It is annoying, but it is necessary to avoid users choosing longer passwords where the necessary randomness is beyond the 72nd byte. Allowing a password of unlimited length when you support only e.g. 20 or 50 bytes is just as bad as putting in a maximum length restriction when you don't have one.
Ideally, just use scrypt or PBKDF2, which don't have length restrictions.
I wouldn't want to limit the password a user supplies. Any password should work, including 1 byte or 1 gb passwords. Restrictions of any form have always just caused more problems than they've solved.
But the solution I've favored is hashing the user's password on the client with a hash that provides enough significant bits that your key derivation on the server is not weakened. This way you get the benefit of not needing to deal with differences in transmission size and the user's plaintext password is never exposed to any listener (regardless of whether the connection is secure, or believed to be secure).
Or hash it first using SHA3. Then you get the slowness of bcrypt (which is what you're using it for) and the variable length input of SHA3. You're only risk is a SHA3 collision, which is not something that is realistically going to happen.
Yeah, we actually have a few cgo packages. We have OpenSSL bindings (we need to use our hardware accelerated crypto, go's crypto/tls lib doesn't support that (yet)), a faster CRC thing, we needed monotonic clocks and couldn't wait for Go 1.3, etc.
We'll be releasing a bunch of these. Particularly the OpenSSL bindings, which even without hardware acceleration are faster than Go's TLS library, and despite Heartbleed, OpenSSL is not vulnerable to timing attacks like crypto/tls is.
I wonder how many lines of code they ended up with afterward, although admittedly lines of code is a pretty silly metric. I think it is useful in orders of magnitude when describing the size of a project, 100 lines, 1,000 lines, 10,000 lines, 100,000 lines all speak volumes about effort. So I guess what I'm wondering if you got about a roughly similar sized code base or significant change difference?
Actually in this case, comparing two languages doing exactly the same thing, LOC is a relevant measure (its a crap measure of programmer productivity). It could show the expressiveness of a language. Also I am a believer that less lines of code = less likely to have bugs.
Less code in general means fewer bugs. However, there's definitely an inflection point where you're trying to cram too much functionality into too few lines of code, and so the code you're writing is a lot more complex than it really needs to be. This is where Go shines, is in discouraging overly complex single lines of code that don't actually save the programmer any time.
Sure, python has list comprehensions, but I can tell you how often I've seen hugely over-complicated one line list comprehensions that were impossible to understand unless you were absolutely sure what it was supposed to be doing before you read the code. I've refactored some of those in my lifetime just to make them more readable. That's not to say that most simple list comprehensions aren't totally fine.
So, just saying fewer lines of code makes for fewer bugs is not 100% accurate. I'd say, less /functionality/ leads to fewer bugs. But except in extreme circumstances (like writing a whole framework to do one small task), actual lines of code does not correlate to the number of bugs.
It's cool, and this is a nearly useless comment, but the logo looks to much like an alien out of a Whitley Strieber "non-fiction" story. A little creepy I'm saying. Gitlab needs some branding design love.
I think it goes both ways. Younger engineers need to not avoid hiring old people because of fear of being a culture misfit and older engineers need to stop being self-conscious of their age all the time. Both can be a little bit more flexible and learn more about what other people like and appreciate the diversity that different ages can bring the workspaces. Both sides need to realize that the generalizations are all unrealistic. Young engineers aren't running around with pacifiers in their mouth pissing all over the floor and older people aren't losing their dentures in the snack area and falling asleep at their desk every day at 2pm dreaming about retirement. I say that as an engineer nearing my 40's.
I'm not sure why being #1 is so important. Who cares where our position is in the ranks as long as we are happy with our state. If we aren't happy we can make improvements, but again it's not a race so how we compare to others doesn't really seem significant unless we are far behind. I suppose the real significance is the trends, but I guess that doesn't strike at the heart strings of the common person as losing at some newspaper editor's arbitrary rules for a game nobody knew we were playing.
> ...the results of GitHub's independent investigation unequivocally confirm this and we are prepared to fight any further false claims on this matter to the full extent of the law.
Seems like a legal threat to Horvath if she speaks up about this again.
That's definitely the most dramatic possible interpretation, and is thus the one the Internet will fixate on. Giant crowds of uninformed bystanders can be counted on never to pick the most boring narrative.
Sounds like legalese boilerplate that the GH legal team recommended. Nothing more, nothing less.
Harassment allegations aside, the fact that the wife of the founder had the access/freedom she did was a bit of a WTF for me. I can understand that perhaps GH decided that was the termination-triggering offense, not the allegations.
It's probably aimed more at reminding GitHub employees of the possible legal ramifications of publicly supporting the allegations and dampening further discussion in general.
I don't see how that's less dramatic though, especially since the meaning of that statement is pretty obvious.
Whether you interpret it as normal, like you do, or inappropriate and/or sad, like I would, is a different matter.
For that one line, which other explanation do you have that better fits Occam's razor?
I would have a lot of trouble finding any other interpretation than him attempting to stop certain people from saying certain things and thus suppressing the discussion, whether successfully or not.
It's a reminder that freedom of speech != freedom from consequences. They're asking everyone to not ride on this infamous situation to perpetrate any more falsehood. Because if you do you'd have to help yourself with a little bit of law.
a) There is zero legal merit. As an outside observer, I don't know one way or another. I presume you don't either. (Remember the law does not always track your intuition.)
b) Even if there is some theoretical legal merit, the independent investigation results (if what we're told is the entirety of the conclusions) may make it an uphill battle to pursue the claim.
c) There is actual legal merit but the potential plaintiff is choosing not to pursue the matter.
d) There is actual legit merit and the attorneys are in settlement talks right now.
e) There is actual legal merit and a lawsuit will be filed before the statute of limitations expire.
