Still the only thing I miss about the Firefox right-click context menu coming from Chrome is that Firefox doesn't have a "Look up '<selection>'" in the menu on macOS, to look up in the macOS dictionary, for looking up words I don't know.
A more complicated version of this problem exists in TypeScript and Ruby, where there are only arrays. Python’s case is considerably simpler by also having tuples, whose length is fixed at the time of assignment.
In Python, `x = []` should always have a `list[…]` type inferred. In TypeScript and Ruby, the inferred type needs to account for the fact that `x` is valid to pass to a function which takes the empty tuple (empty array literal type) as well as a function that takes an array. So the Python strategy #1 in the article of defaulting to `list[Any]` does not work because it rejects passing `[]` to a function declared as taking `[]`.
Another fun consequence of this is that you can initialize otherwise-unset file descriptors this way:
$ cat foo.sh
#!/usr/bin/env bash
>&1 echo "will print on stdout"
>&2 echo "will print on stderr"
>&3 echo "will print on fd 3"
$ ./foo.sh 3>&1 1>/dev/null 2>/dev/null
will print on fd 3
It's a trick you can use if you've got a super chatty script or set of scripts, you want to silence or slurp up all of their output, but you still want to allow some mechanism for printing directly to the terminal.
The danger is that if you don't open it before running the script, you'll get an error:
$ ./foo.sh
will print on stdout
will print on stderr
./foo.sh: line 5: 3: Bad file descriptor
With exec you can open file descriptors of your current process.
if [[ ! -e /proc/$$/fd/3 ]]; then
# check if fd 3 already open and if not open, open it to /dev/null
exec 3>/dev/null
fi
>&3 echo "will print on fd 3"
This will fix the error you are describing while keeping the functionality intact.
Now with that exec trick the fun only gets started. Because you can redirect to subshells and subshells inherit their redirection of the parent:
set -x # when debugging, print all commands ran prefixed with CMD:
PID=$$
BASH_XTRACEFD=7
LOG_FILE=/some/place/to/your/log/or/just/stdout
exec 3> >(gawk '!/^RUN \+ echo/{ print strftime("[%Y-%m-%d %H:%M:%S] <PID:'$PID'> "), $0; fflush() }' >> $LOG_FILE)
exec > >(sed -u 's/^/INFO: /' >&3)
exec 2> >(sed -u 's/^/ERROR: /' >&3)
exec 7> >(sed -u 's/^/CMD: /' >&3)
exec 8>&1 #normal stdout with >&8
exec 9>&2 #normal stderr with >&9
And now your bash script will have a nice log with stdout and stderr prefixed with INFO and ERROR and has timestamps with the PID.
Now the disclaimer is that you will not have gaurantees that the order of stdout and stderr will be correct unfortunately, even though we run it unbuffered (-u and fflush).
The aws cli has a set of porcelain for s3 access (aws s3) and plumbing commands for lower level access to advanced controls (aws s3api). The plumbing command aws s3api get-object doesn't support stdout natively, so if you need it and want to use it in a pipeline (e.g. pv), you would naively do something like
Unfortunately, aws s3api already prints the API response to stdout, and error messages to stderr, so if you do the above you'll clobber your pipeline with noise, and using /dev/stderr has the same effect on error.
The existing build system I did not have control over, and would produce output on stdout/stderr. I wanted my build scripts to be able to only show the output from the build system if building failed (and there might have been multiple build system invocations leading to that failure). I also wanted the second level to be able to log progress messages that were shown to the user immediately on stdout.
Level 1: create fd=3, capture fd 1/2 (done in one place at the top-level)
Level 2: log progress messages to fd=3 so the user knows what's happening
Level 3: original build system, will log to fd 1/2, but will be captured
It was janky and it's not a project I have a need for anymore, but it was technically a real world use case.
It was a while ago since I implemented this, but iirc the reason for that was to validate that the key that has signed this is actually trusted, and the signature isn't just cryptographically valid.
You can also redirect specific file descriptors into other commands:
This is often used by shell scripts to wrap another program, so that those's input and output can be controlled. E.g. Autoconf uses this to invoke the compiler and also to control nested log output.
Yes, but sometimes you want just important non-error logs to go to the console or journal, and then those plus verbose logs to go to a file that gets rotated, and then also stderr on top of that.
I was curious, and the American Clearing House has a TPV of $93 trillion, which means ACH is 78%?? That seems too high.
Oh - not all bank transfers count in GDP. I often move money from one account to another.
Note that Visa has the same issue: withdrawing money from an ATM shouldn’t count towards GDP! Neither does Vemo-ing a friend to settle up a split restaurant bill (my Venmo is attached to my debit card).
Not all VISA or Mastercard transactions are credit backed, I'd argue that the large majority aren't anymore they're more commonly debit VISA/Mastercard
I’m not the most well versed but isn’t that still insane to be 4x valuation of PayPal? Maybe it’s more PayPal valuation being crap vs Stripe being too high. Adyen is close to PayPal with a PE of 30 (vs PayPal’s sub-10) and Adyen like PayPal is close to being back to its IPO level.
PayPal seems crazy when it has acquired businesses like Honey (probably hasn’t helped) and Braintree/Venmo since then. Pretty funny PayPal was spun off as the better growth stock but eBay has tripled since then and their market caps are the same now.
The tender offer announced in the article is open to former employees as well, so they personally profit regardless of Stripe being public (unless the claim is that by being public the valuation would be materially higher than the stated valuation for this offer).
