If you are doing anything more complicated than gluing a pair of APIs together, it is very likely that the marginal value of work past 60 hours is negative. Reaping what you coded during a 3am espresso binge is rarely a happy experience.
But yeah, if all you are trying to do is build out Facebook before some other social network gets there maybe it makes sense to pull 100 hour weeks.
Rules to one of the mentioned lotteries. [0] It looks like prize counts are fixed in advance, so any information about redemption changes odds. Blacklight also shows that the lottery website is riddled with trackers, so it is possible they are inferring redemption from advertising data.
Well then you develop seperate tools for separate threat models. Covering all possible threat models is impossible and supporting many of them is a heavy maintenance burden that can easily lead to the standard user having their threat model compromised due to the added complexity.
Fair point. You could have "locked down" tools for standard users and "I can install my PGP smartcard extension" tools for power users. I guess in this case it was unfortunate that Thunderbird happened to be used by both the standard and the power users.
Cartering to power users isn't usually good for marketshare because it means you limit your market share to a small subset of the market. Making Thunderbird more accessible and making GPG more accessible, even if that means you can't support some niche use cases, is usually the better choice.
For a mass-market client, yes. But in an ideal world there would be alternatives that don't aim for market domination catered to a more advanced user base. Those could include functionality that would be unsafe for users who don't know exactly how it works.
Why can't America build anymore? Is this a cultural problem, or a failure of public policy?
Healthcare, rail, aircraft, automobiles, shipping, pharmaceuticals, and now semiconductors. We can't make any of these things at scale anymore.
They turned GE into a financial institution. They sold Bell Labs off in pieces. Boeing can't safely update 1990s vintage air frames to accommodate modern engines. And yet, the market is on a tear. This is not sustainable.
The overarching reasoning for why manufacturing moved to China appears to be they have way more readily available skilled workers & that "The entire supply chain is in China now":
> "You need a thousand rubber gaskets? That's the factory next door. You need a million screws? That factory is a block away. You need that screw made a little bit different? It will take three hours."
> Apple had originally estimated that it would take nine months to hire the 8,700 qualified industrial engineers needed to oversee production of the iPhone; in China, it took 15 days [1]
Tim Cook on why Apple makes iPhone's in China:
> The number one reason why we like to be in China is the people. China has extraordinary skills. [2]
Taking 9 months to diversify manufacturing of a $2T business is probably worth it.
I don't buy time being the problem. Once manufacturing is in the US, then what? It probably costs 10x+ what it would cost in China or India. That's the bigger problem.
> Taking 9 months to diversify manufacturing of a $2T business is probably worth it.
It's not clear why the most valuable company in the world should abandon their logistical strategy and industry envious high margins to risk their focus and war chest on a gamble that would almost undoubtedly make themselves more uncompetitive with lower margins, increased prices and less units sold.
As for diversity, iPhone parts are sourced from multiple countries, whilst most are assembled by Foxconn in China, they're a Taiwanese multinational manufacturer with factories in India, Thailand, Malaysia, the Czech Republic, South Korea, Singapore and the Philippines.
Apple already manufactures their larger more expensive Mac Pro and iMacs products in the US but I don't see them manufacturing any iOS devices unless it's mostly automated by robots.
> Why can't America build anymore? Is this a cultural problem, or a failure of public policy?
America can't build anymore because America's executives have chosen to steal every piece of wealth they can take without leaving anything behind to build for the future.
American business culture has become far more interested in zero-sum rentierism and financialization that rapidly concentrates existing wealth in the hands of the wealthy than in technological innovation that creates new wealth over the longer term.
The collapse of American industry is the entirely predictable consequence.
This is a large part of the problem if you ask me.
I did some research a few years back into (somewhat unrelated) process management practices. What kinda stood out to me is that in the 50s-60s many businesses transformed their leadership. They went from having engineers that grow into their leadership positions to having dedicated managers. With business degrees.
Just speculation, but I feel this shift in management culture coincides with the loss of a lot of the technical production capabilities of the west. And is closely followed by the money-grab culture.
> engineers that grow into their leadership positions .. to having dedicated managers. With business degrees.
this also happens in software companies i feel.
The underlying issue, i suspect, is that engineers are not "people persons" - less able to manoeuvre politically, and "play the game". But in any societal organization, those who can play the political game can win.
Thus, the dedicated managers end up in those positions. They play the political game, and they get rewarded for it - because they control the reward scheme when they get to those high positions.
Meritocracy is an illusion that gets used by those playing a political game to make engineers feel they are not part of the game.
