Linux comes in a wide range of distributions, so it is hard to make universal claims. One area where security defaults need to improve is sandboxing.
If security is a major concern, bwrap or firejail can easily provide that extra sandboxing.
NixOS and GuixSD make it quite trivial to sandbox applications in a declarative fashion using firejail.
An alternative is to use e.g. Flatpak, which gets you sandboxing for free via bwrap. But I am not a fan of application images that bypass package management.
Functionally, it is very similar to Flatpak. The main reason people do not like it (for reasons independent of sandboxed applications in general) is that Canonical controls the store and that it is not open-sourced, and that it is very difficult to remove it on Ubuntu setups (a major pain-point for people who need an unsandboxed Firefox setup).
I wouldn't use snap or Flatpak, just sandbox using bwrap or firejail. They are really easy to use.
Containers also provide good development sandboxing. With distrobox you can run many distributions inside your own within a clean and isolated environment.
Regulators are generally really conservative. Spiegelhalter et al. already wrote a fantastic textbook on Bayesian methods for trial analysis back in 2004. It is a great synthesis, and used by statisticians from other fields. I have seen it quoted in e.g. DeepMind presentations.
Bayesian methods enable using prior information and fancy adaptive trial designs, which have the potential to make drug development much cheaper. It's also easier to factor in utility functions and look at cost:benefit. But things move slowly.
They are used in some trials, but not the norm, and require rowing against the stream. This is actually a great niche for a startup. Leveraging prior knowledge to make target discovery, pre-clinical, and clinical trials more adaptive and efficient.
Journals are also conservative. But Bayesian methods are not that niche anymore. Even mainstream journals such as Nature or Nature Genetics include Bayesian-specific items in their standard submission checklists [1]. For example, they require you to indicate prior choice and MCMC parameters.
Bayesian methods are incredibly canonical in most fields I’ve been involved with (cosmology is one of the most beautiful paradises for someone looking for maybe the coolest club of Bayesian applications). I’m surprised there are still holdouts, especially in fields where the stakes are so high. There are also plenty of blog articles and classroom lessons about how frequentist trial designs kill people: if you are not allowed to deviate from your experiment design but you already have enough evidence to form a strong belief about which treatment is better, is that unethical? Maybe the reality is a bit less simplistic but ive seen many instantiations of that argument around.
A classic way to bridge the gap is to put a great academic brand on your CV. For example, you could work as a research assistant in CS for a famous university (e.g. Cambridge, Imperial, ETH).
Since the salaries they offer are low, the competition won't be so intense, and they will offer support to relocate. Once you have a foot in the ground, you can apply to great industry jobs.
A more elaborate plan would be to obtain a PhD at one of those institutions, but that is quite time-consuming and the benefits might not offset the costs.
Well, you have many options. Given that you seem to have a good publication record, I'd expect a couple of offers after making 5 or 10 applications.
If you are a good programmer, avoiding areas that are too hot (e.g. ML) and focusing on things that can make best use of your skills (e.g. compilers, verification) could be a good idea.
Research assistant positions are also great a backdoor to PhD offers, in case you are interested in that.
I still remember Snow Leopard - I think that's when I started using Mac.
Most of the upgrades since then I have resisted and not enjoyed, though I seem to recall liking Mavericks.
A lot of the big features each time seem to be about tieing further into the Apple ecosystem, which doesn't interest me at all, since I have no other devices and don't use iCloud.
Snow Leopard was spectacular. Rock solid, I never had a single problem with the OS. Lots of third-party developers making good software helped, I think shortly after (Lion?) I bought Things, Little Snitch, Sketch, and Alfred.
Yeah, OS X was definitely the nicest native development experience at the time. Apple's documentation was considerably better and more searchable back then than it is now (especially as it is now for desktop). And even though they've introduced lots of niceties (including Swift), as Apple's piled additional features and APIs into Cocoa/Xcode I find the overall experience quite a bit less coherent or intuitive or ergonomic than it used to be.
Pretty much. Xcode was quirky but it still is. But the frameworks were well documented and 1 Cocoa book could get you a long way. I loved building Obj-C/Cocoa apps back then.
I'm not mac dev but wasn't apple all in on objc back then and these days it's more swift? that is pretty big shift, I'd assume for the better for most parts.
I prefer Swift as a language, but Apple's developer documentation back then was clear, detailed, and overall excellent. Occasionally I felt like I was reading a classic CS text rather than a manual. I could always find the guide on the particular facet I was looking for within a few clicks.
I think that because their total compensation is lower than FAANG, especially at senior levels, and they are seen as uncool, they sometimes have issues retaining top-notch talent. It's paradoxical, because MS Research is probably the best PLT organization in the world. But they have failed to move a lot of that know-how into production.
