That doesn't make any sense to me. Under Bretton Woods, a "dollar" was a contractual equivalent to a fixed amount of gold. There's no difference. When people are talking about "flow out" they're not talking about literally motion of currency[1], just who owns it.
[1] Which is backwards in your reasoning anyway. If you're a foreign power wanting to hold dollars, and dollars are physical gold coins, then you quite literally need to move them physically out of the country, right?
And since man pages could take minutes to print out, if you needed one you'd tear that section of paper off and keep it in a binder for future (and faster) reference.
> By that same logic that fact that we only lost 1 F-15 in, what, almost 3 weeks of bombing is actually a pretty good sign.
"Good sign" of what, though? Air superiority? I guess, sure. But we've constructed a strategic situation for ourselves where mere air superiority is losing.
The straight remains closed. Because let's be blunt: if we can't reliably fly a F-15E or A-10 in the region, there's no way an oil company is going to bet its crew and cargo.
Honestly the best situation here is that Iran merely decides to toll the straight. That's "losing" too, but at least one with a merely "large financial overhead" on international energy traffic instead of a disastrous 15% off the top cut in capacity.
Iran is winning. This is the difference between tactics and strategy.
In a practical sense, from the perspective of the world as a whole, sure. It's also true that it leaves Iran in a much more powerful position than they held before the war[1]. So it's a "loss", strategically.
It's uncomfortable to admit given the context, but the truth is that the Islamic Republic of Iran really is a terrible state, both to its own people and its neighbors, and a much wealthier Iran represents a genuine threat to world peace on its own.
[1] To wit: "This is Our Water now. Pay us what we want. Don't like it? Come bomb us again and see how your oil markets like that. We can take it. You soft infidels can't, and we proved that already. Now it's $4/barrel, btw." Imagine that delivered on Truth Social for more ironic impact. It's Trump bluster, but with actual teeth.
> it seems the correct muscle memory response [is something other than] never download and execute anything
Arrgh. You're looking at the closest thing to a root cause and you're just waving over it. The culture of "just paste this script" is the problem here. People trained not to do this (or, like me, old enough to be horrified about it and refuse on principle) aren't vulnerable. But you just... give up on that and instead view this as a problem with "muscle memory" about chat etiquette?
Good grief, folks. At best that's security theater.
FWIW, there's also a root-er cause about where this culture came from. And that's 100% down to Apple Computer's congenital hatred of open source and refusal to provide or even bless a secure package management system for their OS. People do this because there's no feasible alternative on a mac, and people love macs more than they love security it seems.
> FWIW, there's also a root-er cause about where this culture came from. And that's 100% down to Apple Computer's congenital hatred of open source and refusal to provide or even bless a secure package management system for their OS. People do this because there's no feasible alternative on a mac, and people love macs more than they love security it seems.
I don't understand. I used Linux for a long time before I switched to Mac, and the "copy this command and paste it in your terminal" trope was just as prevalent there.
Most of the copy-paste Linux command used to be 'sudo aptitude install -y blahblah'.
It is worth noting though that Ubuntu's PPAs became at some point widespread enough to have pasting a new repo source as a standard practice as well (which would open the way to this kind of attack for sure)
It's really not, and to the extent it is it's an echo of the nonsense filtering from elsewhere. Linux distros went decades without this kind of thing by packaging the popular stuff securely. People who wanted the source knew how to get it. The "just copy this command" nonsense absolutely came from OS X first.
Arch has pacman and that worked so well that it had to have AUR which is just glorified curl | bash. Linux distros managed it for decades when the vast majority of binaries you would run are made by nerds for nerds. If the original maintainer isn't willing to securely package it then you're often SOL.
AUR (also PPA which another comment cited) is emphatically not the same as "just run this script". If anything, and at worst, it's analogous to NPM: it's an unverified repository where the package is run at the whim of the author, and it leaves you subject to attacks against or by that author.
You still, however, know that the author is who they say they are, and that other people (the distro maintainers) believe that author to be the correct entity, and believe them to have been uncompromised. And any such compromise would, by definition, affect all users of the repo and presumably be detected by them and not by you in the overwhelmingly common case.
"Just run this script" short circuits all of that. YOU, PERSONALLY, ALONE have to do all the auditing and validation. Is the link legit? Did it come from the right place? Is it doing something weird? Was the sender compromised? There's no help. It's all on you. Godspeed.
> You still, however, know that the author is who they say they are
This doesn't mean anything since "who they say they are" is an anonymous username with no real life correlation. Might as well be completely anonymous.
> that other people (the distro maintainers) believe that author to be the correct entity
No? Anyone can make an account and upload to AUR and it has exactly 0% to do with the distro maintainers. Packages can be removed if they're malicious, but websites can also be removed via browser-controlled blacklists (which I don't like btw but it's how it works nowadays).
> And any such compromise would, by definition, affect all users of the repo and presumably be detected by them and not by you in the overwhelmingly common case.
