Giving government money doesn’t really change the way government operates. The government has the budget for the year and that’s the spending for the year. If government needs something done, an item gets budgeted, money is borrowed, and paid out to get stuff done. Giving money to the government only offsets the debt; nothing else changes from that besides the number in the spreadsheet.
Not just more than one employer, but some healthy number of available options.
You thought A is great but you think you can find better so you go to B. They turned out worse, you then tried C and those weren't great either. But now A won't hire you back because they already filled the position, and there are no other available companies doing the thing you want to do. Now you're stuck with inferior employment options compared to the choice of not changing jobs in the first place, unless you're willing to do something else entirely or start your own business.
Depends on the field obviously, but there are reasons why people might want to stick with a not-so-bad job instead of looking for a perfect one.
Of course - and employers have the same issue with employees. We don't have perfect information, but having conversations with alternate employers' employees helps. Just try and find stuff out. It's not going to be perfect, but it's also hard to imagine a better system that can work in practice.
I use a full passphrase with alpha/numeric values instead of a numeric only passcode. I've never seen a sluggish entry on that. Does it behave differently with a numeric only entry? I definitely experience the calculator sluggishness, but never entering my passphrase.
Assuming I get another apple phone, I'm really hoping they still do something with touchid. That was heaven compared to faceid. I don't think I can use apple wallet payments without faceid, otherwise, I'd ditch it.
I do a lot of stuff with blue/purple gloves, and I can unlock my touchId device wearing those. Doesn't matter why/how. The fact I can shows how it is easy to bypass.
Can someone else wearing the same gloves unlock your device? Otherwise seems more likely the capacitive sensor isn't bothered by a few tenths of a mm of nitrile.
Yes, breakpoints will still work. Debuggers generally use POKETEXT to write breakpoints, which ignores any write protection on pages. mseal does not affect this use case.
I tend to agree with the argument Linus put forward a long time ago, saying that there is little reason to sign commits instead of tags in git.
* Commit references the tree. If you sign the entire commit object – which is what you want, not leaving a way to change something about the commit without invalidating the signature – you sign the file tree as you saw it and implicitly all its history. Might as well sign the tag then.
* Signatures separable from the commit have a benefit of allowing someone other than the author and committer at the time to certify authenticity of the file tree. For example, if the key needs to be rotated later, you can slap a new signature over the previous one.
* Signing every single commit is tedious, so you're bound to get it automated at some point. Now your signatures are worth less because your keys are always around to indiscriminately, automatically sign whatever.
The process of signing a commit is used in a kind of wrong manner, I suppose, because of your mentioned points.
The "view of the file tree as you saw it" basically implies that signed commits aren't worth anything if the code is refactored or changed later, which inevitably it will.
Using tags as a reference point, however, is the idea of snapshotting a mutually agreed state between multiple parties working on the project.
I think you could take this a little further, and use it to implement a Q&A workflow, where e.g. a code review team and a testing team should sign a specific snapshot as "working as we saw it", and that could integrate very well if you e.g. have a semantic version epoche of your project.
Tags are commonly used for library development, but are effectively never used for application development. Signing commits for application development makes a lot of sense, since no one uses tags.
> It's bound to get automated at some point
Definitely — it already is automated. Git can sign commits using your SSH key automatically, and assuming you have something like ssh-agent running, you aren't going to need to enter your password or tap your Yubikey or whatever every time. That doesn't mean it's worthless for application development. While the developer machine being compromised is still a risk, it still mitigates man-in-the-middle attacks where your repository is compromised, or a pipeline betweeen your repo and the build machines are compromised, and an attacker can spoof commits. With signed commits, the attack wouldn't work: you don't need a chain of trust in between build servers and dev machines, you just need to trust the dev machines and the build servers. Everything in between is unable to modify the tree without getting caught.
Signing tags doesn't provide extra security, either; if the dev machine is compromised, ultimately the dev who is signing the commits can't trust their own machine to tell them what's on disk and what they're signing. And if the build server is compromised, you can't trust it to ignore unsigned commits, or commits where the signatures don't match.
