- "Why do you think individuals deserve universal basic income?"
- 100% reproducible? That's amazing. I'll be honest, I don't really believe you (which I suppose is the point, right?).
Do you all document how you got around system level sources of non-determinism? Filesystems, metadata, timestamps, tempfiles, etc? This would be a great thing to document for people aiming for the same thing.
What are you all using to verify commits? Are you guys verifying signatures against a public PKI?
Super interested as I manage the reproducibility program for a large software company.
- Hm, it turns out suggesting that someone buy a suit for a job they need is a litmus test.
- > Literally the only thing on the client could be a session cookie.
You know, about 7 years ago I would have heartily agreed with you. KISS, right?
The thing is, it just doesn't make financial, UX, or security sense to do that. The cost of storing every jot and tittle on the backend is huge. The collateral of anything happening to the backend becomes larger. Enjoy benign things like preferences/app settings, unsent comments not having to be rewritten because your session expired, etc? If you're not storing them via local storage, you can KISS that goodbye.
- I keep coming back to this phrase used in this post: "it was scary".
Yeah, hiring is scary. Hiring is insanely expensive on all fronts. Firing people is difficult, it's expensive and legally exposing. Hiring the wrong person, allowing them access your systems and potentially exfiltrate your IP to them is a hazardous but necessary venture.
The thing is, none of these things really changed with AI. People have been lying about their experience for literally centuries. IMO the advent of AI-laden candidates is going to nudge the hiring process back to how we did it 10 years ago, with a good old fashioned face-to-face interview and whiteboard questions. This means a lot of things that we've grown accustomed to in the past 5 years is going to have to melt.
- people are probably going to have to fly out for interviews, again.
- awkward and/or neurodivergent people are going to have to learn social skills again.
- And yeah, you guys, it's time to buy a suit.
Companies should consider reverting to forking the upfront $13-1500 dollars for a set of plane tickets for their hiring team and rented conference rooms for a week. It's a whole lot cheaper than spending 50k because you hired the wrong person for half a year.
- I think this is a very sane and sober line of reasoning.
I'd actually go further and actually say that there is actually very little that European counterparts can offer to American interests. Even less in the ways of sensibilities. The only negative emotion I feel about Europe is chagrin and lament at their utter loss of legacy due to their commitment to globalism at any costs. Truly a shame.
- read this as "ogress", thinking it was some new variant of postgresql. My mind has been destroyed by HN!
- Hi, former pentester here. If any one of your trusted clients is using a google/chromium based browser, the telemetry from that browser (webdiscovery) would reveal the existence of the subdomain in question. As others have said, security by obscurity doesn't work.
- How so?
- There are many different ways to read your comment. Both of which are actually pretty funny. Well done.
- > but that all the other social media networks are not dangerous despite the mostly Russian misinformation and election interference that has been ongoing since 2016
You can affirm one thing without affirming similar arguments. This is important for me to say because you're consigning me to an argument that I didn't make.
- It's really rare for me to be pro-intervention when it comes to the government vs free-industry but TikTok has become undeniably, geopolitically hazardous for the US. The dismal bit of it is that nation state backed, habit-forming propaganda apps are only likely to proliferate.
- Does anyone else read the title and only identify ~6/9 of the words in the title here? I've got no clue what this is about before clicking on it.
- I'd be satisfied with just the first half of this sentence. What they think about the shareholders is entirely irrelevant. Let them do their thing while the company does their own. Distinct entities.
- It's almost as though companies should be most concerned with profit and not unproductive virtue based working groups that don't produce shareholder value /shrug.
- When did we get to call agents dreamers? That too seems like jargon that has a bunch of context to it that could easily be misplaced.
- How do you get to those conclusions based of what op said?
- Jewish oral tradition, at the time of the writing of the gospels, had largely been replaced by the robust scribal polity and the infrastructure that they created that was dominant at that time. This is further evidenced by the statistically insignificant amount of transposition errors for written works from that era.
Was oral tradition around and popular for the lay polity that time? Absolutely. Was it heeded in and above scribal tradition? No, not at all.
- DoH and DNSSEC don't use ECH (encrypted client hello)
From what I remember, only DoT uses ECH
https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-securit...
- After the Snowden revelations regarding FOXACID and QUANTUM going largely undressed in the tor project, people have every right to feel sketched out with using ToR for anything. "We're still helping people" just isn't a good enough argument for most people.
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_a... https://blog.torproject.org/yes-we-know-about-guardian-artic...
- this presumes that anyone would trust bitlocker.
- I maintain the reproducible builds effort for my company and, please, let me tell you that this is the main pitfall of the whole effort.
There is always going to be a degree of un-reproducibility just due to the nature of math. If you don't have the same system, same compiler version (down to the minor or patch level), same dependency versions, same build flags, filesystem ordering, OS handling etc. . .you're going to get differences.
The RB project has readily disclosed that there is a degree of "significantly reproducible" sussing that each end user is going to have to do. The fact that the Debian maintainers chose not to display the degree of reproducibility is probably because showing low reproducibility scores undermines the efforts to evangelize the movement.
I think that's understandable, but also is a bit of a two edged sword. If we don't disclose scores, we allow for the misrepresentation that "this is safe because it has the word reproducible in it". If we disclose scores, we get articles like this saying "wow, thats a really low score, wtf" and short lived paranoia gives way to ambivalence about the whole thing.
It's difficult to capture the nuance in this in pithy tidbits, hence blog post on HN with me explaining this :).
- the guy who pulled 1.3m from multiple remote jobs and lived to tell the story: https://www.hackerneue.com/item?id=31156417
- Fun concept, but this is security by obscurity. Other heuristics:
- providing fake manifests to hardware drivers commonly associated with virtual machines - active process inspector handles - presence of any software signed by hexrays (the ini file is usually enough)
- Wonder what corpus this was trained on or what it sources from.
- seems really interesting for fuzzing.
- After using FF for the past 7 years, every day at work I switched to Arc. It's been __okay__. I'm not a fan of them trying to nix the bookmark system and much prefer FF's implementation of just good old fashioned, indexable bookmarks.
If FF can manage a good implementation of vertical tabs, I'd switch in a heartbeat.
- Part of me hopes this reignites a new era of scareware. The other part says wow this would be really cool for a SSH banner
- It buys time for them. GitHub will have a lengthy internal discussion about DMCA takedown requests and the fact that the code isn't on their server. During this time it'll give the HN and reddit communities time to grab the link and redistribute.
The same can be said of books as of programming languages:
"Not every ___ deserves to be read/used"
If the documentation or learning curve is so high and/or convoluted that it's disparaging to newcomers then perhaps it's just not a language that's fit for widespread adoption. That's actually fine.
"Thanks for your work on the language, but this one just isn't for me" "Thanks for writing that awfully long book, but this one just isn't for me"
There's no harm in saying either of those statements. You shouldn't be disparaged for saying that rust just didn't work out for your case. More power to the author.