As others have mentioned, it comes down to the threat model, but sometimes the threat model itself is uncomfortable to talk about.
It’s sad to think about, but in my recollection a lot of intra-building badge readers went up in response to the 2018 active shooter situation at the YouTube HQ[1]. In cases like this, the threat model is “confine a hostile person to a specific part of the building once they’ve gotten in while law enforcement arrives,” less than preventing someone from coat tailing their way into the building at all.
No, the model there is something bad happened, we must do something. This is something, so we will do it.
I’m not saying that to diminish the value of the actual solution, but what the people want is literally something to make them feel better about a situation that is mostly out of their control.
Someone showed up to their workplace with a fucking gun. And now they have to go there every day, and hope it doesn’t happen again. They want and need the theater.
This is exactly it - most "security" isn't really built around actual threat models, nor is it ever verified. IT security is perhaps the weirdest in the world in that the security of your web server will be constantly probed, whilst your front door could go your entire lifetime and never be probed once.
Where people actually care about physical security, they develop things that do actually work; and often are so unobtrusive you never realize they're there.
Security theater necessitates that it be showy and in your face.
Except a decent part of security is literally just deterrence.
Will my front door stop someone robbing my house if they want to? No: I have sidelight windows you could just smash them and come through.
But the one time a house I was in got robbed, it was because we left the front door open and went out.
Which is odd if you think about it right? Statistically an open front door rather implies someone is home, not away so it's a terrible targeting priority - but our house was targeted and not say, our neighbors who also wouldn't have been home that day.
People are quick to claim security theater, talk about threat models, but equally ignore them anyway.
I doubt these card readers would prevent someone leaving the part of their building they’re in, as that’s a lesson written in charred corpses and was a foundational aspect of health and safety becoming a thing: https://en.wikipedia.org/wiki/Triangle_Shirtwaist_Factory_fi...
In theory it might prevent access to other buildings, but equally often the card readers are around doors of mostly standard glass or near internal windows of the same.
So if that’s the motivation, it doesn’t seem like a particularly effective mitigation
Or the Victoria Hall disaster (183 dead), or Cocoanut Grove (492 dead), or The Station Nightclub (100 dead), or The Beverly Hills Supper Club (165 dead), or.....
Also in what world is a badge reader going to contain an armed gunman unless the walls, floors, doors, and windows are also bulletproof??
I've volunteered at events hosted in older buildings before and it's always such a top of mind thing to enforce a limit on the number of people in the building at any moment. Since these places have the capacity to hold a lot more people than can escape through the exits in the event of a fire.
If an active shooter is the anticipated threat, how does a turnstile effectively stop that? Many of these turnstiles are specifically meant to allow people through in emergencies, and aren't strong enough to withstand bullets or even a sturdy kick. The elevator restrictions would be a better chokepoint, but as the article noted they didn't turn those back on.
It doesn't effectively stop it, but it forces them to give up some element of surprise. They have to either start the attack or start a trespassing action that will initiate contact with police.
Many turnstiles can be jumped over. In this case it’s more about preventing theft and espionage.
I knew someone years and years ago who worked as an assistant to lawyers. The firm had a second office in the state capital, turns out someone was walking in and stealing laptops. I think they had done it three times the last I had heard.
Lawyer laptops going missing is a problem. I don’t know how they ended up fixing that.
If forced partition of a building were the primary goal, that goal could be achieved without badges. Or, at least, without having to badge into every door. Just have locks on every door that are normally disengaged, but which can be locked remotely and promptly.
(While at it, I once worked on an access control system. It was aeons ago; the system ran under OS/2. We installed it on a factory. It worked well, until we ran it in demo mode under production load, that is, the stream of morning shift turnstile registration events. The DB melted. I solved the problem trivially: I noticed that the DB was installed on a FAT volume for unknown reasons, so I moved it to an HPFS volume, and increased the RAM cache for the disk to maximum. Everything worked without a hitch then.)
This actually exposes how this type of system is just security theater usually.
A shooter can get a badge. Most partitions aren't bulletproof (and probably don't have security film), and a shooter doesn't fear getting a cut on some tempered glass.
The thing that would be effective is 24/7 security monitoring with a building lockdown and reinforced entrances/partitions. Of course, the victims whose badges were disabled during lockdown will sue.
So instead, just install badge readers and say that "something was done".
One uncomfortable, but wise truth is: Actual security is bound to the number of minutes until people with big guns arrive. A lot of other measures just exist to bridge time and limit damages until that happens.
We learned this during a funny situation when a customer sent us the wrong question set for vendors. We were asked to clarify our plans for example for an armed intrusion by an armed, hostile force to seize protected assets from us. After some discussion, we answered the equivalent of "Uh Sir. This is a software company. We would surrender and try to call the cops".
During some laughter from the customer they told us, the only part missing from that answer was the durability rating of our safes and secure storages for assets, of which we had none, because they just had to last until cops or reinforcements arrived. That was a silly day.
Shooters tend to be mentally ill people who have been pushed too far by a system, trying to burn that system down.
Killing a boss with a keycard that opens everything might not just be possible but also preferable. Fuck you Tom, you made me work through memaw’s funeral
Places that really do care about security do exactly that. Military bases routinely prohibit on-duty soldiers from carrying arms - except the guards at the gate and the military police.
https://bugzilla.mozilla.org/show_bug.cgi?id=1116391
reply