I've had a similar idea on my backburner for two years, as a fun project to dabble in Elixir, but this is just so much more _fun_ than my version which looks like an admin page that just happens to have a Vim canvas on it.
As far as I can tell, this issue would be a problem where all of the following conditions are met:
1. Tenants are allowed to create arbitrary subdomains with arbitrary CNAME values
2. Tenants are not authorized to act on behalf of the TLD directly, only on their respective subdomain
3. Tenants are ostensibly prevented from TLD cert issuance by being explicitly blocked from creating subdomains that start with underscores
For most entities these conditions probably do not hold true anyway. But it could conceivably apply to certain free/dynamic dns providers, for example afraid.org and noip both allow arbitrary CNAMEs (though I checked my noip account and it wouldn't work anyway because of length limits on subdomains).
I would guess that in act fact there are very few entities in existence for which this actually represents a potential threat against them, since it requires a very specific delineation of zone authorizations, but there might be a few.
For most of Alegeus customers I doubt any of this applies, though, they're probably lucky to know their GoDaddy login to add any sort of DNS record, let alone have a whole system in place for less privileged users to create arbitrary CNAME records subject to controls over the use of underscores.
I'm really curious to know if many people with large Elixir problems are finding any issues with the new type system. This is pure curiosity, I don't have a dog in the fight!
With risk of being spammy, this is probably the most relevant discussion I've seen so far on HN w.r.t my experience of being locked out from my Apple ID.
I hope legislation will force Apple to step up and be more transparent / helpful.
In hindsight, yes that was a bad move (especially considering that my work laptop is still locked to my banned ID…)
As an Apple noob at the time, I assumed that if my MDM-managed device prompted me to log in with my Apple ID, that it of course would be an allowed action.
With regards to data being shared, the only thing I noticed was wifi passwords and peripherals pairing (apple keyboard).
This is why I don't sign in or enable 'find my' on any of my devices. Apple even has a backdoor which bypasses the encryption, allowing them to wipe a device in store.
Logging in takes control of your device out of your hands.
You don't have a requirement to have an email account to login to Windows. MS is pushing it hard, (deceptive trend in big software) but the user can still push back.
I don't know if its still true today, but last time I setup a macOS machine (2020), it didn't require, but pushed, an Apple ID. My Pixel phone I setup this February also didn't require, but pushed, a Google account. I think iOS did require an AppleID, though.
macOS doesn't require Apple ID, although you wouldn't be able to use the app store without it (but pretty much everything worth installing is available as direct downloads anyway). This is similar to the current state of affairs with Win11, except that the latter very aggressively pushes you to use your online email/password as Windows login, whereas macOS insists on having a local account even if you do also set up Apple ID.
Don’t want to sound like I’m victim blaming the author. But I can tell you exactly the issue with their account: registering with an email on a self hosted .xyz domain. Using sketchy tld’s is just asking for this kind of trouble.
Nothing sketchy about self hosting your email. Sure, that is what the big tech cartel wants you to think so you're forced to let them handle your correspondence "for your own safety". Don't believe their lies.
Issue isn’t self hosting email, it’s self hosting it at .xyz.
They had one of the cheapest registration costs. And so ended up with a high concentration of spammers compared to older established tld’s like dot com. Using the tld for legitimate purposes is really challenging due to the high number of systems that flat out blacklist it.
Making assumptions on someone's right to communicate based on their choice of email domain is discrimination, and only serves to drive people to their walled gardens.
I'm not the one making assumptions, it's thousands of independent hosts, and all big tech orgs (including specifically Apple in this case) who are making that assumption. I didn't say the assumption was right, just that it's trivial to avoid falling afoul of it by choosing to use a different TLD.
I babysit a few corporate mailfilters and have more spam from .xyz than from all other TLDs combined. I dont block on that (most get disappeared due to 'new domain') but that's the cohort all .xyz pages are sharing.
xyz has been accomodating to scammers ever since its inception. After a decade I think we can say that it is on purpose.
You end up fighting an uphill battle against every third party that blacklists .xyz, It’s not worth the fight just to use a cute tld and save a few dollars on registration cost.
True, but Apple specifically in my case was abhorrently indifferent to the consequences and their support structure is entirely unable to help you. If you have a dedicated storage provider, you lose their single service only. With Apple, you lose everything you have attached to your account which carries a much higher risk.
I'd recommend moving to development that interfaces with ML instead of moving to being an ML practitioner. You have much faster feedback cycles, your work is predictable (engineering, not science), and you don't feel the pressure of never reading enough papers.
To do that you only need to understand the fundamentals of tensors, some basic knowledge on what the big no-nos are within ML development so you can course correct your peers if they break them, and either focus on the operations side of things or deployment. In both cases, having a knack for optimizing bottlenecks will be very helpful since they will be present during both training and inference.
As a designer/developer with a lot of expertise in UX and front-end technologies, I would love to go this route. Do you have any suggestions on where to start in terms of tutorials, tech, books, etc?
Read Deep Learning with Python [1]. It's ok not to understand everything, but doing the labs will be invaluable.
That book should set you up with the fundamentals. Pytorch is the defacto standard right now for training; during deployment you will use whatever your deployment setup allows (e.g. embedded devices typically have their own inference frameworks).
Python is the lingua franca for anything in machine learning, but other languages are used where necessary for performance or for ecosystem benefits.
I've never found this style readable unless with pipes (bash / elixir), where I love it. With any other syntax, I find it just adds mental overhead. Maybe because you have to read it backwards?
Pipes in both of the languages you specified do function application, not composition, so they’re very much point-ful (you see the arguments you pass/get passed).
Clojure (and I'm sure other lisps and programming languages) have a nice solution to this, the `->` macro ("threading")
You'd do something like:
(save (transform (fetch))) ;; calls fetch, then transform, then save
(-> (fetch)
(transform)
(save))
Not that the non-threading version was hard to read, but once the function names start to be a bit longer and involve arguments, the threading version tends to be a lot easier to read.
Automated account suspension is anti-consumerist for the % of false positives. And since that % likely is low, companies get away with ridiculous processes for recovering your account.
https://skogsbrus.xyz/dont-put-all-your-apples-in-one-basket...