This is true of a popular website that advertises install instructions using curl | bash as well.
I've been using Linux for the past 2 decades and my general experience is that it is in no way more secure than Windows or Mac, just way less popular and with a more tech savvy userbase.
> This doesn't mean anything since "who they say they are" is an anonymous username with no real life correlation.
No, that's affirmatively incorrect. AUR and PPA both require authenticated accounts. The "real life correlation" may be anonymous to you, but it is trackable in a practical sense. And more importantly, it's stable: if someone pushes an attack to AUR (or NPM, whatever) the system shuts it down quickly.
And the proof is THAT IS EXACTLY WHAT HAPPENED HERE. NPM noticed the Axios compromise before you did, right? QED. NPM (and AUR et. al.) are providing herd protection that the script-paste hole does not.
Those scripts you insist on running simply don't provide that protection. The only reason you haven't been compromised is because you aren't important enough for anyone to care. The second you get maintainership over a valuable piece of software, you will be hacked. Because you've trained yourself to be vulnerable and (especially!) becuase you've demonstrated your softness to the internet by engaging in this silly argument.
And, you were wrong, so I said so. Indeed this is a very frustrating site to post incorrect points. It's like ground zero for Cunningham's Law study cases.
Again, I'm really not understanding your offense here. You came to me to disagree with something I posted. And as it happened you were wrong. I told you so, and you dug in twice with more incorrect takes. That's just... discussion. And frankly pretty polite discussion even by the standards of this site (which is pretty polite!).
There's no etiquette that demands I not tell you you're wrong.
Honestly you're both wrong. RAM prices spiked speculatively, and they're going down for the same reason. Market people always want to argue in fundamentals, when in practice *ALL* the high frequency components of the signal are down to a bunch of traders trying to guess where it's going in the short term.
At best those guesses are informed by ground truth ("AI needs a lot of RAM!" "Sam cornered the marked!" "TurboQuant needs less RAM!"), but they remain guesses, and even then you can't tell the difference between that and random motion.
Then note how wide the gray bands are. That makes it very easy to cherry-pick a few examples to present as "supporting evidence" that prices are doing whatever you want to believe they are doing.
It's showing $999 now, which seems about median for similarly-spec'd memory on Amazon. The cheapest slot-and-capacity-compatible equivalent I can find is around $570, even. So 3-5x increase, at minimum.
It's true that that's a high error bar. It's absolutely not true that the trend is ambiguous.
Can you cherry pick me a $141 kit, please? I mean, it's not an abstract question! I'd buy it from you right now if you had it or could get it, in whatever quantity you can source. No joke.
I’ll believe they’re going down when it doesn’t cost $550 for the $105 ram I purchased 1 year ago. Yes consumer prices lag commercial prices yada yada, I think any hot takes are pointless until we see lower prices or far more convincing evidence it’s coming. When it costs basically a MacBook neo for 32gb of DDR5 ram it’s hard to hear “ram is coming down for sure”
No, they signed a bunch of contracts for future deliveries. That's not a supply constraint. The factories making RAM continued operating and serving their existing deliveries, and in fact they still are.
Freshman economics would say that supply is fine and that prices shouldn't move. But they did anyway. And the reason is speculation.
I don't get it tbh. What market participants were speculating here? There aren't futures markets in RAM as far I know, though I certainly don't know much. And the supply constraints appear to have been pretty real (though maybe not immediate) if eg. Valve was begging publicly for RAM consignments. Were there pure-play speculators filling warehouses with DDR5?
>There aren't futures markets in RAM as far I know
sure there is. not formally, but if you hold a contract for x units of future production, you can sell that contract to somebody else who wants those units more than you do.
Its still speculative that OpenAI won't go bankrupt and have to free it back to the market, but if it is holding them unfinished it is a supply constraint on finished RAM chips even if not on wafer output.
Have we gotten anymore word on the potential Helium constraints that SK Hynix was making noise about after the strike on the helium plant in the Middle East that suppplied 60% of S. Korea's Helium? Because that could definitely put a kink in things, since SKH is one of the 3 remaining big DRAM producers.
It's a command line argument. The undeniably correct way to render it is with two minus signs[1] and absolutely not something non-ascii.
[1] Not strictly a hyphen, which has its own unicode point (0x2010) outside of ascii. Unicode embraced the ambiguity by calling this point (0x2d) "HYPHEN-MINUS" formally, but really its only unique typographic usage is to represent subtraction.
But... it's not more appropriate than an em dash for representing command line arguments? I don't see how either is any more incorrect than the other. There's a uniquely correct answer here and the em-dash is not it. Period.
It’s about the top-level comment’s horror that ”--” was substituted with “an en dash, not even an em dash”. If you’re picking a substitution for “--”, en dash makes more sense. The comment you originally replied to had already agreed “that it should be left as a double hyphen”.
> If you’re picking a substitution for “--”, en dash makes more sense.