If investment (real investment, based on profit) is not worth it, and only the central bank wants a piece of the overpriced action, then we have essentially a centralized economy. This breeds stagnation.
This doesn't make sense - zero interest rates make investment worth more.
10% interest rate => "why invest in this new factory for a 10% return when I can just keep money in the bank?"
0% interest rate => "well if I want to make money, I need to invest"
Feel free to blame other things - maybe 0% inflation rate (higher inflation => more opportunity cost of not investing) or QE (which is similar to 0% interest rates, but still different - a 0% interest rate environment persists since early 2000s whereas QE only started after 2009) which is much more problematic as it floods the market (but not the economy) with money and pushes equity prices through the roof (despite shitty fundamentals).
This explanation just reworks the question into one of why western interest rates are so low.
Western central banks can't raise interest rates above the lower bound without triggering unacceptable unemployment or even deflation. Indeed, the highest safe rate has fallen in the wake of every recession.
To me, this suggests major structural problems in the western economies. It's hard to think of a single explanation that applies to all (pre-pandemic) zero-interest rate western economies, however. The economic foundations in Australia, Canada, the UK, the US, and the EU are different enough that there is no obvious single structural fault common to all of them.
> The economic foundations in Australia, Canada, the UK, the US, and the EU are different enough that there is no obvious single structural fault common to all of them.
There is one though: changing demographics - the median age of the population is going up and the percentage of the working population is going down.
The reason is class conflict, or more precisely its absence.
> They turned GE into a financial institution. They sold Bell Labs off in pieces. Boeing can't safely update 1990s vintage air frames to accommodate modern engines. And yet, the market is on a tear. This is not sustainable.
You very well see what's wrong going here. The US economy, and government institutes seem to be overran by a class of self proclaimed "value adders:" heavy hitter "pro-managers," financial "engineers," and, of course, everybody's favourite — lawyers.
It's very natural to conclude that an engineering company like GE shouldn't have been given to bankers, to be turned into a... bank, and Boeing shouldn't have been entrusted to outsourcing managers, to be turned into an outsourcing management company, and dozens electronics companies shouldn't have been given to lawyers, to be turned into patent litigation services companies, and so on, and so on.
Yet, US — one of few countries affording such high level of employee control of their companies, and quite militant unions ends up with workplaces whisked away from under the nose of their employees.
I see a simple explanation: Americans completely prematurely decided to bury the axe of class warfare, and traded peace for progress.
No conflict — no progress.
I am not advocating for violent revolution right away, certainly not that. You do not kill people over the ownership of green paper, that's morally wrong to do so. But you do not let such people simply live comfy life without opposition.
Take a look at other countries, even though they may well lag behind US on worker rights, and don't have a culture of union militancy, and overall worse off compensation even for high skill work, yet you don't see factories turning into banks, or if they do, they quickly see workers voting with their feet.
From my experience, I'd say even in China you do see factory workers changing workplaces when they feel "malaise in the air" in the company, and don't wait for company's malaise turn into (their) financial trouble.
Your analysis is good, but your synthesis seems absurd. Class conflict would be good for productivity? Clearly no. You made your case for the failure of a society run by financial parasites, but so far it seems they’ve defended against class conflict by converting a huge number of people from a productive and capable working class into financial dependents of income redistribution from the middle class. This has been the character and the result of all such ‘class conflict’ so far, and it only makes things worse.
I am not at all advocating for income redistribution at all bankers, MBAs, lawyers are free to earn, and hold to their money as they are, but you do not let every job, and position in the government given to them just for them being such.
I'm rather advocating for fighting the massive loss of common sense, where you get every nook, and cranny in the society/companies/government being stuffed with those of inappropriate class, and being firm, and forceful with that, when, and if needed.
Depends. SpaceX pretty much owns the global launch market, and has out built and out innovated every other country's aerospace companies.
Speaking of Musk, Tesla is now worth more than most automakers, is on a tear, and most likely will be outproducing everyone at making batteries.
I don't think this is purely an 'access to labor' problem. It's a problem of vision and risk tolerance. Musk is willing to try new approaches, even if they fail (eg trying to make a 3D almost 100% tesla factory before having to retreat to using humans)
Silicon Fabs are one of the first industries to be almost 100% automated. So clearly the issue isn't access to labor, but for Intel, it's more like they made a bad bet, and didn't "fail fast", they've been doubling down on bad bets and not willing to be more dynamic.
When you look at Aerospace: SpaceX, Sierra Nevada, Rocket Lab, Relativity Space, it's clear, small focus teams can pull off amazing things, even in high-capex high-risk high-regulatory industries.
