Perhaps I am too much of a curmudgeon, but the example first sentence made me not care at all - not about Venice, but about the writer's approach, which seems to want to conjure breathless mystery about something I could easily look up on Wikipedia (or read in tl;dr comments in this thread).
It ISN'T Venice you need to make me care about, it's YOU! Why should I spend any of my time on you?
A good first sentence should make me care about your perspective, at least for non-fiction about subjects well-studied.
Fiction, obvs, differs. Scalzi's Old Man's War had such a great first sentence I devoured the series.
Definitely false, at least historically. The original FIPS only required HW at levels 3 and 4, "required" in the sense that levels 1 and 2 were quite doable in software (level was/is no authentication to the CM, letting it be protected by the host; level 2 was/is a form of basic authentication, e.g., encrypting private keys under a key derived from a password).
I was part of a team that had multiple level 1 and 2 certificates for software-only CMs in the 1990s, both 140 and the second edition, 140-1.
The article and the comments herein remind me a conversation a few years ago with an ex RAF pilot who had done a few exchanges with the USAF. Among other things, pilot/personnel evaluations in the two organizations were worlds apart. In the RAF, at least during his time, they were what I would expect, more or less factual: Bloggins is good at X, needs to improve Y, excels at P, shouldn't do Q at all.
Meanwhile, in the USAF, anything that could even be perceived as negative was a career killer, so ratings started at mildly superlative and went up from there: Bloggins is an X top gun, is very good at Y, walks on water doing P, and is good with Q.
YMMV, of course, those are my recollections of beery convos with a former Tornado jockey.
As far as I know, all branches of the US military write up a "fitness report" for each officer once a year. "Above Average" is a certain career killer.
But somebody who was a dean at (I think) Virginia Tech wrote that the British "His work is quite sound, actually" could be higher praise than the American "His work sets the standard we all aspire to."
Exactly! Another, semi-related difference between the cultures: When Alexander chooseEitherOrBothOf(provided instructions, gave orders) during the Sicilian campaign, American generals took them as orders and did them, sometimes to their detriment, while British generals took them as intent/direction, and asked questions.
Eventually, the allies realized they had very different command cultures and learned to work together. It may be that Normandy, et al, would have been far different if they hadn't have figured this out in Sicily.
I'd argue that Coe is more than competent, just, you know, detached most of the time. Lamb always knows what needs be done, just never shares, and often lets things happen until what needs be done happens on its own or is inevitable.
Coe has extraordinarily high SA and makes decisions immediately. They might seem impulsive, but when he acts, it is always with forethought.
Coe is insightful and good at violence, but also (!spoiler for latest season) responsible for the most hilariously unfortunate cock-up of the show so far…
As you described, because he keeps to himself, he comes off as a loose cannon, which feels to me like something you wouldn't want on a coherent spy team, but nonetheless is so fun to watch, which is the point, really.
As a math loving programmer who acts, I can assert with confidence that both programmers and mathematicians are downright hoarders compared to theatre people. If you are lucky enough to enter that world, be prepared to be overwhelmed.
How is that dissonance? The best you can hope for, in order, are: 1) not having to work, for whatever reason, and having personally meaningful interests with which to fill your time; (two-way-tie) 2a) not having to work, 2b) having to work and having a job you love that means something to you; 3) everything else.
We require sustenance and shelter and sanitation and a few other things. Those require resources, one way or another. If one has to perform some activity in order to acquire the resources necessary to those needs, then one might as well do something one enjoys, if one can.
I absolutely LOVE my job (WFH systems programming in a challenging space (cross domain)), have the best team (my boss, the owner, is a friend from way back in another cyber co; my closest colleague is a great friend from off-roading; my other colleagues are all great people, with fantastic younger team members who break every cliché and trope about their generations; etc., etc.).
And if $10,000,000 showed up in my bank account tomorrow, I would wind down my work as smoothly and quickly as possible, to not leave them hanging, carry on consulting occasionally for them, when needed, and spend a year working on my house and Jeep and learning category theory and walking the dogs and watching as many football matches as I could (heck, with that money, maybe I even would spend the $50/month to get FA Cup games on top of what I already have).