No, it doesn't? This seems like crazy talk to me, like "If you're picking a substitute for saffron, blood plasma makes more sense than monocrystalline silicon". Like, what?
It makes zero sense to substitute this at all. It's exactly what it says it is, the "--hard" command line option to "git reset", and you write it in exactly one way.
Nobody is confused or disagrees about the `--hard` part. It was a minor tangent about contexts where these ASCII substitutions are established, like LaTeX (`` -> “, '' -> ”, -- -> –, --- -> —, etc.)
> The undeniably correct way to render it is with two minus signs[1] and absolutely not something non-ascii.
> [1] Not strictly a hyphen, which has its own unicode point (0x2010) outside of ascii. Unicode embraced the ambiguity by calling this point (0x2d) "HYPHEN-MINUS" formally, but really its only unique typographic usage is to represent subtraction.
Strictly, its as you note, the hyphen-minus, and Unicode has separate, disambiguated code points for both hyphen (0x2010) and minus (0x2212); hyphen-minus has no "unique typographic usage".
I said that badly. What I meant was that ASCII 0x2d is, in fact, used as the only minus sign in basically all markup and presentation layers. (Mostly because math layout tends to go through its own interpreter -- what lives in "the unicode text" is always "markup" of some kind). The unicode value is ignored AFAIK, nothing emits it or interprets it specially. That is not true of the hyphen, which does get special treatment at the presentation layer in fonts and whatnot.
The "sed" expressions that power the title "cleanup" here do overshoot quite often. It ruins --long-command-arguments and it definitely also reuins cpp::namespaces. Quite curious why these obvious shortcomings are not being fixed.
High oil prices hurt the US economy much more than China anyway. We're vastly more dependent on shipping and transport and even more vastly less elastic with our fuel demand. The only US interests who would want this are domestic oil producers, who are a small fraction even of the Republican funding base.
> it's actually very hard to find a ship, even as large as an aircraft carrier, in the ocean
I just ran some googled numbers over my envelope, and I get that the Mediterranean sea (great circle distance between Gibraltar and Beirut is 2300mi) is about 14000x larger than the bow-to-stern length (858') of the carrier.
That's... not that terribly difficult as an imaging problem. Just a very tractable number of well-resolved 12k phone camera images would be able to bullseye it.
Obviously there are technical problems to be solved, like how to get the phones into the stratosphere on a regular basis for coverage, and the annoyance of "clouds" blocking the view. So it's not a DIY project.
But it seems eminently doable to me. The barriers in place are definitely not that the "empty space is just too big". The globe is kinda small these days.
And you've defined a harder problem! Once you've found it once it's much easier to find in the future: it can only go so fast, and it's constrained to stay in relatively deep water.
> now the city has a bunch of more soulless condos and is horribly congested
The first bit is a taste thing; obviously lots of people view modern sprawl as "soulless" too.
But the latter point is just plain wrong. Dense housing IMPROVES traffic congestion and shortens commutes, always, everywhere, markedly. And it's for a bleedingly obvious reason: pack people in closer together and they don't have to travel as far to get where they're going. QED.
What you're imagining is some kind of fantasy hometown, which never increased in population and whose economy never developed. I mean, it's true. Forgotten ghost towns have very little traffic and quirky soulful architecture, c.f. Detroit. Everyone agrees that's a bad thing, though.
>But the latter point is just plain wrong. Dense housing IMPROVES traffic congestion and shortens commutes, always, everywhere, markedly. And it's for a bleedingly obvious reason: pack people in closer together and they don't have to travel as far to get where they're going. QED.
You are conflating things, adding more people to an area increases congestion, period. Having dense housing vs not dense housing is better for congestion IF the people are already there.
>What you're imagining is some kind of fantasy hometown, which never increased in population and whose economy never developed. I mean, it's true. Forgotten ghost towns have very little traffic and quirky soulful architecture,
It is a highly desirable area, there is no issue with the economy, it will continue to be desirable if we don't destroy it. The "growth always good" crowd is pretty nuts in their views
> adding more people to an area increases congestion, period
Yes, but so what? That's tautological. "Adding more people" isn't an independent variable, it's the economic ground truth over which we're trying to optimize.
The point is that if you need to build N units of housing to match your M added economic activity, building them denser leads to less congestion.
I mean, duh. This really isn't a complicated idea.
Again, you're imagining a single community divorced from inconvenient ideas like "population growth" or "economic development" (and even going so far as to conflate those with "destruction").
Well, sorry. It's desirable because it's developing. You don't get to change the minds of all the people that want to live there, all you can do is help them decide where to live.
>Well, sorry. It's desirable because it's developing
no.... it's not... what an incredibly naive take. Why don't you just leave out every nice small town in a beautiful location. "Who cares about keeping thing beautiful amiright??"
[1] Which is backwards in your reasoning anyway. If you're a foreign power wanting to hold dollars, and dollars are physical gold coins, then you quite literally need to move them physically out of the country, right?
reply