The CBO of established by Congress to be subject matter experts. It is the peer to the OMB in the executive branch. If Congress wanted an expert branch to study study technical topics I’m sure they could establish something similar.
IANAL, but my understanding is that chevron interacts weirdly with the administrative procedures act.
So, one of the big problems with chevron deference is that when the laws says XYZ to be determined by agency ABC and agency ABC determines Q, but an election happens, the president gets up and makes a big populist speech, issues an executive order and now agency ABC determines R instead. This is a problem because under chevron + APA, the agency determination of both Q and R which may be contradictory both have the force of law and the courts were bound to simply defer to the interpretation.
You have agency making rules which have the force of law but the "law" is changing without the authorizing statute having changed and the courts' hands were tied by chevron. This is especially problematic when the rulemaking has associated criminal penalties.
Now, just because chevron deference no longer exists doesn't mean that agencies cannot make rules, but it does mean that if an agency makes a wild swing in rulemaking without a change in the underlying statute then its much easier to challenge that action. Ultimately, we want these things in the hands of the representative branch of the legislature anyway. One can dream anyway...
Graceful is a misnomer, but there are better versions. If you are day, a database server, and you run out of memory and die horribly, availability for all clients is compromised. If you begin rejecting queries or connections until memory js available at least some availability is maintained.
I don't follow, it seems like you're still be hosed in this scenario. What's the difference of stopping accepting connections and rejecting queries vs crashing out? Meaningful work cannot make progress when a busy dynamic system is OOM -- which a database is a prime example of.
Best to avoid the condition, or design the client side to handle the possibility the resource could be unavailable.
Ability to tab complete columns in an interactive settings.
If I’m in psql I can tab complete columns in the where clause but not in the select because I haven’t actually given any information about what I’m selecting from yet.
It’s malicious because they’ve done more work than necessary to put limitations on the user.
They already know what region an account is in. If they just said “Ok, EU account, turn on the flags” that would be less engineering effort. Even if they increased verification of things like where you actually are relative your account at signup. But this is them engineering this solution to make sure the secret sauce doesn’t leak out of the EU. Everyone knows it’s malicious because it’s easy to intuitively grasp that they’ve gone through all this extra effort to make absolutely sure everyone outside of the EU has a worse experience no matter what
on the other hand.. apple is against third-party stores..
they do not want then, so they will only make then available were they are forced to..
only place they are forced to is EU, so they made sure the third-party stores only work on the places that they are required by law..
if apple had any say in this there would be no third-party stores anywhere..]
this is completely the opposite of other geo-fenced functions that apple want tom make available but cant because some reason or another, usually local laws.
like the ECG on the apple watch.. they did not had it available everywhere, but if you enabled the function in a country that allowed it to be enabled you could keep using in other countries that did not had it available yet because the law in those countries did not forced then to disable it. but there were countries where you could not enable it even if your watch supported.
same thing here but the other way around.. apple will enable third-party store only where they have to and disable everywhere else.. they could keep then enable when you leave but they do not want to, hell they do not want third-party stores at all even in EU, they only have it there because EU law forced then to have it..
Yep, I think this is a pretty clear-cut case of a "fuck you", they should be punished accordingly. By the EU inside the EU of course. Or just disallow this outright, which would require an Apple-specific law and all of the resources that brings in though, jeez.
I have not read the source but I had always assumed that this was the lovingly crafted effort of someone who is intimately familiar with the js standard making sure that some hypothetical expression like ![1] is neither odd nor even. Surely the idea that modulo is beyond developers is too horrifying to contemplate.
/*!
* is-odd <https://github.com/jonschlinkert/is-odd>
*
* Copyright (c) 2015-2017, Jon Schlinkert.
* Released under the MIT License.
*/
'use strict';
const isNumber = require('is-number');
module.exports = function isOdd(value) {
const n = Math.abs(value);
if (!isNumber(n)) {
throw new TypeError('expected a number');
}
if (!Number.isInteger(n)) {
throw new Error('expected an integer');
}
if (!Number.isSafeInteger(n)) {
throw new Error('value exceeds maximum safe integer');
}
return (n % 2) === 1;
};
It does some checking the `value` is an integer in the safe range, which doesn't even seem right to me. Why shouldn't you be able to call this on integers outside the save range?
I consider “but ordinance” a red herring. One need only observe the recent history of US military adventurism to show that a sufficiently determined insurgency with light arms and minimal training can take literally decades to surpress even with probably numerical superiority.
The US government is unlikely to carpet bomb its own territory even after hypothetically sliding into tyranny because it would presumably want territory to rule afterwards. What is left is intense urban fighting which we’ve seen in Iraq or wilderness fighting in poor terrain like Afghanistan. It doesn’t end quickly so the cost is a deterrent.
The syscall goes in a register but it does not have to appear literally right next to the `syscall` instruction in the binary. As TFA explains in the introduction, a syscall stub generally looks like
mov eax,0x5
syscall
However it doesn’t have to, `syscall` will work as long as `eax` is set no matter where it’s set, or where it’s set from. You could load it from an array or a computation for all `syscall` cares.
So as an attacker if you can get eax to a value you control (and probably a few other registries) then jump to the `syscall` instruction directly you have arbitrary syscall capabilities.
The point of this change is that the loader now records exact syscall stubs as “address X performs syscall S”, then on context switch the kernel validates if the syscall being performed matches what was recorded by the loader, and if not it aborts (I assume I didn’t actually check).
This means as long as your go binary uses a normal syscall stub it’ll be recognised by the loader and whitelisted, but if say a JIT constructs syscalls dynamically (instead of bouncing through libc or whatever) that will be rejected because the loader won’t have that (address, number) recorded.
