I loved my AVP and the guest mode addition is the headlining feature here IMO.
I ultimately returned mine because, as cool as it was, the isolation and neck pain weren’t worth it. It’s an awesome way to watch a movie (alone) or use to extend your laptop but ultimately it’s just you in there. I’d never wear this around people and my son was creeped out by it and asked me to take it off. It’s difficult to use for more than an hour which would interrupt my workflow if I was wearing it while working on my laptop.
I hope they continue iterating because I’d love to try again if they can cut the bulk. The guest mode addition would’ve been nice to have even though I probably wouldn’t let my kids try it because it’s too expensive.
I have super fond memories of high school math classes. That calculator was my first introduction to programming. I’d take the time to write programs for each unit we covered so that I could just input the variables and quickly solve. I had to understand the concept before I could program it so I didn’t really think it was cheating. I did get nervous when SATs came up because I knew my calcs memory would be cleared. I remember my solution was to painstakingly recreate the memory cleared screen and pulled it up before the proctor came around in hopes that they’d assume they already cleared mine.
My programming didn’t improve much after high school but I’m still kind of proud of my not-totally-cheating cheating.
Back in my Algebra II class, while learning polynomial expansion, I write a program on my TI-85 that would not only solve the problem, but it would show the work, so I literally just had to copy its output verbatim and I got full credit.
I showed it to my teacher and asked it if it would be considered cheating to use it on the test, and she said that if I knew the material so well that I could write a program that didn't just solve it, but showed the work, then clearly I knew the material so well that I'd ace the test even without the program, so I could go ahead and use it, just as long as I didn't share the program with my friends.
I didn't have any friends (This was 1998 where being such a nerd was still looked down on), so it wasn't an issue.
My Trig teacher, which was the class where I got my cherished TI-83+, had the exact same opinion of my little TI-Basic programs which worked the same way as yours.
I got an A in that class both semesters, which was better than the B I often got in Math (and a C- once in AlgII) because I hated doing homework. But starting on the program as soon as I grasped the concept and usually blasting through the homework with it by the end of the period meant an A was easily in my grasp.
That teacher was the best damn math teacher ever. He would work hard to help every last student get it, he'd gladly spend his whole lunch helping a kid if they needed it.
PS. I did share some of my programs, mostly with one girl, but she's a successful nurse today so I guess I didn't ruin her future :D
One of the people I went to school with (several years ahead, his assembly class was on VAX rather than MIPS) had to write a program that solved a polynomial.
As he was going through the tome that represented the CISC instruction set of a VAX system (long before easy search engines), he found POLY ( https://www.ece.lsu.edu/ee4720/doc/vax.pdf page 9-118).
So, his program, instead of doing all the calculations was setting up a few registers, a large comment block that explained it, a call to POLY, and reading out the registers.
He claimed to have gotten full credit and within a handful of semesters later the course was switched from CISC architectures to RISC.
The instruction you refer to is for evaluating polynomials, not solving them, so I’m a bit confused by your claims. It is pretty common to evaluate polynomials as part of solving them (if you’re aiming for numeric solutions), but solving tends to also require:
- some kind of root finding (note that methods like Newton–Raphson don’t work when zeros have multiplicity)
- dividing polynomials by (X - a) after finding one root to find the next root
The POLY instruction was the CISCiest of the VAX instructions. One machine instruction could evaluate a polynomial. I think it could even handle the situation where fetching one of the coefficients caused a page fault. If you knew the VAX instruction set well, writing code in VAX assembly was almost as easy as using a higher level language.
Was the instruction really much more complex than eg some byte-string comparison instruction? For string comparison you’re doing a simpler operation at each step, and the accumulation is much simpler, but maybe you have short-circuiting too. POLY corresponds to the following C, I think:
float poly(int d, float x, float *c) {
c+=d;
float y = *c;
while(d--)
y = *c-- + y * x;
return y;
}
I also don’t see why you consider this to be the CISCiest instruction from an architecture that includes a substring-search instruction, a vaguely printf-like instruction with its own mini instruction set for the pattern strings it takes, and an instruction to do polynomial division in the ring of polynomials over F_2 (ok this is just CRC)
The adult educator figures in 1958's _Danny Dunn and the Homework Machine_ had a pretty similar conclusion regarding automation as a demonstration of domain knowledge. The interesting thing is that this view is pretty rare when it comes to business domains.
oh wow, haven't heard anyone mention Danny Dunn in many years. My local library had the whole series and I think I read most of them, way back in the early 90s. I still remember Danny Dunn Invisible Boy and some of the others.
