I'm curious about what makes this implementation faster than the alternatives.
Also, if you care about function call performance, I guess you'd use PyPy. Have you tried to run the benchmarks (with appropriate warmup) on PyPy to see if the results carry over?
Mainly codegen. Most other libraries do something like `return dispatch_dictionary[tuple(map(type, args))](*args)`. Whereas ovld generates a specialized function to the set of actual signatures of the overloads (still with a dictionary, but you remove a surprising amount of overhead just from removing varargs). The code is registered in the linecache, so you can step into it with pdb if you want to look at it. After that I became a bit obsessive about pushing it further and further (because it's fun). So... when dependent types are involved, it will actually generate custom dispatch code, e.g. if you define an @ovld with x:Literal[0], for example, it will generate an `if x == 0` in the int dispatch path (and you can define custom codegens for new types like Regexp).
Regarding PyPy, I did run some benchmarks recently (I use pytest-benchmark). The advantage over other libraries remains and the magnitude is similar, but when I compare with custom if/isinstance code, that code is optimized a lot more aggressively and it gains a significant edge (let's say ~5x). Now, since I'm into codegen, part of me feels like meeting the challenge and figuring out a way to generate optimal code from a set of signatures, but I think I've spent enough time as it is haha.
It's possible to maintain the "eclasses" without additional theoretical overhead.
Associate a linked list with each representative, initially only containing the representative itself.
When you union two representatives, concatenate their linked lists in constant time.
In Go, the select branch to take is non-deterministically chosen from the set of enabled branches.
For the examples I don't think it makes a difference, but in general you cannot assume that a select attempts to choose branches from top to bottom.
I wonder if that's on purpose, to find bugs earlier. I know that the implementation of map in Go will intentionally shuffle the keys when you try to iterate over them, so that you never accidentally rely on insertion order.
It's very much on purpose, just like default maps being unordered. People should not rely on the ordering as it breaks the semantics of these features according to Go. It fits the Go philosophy well.
I've read somewhere (possibly when Go came out) that it's on purpose. For fun, Alan Cox once made a post on Google+ (RIP) showing a crappy random number generator based on Go's select.
This one [1] doesn't specifically mention facebook.
You can run the text through a translator yourself, but the main quote: "Henover weekenden har vi allerede set de første eksempler på danskere, der sælger QR-koder i lukkede grupper på sociale medier" roughly translates to: "During the weekend we have experienced the first examples of people selling QR codes in closed groups on social media".
Edit:
This article [2] is about 6 teens being charged with forgery of the pass.
What I don't quite get is that the certificate is linked to me personally.
Notably, it contains my full name, including middle name, and date of birth.
It notably states that it's only valid together with an identification document.
It's possible, of course, that gyms and nightclubs don't check very thoroughly, but I certainly wouldn't risk passing a border with a fake certificate.
> I certainly wouldn't risk passing a border with a fake certificate
[..] especially given that you can also cross a border with a negative antigen test, which is pretty easy to come by. I must have done getting on for 50 of them so far this year.
Yes, it's fairly obvious that none of this works if you don't verify that the identity matches the ID (the yellow paper pass won't either!), but you can nevertheless expect that plenty places won't do that. Or even just see "app shows the right color and a QR code", there was an embarrassing amount of media coverage of the fact that if you set the system time in the future the German app will show the "right" color even if someone hasn't waited long enough after their vaccination... which of course has zero effect on if validation succeeds or not.
The only thing you should verify is photo. Because you can't really verify an ID either (other than checking a photo). So QR code should just encode a photo URL (and sign it) and QR scanner should display that photo.
Currently the image is retrieved via a very powerful distributed database with embedded authentication, consisting of millions of wallets and handbags. The authentication key is the name and date of birth, and is printed on both the pass and the medium that stores the image.
May be it's possible to encode some kind of low-res compressed image in QR-code? I did not run the math. Or may be it's even possible to scan photo from smartphone display, run some kind of image hash and compare it to hash inside QR-code. This way it would be possible to work completely offline. I think it's called perceptual hashing, though I'm not sure if it's cryptographically secure.
The issue is not about compression (well, it could be).
It is is about the authority that delivers the QR code: if it doesn't have the data (photo) it can't produce the QR code.
For example, I have been vaccinated in April, long before the green pass appeared. No one took my picture at that time (and that's not the task of doctors to take pictures and store them in central database, for privacy reasons). I still deserves a QR-code to go out of home.
In France we have ID cards which can link a photo to the name and birth date. So encoding name and birth date in the QR-code are enough.
That's so strange, and almost suggests that the people implementing these apps don't understand the security model behind these codes.
Any information on the users phone can 100% not be trusted. It should just show the QR code. On the other hand the scanning App has to validate the signature, check if the dates are correct and display a big info that the QR is only valid if the name is the same as the one on a presented ID.
Maybe this should have been a design requirement from the EU spec.
> the people implementing these apps don't understand the security model behind these codes
I'm not entirely sure that the people implementing the policies understand the 'herd immunity' model, nor the by now fairly comprehensive statistical data on who is and isn't at significant risk from Covid19.[0]
Q: If a healthy 18 year-old chooses to attempt to go to a nightclub unvaccinated, who exactly is put at risk from this?