Besides, because it's an older company, it might have more organizational entropy, i.e. dysfunctional middle-management. As you say it's probably several other causes too. But still, hard to understand how they can create F#, F*, and Dafny, just to name a few, and fail with their mainstream products.
I thought about this a lot while working at a high-growth company recently.
Decided that regular (quarterly) manager rankings (HR-supported, anonymous) by 2-3 levels of subordinates is the only way to solve this at scale.
The central problem is: assuming a CEO accidentally promoted a bad middle manager, then how do they ever find out?
Most companies (top-down rankings-only) use project success as their primary manager performance signal.
Unfortunately, this has 3 problems: (1) project success doesn't prove a manager isn't bad, (2) above-managers only hear from managers, and (3) it incentivizes managers to hack project success metrics / definitions.
Adding a servant/leader skip-level metric is a critical piece of information on "On, this person is toxic and everyone thinks poorly of them, despite the fact that they say everyone loves them."
Sounds a like a great solution, adding random skip connections so that information flows from the bottom to the top of the hierarchy.
Certainly, few companies have managed to avoid this trap. It's largely an unsolved problem.
I've often met managers and execs two levels above me that had a completely delusional view of what was going on below them due to lies spread by middle-management.
You also probably couldn't pay me enough to work in the kind of environment that produces such buggy software as Microsoft teams. A message based app which can't even guarantee delivery of messages, or synchronization across devices isn't a good sign for management and delivery.
I was a unix head at the time and ran OpenBSD on my personal Thinkpad. I figured a stint on the Windows team would broaden my horizons and expose me to differences. It did that. I don't regret it. I did in the end feel that the company was not my vibe, but I respect and appreciate some of what came out of there.
Back when I was there, part of my calculus was that cost of living in Seattle was cheaper than the bay. It was about 35% cheaper back then, according to regional CPI data I looked at at the time. Not sure what the difference is today. I believe housing is still substantially cheaper.
I think a few years after I left when more Big Tech opened offices in Seattle, competing companies started paying Bay Area salaries for Seattle living, removing this argument. I haven't watched this closely in recent years.
But fwiw, I was able to save and invest a lot in my Seattle days, despite a salary that was lower than in the bay.
Housing is just one component, there is a lot of other stuff that has equal price: if you order stuff from Amazon the price is the same, if you buy a new car the price is the same.
Is compensation really the issue? Like, people earning 160k simply can’t take a dive into the OS source code and make proper fixes, but people earning 250k magically can?
I don't know. I know there are a lot of people who want to work on the OS source code, given the chance, but need some hand holding in the beginning. Companies in general are not willing to give them the chance, because they don't want to hand hold them.
I think uncompetitive compensation is the dominant factor in Microsoft’s decline. Up there with stack ranking. They claim that it’s 30% cheaper to live there but then they go and capture most of that 30% for themselves.
It is my opinion that developer ability is on a Pareto distribution, like the 80 20 rule when 80% of the work is done by 20% of the people. The job market is more liquid for those that are extremely productive so it’s pretty easy to for them to get a pay rise of 30% by switching companies. In the worst case you can often come back with a promotion because, like many companies, Microsoft is more likely to promote you when trying to poach you back. Doing a 2 year stint at Amazon was quite common. The other problem is that when your best people leave is that the process is iterative, not only are you getting paid less but you are now working with people who couldn’t easily switch jobs. You start being surrounded by incompetence. Stack ranking, which I hear is still being done unofficially, also means that you put your promotion and career in danger by joining a highly productive team. So it is rather difficult to get highly productive people to work on the same team.
Being paid less, being surrounded by incompetence, and being forced to engage in constant high stakes politicking really sucks.
I still think there are ways to hand hold people a bit and grow an ordinary engineer to a better one who is fit for system programming in maybe 12 months.
Otherwise as you said the only way is to offer the best compensation so that people don't leave. But again those people probably would leave for different reasons (culture e.g.).
Compensation is the easiest way and probably the most essential. It is hard to maintain a good culture when your best keep getting poached away with large sums of money. If Microsoft was the only game in town then sure they could get away with paying less, but they're not so they cannot.
Compensation can be the issue if the cost of living is creating problems. If you need 150k to just live in an area, 160k is not motivating while 250k gives you the peace of mind to focus on the work, not just on surviving. If you live in Bangladesh, the difference between 160k and 250k is almost meaningless.
Also compensation is a sign of respect and influences motivation. If you position yourself lower in the market, there is no reason to deliver top results for less money, correct? This attracts mediocrity, especially in management, and slowly kills companies. Usually there is no way back, no large company can replace the entire management and once and the mediocre ones will reject new, better ones.