>> if I knew the material so well that I could write a program that didn't just solve it, but showed the work, then clearly I knew the material so well that I'd ace the test even without the program
Lol. So naïve. Half the point of programing and testing the software is so that you can then forget how to do the task yourself. I'd say that 90+% of the task-specific code I've written was for that I no longer remember how to do myself. Once upon a time I wrote a thing to calculate some of the specifics re water hammer effects in pipes. I still have the code but, for the life of me, I have totally forgotten the actual math.
I started using this username in...I think 2002? Well, actually, I started using just "Sohcahtoa" then. Then I tried signing up for some service a few years later and "Sohcahtoa" was already taken, so decided to just add my birth year to it, since that was a pretty common thing to do at the time, and now I'm Sohcahtoa82 everywhere except on EFnet, where nicks are limited to 9 letters. Still Sohcahtoa there.
In high school, after getting my TI-83+, I also started to learn to program things.
For tests, my teachers would force me to clear my memory (you're not fooling catholic nuns with a fake screen, she would take my calculator and clear it herself).
But I got good at programming. I was so fast that I would just spend the first 30 minutes of a 1-hour test re-writing the programs and then spend 5 minutes completing the test and be excused to go to the computer lab for the remainder.
Eventually I got so annoyed of typing things out on the TI-83+ keyboard, and as I progressed the programs got more complex, that I bought a TI-92 with a qwerty keyboard and would be able to write solvers the test in 5-10 minutes and fully solve a test in 5-10 minutes. I mostly did it so I could have more time in the computer lab.
I still have those calculators too, I should see if they still work some day :)
I absolutely did this as well, though for the most part you could hardly call them "solvers", just tools to help me more effectively check a stack of educated guesses. IIRC a lot of the problems could be bounded well enough to brute force on my TI-83+.
I did the same thing, implementing formulas we learned as interactive programs in TI-BASIC. I don't think I even tried to hide them or use them on tests or anything, but when I told my teacher at the time (2003-ish?) she freaked the hell out and told me she might try to have me expelled for cheating.
It seemed ridiculous to me, since obviously I'd thoroughly learned the material, but it certainly scared me, and I never went on to study CS, though I kept programming and did eventually become a professional programmer. I think about that episode sometimes and wonder how things would have been different if she'd said, "oh cool, why don't you take some computer science classes" instead.
It's difficult to teach ingenuity for a variety of reasons.
To give you an idea of what I mean: I used to maintain the content filter for a school. Students being students, they found all sorts of ways to get around it. I never took much issue with the students who found ways around it. They were exploring and learning. The issue was with the other students. The ones who just followed someone's instructions, never exploring and never learning.
I would imagine that calculators are much the same. Programming them to answer questions is a great way to reinforce concepts. Copying the program off of someone else and finding ways to hide thee program is just plain cheating (of the system and themselves).
Same! Also recreated the clear memory screen to protect all of that hard work.
Initially I was giving the programs to friends. Math teacher caught me and I thought I was getting in trouble for it. Nope! She said 'Never give away your work like that. Make them pay for it.'
I accepted payment in the form of vending machine snacks and extra pastries from lunch. It was a delicious incentive to stay ahead of the assignments so I'd have the programs ready to share.
The difference is they just wanted the end result, and didn't care about the source code or how the implementation worked. Just a means to an end. People pay for that willingly.
There was also "group", I think it was called? You could select multiple things, including programs, to copy into archive memory - that way the original would still be there so they could see they deleted something, then you ungroup it later to restore it.
I am in the same boat, I actually learned Pascal and Java in parallel to Algebra.
Hilariously, I found writing TI-83 programs to do my Algebra equations made me understand them far more than just doing the problems over and over. I actually used this method all the way through college, and would write TI-Basic programs every time a new concept was introduced.
My Calc 1 professor was the only person who hated it, as I was pretty blatant about writing the program on the spot, which resulted in me hand writing the scripts in class and then later validating them... Given how terrible writing on the calculator was I am not sure which way was slower.
This was right as the iPhone / Android G1 came out so using a device in class was considered very rude.
