I agree, but in this case we're not talking about reasonable false positives (e.g. toast burning or candles being blown out). I wouldn't put up with a £10 smoke detector waking me up in the middle of the night for no discernible reason, much less one I paid £89 + shipping for.
I have to say it feels a bit weird to deduct points (so to speak) from a highly regarded cryptographic hash function because it doesn't outright prevent one particular, broken MAC generation scheme, but I guess the argument has some merit.
While I think it's harmless to say that SHA-512/256 is stronger than SHA-256 (as they otherwise provide the same theoretical level of security), I still think it's wrong to claim that SHA-512/256 is also stronger than SHA-512, which has a vastly greater theoretical security margin.
Susceptibility to length extension would also have disqualified SHA2-512 from SHA-3, where that property was a requirement, so it seems like the cryptographic community has come to conclusion about this.
The "security margin" of a full SHA2-512 digest, over its truncated SHA2-512/256 alternative, is not meaningful in practice.
If you want to use full-width SHA2-512, go ahead. SHA2-512/256 is safer.
Devil's advocate: 10 years from now if SHA-3 is dominant and HMAC has faded into obscurity, how hard will it be to get programmers to understand the difference between hash function and MAC? Keeping in mind that they barely understand today.
That might actually make sense... and I have to say that it would be useful, too. Quite often I find myself doing if condition { Some(foo) } else { None }; being able to just write if condition { foo } could be neat syntactic sugar for that (though it might also be confusing, since in Rust generally types don't form magically like that). The solution I'd come up with was just to give booleans a .then method (maybe they already have one that i missed).
In this particular case, returning 0 doesn't necessarily indicate failure. Binding a socket to port 0 means you're asking the operating system to pick an available port for you, which one might argue is a reasonably safe default for unknown address families.
No, there is no 'default' at play here. If you don't know what address family is in use then you should simply abort rather than to let the end user of your product guess that the address family code is the culprit.
Let it crash, as close as possible to the point of origin of a problem is a very good principle.
let x = 0;
function typeof_wrapper(y) { return typeof y; }
(function() {
typeof_wrapper(x); // throws an error
let x = 1;
})();
(function() {
typeof_wrapper(x); // returns "undefined"
var x = 1;
})();
Again, typeof isn't throwing the error, the runtime is, because a variable declared with "let" is being referenced before the declaration. It's not inconsistent, it's one of the main points of "let".
You're essentially arguing that a feature added because the old behaviour was undesirable is inconsistent because it's not exhibiting the old undesirable behaviour.
If a publicly distributed first-hand account by the person in question isn't "solid proof," what exactly are you looking for? What reason do you have to think she's being anything less than truthful?
Not judging her story as truthful does not imply judging it as not (or "anything less than") truthful either.
Her story as far as the article describes, is not an account, it's an accusation without much factual, actionable data. You normally don't judge on accusations until you have tried within reason to obtain factual data from both parties involved.
My approach is different actually. While I think the criminal justice "beyond a shadow of a doubt" standard is sensible for many criminal trials, because I have no legal power over github, I treat these things more like civil suits. Which means I just look for "the preponderance of the evidence". In this case there are varying amounts of evidence for all three of the following:
1) workplace harassment against women is quite common
2) such harassment is frequently ignored
3) there was some harassment in this case
And there's no evidence that I've seen that suggests there was no harassment or that it was handled properly by management. Therefore for the time being my assumption is that the harassment and mismanagement both happened.
That said, although I have seen mountains of evidence for 1) and 2), because the amount of evidence for the specific situation is small, that means a small amount of counter-evidence about the specific situation could easily shift the balance of probabilities.
That said, I have seen quite a bit of evidence that such accusations are only rarely false, so while I would change my balance of properties readily, I don't expect that to happen.
An accusation is not a proof, at least not in any civilized country. As for your other question, it's hard to prove a negative but if you want reasons, well, github doesn't have any past record of sexism and no one has ever quit from github. So the least we can do is give them the benefit of the doubt, right? Or shall we grab our pitchforks?
Because for two years she said the opposite? She is, was, or is and was obviously lying, it is just a matter of when and how much. Was she lying before when she said everything was awesome, or is she lying now?
You could play the super long odds, everything was AWESOME for the past two years, but just turned awful. Then she was only lying now (because "I've been harassed by 'leadership' at GitHub for two years..."). That would paint her in the absolute best light, and it IMHO, rather unrealistic.
You could even play the super-super long odds, and assume everything she said before was a lie (said it was good, it was actually awful) and then things BECAME good recently and she doubled-down on lying and said things were bad.
... in my case, it isn't an assumption. It is a expectation based on prior behavior.
She has previously classified someone complaining to her employer that she used foul language during a speech at a conference where she was representing her employer as harassment. This makes me question her judgment regarding what should be considered harassment.
that seems like a poor analogy to me. Try this one
Harry: I can't afford to do that
Tom: I don't know, I don't have enough info here to know if you can afford to do it or not.
Bob: Are you saying that Tom is lying, or that he doesn't know his own situation?
The big difference in this case is that while it is totally plausible for X and Y in your conversation to know literally nothing about Portugal, in my example it is not plausible for Harry to be unaware of his own situation without being an idiot. So when Tom 'withholds judgment' on Harry's situation, he is saying that evidence directly from Harry is untrustworthy - Harry is either a liar or an idiot. (I introduced the third person, Bob, as in this case Tom is Horvath and she is not the one responding to you, doubting Tom).
Harry: John punched me
Tom: I don't know, I don't have enough info here to know if you were punched or not
Bob: Are you saying that Tom is lying, or that he can't recognise when he's being punched?
Corroboration. Unless Julie Ann Horvath suffered in silence AND everyone else turned a blind eye, then there will be people who can support her story and provide additional credence to what she says.
> What reason do you have to think she's being anything less than truthful?
Experience. How often have we read a sensationalist-sounding story on the internet[0] that, in the end, turned out to be over-blown or an outright deception?
0 - "Single person claims that large/popular entity has done something despicable/outrageous! More at 11."
There are three sides to every story. In this case there is her side, github's side and the truth. It is not that someone is lying, it is that people perceive things differently and it takes time to detangle perceptions to reach the truth. Let's wait for the truth before casting stones in either direction ...
A counter-claim by the opposite party. more witnesses. evidence.
This isn't a formal court, but the court of public opinion can (in some cases) be more hurtful and more damaging than a real court that is merely exercising governmental powers.
Without a proof that is legally acceptable in a court of law, it's just her word against the companies.
I am not implying what she is saying is false. As @Jare said, "Her story as far as the article describes, is not an account, it's an accusation without much factual, actionable data."
Packages in the Go standard library are no different from user packages – they're just included in the Go distribution. If you find the need to modify anything in net/http (to fix a bug, add low-level hooks, etc), just copy it into a subfolder in your project, like so:
> cp -R $GOROOT/src/pkg/net/http ./net/http
Then simply change all "net/http" imports to "./net/http". Now you're free to carry out any changes you'd like.
P.S: Just because you can do this doesn't mean you should.