It's not about the amount, but the type of people who stay when they could move to a higher paying job.
And the fact that it's impossible to poach people from companies offering a higher salary than you do. Unless you give them something more, like better conditions, or "mission", or the idea to work on something cool, but I don't think any of those apply to Microsoft.
A kernel engineering job is much more fun than yet another backend web gig. A large part because when working with typical web coding people do not want you to do actual software engineering.
But the actual issue is that if you underpay people they will not feel respected and valued so they will either not be motivated or leave. So you cannot pay below market, but you do not need to pay FB salaries either.
Theoretically (never happened to me), I'd definitely do a $100K Windows kernel, or whatever kernel work, over a $150K DE job that I currently have (I used to have a $220K DE job too and I won't hesitate to switch).
Lots of viruses are really oncogenic. The real success here is the ability of Denmark to track effectiveness. It sounds crazy but most countries do not have electronic health record capability to measure the effect of many interventions at population scale. Once good EHRs are rolled out, we will be able to double down on effective interventions, like this one, and vice versa.
A lot of viruses insert themselves into your DNA, they may mess up the 3D structure, or during DNA repair result in misrepair / duplications, or simply insert somewhere and break something important. All of these are ways that can contribute to kickstarting or accelerating cancerous growth.
Sadly, no matter how good the data is, some societies will value opinions of uninformed celebrities above facts and reason, leading to a resurgence of preventable diseases.
Idk the Danish approach of opennnes seems to be working for them. They acknowledge it isn't fully effective. They acknowledge that there may be a small risk of side effects. And they tell people it's worth it and to go take it.
"Since HPV vaccination was implemented in the Danish childhood vaccination programme in 2009, we have received 2,320 reports of suspected adverse reactions from HPV vaccines up to and including 2016. 1,023 of the reported adverse reactions have been categorised as serious. In the same period, 1,724,916 vaccine doses were sold. The reports related to HPV vaccination that we have classified as serious include reports of the condition Postural Orthostatic Tachycardi Syndrome (POTS), fainting, neurological symptoms and a number of diffuse symptoms, such as long-term headache, fatigue and stomach ache."
"The risk of cervical changes at an early stage was reduced by 73% among women born in 1993 and 1994, who had been vaccinated with the HPV vaccine compared with those who had not been vaccinated."
"The Danish Health Authority recommends that all girls are vaccinated against HPV at the age of 12. The Danish Health Authori-
ty still estimates that the benefits of vaccination by far outweigh any possible adverse reactions from the vaccine."
Its not like it wasn't without issues. You had the documentary from a state funded tv station that uncritically let people claim all kind of issues after getting the vaccine. It drastically lowered the uptake of the vaccine.
> They acknowledge it isn't fully effective. They acknowledge that there may be a small risk of side effects. And they tell people it's worth it and to go take it.
Those are basic bits of knowledge that apply to most vaccinations.
The problem is that the quacks diminish the positive effects, exaggerate the negatives and engage in a campaign of fear mongering that costs some people (and in some cases lots of people, see COVID) their lives. They are not only clueless, they are malicious.
From Gwyneth Paltrow, JFK Jr, all the way to Donald Trump and a whole raft of others the damage is immense. I have a close family member who now is fully convinced of the healing power of crystals and there isn't a thing you can do to reason with people that have fallen into a trap like that.
I think those who advocate for censorship are gullible and have fallen for the bush-league trap of believing that the state is on your side and exists to benefit you.
As bad as many celebrities/politicians are (I'm waiting/fantasizing for "cheeto in chief" to sit in the same jail cell as "bubba"), the real quacks are organized groups like Chiropractors, "Naturopaths", Multi-level-marketers, etc.
My medical insurance will pay for several literally fake/quack treatments because of this crap. If you want to wage war against Quackery I better see you going after "big Chiropractor" first.
Telling lies should never be criminalized, because there is no single trustworthy arbiter of truth.
This has nothing to do with vaccines. There is a very good reason that misinformation is, and should remain legal. This simply allows the person or group who gets to define what is or is not misinformation to arbitrarily imprison anyone doing publishing they don’t like.
You really need to think through the implications and consequences of censorship laws before advocating for them.
> You really need to think through the implications and consequences of censorship laws before advocating for them.
Maybe I did?
It is possible that we just disagree on this. Clearly misinformation about medical stuff is so damaging that many places have found it necessary to have laws on the books. I'm just elevating this from a misdemeanor to an actual crime based on the outcomes.
What if 25 years ago I spoke out against opiods as highly addictive and dangerous. Remember, this was in contradiction to the scientific consensus at the time that modern opioids were not that addictive. A reasonable person could have said at the time that my claims were false and posed a danger to people who were in pain and needed this medication. In hindsight it's obvious that the scientific consensus was catastrophically wrong, but it people like you were in charge, people could be jailed for their dissent.
