Microsoft Go? I've used Go on windows for years now and this is the first I've heard of this fork. So it only exists because microsoft wants to have a crypto package that complies with an arbitrary regulation? Is there a reason that a better package requires a fork of the entire runtime rather than just, say, a normal Go package? It sounds like it requires cgo to call into third-party libraries, but that's already a common practice in "normal" Go libraries.
One thing I do appreciate is how the relevant issue in the upstream Go repo says: "A number of companies must comply with them, for example as part of a broader FedRAMP compliance posture. (If that's not you, you can ignore this. Run!)" [1]
Apparently I'm just not the target audience. Sounds like I'm correct in assuming it's security theater at best, and an avenue for new backdoors at worst.
The comment is accurate that if you don't need this, you can ignore it. It's likely not an avenue for backdoors. I wouldn't say it's security theater but it just isn't meaningful to most.
As for why not a library? Go has a pretty big "batteries included" implementation for networking. For customers demanding FIPS compliance it isn't enough to say, write all of your own application code to use a package that does FIPS-compliant TLS, but you have to make sure all of your libraries also use those algorithms. No rational person is going to vendor their entire dependency tree and maintain forks of the entire universe to swap `crypto/tls` and `net/http`. Well, some of these contracts are big enough to justify it, but whew, what a waste.
The FIPS compliant Go builds from Microsoft and now Go 1.24 make it a lot easier to check that box and unless a package implemented their own TLS stack it's easy to attest that the software uses FIPS validated crypto modules. Without that, good luck trying to sell to gov and highly regulated institutions in financial and health.
Oh that's an interesting question, I've never tried to build a binary with "replace"-ing one of the builtin packages.
Maybe that works? But many of the standard library packages use linker shenanigans, if I recall, like //go:linkname pragmas. Maybe that's an issue, maybe not?
It would be interesting if the fork was unnecessary and it was possible to implement FIPS via package replacements! That would be a lot simpler.
"replace" is an operation on modules. Networking is part of the standard library, which is a single (very special) module. Even if you could "replace" std, it would not really be less than creating a fork.
"Is there a reason that a better package requires a fork of the entire runtime rather than just, say, a normal Go package?"
I think at the time that would have been the only way to make it so any in-the-wild 3rd party code you want to use would use the FIPS-compliant libraries anytime someone imported "crypto/whatever" from the standard library.
I haven't tested the workspaces functionality [1] to see if it allows you to override standard library functionality, but in principle something either very like that, or slightly tweaked, would be enough that you could just use standard Go with a particular text file dropped into place and some libraries to override the standard library now.
But yeah, if you didn't even know this fork existed, you're not in the target audience. tptacek or someone else who really knows their stuff can Cunningham's Law me if I'm wrong, but my impression is that FIPS has a track record of rigidly demanding very medium levels of security, possibly including some rigidly poor security choices, and if you don't have a need to be in compliance, you can and should do much better by using newer and better options than what it mandates.
The velocity of a spacecraft in low earth orbit is over 15,000 miles per hour. Smashing into the atmosphere is perhaps the most fuel- and cost-efficient way to slow down to a speed at which landing is possible.
It doesn't really answer the question though. Why not descend slower so that the 15k MPH isn't meeting so much air? And bleed it off much slower so there is less heat
Ellipse, circle, parabola, hyperbola - all so called conic sections - are orbital trajectories; when you entering the atmosphere (which means you're technically not on a strictly circular orbit), you're initially following the part of that curve which is closest to the planet.
The curve is such that if you don't lose enough speed, you're going to start moving way from the planet.
If you're still on parabola (technically you never are, it's infinitely thin case between ellipse and hyperbola, physically not really possible) or hyperbola, you're not comping back - so if you need to get to the planet, you have to be on elliptical trajectory.
Even if you're on ellipse, you don't want that ellipse to be too elongated - e.g. the elliptical trajectory from the Earth to the Moon, which is rather close to parabolic one, takes about 4 days one way. You don't want to spend that much time when you're landing, so you need to lose enough of speed in the atmosphere. Which means you need to brake relatively aggressively.
This means there's a "reentry corridor" - not too steep, not too shallow, and the spacecraft needs to survive the reentry, and going from the Moon is harder than going from LEO because coming from the Moon the spacecraft has higher initial speed entering the atmosphere. It's still possible to balance various approaches, but you can't have (correction: it must be particularly hard to have...) zero fuel use, relatively fast landing (without long ellipses between reentries), speedy planet approach and low heating at the same time.