I think this is essentially the same reasoning that Sussman et al give for using a computer to explain classical mechanics in their famous textbook (see [0]). By insisting that the student compute with the concepts, they assert that they will get a deeper understanding than if they just read a bunch of formulas. Hard to argue with that, to my mind, although the choice of Scheme as the language is a bit of a mind bender for newbies.
> I had to understand the concept before I could program it so I didn’t really think it was cheating.
I showed mine to my Calculus teacher and she let me use it because she had this same viewpoint, on the condition I never shared it with the other students.
> I remember my solution was to painstakingly recreate the memory cleared screen and pulled it up before the proctor came around in hopes that they’d assume they already cleared mine.
My intro to programing was a TI-83, while bored in algebra 2 freshman year... I had no almost help so I was just figuring it out. Ended up making a 90% implementation of 2048, and about 1/2 of chess. While only knowing if, goto, matrix indexing, and drawling indvidual pixels. I learned Java later so I could mod Minecraft, and now can't stand the limitations of TI Basic.
TI basic was pretty frustrating. The best thing I made was a program to calculate default WEP keys for Verizon routers based on the SSID. Converting bases was only possible by recreating all alphabet strings and then indexing those and doing all the modulo math as well (at least it had that!). I hadn't gotten into any real languages at that point but was messing around with qbasic on a Win98 laptop at home so I was just starting to get comfortable with programming. While frustrating sometimes, the challenge of doing complex things with crude tools is pretty refreshing compared to nowadays where you can build an artificial intelligence in like 3 lines of code. For some of my personal projects, I make a point of avoiding any imports outside of built-in libraries if I can implement it good enough in less than an hour, kind of like "showing my work".
I remember there being a way where you could stash in memory even if the memory was cleared (my calc teacher used to clear memory before exams but I was able to retain some functions)
i learned to program on computers, spent my effort installing games on the ti-84s instead of cheating on high school math (lmao), and i did not need to get scared of the sat proctor because he might clear the memory on my calculator
I was interested to see what this would be like applied to ansible job events coming from automation controller/awx so I put something simple together. I kind of like the tracelike visualization and might use it somewhere
I'm confused as to how this issue is so widespread in the first place. I'm unfamiliar with how Crowdstrike works, do organizations really have no control over when these updates occur? Why can't these airlines just apply the updates in dev first? Is it the organizations fault or does Crowdstrike just deliver updates like this and there's no control? If that's just how they do it, how do they get away with this?
Can somebody summarize what CrowdStrike actually is/does? I can't figure it out from their web page (they're an "enterprise" "security" "provider", apparently). Is this just some virus scanning software? Or is it some bossware/spyware thing?
It's both. Antivirus along with spyware to also watch for anything the user is doing that could introduce a threat, such as opening a phishing email, posting on HN, etc.
It's not really up to the companies. In this day and age, everyone is a target for ransomware, so every company with common sense holds insurance against a ransomware attack. One of the requirements of the insurance is that you have to have monitoring software like Crowdstrike installed on all company machines. The company I work for fortunately doesn't use Crowdstrike, but we use something similar called SentinelOne. It's very difficult to remove, and it's a fireable offense if you manage to.
No doubt mandated so that the NSA can have a backdoor to everything just by having a deal with each one of those providers.
I think there's a Ben Franklin quote that applies here. "Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety."
It is kinda implied throughout SP 800-171r3 that EDRs will make meeting the requirements easier, although they are only specifically mentioned in section 03.04.06
Most corporate places I've encountered over the last N years mandate one kind of antivirus/spyware combo or another on every corporate computer. So it'd be pretty much every major workplace.
Just because everyone does it doesn't not make it a dumb idea. Everyone eats sugar.
If the average corporation hates/mistrusts their employees enough to add a single point of failure to their entire business and let a 3rd party have full access to their systems, then well, they reap what they sow.
I think you have to look beyond the company. In my experience, even the people implementing these tools hate them and rarely have some evil desire to spy on their employees and slow down their laptops. But without them as part of the IT suite, the company can't tick the EDR or AV box, pass a certain certification, land a certain type of customer, etc. It is certainly an unfortunate cycle.
This goes way higher than the average corporation.
This is companies trying desperately to deliver value to their customer at a profit while also maintaining SOC 2, GDPR, PCI, HIPAA, etc. compliance.
If you're not a cybersecurity company, a company like CrowdStrike saying: 'hey, pay us a monthly fee and we'll ensure you're 100% compliant _and_ protected' sounds like a dream come true. Until today, it probably was! Hell, even after today, when the dust settles, still probably worth it.
