I can‘t imagine Apple doesn‘t have capacity booked well in advance, and their suppliers aren‘t going to stiff them because they‘d lose those long-term contracts. Sure, if the shortage lasts a year or more, there‘ll be issues, but if it‘s short term they might be fine.
This isn‘t your main point, but the iPhone absolutely was the biggest revolution since the Internet. The world before it is wholly different to the world after it. AI looks to have a similar impact, but just like the iPhone it‘ll be a few years before everyone realizes the world has changed.
There were mobile internet, touchscreen, “large” screen, downloadable mobile apps before iPhone. I could listen to music and watch movies on my phone before iPhone. I’m continuously online since 2001. AFAIK it had not a single major feature which didn’t exist before, except its design. It really had a terrific design for its time.
It was a step forward, but it was incremental. Internet was also incremental. In every sense. Just because the general populace didn’t hear about it until then, didn’t mean that it was that “revolutionary”. Yes, they crossed a line which made them useful, something what people want. Sometimes mainly because of marketing. But still incremental.
This whole modern neural network saga started around 2011. Every step was incremental since then. Just because most people didn’t hear about these just in 2022, doesn’t mean that large LLMs were suddenly here from nothing. They still need to improve for example to not make the code quality plummets immediately when programmers start to use it. It was, and will be an incremental process.
The iPhone opened up a whole new world of opportunities which were very clear from the start.
No one, except Steve Ballmer, would describe it as a potential fad or question how good it can actually get before Apple goes bankrupt from all the investment into this new tech.
I like this new stuff we get now, but the iPhone felt like a clear win with no downsides of a potential societal collapse.
Mobile phones & social media, tobacco, opium, gin... it seems like every century or so there's an epidemic of "this readily available thing creates addictive stimulation" and a lot of people get lost to it until society wises up about that particular thing. And then a generation or three later, the pattern repeats.
I was there and it was a very common view, though perhaps not a majority view, that the iPhone was a flash in the pan. There were lots of people committed to the idea that only physical keyboards could work for mobile. Touch interfaces were viewed highly skeptically. And it wasn't just the Microsoft or Palm people saying it, it was large chunks of their customers. The initial goal of the iPhone was 1%, yes, 1% share of the phone market! And many thought that was impossible for Apple and their strange new device.
don't worry, human, that will be corrected soon enough. You should learn to welcome your new AI overlords. Ask your regular handler LLM for advice on how best to do that.
>No one, except Steve Ballmer, would describe it as a potential fad or question how good it can actually get before Apple goes bankrupt from all the investment into this new tech.
Countless pundits and many heads of companies like Motorolla and Nokia, said exactly what you say "nobody except Ballmer" would say.
>The world before it is wholly different to the world after it.
Mostly for the worse. Mental health crisis, depression, loneliness epidemic, antisocial tendencies, attentions destroyed, total 24/7 surveillance, hard dependency on a couple of mobile OS vendors...
Too expensive maybe, or just not effective anymore as they used up any available training data. New data is generated slowly, and is massively poisoned with AI generated data, so it might be useless.
That's a lie people repeat because they want it to be true.
People evaluate dataset quality over time. There's no evidence that datasets from 2022 onwards perform any worse than ones from before 2022. There is some weak evidence of an opposite effect, causes unknown.
It's easy to make "model collapse" happen in lab conditions - but in real world circumstances, it fails to materialize.
It's only the advertising-funded sites that go out of business and a lot of those sites were in any case just scraping other sites. What proportion of reliable online information is only available from a web site that is funded by advertising? It's not zero, but it's not a very big number, either, I suspect, so it might be sustainable.
Wouldn‘t that be the opposite of aligning incentives? Unions want the workers to do well, stockholders want the company to do well. The company paying people less is better for stockholders, worse for employees obviously. So that seems like an awful idea.
How does that fix the issue? For every marginal dollar the workers would rather receive the entirety of that (through wages) than for that same dollar to be paid out as profit to shareholders, of which they'd only get a fraction.
I encourage you to read up on the history on unions. People on this site have this insane idea that $CORP=bad and $UNION=good. The truth is that neither party is inherent good/bad. Unions can and have done plenty of shady things. Union leadership can be primarily self-interested (just like any other individuals).
Employees with equity shouldn’t be seen as a bad thing!
Yeah this is exactly it, you might think you are close but you actually just started, and the actual work is still to come.
Whether you want to push through the initial honeymoon phase, where you are done with the fun part that you started the project for, and do all the rest around it that makes it an actual 'product', is up to you.
This is exactly what we do for the Factorio modding API docs. The docs are embedded inside the codebase, alongside the classes and methods that implement the functionality the docs describe.
So they are written and adjusted as the functionality is implemented, they can be reviwed alongside the code PRs. The CI builds the docs and makes sure there are no issues.
The format is a custom one, which is parsed and converted into JSON for language servers and into the API website. Not sure how you‘d test the docs content, but this parser is tested for sure.
