Break them down into multiple smaller formulas, with a column above explaining what they each do. Then consume the previous result in the next formula. This doesn't even need to be on the same sheet as the actual primary consumer sheet.
Yeah, that’s usually what I do as well.
Breaking formulas into helper columns definitely makes things clearer.
What I’ve been running into is cases where large formulas already exist
(and refactoring them into multiple columns isn’t always an option),
so I started wondering whether a structural representation could help
with understanding and small edits, rather than replacing that approach.
I’m not convinced it’s better yet — just exploring the space.
Considering it was created during a major moral panic after the movie "War Games" came out, by a bunch of politicians who knew nothing about computers (aside from, again, watching the movie War Games).
As a direct result, anything and everything can be a crime (e.g. violating a private company's Terms & Conditions), and the punishments are completely disproportionate to the actual criminality.
See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
I think you are missing some nuance here. They found a vulnerability where they could just increment an "id" and get access to another user's information. They then went ahead and scraped as much as they could. Also this person (iProphet / weev / Andrew Auernheimer) is awful and certainly not a victim. AT&T did not leak the information, Andrew did!
Should they have had better security? Yes. Was the vulnerability extremely basic? Yes. Doesn't change much, a vulnerability was used to dump a bunch of private data.
Exactly. If you find an unlocked warehouse, even if you are supposed to pick up something of yours, and instead of directly complaining you also ransack everything, you’re going to catch some heat.
> I think you are missing some nuance here. They found a vulnerability where they could just increment an "id" and get access to another user's information.
That's not nuance; the information was publically available on the internet without any security. Even search engines had indexed it before it was patched.
> They then went ahead and scraped as much as they could.
They told the press instead of releasing it.
> AT&T did not leak the information, Andrew did!
So AT&T dumping it all onto the open internet without any security isn't culpable, but the person who let the press know that their information was available to everyone is. That's quite an interesting take.
I'm struggling to see the nuance... You just repeated back what I already said, but added that you dislike the person personally, which is absolutely fine, but we're talking about miscarriages of justice not running a popularity contest. If you feel like they committed other crimes (which they likely did per Wikipedia), that is unrelated to THIS supposed crime.
> Was the vulnerability extremely basic? Yes.
There was no vulnerability. You just needed to request a record from a public web-server, which the server happily provided with no extra steps.
Let me ask this: When you request e.g. google.com, and they return a HTTP response, why is that not a "vulnerability?" Because we'd both agree it objectively is not. So then, why, when AT&T provides a URL with information they're meant to keep private but available to the public, and you then request it, that is suddenly a "vulnerability?"
They absolutely SHOULD; but they absolutely WON'T because they don't even think they did anything wrong (as opposed to CloudFlare who hangs their hat on the mistake).
Companies commonly claim security/anti-fraud, then refuse to explain their actions, claiming (again, without evidence) that justifying themselves would help fraudsters in some way.
But really this has nothing to do with anti-fraud, and everything to do with duopolies out of control and weak consumer protections doing nothing to push back.
That's why Google, Apple, and Microsoft are notorious for this.
I really enjoy how they list the price PER MINUTE to make it sound like this isn't absurdly expensive. A lot of people leave their self-hosted runners running 24/7 because, after all, they're self-hosted.
This is $2.88/day, $86.4/month, $1051.2/year. For them to do essentially nothing.
Most notably, this is the same price as their hosted "Linux 1-core" on a per-minute basis. Meaning they're charging you the same for running it yourself, as you'd pay for them to host it for you...
It's not nothing. Whether it's worth it to you is a value judgement, and having run a bunch of different CI systems I'd say this is still at least competitive.
How can they charge for something self hosted per minute? Thats very weird to me. If I run the software I should pay a single time only, if I don't own it then why self-host im the first place?
Maybe this is designed to scare people away from self-hosting altogether?
I do believe, this is to disincentivize self-hosting for smaller-medium workloads. In essence, they're saying that if you're small, you should just use their Linux 1-Core, but if you're medium-to-large you won't care about the high cost.
It is a way of increasing lock-in for smaller-medium clients, without driving away their medium-large ones.
If its the price of runs, then its not always running.
If its price of the agent to exist, then thats not paying per runs- then you’re right that people tend to leave their runners online 24/7- but I’ve never worked anywhere that had workers building 24/7.
OP means to say he has many jobs in the merge queue that the runners are always busy 24/7.
This is not uncommon in some orgs - less number of concurrent runners, slow builds, loads of jobs because of automation or how hooks for the runners are setup.
In the context of discussion that doesn't matter, OP's point distills to that they use minimum of 720 hours / month of orchestration time or some multiple of that on self hosted runners running 24x7.
Github will now charge $84 extra per month for single self-hosted runner running 24x7 - i.e. that is the cost for 43,200 build minutes for only their orchestration alone.
In a more typical setup that is equivalent to say 5 self-hosted running running ~4.5 hours a day(i.e 144/hours/runner/month)
If you have a lot of not very time sensitive jobs, e.g. large merge trains, it was reasonable to have a not very fast runner run close to full utilization. Now that you'd pay by the run-minute, it'll be cheaper to move to a faster runner and run it at 10%.