Once the house was to my - and my GF's liking - and once the Jeep was again the beast it once was, and a bit more (portals!!!), well, there would be still be football to watch and math to learn and dogs to walk. Maybe we'd move somewhere we could foster many, many dogs? Ah, the mind reels.
I might even upgrade my phone or monitors.... (I'm a cheap bastard. The dead pixels on the phone screen are a PITA, but they only really impact Quordle.)
I've been a vim user for decades, a git user for years, but somehow I never got around to setting up ctags - watching my colleagues jump from function call to function definition was one of the few things that made me envious about VSCode.
I decided to set up ctags at last. Like so many things on the Internet, a lot of information was out of date and/or assumed you already knew what you were doing. I struggled more with a few really simple things (like how to tell vim where to find my tags files, since I'd never used them) than the more complex things (which weren't that complex, tbh), with a few detours caused by out-of-date documentation meeting my ignorance head-on.
So, FWIW, my overview of the process, with, I hope, getting-started information missing from other sources.
I left my then-spouse at 51. I had no expectations for any future relationships, I just needed to protect myself by getting out of that one.
(I'm skipping details as a) they are not germane to this post and b) there is no way I could provide enough detail to forestall the inevitable armchair relationship counselling; let's just say it was bad, and I was the last to really recognize it. At any rate....)
I'm 60. I've been with my current partner for over 7 years. She is the sweetest, kindest, most loving, most accepting person I've ever known. Lest one get the wrong idea, she is also strong willed, intelligent, and, when she needs to be, blunt AF. But she rarely needs to be, because when you are with someone like that, it is easy to talk about EVERYTHING.
She was - and continues to be - a complete surprise and breath of fresh air. I work in cybersecurity, when she worked her area was healthcare, and we met through theatre (she's backstaqe, I act, so it works really well). Our meeting and our connection were unplanned, unlooked for, and unexpected for us both (she had been single for a LONG time and was more than happy alone).
One never knows where or when these things might happen.
I know it might seem bleak or desperate, but at 35 you have a full life ahead of you, plenty of time to meet a better match.
Good luck! (And, FWIW, courage, patience, self-care, and hugs! - or a hearty backclap if you prefer....)
Cross-domain systems programming, mostly C, moving everything in the transfer path to Rust. Unidirectional gateways with OEO diodes and complete protocol breaks, working on FPGA diodes with embedded filtering. Guards, high assurance filters, etc.
> I'd love to see a comparison of landlock to restricted containers.
One thing to consider is that containers virtualize. You enter new "namespaces" where you aren't necessarily restricted within that namespace, but the namespace as a whole is sort of your own playground. So a PID namespace only allows you to see other processes within that namespace.
This is very distinct from a resource oriented approach like landlock. Landlock may allow you to say "you can do certain actions to certain processes" but you wouldn't get the same semantics as "I can only see specific processes to begin with". They would layer nicely.
Similarly, containers provide virtualized file systems. A write happens in a container and it's allowed, but the write is isolated from the host. Landlock would instead allow or deny that write.
Comparing landlock to containers isn't really an apples to apples comparison. Containers use a bunch of linux security mechanisms together like chroot seccomp and user namespaces to accomplish their goals. Landlock is just another building block that devs can use.
Fun fact: because landlock is unprivleged, you can even use it inside containers; or to build an unprivileged container runtime :)
seccomp is for restricting syscalls to the kernel. But because "everything is a file" on UNIX systems, you can do a lot of good and bad things just with `open`, `openat`, `read` and `write`.
Of course, but you can also restrict those operations. The seccomp whitelist library I wrote only sealed itself after all FDs were opened for specific operations, and the API didn't expose the calls directly. Once sealed, the app got only those operations now specifically allowed.
It ISN'T Venice you need to make me care about, it's YOU! Why should I spend any of my time on you?
A good first sentence should make me care about your perspective, at least for non-fiction about subjects well-studied.
Fiction, obvs, differs. Scalzi's Old Man's War had such a great first sentence I devoured the series.
reply