If you did you'd have been in very good company because the world over the scientific consensus was that opioids were addictive.
That scientific consensus you are alluding to is not what you claim it was.
Finally, we're talking about celebrities without any qualification whatsoever spreading utter nonsense causing real harm, you can look at that in isolation and compare it to you making that statement out of an abundance of caution regarding something where there is no downside. The two simply are not equivalent. Free speech absolutists always pull the same trick, aiming to refuse an obvious wrong in order to defend their bastion while forgetting that there isn't a black-or-white at all, you can have some reasonable limits on what people can and can not do and in the age of 'influencers' with global reach the danger is much more prevalent than it used to be.
Free speech is a great good, but it is not the greatest good.
Scientific consensus is often NOT the defining measure of what a state (and thus a prosecutor) considers truth, and thus what they consider misinformation.
The dangers of medical misinformation, regardless of scale, do not negate the fact that criminalizing _what the state calls_ misinformation allows the state to arbitrarily imprison people publishing things, because it demands that the state be the arbiter of truth, something that does not have an objective legal
method of determination. If it somehow did, promoting religion would of course be illegal as it is clear misinformation.
Also, consider for a moment the insane amount of harm the delusion that is religious belief has wrought. Should we be outlawing that, too? The suggestion that prayer is an effective treatment for ailments is a claim they have been making for millennia. Shall we somehow square your anti-misinformation law with religious freedom?
People should always be free to be wrong, because we often don’t know what is right until many decades or centuries or millennia later.
Yeah, we should have a Ministry of Truth that declares things "quackery" or "misinformation" and then jails people for saying it. I can't see how this could possibly go wrong.
Quackery in what sense? It is my understanding that to be a quack in a legal sense one must first be a licensed doctor, and malpractice is covered by freedom of speech. But you referred to celebrities practicing "quackery" which I assume means that they were saying the same nonsense that could get a doctor's license pulled, and that is absolutely covered by freedom of speech.
Also, you have already admitted there is a Ministry of Truth equivalent, as such a thing is necessary to prosecute people for telling lies.
Celebrities in general are quite dubous. See a certain actor suddenly promoting Palantir spysniffing on mankind. I decided that guy won't get a dime from me for the rest of my life - when actors suddenly become lobbyists for Evil, they need to not get any money from regular people really.
This is just normal not supporting things you disagree with. It's not a rule of thumb you can quickly use to discount an opinion. Ignoring actors is a pretty handy rule of thumb. Their main skill is repeating someone else's words and emoting. There is no reason to consider them smart, knowledgeable, informed, or competent.
The numbers are quite solid. People who don't want to accept the numbers, need to come up with an explanation why the data can not be trusted. With regard to oncogenic HPV, I think the data is very convincing. To me it was a lot more convincing than the SARS covid datapoints (e. g. the media constantly shifted; I noticed this with regard to Sweden, which had a bad early data due to barely any protection of the elderly, but lateron it still had better data than e. g. Austria which went into lockdown - so Austria had worse data points than Sweden overall. Japan or Taiwan had excellent data points, so the respective governments were much better than either Sweden or Austria. The most incompetent politicans acted in Austria during that time, replacing facts with promo and propaganda. The data points, though, were always solid. I remember I compared this about weekly and it was interesting to me when Austria suddenly surpassed Sweden negatively; the media here in Austria critisized Sweden early on, but once Sweden outperformed Austria in a better, more positive manner, suddenly the media no longer reported that. Private media simply can not be trusted.)
Covid data didn't keep shifting except in the early time before we understood it.
Your comparison of Sweden vs Austria has a problem: Covid did more damage in warmer climates. Thus this proves nothing about policy. Look to others more similar--Sweden didn't fare well.
Bureaucracy? This is the same type of go/no-go decision that R&D orgs have to make with incomplete information and immense costs every day. But with less complete information (no in-human data → 70-90% failure rate) and more immense costs (a couple hundred million dollars to get it through trials).
The problem is the cost and risk profile of drug development. With those parameters where they are, there will be countless "bureaucratic errors" of foregone opportunities, most of which we'll never even learn about.
Technically, they disappeared because of limited resources. If every pharmaceutical organization had unlimited funding to run unlimited trials, then they would.
If security is a major concern, bwrap or firejail can easily provide that extra sandboxing.
NixOS and GuixSD make it quite trivial to sandbox applications in a declarative fashion using firejail.
An alternative is to use e.g. Flatpak, which gets you sandboxing for free via bwrap. But I am not a fan of application images that bypass package management.