So Copilot Runtime is… Windows bundling a bunch of models like an OCR model and an image generation model, and then giving your program an API to call them.
So Copilot Runtime is… Windows bundling a bunch of models like an OCR model and an image generation model, and then giving your program an API to call them.
We could end the era of the developer as a specialized caste. Our tools should be powerful enough that they allow people with problems to collaborate on software to solve those problems, without having to let that become their full time job.
The death of the device and the return of the system.
A device is a sealed thing provided on a take it or leave it basis, often designed to oppose the interests of the person using it. Like hybrid corn, a device is infertile by design: you cannot use a device to develop, test, and program more devices.
A system is a curated collection of interchangeable hardware and software parts. Some parts are only compatible with certain other parts, but there is no part that cannot be replaced with an alternative from a different manufacturer. Like heirloom seeds, systems are fertile: systems can be used to design and program both other systems and devices.
A system is a liberatory technology for manipulating information, while a device is a carceral technology for manipulating people.
Alice is a pretty good 3D programming environment aimed at kids, with little programming blocks to snap together.
You might want to try going back into the archives and pulling out something like MS-DOS and QBasic, or Logo. You can find a good tutorial in book form, and you can get a system that was designed to be programmed offline, with things like local help in the editor instead of behind a Google search, so it should be 100% safe to leave the kid alone with the machine.
Be the tricorder you wish to see in the world
Oh sorry, I saw “frontend dev” and assumed that meant web and not like local application.
If you are doing something less popular involving non-web messaging between processes that might be harder to break into.
C++ is a worse idea, it is not a good web backend language.
C# is pretty easy. As long as your boss doesn’t expect you to magically already be good at the thing they refused to allocate time for you to train in, you probably can just start trying to glue bits of C# web API examples together as your first project.
Learn on the field of battle.
I think the Hyper stuff is mostly a new name for the same thing.
The real “replacement” might actually be Bluesky though, which is Paul Frazee’s new project that he seems to be doing instead.
The C++20 or so STL actually has things in it now.
I’m struggling to understand how there can be so many security flaws, even in things that don’t seem to matter for security. I think the bar for a security problem might be too low; a lot of these look like footguns that could give my package a security hole, rather than genuine security flaws in the packages they are reported on.
Here’s a progress bar package with a “high” security vulnerability because it contains an internal utility that merges objects and doesn’t stop you writing to the prototype. Did the progress bar package ever promise to provide an object merge function that was safe to use on untrusted user input?
Here’s a notification UI element that bills using HTML in your notification messages as a feature. It has a “medium” level “XSS” security vulnerability where the message
parameter is not sanitized to remove HTML. A CVE was issued for this.
Here’s an arbitrary code execution vulnerability in sqlite3! High severity! The bug is that, if you tell sqlite3 to substitute an object into an SQL statement, it will run the ToString()
method on the object. If an evil hacker has broken into your lead developer’s house and written a malicious ToString()
method into one of the classes of object you use as a database query parameter, then that code would run! The fix here was, instead of letting the normal Javascript stringification rules apply, to hardcode all objects to be inserted into the database as “[object Object]”, because surely that is what the programmer meant to store.
Often it seems that people will make patch releases that add a “feature” of complaining at install time that that major release/minor release/entire package is bad now and should be replaced with something else. It still works, but it annoys everyone who transitively depends on it forevermore.
Not all of the same weaknesses. If it’s just “let the judge move stuff around because they’re a judge”, then yeah. But if you implement any sort of security on it, you can say that the judge can only move stuff when also countersigned by the jury, who were demonstrably selected by a fair random draw, or something.
And even if you don’t do that you still have a great record of which judge exactly is stealing everyone’s stuff.
You can’t just wave a blockchain wand and get a government that works, but you can just wave a blockchain wand and get an accountable record of things.
Yes, the document from the county administration would be much better, than some “magic” contract from the internet that may or may not be enforced by the county.
If the magic contract from the Internet is not actually likely to be enforced by the county, then the county is not actually using the magic Internet contract system. If the system were adopted by the county, then the official records from the system would be known to be enforceable.