The failure of GE and owners is due to bean counters being put in charge instead of missionaries. Take GE's Nuclear division, why are they still putting money into BWRs & PWRs? Decades went by, they are not dropping any money on pebble beds, molten salt, thorium, etc. And why wait for MIT's SPARC to limp along? If they had an Elon Musk figure, he would have put them on a race to build a prototype, even if it failed, in a year, not 5 years.
Monopolies, and access to cost+ government contracts I think have killed a lot of innovation.
And if the big 3 automakers want to compete with Tesla, they need to replace their management with hardcore EV geeks who have passion and LOVE the space, and give them the resources to spin up a new division with all new people and processes. Otherwise, they're going to shamble along, and continue to try and milk their existing business lines until they die.
This is a management problem, not a labor problem. You can't solve this problem by shoveling more STEMs straight outta college onto it. There's a tendency to think China's massive stem graduation firehose will magically mean leadership, but that's million man-month thinking. It's not simply about access to labor that's the problem. Companies with 100 employees outcompete companies with tens of thousands all the time (take WhatsApp vs my employer, Google, in the messaging space)
My phrase to explain it: Engineering is not a "cost center" it's an investment in the future. Do you want to cut investment or go big on the right ones?
Most big companies just want to collect rent rather than make investments.
the economic incentives for a hired management is not aligned with innovation.
A hired CEO has incentive to make the company continue to be profitable during his/her tenure. This means conservative thinking and business continuity. Not taking big, risky bets that pay off multiple 100x in 10 years.
A new company, owned by the CEO level people, is not going to fall into this trap.
For healthcare we make plenty of it and lots of people from elsewhere in the world come to the US for operations. Our problems there are all with healthcare billing, not healthcare production.
US freight rail is actually pretty good. For why our passenger rail is terrible that comes down to high construction costs and this https://bikeeastbay.org/rail/fra.html. The costs are a combination of the rest of the world inventing techniques that the US considers to be Not Inveted Here and a penchant for regulation by lawsuit rather than regulation by beaurocracy.
The US and EU are the two places you can get really good aircraft, it's a major manufacturing export center for the US. China, for example, still can't make modern jet engines and while the fusilage and electronics of their newest combat jets are fine its speed, acceleration, and fuel efficiency are well behind US jets for that reason.
The US is a major pharmaceutical exporter.
The US is also a major semiconductor exporter, we're one of the three countries in the world along with Samsung and Taiwan that are still in the race while something like a dozen companeis have dropped out of the race as capitcal costs keep going up.
Shipbuilding, yeah, US shipbuilding can't compete on the global market because US laborer are relatively expensive.
Basically high wages mean that the US can only compete in manufacturing in high value industries like the ones you mentioned. Things like aircraft, pharmaceuticals, and semiconductors. But we're not going to be a textile exporter until the rest of the world gets to be as wealthy as we are now.
What obstacles would you face starting a competitive new big factory in US or Europe. Think it through and you'll figure out some of the answers. And watch "American Factory".
Not just a court case though, an investigation or a "psych eval" are enough to ruin someone. Take a look at Russ Tice.
Also, read Ronan Farrow's piece from the New Yorker last week. They targeted a straight-laced DOJ lawyer with >20 years of experience. These organizations are out of control and pose a very serious threat to our freedom.
Having worked extensively in both finance and defense, your assumptions are way off base. This kind of monitoring is the purview of corporations like Amazon, Walmart, McDonald's, and others who treat employees like machines. Defense and finance have highly skilled brain workers and they aren't micromanaging performance metrics like this. They are tracking information access for security reasons where appropriate, and in the case of finance, tracking results insofar as it relates to risk and profit, but they're not monitoring grunt-level input metrics the way you imply.
"Former JPMorgan colleagues describe the environment as Wall Street meets Apocalypse Now, with Cavicchia as Colonel Kurtz, ensconced upriver in his office suite eight floors above the rest of the bank’s security team." [0]
What really scares me is the number of people that adopt this strange Panglossian view dismissing every abuse of power as a one-off that cannot possibly reveal widespread systemic failures.
Are you sure. The EU mandates much MORE monitoring in most cases. Self driving cars may need to have camera's on occupants to monitor them during driving etc. A lot of the safety stuff in EU is MUCH more nanny state and CCTV is much more widespread it seems. Also very power data collection and centralized databases about everyone in the EU (ie, I don't think "states" or localities issue local ID's).
