I had the same feeling, so I began to read https://www.forth.com/starting-forth/1-forth-stacks-dictiona... with gforth installed with apt. And made few exercises to manipulate the stack with some words and get a grasp on it. Now I saw how it works, I came back to my imperative languages and won't come back to it.
IMO my skills in forth are not really enough to see the distinction between any implementation of forth, so the first one I stumbled upon was ok.
This is made by the company the inventor of the language created. Then he left it because Forth, inc. needed the language to be standardized, which wasn't his idea of Forth and, his point of view is that he solved the software problems and what was left was solving the hardware problems, so he moved to working on stack-based processors.
Swift Forth is literally a professional Forth and is well regarded. The other often recommend Forth is the FOSS GForth. They are good for starting because they are popular and standard, so you'll find help easily.
Other "smaller" Forth are often non-standard dialects and are more-or-less mature experiments.
Gforth is free and well rounded so I'd recommend that if you want to experiment with Forth. It is not very fast though, SwiftForth with optimised subroutine threading will be a lot faster. I haven't tried SwiftForth though as you have to pay for it and it is x86 only.
if you are working with specific hardware (e.g. microcontrollers) it depends on which forth dialects are available but for the raspberry pico and pico 2 I recently found zeptoforth [1]
I think the problem is the process. Each country should have a reporting authority and it should be the one to deal with security issues.
So you never report to actual organization but to the security organization, like you did. And they would be more equiped to deal with this, maybe also validate how serious this issue is. Assign a reward as well.
So you are researcher, you report your thing and can't be sued or bullied by organization that is offending in the first place.
If the government wasn't so famous for also locking people up that reported security issues I might agree, but boy they are actually worse.
Right now the climate in the world is whistleblowers get their careers and livihoods ended. This has been going on for quite a while.
The only practical advice is ignore it exists, refuse to ever admit to having found a problem and move on. Leave zero paper trail or evidence. It sucks but its career ending to find these things and report them.
That’s almost what we already have with the CVE system, just without the legal protections. You report the vulnerability to the NSA, let them have their fun with it, then a fix is coordinated to be released much further down the line. Personally I don’t think it’s the best idea in the world, and entrenching it further seems like a net negative.
This is not how CVEs work at all. You can be pretty vague when registering it. In fact they’re usually annoyingly so and some companies are known for copy and pasting random text into the fields that completely lead you astray when trying to patch diff.
Additionally, MITRE doesn’t coordinate a release date with you. They can be slow to respond sometimes but in the end you just tell them to set the CVE to public at some date and they’ll do it. You’re also free to publish information on the vulnerability before MITRE assigned a CVE.
Does it have to be a government? Why not a third party non-profit? The white hat gets shielded, and the non-profit has credible lawyers which makes suing them harder than individuals.
The idea is to make it easier to fix the vulnerability than to sue to shut people up.
For credit assignment, the person could direct people to the non profit’s website which would confirm discovery by CVE without exposing too many details that would allow the company to come after the individual.
This business of going to the company directly and hoping they don’t sue you is bananas in my opinion.
Thank you for sharing this, this is very interesting problem to tackle.
I find this interesting mostly to understand how you are handling encryption and security. I think this is one approach but others expressed concern over long term viability.
Using Tauri is also very interesting. How did you find using it for this simpler case?
Is it not available in Codex? I think this is fantastic and can't wait to try it, this is exactly the usecase I need, something fast, perform based on my instruction.
As to why would someone pay for youtube when you can block ads etc. I have been paying for probably close to 10yrs it not more.
Well, first you can use youtube on your phone, tablets etc, without seeing ads ever, I didn't realize youtube has ads.
Initially, my kids would ask for toys and fast food that I knew they didn't know anything about. So I realized family subscription is way cheaper then me buying even a single $25 toy, and most of them were more expensive.
Over the years, my kids have grown healthier both in mind and body thanks in part of that subscription.
I think on mobile it’s natural to walk to the guy and tap on him. Not helped by the fact that the screen shows ‘tap’ over the highlighted tile, which does nothing. You need to walk and position the guy under your cursor, then press ‘act’.
The position yourself, then long press on ‘act’ to build when you can’t see where to put the building anymore is pretty awkward too. I’d expect to click to build, position it, then press confirm or reject or something.
Just sayin'...
reply