Could you please remind us your credentials in this case, or are you yourself some "uninformed bystander" on "the Internet"? (If you're in the middle of this, perhaps you should link to it each time you comment.)
But in American courts, if I call you a dog-fornicator, you generally have to prove to the court you aren't a dog-fornicator to get damages. (Plus a bunch of other stuff, like actual damages, unless it's per-se defamation, except if . . . . There's a lot that could be added to this, hence my "generally.")
> in American courts, if I call you a dog-fornicator, you generally have to prove to the court you aren't a dog-fornicator to get damages.
To get damages? That's another issue. In American courts, the accused would not have to prove to the court that they aren't a dog fornicator. The prosecution has to prove you the accused is guilty.
There isn't necessarily a solution. I'm just pointing out that underprivileged folks are often at a disadvantage. "The truth shall set you free" sometimes only applies if you can afford to fight the other side's lawyers for a few years.
No I don't know her personally but from what I've read I believe the intimidation she described. I've felt the bipolar intimidation from founders before and am completely sympathetic towards her and the situation. Nobody deserves to be that situation.
If she doesn't feel vindicated, sure, we'd support her lawsuit against both GitHub and P-W. Also it depends on what she says, not forgetting we interpret situations differently and with different levels of intensity. She should tread cautiously.
Don't know about the US, but where I live making wrong claims that damage somebody's reputation is illegal. I think it makes lot of sense to sue people who accuse you of sexual harassment. What other recourse is there? Arguing about it will never work.
I've read about a couple of different explanations for changes in crime rates. I think freakanomics has discussed greater prevalence of abortions[1], and one thing I've heard in academic circles is that crime reporting has gotten better. You could actually make predictions with this article's question. There may have been areas where lead was used in petrol for longer than others, one could compare across regions and see if the time at which petrol was changed also adheres to drop in crime to see if there is still a correlation.
Levitt and Dubner wrote down a number of interesting theories about lots of things, but I think they overthought this one.
The crime rate rose and dropped pretty neatly along with the proportion of young men in society. The median age is much higher now than it was 30 years ago. Crime, especially violent crime, is a young man's game.
Perhaps they are right and roe vs wade was one of the factors in raising the median age, but it seems that people today want smaller families, and have more control over this than a generation ago. You can't assume that if a woman has an abortion, a miscarriage and two kids over her lifetime, she would have had four children if it hadn't been for the abortion and the miscarriage.
While I've been generally convined Freakonomics is to be considered suspect on this, the argument you present in the last paragraph doesn't counter it: the Freakonomics point was that absent abortion, people were forced into having children earlier when they were not ready to support them fiscally or emotively due to their situation, whereas with control of their fertility they can choose when they are best prepared and most desired them.
My point was that a society dominated by young men is going to have more crime than a society with a median near middle age - that smaller families made us calmer. They didn't convince me that younger parents are worse than older ones.
It is probably more accurate that allowing unwanted children to be aborted resulted in the drop of crime 20 years later than the removal of lead. This was mentioned in Freakonomics the movie as yukichan linked.
I feel like many men sometimes aren't aware of how little they help around the house with chores and taking care of the children, so I am proactive and plan stuff with my wife. I don't wait for her to ask me. That isn't dysfunctional.
There's also a lot of process in families. Some you can automate now, like paying the bills. Some processes are routines. Getting up, getting our child dressed, walking her to school, picking her up, taking her to her after school activities. Doing her homework with her.
There's also process with checking things around the house. Checking the fire alarms regularly, scheduling dentist appointments, making plans for seeing family. These are all processes.
The whole original article came off as ignorance and out of touch. As someone with an academic background in Anthropology and Sociology the author doesn't seem to understand what culture is or how hierarchy and unbalanced power relationships in the office place work. It's not a very sophisticated treatment of the topic in any regard. And in that vein, my opinion is that as long as the times are good and you're not hiring a bunch of dickhead managers your culture will be fine. If you take your culture to mean don't hire old people because they don't play the video games your 20 somethings do then your shit is fucked. In the end, when things go bad in the business, culture will sour.
There's a difference between process and discipline. A lot of what you're describing is discipline: you have an internal compass that keeps you oriented on the stuff that matters: helping your wife with the house and kids, doing home maintenance, and taking care of periodic tasks. Basically, you make a to-do list and execute on it.
Process, at least in the corporate context, is about a bunch of stuff you do regularly to check on whether on not the stuff that matters is being attended to. Getting your kid dressed is not a good analog to the 'process' that is being referred to in this sense. Process is a tax on hiring people that don't have that internal compass, or on operating in an environment that stifles that internal compass. If the to-do list isn't there, isn't being followed, or doesn't work in some other way, process exists to find out that there's a problem so everyone can sit down and talk about what to do to fix it.
Put simply: you're defining a culture in your household that is healthy. It's exactly what the author hopes for in a company, and that's not process, it's discipline.
Process isn't about stifling the internal compass, it's about making sure that everyone's compass aligns. I've known many engineering teams where individually everybody is incredibly smart, hard-working, dedicated, and focused on what matters, but what matters is different to every person. As a result, the team got nowhere. Process is essentially shared discipline: it's getting everybody aligned so that when they focus and work hard, they get somewhere as a group instead of undoing each others' work.
I'd be really curious then to get your opinion on a new managerless structure I've been developing. My contact info's in my profile if you're interested.