And no - CCTV is not widespread at all. There's far more CCTV in the UK than there is in the EU where I live now.
States do indeed issue local IDs. There is no common EU ID card and no common EU passport.
There isn't even a common immigration database for Schengen - although that's planned for 2023. (It was supposed to be 2022, but it's been delayed by a year.)
There's a link to another article about the hardware at the bottom. There are good entry points for overcoming the SDR/DSP learning curve for this article to make sense.
A related historical anecdote. The Mulford Act was the first law on the path towards California's strict CCW regime. Whatever your policy preference, it is history worth knowing.
Named after a Republican assemblyman, supported by the NRA, passed by a 2/3 vote in a Democratic assembly & senate, and signed in by Ronald Reagan, all due to a group of Black Panthers protesting inside the capitol building while armed. Who knew all you needed was a racial incentive in order to make the stripping of rights a bipartisan effort.
Not anymore. The firearms community is more inclusive than it has ever been. We - and I obviously count myself among them - see the racial disparity in access to arms as a key component of our legal strategy to get those laws overturned.
Pretty much all gun control in the US is racist in its origins and usually in its modern implementation. "May issue" is a shining example of this.
When you say "Not anymore", that must have changed dramatically in the past 2 1/2 years. The NRA's silence in the Philando Castile case in 2017 was deafening.
The NRA does not represent the entire gun community by any means. The Second Amendment Foundation has a better reputation among 2A absolutists, for example.
Not even close... thanks to YouTube personalities like Colion Noir, white gun owners and black gun owners are on very very good terms.
There's a lot of black shooters at the ranges here in North Texas, and I'm happy to see them. Black people aren't my enemy - the ever encroaching desire of the state to strip us of what few freedoms we have left is.
More gun control is actually shockingly well supported. 83% of gun owners support universal background checks. Even 72% of NRA members support universal background checks.
It’s mostly just the NRA itself that doesn’t, and they control a lot of lobbying dollars. So universal background checks stay dead, despite massive bipartisan support.
The trick is that laws like this tend to contain certain types of other things that have nothing to do with the matter at hand.
A reasonable universal background check bill is not going to pass if it also comes bundled with things like red-flag laws or registries attached to them, which then leads to "but they won't compromise" from both sides of the aisle, so nothing gets done.
Or you get one side ramming something through which ends up defining "transfer" such that it actually criminalizes things like letting your kid shoot your gun even under supervision, which is very difficult not to see as an intentional act to degrade the culture of gun ownership merely because it is done by the people who constantly complain about the culture of gun ownership.
It's also a privacy concern if the system isn't set up properly; while countries like Switzerland have successfully mitigated those issues in the way they run their background checks, the difference between the average Swiss and the average American when it comes to gun politics (mandatory military service helps as does being a small nation) makes it more likely both sides of the issue aren't just going to try to screw each other over at the first opportunity.
Of course, the background check law is not one that is seldom if ever pursued (until it becomes politically expedient to do so), so maybe they should just enforce the law they do have instead of declaring the situation unworkable from the start?
> 83% of gun owners support universal background checks.
It's kind of like how everyone supports "better infrastructure" or "fixing healthcare" but people greatly differ on the implementation details.
We already have background checks for commercial sales. What people support is extending that to private sales but with the caveat that it preserve the privacy of private sales. When you start talking about requirements like recording serial numbers and keeping records (both of which are required for commercial sales) support drops massively.
We could have universal background checks. It's not the NRA that's standing in the way. It's the legislators that propose background checks in ways that ensure they are a backhanded means of creating a registry that ensure those bills are stillborn.
> For us mortals, SELinux is a synonym for "complicated, scary thing that I don't know how to use properly".
This is true, but I was referring more to the underlying architecture of Douane: kernel module + daemon + dialog UI + configurator app. Is a kernel module less scary for mere mortals? Because the downsides of that path are stated in the banner on the main page which says about kernel panic.
> Can you link to something with minimal working "mark and block" examples?
I'm not aware of any myself, but like I said, I was mostly referring to implementation. I also don't quite get the threat/defense model here. It looks like the idea is to replicate something similar to iOS/Androind permissions ("do you allow this app to access the camera?") but for network this seems to be a bit weird. Making such decision for each application would be quite annoying, so you'd like like to have some defaults in this regard, which again is easier solved by two predefined selinux contexts (with/without networking) and some UI for the user to move apps between them.
