For those that want to travel light the Panasonic MultiShape[1] is great as you can share one rechargeable base with multiple tools. It is annoying as it's not USB, but inexpensive cables are available[2] and work great.
It's more so that Cloudflare has a WAF product that checks a box for security and makes people who's job it is to care about boxes being checked happy.
For example, I worked with a client that had a test suite of about 7000 or so strings that should return a 500 error, including /etc/hosts and other ones such as:
We "failed" and were not in compliance as you could make a request containing one of those strings--ignoring that neither Apache, SQL, or Windows were in use.
We ended up deploying a WAF to block all these requests, even though it didn't improve security in any meaningful way.
> For example, I worked with a client that had a test suite of about 7000 or so strings that should return a 500 error
> We "failed" and were not in compliance as you could make a request containing one of those strings--ignoring that neither Apache, SQL, or Windows were in use.
Why in the world should those be 500 even? Those all are "40x client fuckup".
I guess someone was told, when compiling those strings, that they should observe this known-good implementation (that actually crashed upon receiving such things) and record whatever it returns, and then mandate it of everyone else from now on.
The desired result is a 500 so it's possible to audit.
As much as this is a pain, the alternative can be more painful.
I used to have a client that would forward me an email from their security team every six weeks saying "we found a SQL injection issue with your site, can you look into this and confirm that it's fixed?" and I'd reply back saying "that not possible" and they'd go "ok, we've marked this as a false positive".
Eventually I got bored of having the same conversation over and over, so I asked them to show what they were finding. It turned out their scan would do the following:
html1 = request("https://example.com/search?query=test")
html2 = request("https://example.com/search?query=test' or 1=1--")
if (html1 != html2)
sql_injection_vulnerable = true
Which of course is total nonsense, just because it returns different content doesn't mean anything.
This is a perfect use case for a WAF, I can stick one in front and then have it return 500s for all these requests and not worry about it any more.
In our case, we didn't have a WAF, but they had a obvious User-Agent, and it turns out that blocking all of their requests passed the scan too :)
To paraphrase a previous employer's strategy: fixed fee projects are for ones you plan to do over and over where it makes sense to invest at getting good at them.
The first one you lose a bunch of money, the second you might break even if you are lucky, and the tenth onward you make a bunch of money.
LookML does seem to have invested a lot in compilation to different SQL backends, generally using the best syntax for each.
Unfortunately the frontend is so tightly tied to the Looker BI stuff, and it can't really express arbitrary queries without going through lots of hassle.
Its unclear what Google is doing with Looker. Its would be interesting to imagine what LookML would be like as an independent SQL tool chain.
>LookML does seem to have invested a lot in compilation to different SQL backends, generally using the best syntax for each.
To some degree, yes. Yet far and away, users of Looker use engines like RedShift, BigQuery, and Snowflake because they’re extremely effective at the types of queries that Looker sends at them — not because Looker spends a huge number of hours optimizing for each engine (that’s not to say none is done); these dbs are great at analytical queries.
Looker in its earlier days (early/mid 2010s) took a bet on analytical database engines getting better as opposed to other technologies; for example, Tableau had its own datastore and largely did not “push queries down to the database” for execution. In the end, BigQuery was radically faster than SparkSQL and was compelling for customers, for example; it was not that Looker spent a ton of time optimizing BigQuery as opposed to SparkSQL.
Dijkstra was talking about Dartmouth Basic in 1975:
- Variables: Single letter, optional digit.
- Control flow: FOR loops, GOTO for others.
- Subroutines: GOSUB line, RETURN.
- Parameters: Passed via global variables.
- Functions: 26 (FNA–FNZ), one line each.
- IF statements: One line only.
It's much worse than assembly. On all but the shittiest machines, you can store code pointers in RAM and registers, and in a subroutine call, the return address is stored somewhere you can read and change it (whether on a stack, in a register, or before the first instruction of the called subroutine). This allows you to implement object-oriented programming, switch/case, backtracking, and multithreading in assembly. You can't do that in BASIC.
Also, since the early 01960s, all but the most primitive assemblers have macros and named labels. One result is that they have an unlimited number of named functions with line number independence, as marcosdumay said. Many of them have a sufficiently powerful macro system to implement nested control structures like while loops and multiline if. Since the 01970s they've also had local labels. BASIC doesn't have any of that.
Modern assembly you give you named functions, line number independence, unlimited functions, places for carrying a value over RET... Basic had none of those.
Ha - my dad, a plumber, couldn't fathom that people would shower in the morning and not of a night. Which, when you spend your day covered in dirt and excrement, makes a ton of sense.
(Despite being solidly white collar, I still shower of a night)
Some cultures, it's normal to shower at night, others in the morning.
The majority of Americans I know shower in the morning. Japanese bath/shower at night as a general rule. A western person I know married to a Japanese person said their partner thought they were gross to climb into bed all dirty (not bathing at night). My friend thought "waking up sticky from sleep and staying sticky all day is gross". My friend's solution was to bath both in the morning and at night. Their partner still only baths at night.
I do both. If I don’t shower in the morning, my pits and other parts smell in ways that will make my clothes smellier faster even with deodorant. And going to bed with a whole day of sweat and body oils on you makes your bedding gross faster (it’s there, even if you weren’t active). I can’t really imagine skipping either aside from occasionally, all my stuff would smell and I’d have to run like 50% more loads of laundry.
I had to convince a coworker to go to the ER to have a cat bite looked at, and she ended up spending a couple of days in the ICU with the doctor being clear that delaying treatment another few days would have been fatal.
Knowing that stuff like this happens really makes you appreciate how humanity managed to survive this long. If thrown into the preindustrial past, I would miss temperature control, refrigeration, and the Internet MUCH less than vaccines, antibiotics, and OTC pain relievers.
There's a risk for wooden ones that are glued, specifically bamboo, or finished with something toxic. You should probably stick to ones made from a single piece of hardwood and are unfinished.
There's also a risk that any cracks will fill with bacteria.
TLDR; unfinished wood that is rinsed and dried on all sides will naturally trap and kill bacteria as it dries. Any finish interferes with this process.
Which means that almost all tips would be taxed. Most tipped workers make over 30% of their income in tips, and certainly the highest tipped workers that pay the most taxes do. That makes not taxing the first 25% of tipped income which would only be taxed at or less than 12% has a very marginal effect.
Plenty of bar tenders make >$100k/yr with <$30k in non-tip income. Taxing "only" $60k+ of their $70k in tip income looks pretty silly. You're going to save them at most $1200 when their taxes are already well over $12k.
I just don't get why one would want to promote tipping culture with financial incentives, when it's already fairly exploitative of the workers.
[1] https://shop.panasonic.com/pages/multishape [2] https://www.amazon.com/dp/B0CMGQWM1B