Sounds like the all too common dynamic of centralized top-down government/corporate "security" mandates destroying distributed real security. See also TSA making me splay my laptops out into a bunch of plastic bins while showing everyone where and how I was wearing a money belt. (I haven't flown for quite some time, I'm sure it's much worse now)
There's a highly problematic underlying dynamic where 364 days out of the year, when you talk about the dangers of centralized control and proprietary software, you get flat out ignored as being overly paranoid and even weird (don't you know that "normal" people have zero ability or agency when it comes to anything involving computers?!). Then something like this happens and we get a day or two to say "I told you so". After which the managerial class goes right back to pushing ever-more centralized control. Gotta check off those bullet point action items.
They fixed that. Now you can fly without taking your laptop out, or taking your shoes and belt off. You just have to give them fingerprints, a facial scan and an in-person interview. They give you a little card. It's nifty.
My response was intended as sarcasm. But eventually, I don't think it will be a two-tiered system. You simply won't be allowed to fly without what is currently required for precheck.
And fwiw, I don't think the strong argument against precheck has to do with social class... it's not terribly expensive, and anyone can do it. It's just a further invasion of privacy.
Precheck is super cheap, it's like less than $100 once per 5 years. Yes, it is an invasion of privacy, but I suspect the government already has all that data anyway many times over.
> showing everyone where and how I was wearing a money belt
I only fly once every couple years, but I really hated emptying my pockets into those bins. The last time I went through, the agent suggested I put everything in my computer bag. That worked a lot better.
Last time I flew, in sweden, the guy was angry at me for having to do his job so he slipped my passport away from the tray, so that I'd lose it. Lucky for me I saw him doing that.
At my work in the past year or 2 they rolled out Zscaler onto all of our machines which I think is supposed to be doing a similar thing. All it's done is caused us regular network issues.
I wonder if they also have the capability to brick all our Windows machines like this.
Zscaler is awful. It installs a root cert to act as a man-in-the-middle TCP traffic snooper. Probably does some other stuff, but all you TLS traffic is snooped with zscaler. It is creepy software, IMO.
Ah, yeah, they gave us zscaler not too long ago. I wondered if it was logging my keystrokes or not, figured it probably was because my computer slowed _way_ down ever since it appeared.
Zscaler sounds like it would be a web server. Just looked it up: "zero trust leader". The descriptiveness of terms these days... if you say it gets installed on a system, how is that having zero trust in them? And what do they do with all this nontrust? Meanwhile, Wikipedia says they offer "cloud services", which is possibly even more confusing for what you describe as client software
Somebody upthread pointed out that it installs a root CA and forces all of your HTTPS connections to use it. I verified that he's correct - I'm on Hacker News right now with an SSL connection that's verified by "ZScaler Root CA", not Digicert.
ZScaler has various deployment layouts. Instead of the client side TLS endpoint, you can also opt for the "route all web traffic to ZScaler cloud network" which office admins love because less stuff to install on the clients. The wonderful side effect is that some of these ZScaler IPs are banned from reddit, Twitter, etc, effectively banning half the company.
Zero trust means that there is no implicit trust whether you’re accessing the system from an internal protected network or from remote. All access to be authenticated to the fullest. In theory you should be doing 2FA every time you log in for the strictest definition of zero trust.
They are a SASE provider, I am assume they offer a beyond Corp style offering allowing companies to move their apps off a private VPN and allow access on the public internet. Probably have a white paper on how they satisfy zero trust architecture.
See the recent waves of ransomware encrypting drives and similar attacks. They cause real cost as well and this outage can be blamed on crowdstrike without losing face. If you are in the news for phished data or have an outage since all data is encrypted blaming somebody else is hard
Well it’s not aimed at IT people and programmers (though the policies still apply to them), it’s aimed at everyone else who doesn’t understand what a phishing email looks like.
These comments make me think that both you and the commenter you replied to have never read 1984.
It's anti totalitarian propaganda. There is IIRC not much about how Airstrip One came to be, it's kinda always been there because the state controls history. People did not ask for the telescreens, they accept them.
The system in the book is so strongly based on heavy-handed coercion and manipulation that I actually find it psychologically implausible (though, North Korea...). The strength of the book, I would say, is not its plausibility, but the intensity of the nightmare and the quality of the prose that describes it.
