It's been abandoned for some years, the author was working on a new engine for it and in the last 5 days they started working again on sled proper. However, it's pretty good the way it is (the 0.34.7 release from 2021 https://crates.io/crates/sled), despite the beta warnings
It already uses a key/value store for on-disk storage, but you’ll have to write the server API and client yourself, along with a Raft state machine layer. It’s not a big lift though, and could make a fun weekend project.
There are mire dark patterns in this than you can think of. Have you ever wondered what does Amazon do on the top of the search results typing “something ebay” into google?
I can certainly think of some, but that doesn't mean that removing Google would result in lower prices. It could be that replacing automation with manual work could even raise prices.
Some of us still remembers pre-Google internet. Imagine how we were able to send emails and navigate on the streets. The image you are painting here is a classic false dichotomy. If Google goes under people won’t be moving to Apple, they are going to move to Fastmail, Yandex Maps, and so on. We might even see a new mobile platform that does not collect every single bit of your life.
> a strong indication that devices belonging to him have been hacked in recent years.
I like these kind of speculative articles. The click bait title states something with certanity than the first sentence clarifies that it is a speculation. I am not sure why we are falling for this click baity garbage, over and over.
> Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware
The Ars Technica article is a bit confusing, if you click through to the original article, the case they make is much clearer. It's not that his credentials were found on Have I Been Pwned, which is the case for most people through no fault of their own. Instead, it's this:
>But some of the datasets that Schutt is included in are much more concerning than normal data breaches because they're from stealer logs.
Logs from information-stealing malware were leaked multiple times, and if your credentials appear in multiple of those, that's reasonably good evidence that you are doing something wrong.
So I don't think the headline is clickbait, but I do think that the Ars article could be clearer in making its point.
"Well-known" email addresses (e.g: gaben@valvesoftware.com, president@whitehouse.gov) also seem to show up in these mentioned stealer logs on https://haveibeenpwned.com/ - which makes me suspect addresses are extracted from keypresses even if just typed in the To field of an email, for instance, and do not necessarily indicate the owner of the email has malware on their machine or has had their account/password compromised.
At one point I was a contractor for a government department and at another I was at a government sponsored NGO.
My credentials are in the various leaks, like the Adobe one.
“Login credentials belonging to a Department of Defense contractor, who previously had worked at a government-sponsored media outlet, have appeared in multiple public credential leaks.”
Yep, headline doesn't say it is his current computer or anything, just that his computer was infected. It would be clickbait if it said his current computer is actively infected. Less clickbait than now if it said one of his computers appears to have been infected at some point.
Cannot tell if it's sarcasm or not. Obviously everyone who reads the headline assumes it's his current computer, and it had some, uh, consequences. That's why they click. That's what makes it clickbait. Nobody would care otherwise.
(Also, if you are willing to be pointlessly formal, it goes in both directions, since it can be argued that a computer, which belongs to a person, who in the future will become DOGE's software engineer, but hasn't become yet, also formally isn't a "DOGE software engineer’s computer".)
As long as it's a work computer, what does it matter if it's his current computer or not? Remember that we're talking about an infostealer, it got his credentials and "that's it" (that's gravely serious).
Wouldn't the assumption be that some percentage of government workers have infostealers on their computers? The track record of these people is not good, pretty much since we've had the internet there have been a steady stream of minor-to-moderate scandals where information gets to places that it shouldn't be.
This might just be selection bias because there is a large crowd of angry people looking for things to fling at DOGE.
If there's bias, I think it comes from people being concerned that there are people coming into various govt. offices, demanding and receiving write/read, non-logging accounts on systems containing sensitive information. The access DOGE staffers are being granted absolutely warrants extra scrutiny of their conduct and security practices.
If his accounts were compromised after the computer was (as article indicates), people would still care. It included Greenfield too, so potentially has password reuse risk.
Doesn't seem speculative in the least - they have some pretty strong indicators of a problem. It's great that we're getting some tech-literate investigative journalism going - and good for our government to have a light shining here.
I've updated the title to something less sensationalist and more representative of the article's content.
HN does have a policy of using the original title from the submitted article, unless it is misleading or linkbait, and we try to be rigorous in enforcing it.
Users can help us by emailing us (hn@ycombinator.com) when they see a case where a title seems to be misleading or linkbait.
This is something that already happens. When there is a strong general opinion questioning the quality of the title, even if it's the same as the original title, if it's against HN directives they do get changed. Unfortunately I don't remember exactly these cases, but if you've been to HN long enough you've surely seen these changes.
> If the facts support those allegations, then absolutely yes
See, here's the thing: almost everyone believes this about themselves.
There is always enough difference between any given pairing of cases that one can retain their belief in their own fairness. And there is no shortage of partisan coverage that will assist you in believing that the cases are different.
And it's not like there is an incentive for holding _your own side_ accountable when the other side is not being held accountable.
charitably, you have fallen for the myth that americans can only engage in politics from one of two sports-fan positions. this is not true and the sooner we stop engaging with this myth, the better.
uncharitably, you are pushing a stupid narrative on purpose with ill intent.
The Linux port has not been maintained for 3 years. Has unmerged rowhammer fixes and generally a yolo auth system best described as "dangerous". You are better off using a well maintained project, that includes the CVEs^Wwarts.
It's a mistake to think that `doas` on Linux is the same as `doas` on BSD.
Just as with the sudo-rs reimplementation, a doas-rs rewrite is not going to solve the inherent issues we get with SUID binaries. We are better off implementing better models (see ssh and run0).
Again I did not claim it will solve that issue. I am simply suggesting that doas has an easy to use interface and I prefer it over sudo. Somebody pointed out that doas is not maintained on Linux, so I think it would be great to reqrite it in Rust and keep it maintained.