Public health bodies will struggle to convince healthy young people to take a vaccine that gives them very little direct benefit.
"Children's risk of severe disease from Covid is tiny, deaths are extremely rare and have only occurred in UK children with profound underlying and life-limiting conditions. The direct benefits to them of vaccination would be low."[0]
> Q: If a healthy 18 year-old chooses to attempt to go to a nightclub unvaccinated, who exactly is put at risk from this?
That person, plus every person they come in contact with.
Oh, you can compute the total "risk" of course. Assuming the person is contaminated and you put their personal "risk" treshold at an arbitrary 2% (which I just pulled out of thin air: chance of getting unacceptable side-effects: p(side_effect|contaminated)). You then have to sum that up for every person they come in contact with.
The real contribution might be even greater than that, as the contaminated will go on carry the virus to other people.
In theory if the number of people is large enough, you should be able to replace the values with average ones, but it's likely that 18 yo will spend more time with 18 yo than 70 yo.
To sum it up, herd immunity only works if enough people are immune (vaccinated). Everyone should feel responsible for it, even 18 years-olds (unless you take a very individualist view of life, which seems like a dominant feeling in the US: it works a lot like the prisoner's dilemna). Anyway, I'm just proud of performing my civic duty, I won't be a carrier for that virus.
That’s not how vaccine effectiveness works. There’s already a probability less than one of getting Covid if unvaccinated, and the effectiveness of the vaccine is the reduction from that.
So if over the course of their study period, 100 unvaccinated people got covid out of a thousand tracked, with a 98% effectiveness, only 2 people in the 1000 people vaccinated group would have gotten it.
So vaccines are really effective. Even more so for preventing serious complications.
There are a considerable number of people out there - some of whom are young and healthy and at vanishingly small personal risk from Covid19 - who if you mention the phrase "unacceptable side-effects" their first thought would be of side effects from vaccination, not the virus.
The boss at my daughter's kindergarten had Covid19 last summer. She had to quarantine for two weeks, then came back to work. She told me (unprompted) that sitting out the quarantine was way worse than the virus.
Telling these people they are stupid or anti-social - or simply downvoting them :) - may not be the most effective strategy to make them change their mind.
I don't give my name and date of birth to walk into a store or restaurant so why should this QR code force you to? Presumably all you want to know about this person is whether or not they are a toxic, contagious, diseased biohazard to you; everything else is none of your business.
If someone is showing someone else's proof of vaccination while they are not vaccinated, they actually might be a threat.
The QR code by itself is not proof of anything until you have verified that it actually belongs to the person showing it. That's where the ID comes in.
Just out of curiosity, what is the minimum net improvement in public safety you think justifies asking every person to show their identity information every time they walk into a shop or restaurant?
After all the progress made so far with traditional disease mitigation, what would happen if you simply don't choose to force everyone to show their IDs everywhere they go? If you're saying vaccines and lockdowns weren't enough, what is the target you're chasing exactly? Is it really worth it?
I am not sure what you want to get at but if someone wants to be treated like being vaccinated, they should have to proof that they actually are. Anything else incentivizes behaviour that undermines the efforts to get a grip on the pandemic (i.e. it would let the unvaccinated flaunt the rules by just claiming that they no longer pose a threat to others and the pandemic would happily rage on).
We do not implement these measures here (Germany) at the moment. Anyone can visit stores or e.g. retirement homes without having to show a negative test result or proof of vaccination. Before easing the measures, people with proof of vaccination were treated like having a negative result in general, i.e. they could do all the things that others also could but without the hassle of having to be tested.
This is what I don't understand either... vaccines work, health systems in most eu countries are pretty empty of covid patients now, anyone who wants a vaccine can get one... but we're still requiring people from countries with 99positive/100k to show vaccination proof to enter a country with 98positive/100k.
We have the vacciness, anyone can get one for free, just open up, and let the antivaxxers risk it if they want.
I think that the point is to raise social pressure to get people to get vaccinated.
If you are vaccinated, you just show your pass and go into the bar.
If you aren't you have to produce a test. A recent test. So frequent renew. Or you might just not be allowed to get in.
In the US context I would say this is a privacy violation. It's another avenue of obtaining identifying information about you, to abuse with no restrictions.
But one of the main benefits of the GDPR is making it illegal for businesses to keep surveillance records on you. This way you don't have to worry about keeping basic information like your name secret in the first place.
The US really needs something like the GDPR to restore some societal trust. As it stands, I'm planning on wearing a mask into stores etc for as long as I can get away with it.
> In the US context I would say this is a privacy violation.
Yeah, but that's the US. Which is well known for being pretty wacky on these things.
> It's another avenue of obtaining identifying information about you, to abuse with no restrictions.
How? You hold up your vaccine pass to the bouncer, and your photo ID, so he can see that the vaccine pass is actually yours: He compares the face in the ID to yours, and the name on the pass to that on the ID. Then he turns away from you and says "Next, please". In two minutes he has forgotten your name, and in thirty he remembers your face to the extent that he can say "Yeah, I think I let that one in tonight."