But then again, if we decide not to ask for confirmation for each app at exactly the first moment it tries to access the network, we have access to a variety of tools to provide access control to the network. For example, we could use separate network namespaces for different processes, some of which wouldn't have access to networking. This has additional benefit of fine-grained control: "allow chrome to only access my.secure.server.com on port 433".
In fact, it goes beyond that: we can have different routing tables per app, we can setup traffic shaping between the apps ("put traffic from qBittorrent into low-priority queue"), we can bridge and mirror the traffic from an app, etc. This is for example what firejail does [1] and it has a UI as well [2]. This doesn't require any kernel modules or even selinux policies and doesn't bug the user 10 times a day.
Yeah, network namespaces are I think the best way to go. You can do so, so many things with netns, the abstraction is quite nice. BTW I think setns works on /threads/ if you wish. Not as secure but allows some interesting things.
And if you need to do real-time, specific packet validation, interface state, route change, just go full netlink. Not sure why more in-kernel code might help. There's already so much stuff available. Not often well documented but so much powerful stuff!
Recently I wanted better control over bonds, and I discovered teams. How the hell did I not find them when I was looking for ways to control bonds from userland. And when I wanted bonds in network namespaces...
Here's a short article on it by Dan "Mr. SELinux" Walsh himself [1].
To understand it, though, you need to understand at least a little bit about type enforcement, which is a somewhat steep learning curve to get over.
If you have nftables (replaces iptables, default back-end to firewalld in RHEL 8), you might consult /usr/share/doc/nftables/examples/secmark.nft but again, this requires some background on nftables (or iptables—they're both just front-ends to the kernel netfilter module) and are pretty similar.
However it's also worth noting that most one could also stand to learn a thing or two about netfilter if this is a topic they're interested in. For example, netfilter allows you to filter packets based on the user, group, or pid of the process.
I found this page [2] quite helpful, and especially the packet flow diagram contained within it.
User, group and pid of the process are available through iptables. Really a great, simple way (in addition to other stuff) to compartmentalize complex applications. Shame it doesn't cross machine boundaries :-) (I know it's stupid but I like the simple user+group abstraction.
Yeah, I'm not sure if it's clear but the iptables family and its replacement, nftables, are what I'm referring to when I say netfilter. iptables/nftables are userspace applications and netfilter is the underlying kernel module.
Sorry, of course. I meant the 'iptables' interface to netfilter can be enough for mere mortals that only use them once a year, and can filter on uid/gid/pid.
I'd like to find a real-world project to play with netfilter directly. Maybe when transitioning to 200GbE... Is it just for 'complex and numerous filtering rules' or are there other 'killer use cases' for using nftables directly?
My understanding is that nftables and iptables+ip6tables+arptables+ebtables are for exactly the same set of use cases, with the latter being deprecated in favor of the former as the new replacement.
RHEL 8 uses the nftables back end for firewalld by default.
The main difference that I have noticed is that writing configuration files for nftables is considerably more ergonomic than the iptables files which are essentially just unstructured lists of iptables commands.
Generally things like UFW or firewalld are sufficient for host firewalls, but they fall short for routing applications where it is more appropriate to use nftables (or historically, iptables) directly.
Kubernetes and docker both currently use iptables for their routing and will likely migrate to nftables. If/then those projects migrate to nftables I suspect it would also solve the issue where docker port mappings have the ability to unilaterally punch holes in host firewalls, e.g., UFW, because under nftables, tables are just namespaces for chains (with configurable priority) while on iptables the different tables meant specific things and docker made decisions in a branch off of the PREROUTING chain in the nat table, which was encountered before the FORWARD or INPUT chains on the filter table. In this way nftables makes certain expressions more ergonomic than iptables.
The underlying netfilter has not been deprecated; the userspace application for managing it is just changing from the iptables (and ip6tables, ebtables, arptables, etc.) to nftables.
Privacy tooling should not come from a page that does not work without javascript. Moreover, this functionality is easy to achieve using user groups and the iptables owner module.
Here's an example that prevents atom from leaking telemetry.
# add group atomblind
sudo groupadd atomblind
# add your username to atomblind group
sudo usermod -a -G atomblind <username>
# do not allow outbound traffic from group atomblind
sudo iptables -I OUTPUT -m owner --gid-owner atomblind -j DROP
# overwrite atom binary with a hook
# atom_binary is absolute path to your atom binary
echo "#!/bin/bash" > atom_hook
echo "sg atomblind -c 'atom_binary'" >> atom_hook
chmod +x atom_hook
./atom_hook
But yeah, if all you are trying to do is build out Facebook before some other social network gets there maybe it makes sense to pull 100 hour weeks.