It's more about the slippery slope of security vs convenience.
I do git rebase -i often. Do I want to touch my yubikey exactly 37 times for the 37 commits amended, or do I want to touch it once and just trust the software for the next N seconds to sign only these commits and not anything else?
Now, if I'm the verifier, do I trust the signer to do it properly? Or the half their commits are actually made by their cat and automatically signed?
Signing a tag is a relatively rare and very deliberate action. A more secure approach is less likely to impact convenience, reducing the chance of compromising security because it was inconvenient.
I think that's precisely the point. You wouldn't want to touch your security key every time you commit anything. Given the (intentional) high friction, it's probably best left for operations that are high value, such as tags or releases
I think ssh keys signing goes a long way to point 3. I haven't looks if you can (or if it matters) to sign with an ssh certificate, but that would be useful to add some context to the signature too.
The point he was making was not about the tech or tools to sign commits.
It was about the laziness of humans not actually reading the code thoroughly when they sign it, and therefore negating the point of ledging/signing the state of the project.
It’s a bit tautological. In order for you to prevail you must be stronger than your opponent in one or more critical areas. If you think you can win then you believe to know the weakness of your opponent.
Depending on your morals the causation here could easily be turned: once you see what you believe to be a weak opponent, you go for the win.
You could use the same argument for the scammer employee who gambles with your money to make a personal gain. You implicitly consent because you consent to the government prosecuting injustice and returning your misappropriated funds.
Well, not really. Do people consent when politicians reallocate their taxes to bail out too "large to fail" institutions? Given the protests, I think not. What if you didn't vote for the candidate that voted in the bailout? What if you specifically didn't vote (or voted for an opponent of) that policymaker. That's actually anti-consent
The concept of voting includes the possibility that a plurality of voters reject your preference. You consent to this outcome by participating.
When half[1] the population refuses to participate (perhaps they're tired of being lied to, or the candidates are slime, or there are too many selectively-interpreted, arbitrarily-enforced "laws" to count[2], or the idea one person should represent 617,000 is absurd, or they just don't like bossing their neighbors around)...
The idea is to disincentivize hoarding cash and promote active usage of money in the economy, because governments believe that having useful markets is better than not having them. Regardless of the current living standards and your wages. Rising prices and wages are not the goal per se.
So all your dollars are put on fire and lose 2% of their value annually. You can watch your cash burn to spite the Fed, or you can give it to someone else and make it their problem what to do with dollars while you enjoy whatever you bought.
"Hoarding cash" caused by deflation is actually good thing, because it encourages frugal living. Current inflationary policies result in companies trying to sell people all kinds of useless crap, thus wasting natural resources and human effort.
Sure, in deflationary environment overall GDP growth would be much slower, but it will also be more sustainable in the long run, without big boom-bust cycles.
Nothing is stopping people from saving (I mean, except for low real wages), even with inflation, it's incredibly easy nowadays to put money into investments. Also I don't understand how deflation would eliminate the boom/busy cycles
Sure, but cash is lower risk. While overall investments tend to do well, I've seen many do awful. Some are legitimate investments that just go bad, while others are scams. People are not as good at telling scams from legitimate investments as they like to think they are. If there was no inflation at all just keeping your money for a rainy day in your mattress (any place a thief is unlikely to look) would be good advice, but cash loses 2% every year so it isn't.
I'm pretty sure "deflationary environment" is synonymous with "depression".
It's a wonderful situation for people who have jobs. It's just that in a deflationary trap, the number of people who have jobs tends to dwindle until prices start to level out/rise.
Giving government money doesn’t really change the way government operates. The government has the budget for the year and that’s the spending for the year. If government needs something done, an item gets budgeted, money is borrowed, and paid out to get stuff done. Giving money to the government only offsets the debt; nothing else changes from that besides the number in the spreadsheet.