Does he photograph your pass and ID, or type them into some computer system? Hardly. So what's to "abuse"?
> This way you don't have to worry about keeping basic information like your name secret in the first place.
In any sane society, your name isn't supposed to be a secret.
Dang, Americans are a funny people. Paranoid about all the wrong things.
> I certainly wouldn't risk passing a border with a fake certificate.
Border guards are even less interested in the validity of your covid certificates than nightclub bouncers. They have very limited amounts of time they can spend on processing people without the whole system collapsing
You will not enter any Schengen country without the border guard checking if you have an entry in the Schengen Information System.[1]
A reply is available within seconds after the border agent scans your ID document (passport or identification card).
Travelling between Schengen countries doesn't require an id or a passport, but currently countries have restrictions on entry most of them either insisting on you being vaccinated or to present a current Covid test.
I'm travelling to Paris by train on Friday. which has the following requirements for entry:
From 9 June, fully vaccinated people from EU or
Schengen Associated Countries will not be subject to
testing or isolation requirements.
Accepted vaccines:
Pfizer/BioNTech
Moderna
AstraZeneca
Johnson & Johnson (Janssen)
further
All travellers (from 9 June: all non-vaccinated
travellers) are subject to the requirement for a pre-
departure negative COVID-19 test taken within 72 hours
prior to arrival.
Now sure, chances are small that I'm even checked in the train. But if I am then it would be pretty dumb to present fake documentation. Don't you think so?
What I don't understand is, why do countries require all that for people from countries which have pretty much the same number of infected as they do (per capita)? If chances of a local spreading the disease is the same as for the tourist, because both countries have eg. 95positive/100k people, why bother?
Recently, the argument has been that they don't want variants to cross borders. They eventually will, but it's one more reason to say that "covid outside" != "the covid we have at home".
But neither of the conditions in the EU pass says you don't have covid now. Vaccinations are not 100% (numbers go down to 70%, and a lot of infections for vaccinated people are asymptomatic, so even worse, because you don't stay at home, and noone tests you), PCR tests don't guarantee you didnt catch it between the test and "now", and having covid 5.5 months ago, does not guarantee you don't have it now.
But they increase the likelihood by a lot. There can't be a perfect system (apart from no one crosses the border, which is not feasible for other reasons), so this is a pretty good compromise.
That's crazy. Governments always return the freedoms the take once emergencies are over. I'd find a citation but I am almost to the front of the line and need to remove my shoes.
Unless you drive by car and say you are in 'transit'. Nobody in Schengen will/can stop you (or even check). With the exception of the border police having reasonable doubt you are a border commuter/worker.
I’ve been regularly crossing schengen borders using fake documents since this whole nonsense started. Most of these papers are impossible to authenticate. Sure, these QR-codes will have cryptographic signatures, so we’ll just switch to foreign certificates instead.
Why would it be dumb to use fake documents when it’s literally impossible to get caught?
I can safely discuss this on the internet too, it’s not like anyone took photocopies of the documents I showed them.
FWIW I’m not some antivaxxer nutjob, I’m happy to wear masks and self isolate when I’m sick. I’m just going to fight the surveillance state in any way I can.
> You will not enter any Schengen country without the border guard checking if you have an entry in the Schengen Information System.[1]
This is actually not correct. Many EU citizens do not have SIS entries but are still able to travel. This is likely to change in the future though.
> I’ve been regularly crossing schengen borders using fake documents since this whole nonsense started
Why would you do that? Unless you're pulling some dodgy shit there is really no reason for this and frankly, I don't believe you.
> Many EU citizens do not have SIS entries but are still able to travel.
Huh? Of course you don't have an entry in the SIS if there's no reason to be entered. SIS is not a directory about every resident in the Schengen area, let alone the whole world. If you do have an entry, however (dpending on its contents) you can be damn sure that you're in for an extended interview with border authorities.
> Why would you do that? Unless you're pulling some dodgy shit there is really no reason for this and frankly, I don't believe you.
Because I like to travel regardless of government restrictions? Is that “dodgy shit”?
I just brought a friend who is a Russian citizen to France with documents showing that she had a car booked to transfer her to Switzerland for surgery.
Right now anyone entering the UK from certain countries needs documents to show that they’re in “transit” to avoid quarantines.
> Huh? Of course you don't have an entry in the SIS if there's no reason to be entered
> currently countries have restrictions on entry most of them either insisting on you being vaccinated or to present a current Covid test
Anecotal data point #1:
I've entered Italy three times [by road] in the last six months, each time with a sheaf of paperwork to hand demonstrating my need to travel, negative test, EU27 residency, the full nine yards.
During none of the three visits did I even see a border guard / police / Carabinieri / $whoever at or close to the border, never mind get stopped, never mind have my documents checked.
There is policy, and there is reality. Maybe the gap between them in Italy is marginally larger than in some other places?
1. No personal information at all. It only says valid or not valid.
2. Name and date of birth
3. Foreign travel, with name, date of birth as well as information about test type or vaccination type etc.
