I'd like a language that allows me to explicitly annotate my code for vectorization/SIMD. Too often compilers aren't able to vectorize efficiently because the heuristics don't detect the opportunity.
Author here. I mentioned a couple of other benefits in the post, namely TTL (time to live) and the ability to have fine-grained role-based access control. Your servers should use certificate-based auth too, to join a production environment. Then you won't have the trust-on-first-use issue, because server authentication simply compares the CA of a client & server and you don't have the dreadful "are you sure [y/N]" question when connecting to a box for the first time.
Basically, certificates rule the world everywhere, but due to rough UX, they haven't seen broad adoption for SSH. That's until now, hopefully :)
Thanks for the follow-up! I've always thought the TOFU thing was a huge issue: it's hard to verify the first time and rotating server certs is a nightmare.
Are there any products/tools that make this easier? I've noticed that this isn't common even within companies with robust security infrastructure.
> Are there any products/tools that make this easier
You just read an article by Gravitational, authors of Teleport. Check them out.
The opensource product is pretty full featured, the commercial version has a few features companies usually need (I believe SSO is one of them). Now instead of having people submit a ticket, send the keys, yada yada, you can just point someone to the portal and they can just use teleport credentials (or if you have the feature, the corp credentials). And the session is recorded. You can also use the command line – and it still gets recorded.
Disclaimer: We use Teleport in our company. I pitched after finding out about them here in HN. We still have bastion hosts, which now automation automatically deploys teleport and they show up in a single place.
My own solution to this is to store the server key fingerprints in a public Git repository, which can then be pulled from on all devices that need to be able to connect.
This works nicely for my own personal setup with a few servers. It may be possible to scale this to a larger environment with multiple users too.
Then main benefit is that whenever a server is rebuilt (which can be quite regularly when using infra-as-code/infra automation), I don't have to go and manually update every single client that needs to be able to connect.
I think this is another sign that iOS/iPad OS and Mac OS are converging. If I had to guess, once Apple adopts ARM processors for the Mac, there won't be much of a distinction between the two.
Ah I was hoping based on the headline that this would be some sort of analysis of the actual code -- aka a pie graph of the different language features each team member uses. Kinda like an aggregated `blame` :D
This is quite a disappointment indeed. Turns out that compilers only use like 10% of the instructions in x86. While there are some efforts to fix this (at least for SIMD) with better heuristics, I fear that the best way to solve this might be to go with simpler ISAs and drive up the clock speed.
Absolutely. I feel that all the ~7.7k opcodes for x86_64 aren't helping things at all.
I had high hopes for RISC-V but I already heard the usual BS about "extensions that vendors may choose to implement or not" and I kind of lost hope. :(