Factorio disabled bytecode loading in response to this. Bytecode did allow for some cool stuff like writing mods in a preprocessor language that spits out Lua bytecode, but ultimately the security issues were more important to address.
Almost all of the debug library was made unavailable to mods as well, for similar security reasons.
For what it’s worth, Metalua also generated PUC-Lua bytecode directly instead of source code, making it incompatible with LuaJIT (which might have been part of the reason why it died).
Factorio 1.1.101 (which the blog post says included the fix) does not list any changes regarding the disabling of bytecode or restricting the debug library. This would have been notable news, even without admitting the security risk. Factorio 1.1.107 does mention disabling the debug library, but it doesn’t seem this article had anything to do with that.
I work on the game. The debug library was disabled for other security holes that were brought to our attention, so it wouldn‘t be related to this, but I thought it was interesting to mention.
I believe the change was not mentioned in the changelog as an attempt at 'security through obscurity', trying to avoid people getting any ideas before the update is wide-spread. Not sure that helps any, but still.
Sorry, but thats just a perfect example why 'security through obscurity' is wrong. I have zero idea about security risks, but if fix does not mentioned anywhere, then for people that use previous version there no rush to upgrade.
Due to the need for perfect synchronization all users need to be using the exact same version. Mods can also break between versions. It is therefore very common for public servers to stick on one version for extended periods of time. It is common for people to use the Steam "betas" functionality to pick an exact version or download an exact version from the Factorio website.
I would say that servers only tend to update when large features are released. So announcing a security vulnerability would likely push some servers to update.
Without metrics of some kind from Wube I guess we aren't likely to know for sure, but I doubt very much it is common to run old versions of the game on Steam. I bet you that most people are simply running on the latest version at all times. That solves the MP issue, and plenty of mods don't need to be updated for each game version.
Factorio is special though, because it actively uses the beta version functionality in Steam to not only provide betas but also older stable versions. This allows the devs to move fast and break things.
I know I've held back my copy of Factorio due to some concern over changes in newer versions, preferring to letting the dust settle before upgrading to the latest stable version.
The source is not publicly available, no. It‘s still being actively developed and sold after all. There isn‘t really much of a barrier between engine and 'scripting', it‘s all custom and integrated.
The reason there are so few bugs is that there is a ton of effort spent on squashing them! The approach is basically to fix any reported issue if in any way reasonable.
Yeah, I wish more games would use this approach, they could for instance have the art assets separate, or do what Factorio does and have matchmaking and the official mod portal to be DRMed. (And/Or give out the source, but not the compiled binaries.)
Sure, most of these decisions are too entrenched to be fixed.
But yes, URLs should have been structured. We already see paths rendered with breadcrumbs, the protocol replaced with an icon, `www` auto-inserted and hidden, and the domain highlighted. If that's not a structure, I don't know what is.
By cramming everything into the same string, we open ourselves to phishing attacks by domains like `www.google.com.evil.com`, malicious traversal, 404s from mangled relative paths, and much more.
URLs are structured. But when you need to send them across the network or store them on disk or even just send them between different processes on the same machine you need to define what the byte level representation is.
I don't see how you can get away from having a defined serialisation format. People try to operate directly on the serialised data using ad-hoc implementations and run into trouble.
But I'm not sure exactly what you mean by "should have been structured". Eventually you've gotta define the bytes if you want to interoperate with other software.
> I don't see how you can get away from having a defined serialisation format.
Yep, that's exactly it. Your TLS certificate is not sent as string, and neither are your TCP packets, nor the images contained in them. Your URLs shouldn't be either, but it's probably too late for that.
> People try to operate directly on the serialised data using ad-hoc implementations and run into trouble.
That's a whole lot better than the current footgun we have, where
> > I don't see how you can get away from having a defined serialisation format.
> Yep, that's exactly it. Your TLS certificate is not sent as string, and neither are your TCP packets, nor the images contained in them.
...all of those things mentioned have defined serialization. i expect all of them have had security issues because of problems with deserialization code.
Yes, of course. Everything that is stored or transmitted must have a defined serialization. And any piece of code as widely used as this is going to have security issues.
What is your point? That strings don't need defined formats? That they have less security issues?
That is, it is easy to see that the reason we have URLs sent as strings, is that we collect them from the user. And it makes perfect sense that we would collect strings of characters from users.
How many URLs, as a percent of all browser navigation, do you think are typed by hand? And I don't mean "news.ycombinator.com", I mean the full URL, like "https://news.ycombinator.com/news".
And in those rare cases, of course you can collect strings from the user. But then they have to be parsed, and that's what should be on the wire. IP addresses are also sometimes entered by hand, but we don't send those strings in TCP packets.
Fewer today than when it started, for sure. Though, I'm not clear that "copy pasted between applications" doesn't have its own problems. I have never seen that done in a "you are passing objects around" way that didn't have terrible security.