It's hard to do that. What you suggest would mean losing all your orbital speed before you hit the thicker layers of the atmosphere. You could probably do that, but you'd use a lot of fuel to decelerate. And then you are still being accelerated downwards by gravity, so you need something to counter that, which means you need to burn fuel all the way down. All that fuel adds a lot of weight, which cuts down on the amount of useful stuff you can take with you.
Heh, so it's an 1897 version of what this guy on youtube attempted with a monster truck with mild success: https://www.youtube.com/watch?v=ohxGA7fpfu0 (warning: extremely redneck)
One thing the article doesn't seem to mention is noise. I've found that the "actual" air purifiers seem to be much quieter than box fans. Perhaps if you had greater control over the box fan's speed you could get the noise down to a comparable level, but I doubt the cheap type of fan used in the article is capable of such a thing.
Yep, the DIY may work in an emergency but there are good reasons like noise, size, and power usage to get a commercial product if you're going to be living with it.
The layout of the purifier is important in a crowded space - the DIY requires open space both in front and behind for good airflow, but the commercial ones have a front intake but vent straight upwards, so you can shove it against the wall. No one is going to put their air purifier in the middle of the room away from other furniture.
Indeed, the thing that keeps me happy with the Coway 400 I've got is the very small power use when particulate is low and the automatic ramp up when it goes high. My fan I keep near my bed for my own comfort pulls 30 watts. The Coway pulls something more like 5 watts in low use. Expensive up front but low ongoing cost and 4 years running now.
The issue is that the "young" demographic mentioned in the article is ages 18-29, and high school must have changed quite a bit in recent years if students have not actually heard about the holocaust or WWII.
Well, in my (Gen-X) high school history classes, we only got to WWI (and just after like the 1920's - 30's). I always thought that there is this weird assumption that things that happened in the teachers' lifetime or just previous are "already known" or that the culture will just implant that knowledge somehow.
Same here (also Gen-X). Here in Canada I never learned about WWII in school. I barely remember learning about WWI, and that was usually just around Remembrance Day (celebrated on the anniversary of the Versailles Treaty).
We learned a lot about early Canadian settlement and relations between Europeans and First Nations. By the time I found myself in high school we only needed to take a certain amount of "social studies" credits and, while history was included in that category, there were options that were not specific to history. My experiences learning about Canadian settlement had been so dry and boring that I had made up my mind that I didn't like history at all and so I made every choice in high school to opt out of having to take history classes. In other words, WWI and WWII, if they were taught at all were "optional."
We'd have to compare against a similar poll from decades ago to figure out if this true—it could be it used to be that 40% of kids didn't believe in it.
Judging by the project, it's implemented by instrumenting the source code; either manually modifying error returns with a wrapper function, or by running source files through an automated tool that will find and modify the return statements for you.
I'm not anyone involved in this thread (so far), but I've written a minimal PDF parser in the past using something between 1500-2000 lines of Go. (Sadly, it was for work so I can't go back and check.) Granted, this was only for the bare-bones parsing of the top-level structures, and notably did not handle postscript, so it wouldn't be nearly enough to render graphics. Despite this, it was tricky because it turns out that "following the spec" is not always clear when it comes to PDFs.
For example, I recall the spec being unclear as to whether a newline character was required after a certain element (though I don't remember which element). I processed a corpus containing thousands of PDFs to try to determine what was done in practice, and I found that about half of them included the newline and half did not---an emblematic issue where an unclear official "spec" meant falling back to the de facto specification: flexbility.
It's honestly a great example of something a GPT-like system could probably handle. Doable in a single source file if necessary, fewer than 5k lines, and can be broken into subtasks if need be.
Having to hold perfectly still (possibly in an uncomfortable pose) in a giant machine that's making loud, uncanny noises for 20+ minutes is indeed a very bizarre, meditative experience. It is interesting, but, in my opinion, you're probably going to be happier not having the health concerns that lead to getting an MRI in the first place!
I had a MRI in college as part of a psychology experiment.
If you can get into one of those studies, it's a free way to get a picture of your brain!
I think I may have skewed their results, though. MRI is a very meditative experience and I'm pretty sure I fell asleep for brief moments when I was (supposed to be) memorizing and recalling pictures and words they were showing me on a monitor as part of the university experiment.
1. Update and restart and prompt for bitlocker password and update and restart and prompt for bitlocker password and restart
2. Update and restart and prompt for bitlocker password and update and restart and prompt for bitlocker password and shut down (and restart)
Finally, they fixed the last bit of option 2