Let me preface this by saying I have no source to prove what I’m about to say, but Guido van Rossum aimed to create a programming language that feels more like a natural language without being just a toy language. He envisioned a real programming language that could be used by non-programmers, and for this to work it couldn’t contain the usual footguns.

One could argue that he succeeded, considering how many members of the scientific community, who don’t primarily see themselves as programmers, use Python.

But the performance motivations for removing the GIL seem at odds with this. I feel like the subset of Python users who care about the GIL and the subset who are "non-programmers" are entirely disjoint.

I guess I am one of these people and have zero idea on how to write code in parallel programming. Would GIL removal benefit me, given that it seems like it would hurt performance?

All the answers were good, but I think this explained it the best. Thank you

I was waiting for a "I disclosed the vulnerability and this is how they reacted" story arc but there wasn't one. Pretty disappointed OP went this route. The golden rule is to always disclose the issue and wait for them to fix it before you publish. The only exception to this rule is if the company isn't acknowledging, responding, or communicating in any way. In that case you'd wait around three months, send a follow-up email warning them you'll publicly disclose the vulnerability, wait another three months, and then publish it.

I believe a tactical move blocking strategy could evolve from these rule changes. Imagine we're in a game that's more complex than what's depicted in fig 6 but the rooks are positioned identically. Additionally, there's a white pawn at c5. Wouldn't it then be advantageous for black to make the same move as shown in fig 6? If this move results in an illegal state nothing is lost since the pawn remains blocked. Perhaps this isn't the best example as my chess knowledge is somewhat limited, but do you see what I mean? Wouldn't this tactic allow players to maintain control over two positions simultaneously in certain scenarios?

This is adorable. Writing HTML might be straightforward for us, but for a 7yo it's a significant cognitive achievement. It wasn't long ago that she learned to read. Tell her a random internet guy is proud of her.

Maybe this marks the beginning of her journey in tech - it certainly was for me. I started writing HTML at 13 and soon realized that a guestbook involves more than just a <form> tag. That led me to learn PHP. That was 20 years ago and though I am now primarily a backend developer my passion for learning and working in tech remains undiminished.

My son is now 2 1/2, and I hope he too will develop an interest in these things in the coming years.

Just what I've been looking for

Indeed, the truth often lies somewhere in between.

It sounds like you might not have been studying to become a mathematician but had to take a statistics course as a requirement for your degree. In such scenarios overcoming vague and complex teachings can indeed feel incredibly cumbersome, often resulting in a negative overall experience. However, when it comes to topics you’re passionate about the situation can be quite different. While exceptions exist in every field passion can make certain teaching styles more tolerable.

For instance, I taught myself programming at the age of 13 and I vividly remember struggling with OOP. It took me 2 months to grasp it, but I persevered. English is not my native language and I was quite poor at it in school. I began learning English on my own because there were far more programming resources available in English than in my native language. I was terrible at math and finished high school with an E in math. Fast forward a few years I developed an interest in algorithms and theoretical computer science because I wanted to understand how compilers work. I spent months learning to comprehend mathematical symbols and notation, reading numerous resources that assumed a solid mathematical foundation which I did not have. I persevered because I was genuinely interested.

Making learning too difficult isn’t helpful, but neither is making it too easy. Like most things, it really depends.

what're the odds of two dead 0x users showing up at the same time in a thread previously without comments. gave me a chuckle

a thread about a hex editor? kinda high

This seems interesting and is coincidentally exactly what I need right now. My trusty file, strings, hexdump and xxd all failed me. I was going to use ghidra, but it's quite the beast and I haven't had any time to learn it yet. Gonna give this a try tonight.

What do you need Ghidra for?

Ghidra is, for the most part, not a hex editor. It’s meant for reverse engineering - mainly decompilation, but it’s useful for patching as well. The debugger is new and takes some getting used to (I’m still using GDB + Ghidra), but the disassembler and decompiler are top-notch.

It’s also useful for defining data structures and carving them up, which (for me) is the role now filled by ImHex.

If HexFiend/xxd are at one end of the spectrum, ghidra at the other, I imagine ImHex and tools like Kaitai are in the middle

Hex Fiend does data structures and file formats now too, using parsers written in TCL. I’d probably rate Hex Fiend as being in the middle too, especially if you’re going to put xxd at the low end :)

Personally, for file format parsing I like to use Hachoir (specifically Hachoir-wx for GUI file structure browsing), which is a somewhat obscure bit of software that I’ve made some contributions to.

Huh interesting, thanks for the recs!

Username checks out

This is disgusting.

I did not know that Microsoft offers these tools to organizations. I'm honestly shocked that this exists. They'll 100% abuse preview to offer similar features in the future.

Over the last years/decade, they worked hard to improve their image in the tech community, and I have to admit, it worked, at least for me. They've just lost all the respect I had for them.

I can't believe I'm saying this, but in Microsoft's defense, those controls are aimed at companies working in regulated industries. They're meant to help those companies prove they they're meeting their legal and/or contractual compliance obligations.

For example, if your company works with healthcare information and is a HIPAA "covered entity", your customers will demand to see proof that you're using data loss prevention (DLP) software. Such software does things like:

- MITMing output email to make sure you're not sending a spreadsheet full of social security numbers.

- The same but for posts to web forms.

- The same but for instant messengers.

...etc. Netskope is a big player in that space. Go read up on what all their stuff can do sometime. As an individual, a donor to the EFF, and a vocal advocate for user privacy, those things make me shudder. As someone responsible for making sure our employees didn't accidentally upload PHI to Facebook from a work computer, I gritted my teeth and accepted that they're a necessary evil.

There's no reminder that "your work laptop belongs to your employer" quite like working in healthtech. I'm willing to cut Microsoft some slack for offering those products to customers.

Don’t get me wrong, I understand that some industries require this level of action logging. However, does Microsoft check whether a company actually needs this type of logging? I didn’t read all of the documentation, just the sections that were posted, but I didn’t see anything about Microsoft verifying if the companies using these tools are vetted.

They call out a bunch of not-relevant-to-compliance uses in the marketing copy, so they lose any good will they might have otherwise maintained.

It's one thing to say “we offer this sketchy service to verified members of this highly regulated industry”, it's quite another to say “this is what that highly regulated industry uses to do the sketchy things they're required to do, and you can get it too!”

You can enable some pretty strict policies with device management and general policies. But actually recording the screen is a big breach of information if the database is not secured.

Every enterprise communication platform provides something similar.

It’s important to realize you don’t own any of the communication on a corporate owned device.

Although it has already been said close to 137 times, this is the best read I've had this year, although that's likely an understatement. I love the hacking spirit and how they always settle on the simplest solution, whether from a technical standpoint or an investigative one.

Great job, and I'm glad they got the recognition they deserve. Shout out to the Finnish police as well for not letting their ego interfere with information brought to them by a couple of random amateurs. This should be the norm, but sadly it isn’t.

Yes just riviting and at the end, very emotional knowing what peace they brought to their parents. I'm also so glad they got the presidential recognition they deserved.