His workload is close to the more typical one i mentioned as scenario b. It will cost them $84/month.
For me, we do about 800,000 build minutes/month, for orchestration alone it is going to be $1600/month. In contrast the runner host we use (Namespace labs) cost $0.0015 / minute[1] which is less than orchestration cost for GH, that is just ridiculous.
---
[1] It is even worse, the first 250,000 minutes is fixed at $250, so the base is $0.001 /minute for the runner.
I guess some people just always have something running since it's owned hardware. Daily builds of popular OSS projects or constant vuln scans or whatever?
When you've already paid for the hardware, it is essentially free after that (aside electricity, I suppose). So there wasn't a reason to ration our runners, and we actually added additional workloads/scans/etc just because we could.
We're targeting 4x different deployment pipelines, so while we aren't running 24/7, we are running the same number of hours but split over all our runners. Often runs are queued during our busy 8-hour work-day, and then unused for 16-hours.
Either way, we will likely pay 8-hours4-pipelines5-days=160 hours per week, just shy of 168-hours for true 24/7. This currently costs $0 just for context.
Yup. Took wayyy longer than I actually expected as well. But the change of top management and closer integration with the whole MS behemoth is likely to make those kind of things accelerate now
$1k per year if you run an action 24/7. How many minutes per month do you actually use? How does that compare to the cost of the machines being used as runners?
The real mistake was GH not charging anything for self-hosted runners in the first place, setting an expectation.
That's a very selective example. The US controls TONS of hormones, Melatonin just got grandfathered in. If anything the UK system is more self-consistent than the US, even if I think both systems over-protect hormones with a low risk profile (like Melatonin in the UK).
As a counter-example, up until fairly recently you could buy Co-codamol (codeine, an opioid) in the UK off-the-shelf (i.e. no script). Which is a controlled substance.
See how people can use selective examples to play the "one system good, one system bad" game?
I wasn’t playing a game, but if we must, you can buy jars of naproxen off the shelf in the US as well - prescription only here. And antibiotic ointment, antitussives, antibiotic eye drops, and benzocaine throat spray, just to pick what I see in our cabinet. I only share my own experience though, but I find US pharmacies to be streets ahead in both variety and depth. If other people have other experiences, that is fine and I believe them.
One big benefit, though, is you can legally import or bring in POMs from overseas, a luxury the US does not have.
Co-codamol 8/500 (8 mg codeine and 500 mg paracetamol) is still available in the UK without a prescription. As far as I'm aware, though, it's always been OTC (over-the-counter, ie. you have to ask the pharmacist) rather than off the shelf.
The big change recently (mid 2010s) was that the pharmacist now has to verbally warn against driving, whereas previously it was just a prominent warning on the packaging & advice leaflet.
In terms of access to drugs, the differences between countries is incoherent, not really a "good vs bad" situation. A lot of it has to do with the different ways nations fumble their endless (yet fruitless) attempts to limit abuse and recreational use.
But in terms of cost, the US system is bad. If we as a nation want to invest in drug development, we should do so. Instead we ask grandma and grandpa and the chronically ill to flip the bill. Hard to think of a worse approach.
This varies wildly by medication; and makes a ton of assumptions that all happen to benefit the drug company's position/parrots their PR.
For example, my partner needs $100/pill medication, which also had a "savings card." That card only lasts for 12-months or 8-pills (whichever comes first). Then it is $100/pill. After insurance (High Deductible), we pay out of pocket $100/pill up until $3200. Insurance discount: 0%.
So the cash price and the insurance price are identical, except the insurance price counts towards deductible. UK price of the same medication? £10/pill, and that isn't via the NHS, that is full-price private (NHS could be as low as FREE, depending on several factors).
It was involved in the previous one, but not in this latest one. All FL2 did was prevent the outage being even wider spread than it was. None of this had anything to do with migration.
If FL2 didn't have the outage, and FL1 did, the pace of the migration did have an impact.
Though this is showing the problem with these things: Migrating faster could have reduced the impact of this outage, while increasing the impact of the last outage. Migrating slower could have reduced the impact of the last outage, while increasing the impact of this outage.
This is a hard problem: How fast do you rip old working infrastructure out and risk finding new problems in the new stack, yet, how long do you tolerate shortcomings of the old stack that caused you to build the new stack?
If browser makers offered to put it in the browser if the name is freed, I bet they could be convinced. The main problem right now, is that there isn't a major push to add TS to the browser.
The way I'm proposing it, technically it would be to make JS and TS kind of the same thing, but not fully, as someone else mentioned the goal of TS is still to tell the user (developer) about issues before the code runs. However, if done right TS files still get interpreted like normal JS, and technically you would want to compile them and not put them in the browser "raw" but you could still call it TS.
You don't notice you're on ARM at all. Everything "Just Works."
And you're seeing 20+ hours battery under normal workloads (i.e. not spec sheet "20 hours" but day-to-day). I've been mainlining a Windows ARM laptop for six months, and am yet to run into anything I couldn't do.
reply