I sound like I am for and against blockchain because I am. I don’t think you can stand up any existing blockchain system and start slapping government functions onto it and get a good result. People won’t understand it well enough or have sufficient resources to be true peers in the system, and if they did it wouldn’t scale very well.
But I do think that governmental systems can be improved by taking inspiration form blockchain technology and drawing on its underlying philosophical principles of accountability and consensus.
Tying keys to natural people is indeed an unsolved problem.
The system can be designed to recognize more people than just the current owner as authorized to do a transfer. You could do the whole tax record tracking in the same system, to ensure that property can be seized for back taxes exactly when back taxes are owed.
If you don’t have a system of law that even its designated enforcers are obliged to follow, you don’t have a legitimate government, you have a mafia.
The easier it is to make cases where a law is broken common knowledge, the easier it is to gather the political will to enforce the law. That mechanism is what obliges the enforcers to actually follow the law, and it can work more or less well depending on the structure of the society, the relative power of different groups of people, and the communication technologies in use. If the President guns someone down in broad daylight, they get thrown out more often if you have a reputable newspaper than if you don’t. An election is a convenient substitute for everyone trying to kill each other until we find out who is left.
Blockchains are one technology for establishing common knowledge among a group of participants. They’re not magic, they don’t even usually work particularly well. But they do offer techniques for binding the administrators of systems of rules to actually follow those rules, which have the potential to be applied more broadly.
If the county isn’t actually using the system you try to present evidence from, of course it will not work.
If you have a list of who owned the land and when, and you have evidence to support each transfer, then you have a log-structured or relatively blockchain-like database.
One of the good things about using a blockchain system is that it forces you to set out and follow a set of programmatic, and thus at least minimally fair, rules for how the system is going to work. It means you are running on some kind of rule of law, and for it to work everyone involved has to be able to replicate the history of the system and agree that it is correct.
It seems a fairly natural fit for something like land, especially in the US, where we know for a fact that huge swathes of it were seized in the past from Native Americans, or revoked after being given to Black folks at the end of the civil war, or otherwise moved around by the government in suspiciously ad-hoc ways that we have later come to regret.
If you can design the entire system to grind to a halt if rights are not respected or someone tries to rewrite the rules on the basis of they have the guns, it could be a powerful force for the rule of law and the maintenance of a consensus reality.
A central database would be just a list of all the land and who owns it.
Right now, the deed system is a bunch of deeds that say “remember when I got this land, on page 302 of book 75 in the county recorder’s office? Well now Jimantha owns it actually, since they bought it from me for ten dollars and a peppercorn.”. This is great for accountability: it lets you trace ownership history and provides a piece of evidence to substantiate every transfer, and so helps you answer inconvenient questions like “why should you own that house when it was my grandmother’s house and I want to own it?”. It also lets you roll transfers back if they are found to be fraudulent, and neatly captures how all current ownership is contingent on the theft of the whole place from any disposessed original inhabitants.
This is also basically how ownership works in many current blockchain systems: you select something you own based on the transaction that gave you ownership, and then you say who should own it now in a signed message.
But the blockchain systems verify signatures cryptographically, whereas the county recorder verifies the authority to transfer stuff on the “you think someone would just tell lies? On the Internet?” principle. And the centralized database doesn’t even keep the transfers around for review, it just has the database operator in charge of who owns any given thing at the moment.
Would you rather walk up to a grumpy person with a shotgun and demand that they move out while brandishing a printout of an SQLite database recently recovered after the ransomware attack at the county administrative building? Or with a deed with their spouse’s signature on it?
Then the problem is to make the deeds more machine-readable, and to get better at not putting in deeds from people who have no business writing to that part of the ledger, for which pieces of blockchain technology might be useful.
It shouldn’t be hard to implement the APIs, the problem would be sourcing the models to sit behind them. You can’t just steal them off Windows or you will have Copyright Problems presumably. I guess you could try and train clones on Windows against the Windows model results?