computational chemistry, simulating molecular structure and designing molecules, and we want to use thousands of cores and get as much performance as possible. If my AWS bills are any measure - then yes - the cost savings in electricity and computing resources are very significant. Also, developing and maintaining Python/C++ bindings for complex libraries is very painful and frustrating. I wrote Python bindings for years using boost::python and earlier Swig and keeping bindings working and dealing with the different memory management approaches of Python and C++... bleh - it's a nightmare. At the same time Python changed from version 2 to 3.x and libraries I depended on and my own Python code was being broken and becoming outdated in ways that I had no control over. It was like trying to build a house out of sand. I've only been using Common Lisp for the past 6 years - after three decades of writing in other languages including Basic, Pascal, Smalltalk, C, Fortran, Python, PHP, Forth, Prolog... Common Lisp feels great, it feels powerful and every function I write I know will compile and run in 20 years. Common Lisp has real macros (programs that write programs! implemented in one language), dynamic variables, generic functions, the Common Lisp Object System, conditions and restarts... There are many features that haven't made it into other languages. Common Lisp makes programming interesting again.
by drmeister 2020-10-01 02:23:43 | link | parent | submission

No, I just found out about Pliant from your post - but it doesn't make sense for developing large, stable codebases because it's not a standard language. (Sorry Pliant developers - I love your can-do attitude and I'd love to buy you a beer or a coffee sometime and talk about Sisyphean task management.) But Pliant is a reference implementation of a custom language. Programming language design is really, really hard - I wouldn't dare try and so I chose to go with a language that had literally hundreds of person years of design and testing underpinning it. Regarding FFI's - my approach is the same as the very clever pybind11, luabind and the older boost::python libraries. It works by using C++ template programming and letting the C++ compiler do the heavy lifting of generating wrappers at compile time. I recently updated our binding library to use C++17 std::apply with tuples. Freakin' finally! C++ has an apply construct that can be applied to a heterogenous list of objects - wow - lisp has only had it for 50 years! My point is that only recently has C++ developed the introspective capabilities to implement really powerful FFI's. Also - you have to use C++ exception handling for stack unwinding or you will break C++ RAII all the time.
by drmeister 2020-10-01 01:46:07 | link | parent | submission

> The most popular languages are the least energy efficient and most resource intensive. This is mostly incorrect. Of the top 10 programming languages on GitHub [1] only Python, Ruby and PHP are commonly used with an interpreter. The rest are all AOT or JIT compiled. I also suspect a large fraction of the Python projects are also data science / ML projects that heavily use packages like NumPy and TensorFlow that offload most of the work to highly optimized math libraries. I also suspect if you were to look into the programming languages used by the companies with the most servers, they would skew more towards languages like Java and C++, or custom things like Facebook's Hack / HHVM. [1] https://madnight.github.io/githut/#/pull_requests/2020/2
by easde 2020-10-01 00:05:21 | link | parent | submission

> Certificates need to be patched into the hosts file every 30 days Sounds like a job for letsencrypt... > The server must run on Windows 7 x64. It's Python code, might just need some love to go crossplatform (?)
by toyg 2020-09-30 23:43:28 | link | parent | submission

7. javascript

Last 5 email alerts sent for javascript on Hacker News

Have you ever checked out uMatrix? It's a chrome plugin that lets you control which javascript can run on a page (and allow some by default across the web based on where it's loaded from).
by bonestamp2 2020-09-30 05:16:37 | link | parent | submission

Further fucked: function compress(data){ return data.replace(/(?<=(\w+)=[^&]*)&\1=/g,','); } I say: do replace after all! (Javascript didn't have zero-width look-behinds at the time)
by recursive 2020-09-29 23:50:00 | link | parent | submission

As an aside, I went down a rabbit hole trying to work out whether to look into this or PICO-8. I found a pretty good summary of the differences here: https://nerdyteachers.com/Explain/FantasyConsoles/ Personally, I'm still undecided as I like the use of JavaScript in TIC-80 and the fact that it is open source, versus the wealth of materials available for the PICO-8.
by abrookewood 2020-09-29 23:32:29 | link | parent | submission

The trick here is that replace supports a variadic callback function where you can match parameters to capture groups in the regex. AFAIK replace is the only regex-related string prototype method that supports that. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refe...
by borkxs 2020-09-29 22:38:07 | link | parent | submission

Opening the video and letting it play till the end, I found the following in my browser's debugger: - 63 XHR requests - 52500 Kbytes of content in total - 42020 Kbytes of content in video data - 1600 Kbytes in Javascript - 0.36 Kbytes of title (repeated, 14 times) What does this tell me? That the title is 0,000686% of the total transferred content for this video. I'd be more worried about the 1.6 megabytes of executable code (that's two thirds of the original DOOM) just to basically embed a video player and a list of comments. Out of all performance issues you can complain about (enough with the useless polyfills to artificially slow down Firefox already, Youtube staff!), repeating the title is not the important part.
by jeroenhd 2020-09-29 22:27:46 | link | parent | submission