Those should be closed WONTFIX. Neither doas nor sudo can protect you from the consequences of running untrusted code and must not attempt to do so because it adds needless complexity to safety-critical software.
I wonder if there’s one that hardcodes a simple policy like “members of the wheel group can run any command with a password, and a 5 minute timeout”, but is also sudo command line compatible.
That’s what 99% of distros default to, and it’s simple.
Big things are easier to eradicate, especially if they are slow, unaccustomed to being prey, and nutritious.
Eradicating a bacterium with wild animal reservoir populations (deer, white-footed mice, black-legged ticks, all of which are endemic species) is ... a much harder problem.
Strangely enough, there's even some likelihood that killing off the passenger pigeon actually promoted Borrelia burgdorferi. The passenger pigeon's main food source was tree mast. Large flocks of pigeons would descend and clear the forest floor of food. After it went extinct, the population of small animals which also eat tree mast exploded, and these are reservoir species for Borrelia.
A big con is that there are no typst templates for journals and conferences that academics submit papers to. For me, this is a show-stopper. I would love to be able to ditch latex because honestly it's old and it shows a lot, in spite of apologists saying that it's perfect. But 90+% of my usage starts from a conference or journal template, so at the moment it's not gonna happen.
I don't feel like the template itself is the issue.
In typst it's quite easy to recreate the templates without being years into typst (according to my experience).
The real problem is acceptance of non-word/latex papers
> The real problem is acceptance of non-word/latex papers
Some scientific journals, which only provides a Word template, require you to print to PDF to submit, then ships this PDF to India, where a team recreates the look of the submission in LaTeX, which is then used to compose the actual journal. I wish this was hyperbole. For these journals, you can safely create a LaTeX-template looking _almost_ the same, and get away with it.
The problem is the user-base and acceptance of latex vs Typst. I use latex and as aware as I am about its deficiencies, I can create a doc faster in it than any other tool that I have not ever used before. I also have a bunch of utilities I created for my specific use-cases automating data into tables, figures, etc, ready for latex import.
So its a mass and momentum problem. Typst not only has to be better/easier/faster than latex, but to a degree that it justifies all of the labor and time to learn it and change all that existing template and utility infrastructure built up over decades. A high bar.
If Typst (or some other new contender) could also read and compile latex code and packages alongside its own syntax then that would be a game-changer. Then I can use all my old stuff and gradually change things over to typst (or whatever).
Typst is a breath of fresh air. Interacting with modern tooling (GitHub, discord). Responsive developers. Easy to read code. Easy to do things on your own.
Admittedly, my use case is mainly writing books, I've never published an academic paper.
Until Typst showed up I was a heavy Latex user. My co-workers did not buy into it (Latex) because their claimed that using Google Docs / Docs is faster.
My experience with word processing is that spending a lot more time on UI bugs and incosistencies using any wysiwyg editors, compare to those any markup based system (md, latex, typst) is significant improvement. Typst is just simply faster, cleaner alternative to LaTex. I hope it gets much more popular.
The other option is people who never got into LaTeX get into Typst (usually by being too young to have gotten into LaTeX in college), and Typst takes over slowly that way.
But I thought one of the points of latex was to emit pdf files? Are you saying these places are so backwards they only accept latex and word files? What stops them being edited by someone?
Scientific journals do edit the TeX file. Both to update the visual style (e.g. enabling commercial fonts that they use for print but are not allowed to distribute with the template), and to update the content itself (to revise the grammatical style to fit the style guide followed by that journal, to update scientific references to have clickable links, etc.). Usually, at the end of all these edits, the journal sends a PDF “proof” back to the authors to verify that the final version is OK, or ask for corrections if they broke something (which they often do).
The real problem is that LaTeX is often an interchange format. Whatever tools you use to write the paper, they must ultimately output LaTeX. In the publisher's template, using only the features and packages approved by the publisher, and consistent with any other requirements the publisher may have. The publisher then takes the LaTeX output and processes it further to generate the actual document in whatever format they prefer.
Have you checked out Quarto? There are a lot of templates supported already, and possible to create out of latex if not (or just generate latex from Quarto).
Is there any side-by-side comparison of a page created by LaTeX by Typst?
My main selling points is that with LaTeX, it is easy to create typography shines beauty for a distance. (Often way better that most of books you find in stores.) With other typesetting systems, usually it is not the case. Yet, I am waiting for new things that offer simplicity, yet have same (or better!) visuals that LaTeX.
As far as I know, the main differences (in the body text) between LaTeX and, say, Word, are the linebreaking algorithm (Knuth-Plass, which is used for both ragged-right and justified text) and the microtypography package. Is there anything else that contributes to the quality of LaTeX's output for ordinary English text?
Typst apparently uses Knuth-Plass, but I don't see any information about microtypography.
From what I see, it is also section breaking, fonts, and general typesetting defaults, such as margins, section, etc (sure, they vary from package to package, and some are ugly, but the default are aesthetically pleasing).
Typst is a pretty good alternative to LaTeX and I agree all pros in your comment, with only one major deal breaker now: its CJK support is not mature enough and not producation-ready yet.
Is there a stack for loading html safely from the backend that has proper error handling? I would love to use HTMX but not sure how to do (for starting) error handling in it. I need to render some backend generated charts mostly, maybe adjust the time (datepicker). Is there something for this or just use vanilla?
You might want to have a look at Remix [0]. I haven't used it extensively myself, but it does claim to handle errors well.
> Route Error Boundaries keep the happy path happy. Each route module can export an error boundary next to the default route component.
> If an error is thrown, client or server side, users see the boundary instead of the default component. Routes w/o trouble render normally, so users have more options than slamming refresh. If a route has no boundary, errors bubble up. Just put one at the top and chill out about errors in code review, yeah?
reply