I find it very frustrating that people expect new technologies to immediately beat existing ones on every metric, when the existing ones have the advantage of a long timeline of iterative refinement. Optane looked amazing, but it just wasn’t given enough time to go through that process. I know it’s a function of how the market works, but it’s still sad to see promising things die on the vine like that.
They don't have to beat on every existing metric. But if they are more expensive for a gain that most people don't care about then they'd better have a niche that pays well to keep them going.
Also, Optane had 5 years. That's a pretty good run for something that never delivered enough to gain its own niche.
Developments in hardware are typically measured in decades, not years, so 5 years isn’t long at all to gain traction and go through price and manufacturing refinements. Again, I understand that’s just the reality of the market, but it would be nice if there was a way around it.
It was more of a problem of Intel, they failed to market it, failed to innovate on the tech, failed to increase yield, failed to increase the demand for it which leads to sending money to Micron for unused capacity. Yes. Failure of Intel CEO.
But the technology also wasn't as promising as people think it is. Z-NAND offer something similar in read, slower in sustainable random write at 50% of the price. In the end even Z-NAND failed to reach any customers. XL-Flash is only thing left. And judging from news I wont be surprised they would stop in 2025 or 2026 as well. Normal NAND is fast enough for most things.
How ever I do wonder in the age of AI if Optane could have a different role.
The fact is that language matters, and the version number is a way to communicate the developers’ perception of how suitable something is for use. If they refuse to label it as 1.0, it means either: they don’t think it’s in a stable state yet, or they don’t realize the importance of this type of communication. Either way, it’s a red flag for people who might otherwise be making a large investment in time/money into using something.
It’s not feasible for everyone to do a full evaluation of everything. At some point you need to rely on an expert to at least provide some basic assurances before spending time on digging deeper.
Start by writing down everything that annoyed you in this job. Treat it like a journal/therapy session where you just “vent” all your frustrations out onto the paper/screen. Then take a breath and a break. Go back to it later and review each situation and find something positive in it. In every situation you at least learn something, or you strengthened a skill, or you helped the business by just getting it done, etc.
You don’t need to BGP hijack to perform a MITM attack. An HTTPS proxy can be easily and transparently installed at the Internet gateway. Many ISPs were doing this with HTTP to inject their own ads, and only the move to HTTPS put an end to it.
Yes. MITM attacks do happen in reality. But by their nature they require active participation which for practical purposes means leaving some sort of trail. More importantly is that by decoupling confidentionality from authenticity, you can easily prevent eavesdropping attacks at scale.
Which for some threat models is sufficiently good.
This thread is dignifying a debate that was decisively resolved over 15 years ago. MITM is a superset of the eavesdropper adversary and is the threat model TLS is designed to risk.
It's worth pointing out that MITM is also the dominant practical threat on the Internet: you're far more likely to face a MITM attacker, even from a state-sponsored adversary, than you are a fiber tap. Obviously, TLS deals with both adversaries. But altering the security affordances of TLS to get a configuration of the protocol that only deals with the fiber tap is pretty silly.
TLS chose the threat model that includes MITM - there's no good reason that should ever change. All I'm arguing is that having a middle ground between http and https would prevent eavesdropping, and that investment elsewhere could have been used to mitigate the MITM attacks (to the benefit of all protocols, even those that don't offer confidentiality). Instead we got OpenSSL and the CA model with all it's warts.
More importantly - this debate gets raised in every single HN post related to TLS or CAs. Answering with a "my threat model is better than yours" or somehow that my threat model is incorrect is even more silly than offering a configuration of TLS without authenticity. Maybe if we had invested more effort in 801.x and IPSec then we would get those same guarantees that TLS offers, but for all traffic and for free everywhere with no need for CA shenanigans or shortening lifetimes. Maybe in that alternative world we would be arguing that nonrepudiation is a valuable property or not.
It is literally impossible to securely talk to a different party over an insecure channel unless you have a shared key beforehand or use a trusted third-party. And since the physical medium is always inherently insecure, you will always need to trust a third party like a CA to have secure communications over the internet. This is not a limitation of some protocol, it's a fundamental law of nature/mathematics (though maybe we could imagine some secure physical transport based on entanglement effects in some future world?).
So no, IPSec couldn't have fixed the MITM issue without requiring a CA or some equivalent.
On this arm of the thread we're litigating whether authentication is needed at all, not all the different ways authentication can be provided. I'm sure there's another part of the thread somewhere else where people are litigating CAs vs Tor.
This is one of the most insidious parts of the Microsoft Account. Windows and other apps (from Microsoft) are littered with booby traps where if you sign in on one of them, it’s irrevocable and automatically attaches the account to all the other apps and Windows. You can’t feel safe anymore because there are land mines all over the place.
As a general rule, a statement that starts with “why don’t you just…” typically leans far too heavily on the “just” to handwave away the reasons why the next part of the statement isn’t going to be helpful.
In this case, you’re assuming a huge number of things like infrastructure and other requirements are in place, and all of those things take a lot of time and work, if they’re even appropriate at all.
The most important data point is whether you’re heating the water with the eggs already in the pot, or if you put them in after the water is boiling.
I found that heating them with the water in the pot always leads to the shell being stuck to the whites, and adding the eggs after the water is boiling (almost) always leads to easy peeling.
I start with refrigerated eggs and warm them in a hot tap water bath while waiting for the pot to boil. This helps to reduce cracking from thermal shock.
One school of thought (including my own) is that if you’re consuming enough sweetened products per day that you need to consider switching to ones that contain artificial sweeteners (to avoid too much sugar), then it’s time to re-evaluate your lifestyle by questioning why you’re consuming so much sweet stuff to begin with. There are so many other foods that have so many other enjoyable flavors and well-known health benefits that you can make room for in your life.
reply