8. ios

Last 5 email alerts sent for ios on Hacker News

Nope, found it eventually. iOS 14 merges the 'not now' from iOS 13 into a 'forgot my account or don't set up now'.
by WrtCdEvrydy 2020-10-01 03:47:40 | link | parent | submission

I would safely say that it does not solve TSP faster than the best TSP code available - Concorde. More info here, and note there is an iOS app too (Concorde TSP on the App Store) that you can play with that solves TSP to optimality: http://www.math.uwaterloo.ca/tsp/concorde.html
by pyk 2020-10-01 02:34:52 | link | parent | submission

The Photos icon on macOS Catalina and iOS (I haven't taken a look at the Big Sur redesign yet) looks like literal candy—it's a great example of this phenomenon, in my opinion. I love how the colors blend together and overlap with partial transparency.
by snazz 2020-10-01 01:59:52 | link | parent | submission

So you, I, all the HN commenters, and the author, all had the same probability of making $100,000 from iOS icons last week? Was it just a random roll of the dice? I guess we were just unlucky then. Fingers crossed for next week. To say "it is really just luck" is honestly just ridiculous. Our probability was 0%. His probability was significantly higher, due to the previous work and decisions he has made. That's not "just luck". There is no such thing as a deterministic, risk-free business strategy. You can only make bets, try to maximise your odds, and repeat. That's what the author is doing. I knew nothing about him before today, but I can see his business ethos. He's doing a good job, and the market is validating that with their wallets.
by boyakasha 2020-10-01 01:42:51 | link | parent | submission

...then someone could clean up all of the swearing in the comments in the 9x source. I'd like all past and current Windows OSes to be open-source. I'd also like macOS and iOS to be open-source. Eventually, all source may be leaked anyway, so they could just do it.
by studius 2020-10-01 01:11:02 | link | parent | submission

9. bitcoin

Last 5 email alerts sent for bitcoin on Hacker News

Lost my attention when I saw the first feature listed is “Bitcoin”.
by azhenley 2020-09-30 04:03:19 | link | parent | submission

yes. Because bitcoin still needs infrastructure to be useful to normal humans. Think of bitcoin like pay pal[1]. Paypal or bitcoin itself doesn't help you if store is down. [1] Not really but its 3am and that's the best i can come up with
by unionpivo 2020-09-30 01:19:28 | link | parent | submission

This is good for bitcoin.
by chance_state 2020-09-30 01:14:46 | link | parent | submission

def not. if Apple built on the bitcoin cloud we would never see this mess :p
by cottsak 2020-09-30 01:13:18 | link | parent | submission

could this happen with bitcoin?
by lightsurfer 2020-09-30 01:12:37 | link | parent | submission

10. ruby

Last 5 email alerts sent for ruby on Hacker News

Well, I think a book to motivate you and get you out there, making something the quickest, is RE:WORK. It was written by the Ruby on Rails creator and his co founder at Basecamp. It’s pretty different than most books and most ideas are 1-2 pages long and I found that it got me motivated to build faster than any other book.
by elamje 2019-04-20 17:05:49 | link | parent | submission

> everything compiles to the same assembler code so lets not pretend these languages are doing magical things. They don‘t and many of the dynamic features of Python (and Ruby) cannot be efficiently compiled. That‘s why it relies heavily on C modules.
by quonn 2019-04-20 16:01:12 | link | parent | submission

>It's also why you don't get multi-line lambdas. Everything is a compromise. Arguably too much of a compromise. This is just Guido doing a "because I say so" and imposing his bias against functional programming. Give me a properly-designed language like Ruby any day over Python's bag of compromises.
by cutler 2019-04-20 15:30:56 | link | parent | submission

Some of the simple words and their prominence can be amusingly informative, though. Take data structures for example. "string", "array", and "object" are about as equally prominent in both JavaScript and Ruby (where the dictionary is called "hash"). In Python, however, "string" and "list" far outweigh "dictionary" and "object", which probably says something about what kind of data structures Python developers deal with the most in their lives. Meanwhile, C# and Java seem to be all about strings -- Are people just casting everything to string because they don't want to deal with strict types? -- and PHP is the only language where more people feel like they need to ask about arrays than they do about strings. Which is not surprising since PHP uses arrays for basically everything.
by kijin 2019-04-20 14:58:07 | link | parent | submission

>To me, it feels that there is a very thick wall in between high level languages and something with raw data access like C, C++, and D. That is why we need something that offer 80% the Speed of C, 80% of Simplicity / expressiveness of Javascript / Ruby, and 80% of ease of long term maintenance of a functional PL like Ocaml.
by ksec 2019-04-20 14:38:31 | link | parent | submission