Dollar Shave Club is looking for an experienced Go (Golang) engineer interested in Kubernetes, Docker and related infrastructure and security-related projects. Get paid to contribute to OSS and help us build our global e-commerce and fulfillment platform to help men be the best they can be.
That said, Furan isn't suitable for untrusted Dockerfiles (or multi-tenant environments) exactly due to the security implications of access to the Docker engine socket.
The issue I see with Kaniko is drift from upstream Moby/Docker syntax. One of the strengths with Furan is that you have the guarantee that the Docker build you perform locally is exactly what happens by the service. When you can't make this guarantee you get into weird situations where "the build works for me locally" but there's some issue when doing a remote build. That's also why we've resisted putting special build magic into Furan (like injecting metadata into the build context, for example).
Option 2 is very similar to how signal handlers work in Go. When a signal is received, a value is written to a channel and the library user is responsible for reading values from the channel and responding appropriately.
A write(2) to STDERR_FILENO for verbosity/debugging is fine, but mostly you don't want to do this because it will interleave with any non-line-buffered stdio writes to it... An _exit(2) is also OK if you really want to do that, but generally you want to do some cleanup, so might as well do the self-pipe thing every time.
The only tricky thing is when you use SA_SIGINFO and you want to pass the siginfo_t data to the event loop. You can write(2) that to the self-pipe, but you have to be careful of the possibility that it will fill up. You can always create a new pipe(2), write(2) the siginfo_t to it, close(2) the write end, and send the read side fd via a socketpair(2) that the event loop listens to.
kevent() is another way to handle signals. It puts handling them into the program's main event loop, which is done synchronously with normal event-dispatching mechanisms and so does not have worries about asynchronous signal safety, because with kevent() they are just another type of filter.
Sure, if you're going to use non-portable constructs, there're better alternatives to the self-pipe thing. Linux has something roughly similar with signalfd.
The nice thing about the write-a-byte-to-the-pipe thing is that it works virtually everywhere.
Dollar Shave Club | Infrastructure Engineer (Go/Golang SDE) | ONSITE, Full-time | Los Angeles, CA | https://www.dollarshaveclub.com
Want to work on Kubernetes, Docker, GRPC and related ecosystem full-time? Itching to contribute to open source on company time? Do you love distributed systems and solving difficult problems?
DSC is looking for a senior Infrastructure Engineer, experienced in Go and K8s to help us continue to build out systems supporting our international businesses.
We're generally pretty remote-friendly once onboarded, but you will need to be available to be in office when required, so full remote is not an option, unfortunately.
Send CV & GitHub username to benjamen@dollarshaveclub.com. Feel free to reach out with any questions about the role, I'm happy to discuss.
Tests absolutely cost time, inversely proportionate to the raw ability of the programmer. A 95th percentile engineer can write cowboy code with zero tests that largely works. Enforcing tests could cause up to a 50% slowdown. It’s probably worth it in the long run, but for a time and cash strapped startup its a legitimate cost/benefit analysis.
To be fair, this bug looks like it mostly affects systems that run lots of untrusted code -- e.g. cloud services. If you are only running code you wrote, that does not require many syscalls (compute heavy), in your own data center (or whatever), discounted Xeon chips that suffer from the flaw could be a good deal.
People who need to get absolutely the most bang for the buck have no ties to any given supplier. Cray deployed one of the first Opteron-based supercomputers.
Intel got lots of datacenter business simply by having a better (as in "better suited to our demands") product than anyone else in the segment. AMD has a short time window to make some large sales. They have until Intel ships a microcode fix or a new line of processors.
Imagine seriously believing that guaranteed lifetime employment, very generous pension and health benefits (unheard of in the private sector), a well-defined career ladder as well as a six figure salary somehow aren't enough. Out of the other side of your mouth claim that these people are public servants selflessly working for the good of all.
The reality is that the compensation package for government workers primarily appeals to those with average to mediocre ability and a strong aversion to risk (often also a tolerance for boring, repetitive work and/or bureaucratic infighting). When was the last time you met a bright, creative superstar working at your local DMV office?
That's why the US Digital Service is actually a pretty good idea. Tours of duty are preferable to lifetime career hires. I'd like to see much more of the federal government adopt that model.
The very assertion that you must protect people from exposure to various ideas is deeply problematic and against everything the Enlightenment taught us.
The Enlightenment didn’t envision ML-assisted data-guided state-actor-resourced propaganda efforts. The Enlightenment imagined rhetoric and persuasion as something like single combat: one man’s reason pitted against another. It didn’t imagine massively resources organizations throwing millions of dollars at studying quirks of human cognition so as to optimize the short-circuiting of reason itself.
I’m a proponent of Enlightenment values, but the bottom line lessons that we derive from those values were derived in a wildly different context. An Enlightenment for the modern day may very well look different than “old school” Enlightenment. It may very well one day shape up to being open-minded about what socioeconomic datasets you let your pet AI graze on, rather than being foolish enough to ingest slogans from all comers.
You’re not wrong, but it’s also true that at various times the written word and advances in its production and distribution were seen much the same way. Any new technology which represents a massive improvement in communication is going to radically change society in unpredictable ways. Needless to say, rapid and irreversible change is monstrous to live through especially if you’ve historically enjoyed the advantages of a previous system.
So the solution is to fight those things (with e.g. laws and education), not bring back taboos. How many times must we re-learn the lessons of the past? Censorship is not the path forward and even if you disagree, surely you can understand that, at an absolute minimum, we can't let random noisy members of the internet, or certain specific monopolies make the descision on what ideas can't be thought or expressed.
I didn't say you have to protect them. I did say you might want to not spread ideas you disagree with.
It's one thing to debate with friends at a bar. It's another to retweet something to your 6,000 followers and adding "lol dumb". At least some of those followers will disregard your comment and just absorb the message.
Just like my maths professor in high school would say. I'd show you how most of you do this wrong, but then you're just going to remember the wrong way. Let me just show you how to do it right.
Then there's the argument that any signal of approval (share, comment, retweet, engage) tells algorithmic timelines that this message gets much engagement and sharing it to a broader audience.
A key tenet of human cognition is that we agree more with things we hear more often. You can convince people of pretty much anything through sheer bruteforce of Being Everywhere. Doesn't matter if those who share agree or disagree, just that they shared.
>I did say you might want to not spread ideas you disagree with.
Well, I can imagine one would do this in abscence of any proper argument against said ideas. Maybe you should revisit whether these ideas have some merit to them or not?
The sad thing is that this strategy doesn't even work. It's analogous to trying to fix prices in an economy. All that does is create black markets. You end up with bubbles, preference falsification and preference cascades of increasing severity due to the illiquidity.
The basic strategy is to woo Western companies with extremely cheap labor and vague promises about access to the Chinese market, in order to get the companies to export most/all of their capital equipment and business expertise overseas. Then this is used as leverage to force them to adopt PRC-friendly policies (see Apple and government censorship in China, for example) and IP transfer to Chinese firms. Keep in mind that in China there is no objective judicial system as in the West to mediate disputes between the government and firms; once your assets are there you are at the mercy of the PRC.
It's really important to understand that this is a long-term geopolitical strategy by the PRC to supplant the US as the dominant global superpower, and a big part of it is siphoning off the industrial and manufacturing capacity of the west (see One Belt One Road Initiative).