So there's the control freak at the top who made this decision, and then there are the front lines who are feverishly booting into safe mode and removing the update, and then there are the people who can't get the data they need to safely perform surgeries.
So yeah, screw 'em. But let's be specific about it.
I think the question this raises is why critical systems like that have unrestricted 3rd party access and are open to being bricked remotely. And furthermore, why safety critical gear has literally zero backup options to use in case of an e.g. EMP, power loss, or any other disruption. If you are in charge of a system where it crashing means that people will die, you are a complete moron to not provide multiple alternatives in such a case and should be held criminally liable for your negligence.
Agreed on all points, but if we're going to start expecting people to do that kind of diligence, re: fail-safes and such (and we should), then we're going to have to stop stretching people as thin as we tend to, and we're going to have to give them more autonomy than we tend to.
Like the kind of autonomy that let's them uninstall Crowdstrike. Because how can you be responsible for a system which at any time could start running different code.
What I don't get why nobody questions how's OS that needs all third-party shit to function and be compliant, gets into critical paths in the first place??
This kind of thing is required by FedRAMP. Good luck finding a company without ending management software who is legally allowed to be a US government vendor.
If you stick to small privately held companies you might be able to avoid ending management but that's it.. any big brand you can think of is going to be running this or something similar on their machines -- because they're required to
Presumably endpoint detection & response (EDR) agents need to do things like dynamically fetch new malware signatures at runtime, which is understandable. But you'd think that would be treated as new "content", something they're designed to handle in day-to-day operation, hence very low risk.
That's totally different to deploying new "code", i.e. new versions of the agent itself. You'd expect that to be treated as a software update like any other, so their customers can control the roll out as part of their own change management processes, with separate environments, extensive testing, staggered deployments, etc.
I wonder if such a content vs. code distinction exists? Or has EDR software gotten so complex (e.g. with malware sandboxing) that such a distinction can't easily be made any more?
In any case, vendors shouldn't be able to push out software updates that circumvent everyone's change management processes! Looking forward to the postmortem.
My guess is it probably was a content update that tickled some lesser trodden path in the parser/loader code, or created a race condition in the code which lead to the BSOD.
Even if it’s ‘just’ a content update, it probably should follow the rules of a code update (canaries, pre-release channels, staged rollouts, etc).
CrowdStrike is an endpoint detection and response (EDR) system. It is deeply integrated into the operating system. This type of security software is very common on company-owned computers, and often have essentially root privileges.
Well, actually more than root. Even for an administrator user on Windows, it’s pretty hard to mess with things and get into BSOD. CrowdStrike has these files as drivers (as indicated by .sys file extension) which run in the kernel mode.
Companies operate on a high level of fear and trust. This is the security vendor, so in theory they want those updates rolled out as quickly as possible so that they don't get hacked. Heh.
These updates happen automatically and as far as I can tell, there is no option to turn this feature off. From a security perspective, the vendor will always want you to be on the most recent software to protect from attack holes that may open up by operating on an older version. Your IT department will likely want this as well to avoid culpability. Just my 2 observations, whether it is the right away or if CS is effective at what it does, no idea.
Record and transcribe a live call directly from the Phone app.21 You can also search call history more easily, dial smarter, and switch SIM cards seamlessly.
Cool! I have a strange affinity for RSS and created* a small plugin to subscribe to feeds within Event-Driven Ansible** and run actions on new feed posts. I didn't create it with specific utility in mind, certificate monitoring via RSS fits right in there - much to my surprise.
I'm a really big fan of the C1. I'm curious what the image quality is like compared to the current webcam on the M2 Air and compared to the C1. The mute switch on the cable is a great idea.
Setting aside the implications of the move Red Hat made for a moment, can we all just appreciate what a perfect storm of terrible messaging they've settled into with this one? From what it sounds like, the announcement surprised a lot internal associates not working on RHEL that are now falling into this trap that Red Hat created.
I ultimately returned mine because, as cool as it was, the isolation and neck pain weren’t worth it. It’s an awesome way to watch a movie (alone) or use to extend your laptop but ultimately it’s just you in there. I’d never wear this around people and my son was creeped out by it and asked me to take it off. It’s difficult to use for more than an hour which would interrupt my workflow if I was wearing it while working on my laptop.
I hope they continue iterating because I’d love to try again if they can cut the bulk. The guest mode addition would’ve been nice to have even though I probably wouldn’t let my kids try it because it’s too expensive.
I can’t say less about apple intelligence…
reply