I find the political discussions on here interesting and generally of decent+ caliber. Plus so much of what’s happening is tech related / enabled.
There’s 30 posts on the front page. If someone doesn’t care about politics why can’t they just ignore that 1 post instead of flagging it into oblivion?
I agree that HN tends to have better discussion, but I'd argue it tends to have better discussion precisely because it's not the norm, so there's input from the type of people that loathe the current state of Reddit on the matter, and also the type of people that do like yapping about it 24/7 are absent from it.
They can give you a few numbers without sharing the detailed cap table. Will they though? :p You could try to get around it by asking the last 409A valuation.
Regular people don't need a "secure network". Phones and computers are, by default, secure against malicious networks.
Just don't run code you download from the internet or put your passwords to important accounts into cheap devices and you'll be fine. Normally people don't the the former, but sometimes do the latter.
edit: To be clear: the bitterness in this comment comes from how many developers assume loopback is secure. However, most website are allowed to send requests to local ports on your computer (IIRC) so that assumption is basically completely false. This is forgivable, except in a world where every developer runs tons of extensions/scripts/open-source apps, and have next-to-zero blast-radius-reduction methods, it makes me sad.
Regular people download shit all the time though? Especially now with GPT, everyone is a programmer pasting code into command line. And how many people have IoT devices that they have to connect to WiFi? That’s total blind trust.
Every time I ask this question nobody is able to give me a solid answer :/
Based on the :/ emoticon, I now understand that you were asking this question for yourself. In that case, I will express anger at the article. I believe that it was vague and leaned into fear mongering. This explains the vagueness of your question (emphasis mind):
> I know this may seem trivial for many here but how can regular people easily check and debug their network for stuff like this?
"Stuff like this" is very vague.
- If there is a device on your network that is occasionally sending requests to the internet, then it generally isn't hurting you. That's why security is weak here, because the person buying the device is not harmed.
- If you're worried about the device sniffing your local network, then "normal people" are typically safe. Computers that you use are typically safe from malicious devices on the network, and you're in no more danger than working at a coffee shop, hotel, or university network.
- If you're knowledgeable enough to be a danger to yourself, and need the local network to be safe to protect yourself, then there is definitely a longer conversation to be had.
Responding point by point (before I realized that you were asking for yourself, and not the average person):
> Regular people download shit all the time though?
This is fair, though on macOS, most people download apps from the App Store (macOS makes it difficult to run apps downloaded from the internet and not signed by a registered developer).
> Especially now with GPT, everyone is a programmer pasting code into command line.
I am trying to reference a group of "regular people" who definitely do not fit this description---something like "the average citizen in the developed world". My parents definitely are not writing code with AI and pasting it into the command line. Although this was not crystal clear in this comment chain.
> And how many people have IoT devices that they have to connect to WiFi? That’s total blind trust.
My point was these devices do not endanger things that regular people care about. Their computers are still just as secure as when they visit a coffee shop or connect to their university wifi.
> Every time I ask this question nobody is able to give me a solid answer :/
Sure they can send requests but they can't receive them unless you've got misconfigured CORS. I guess there's DNS rebinding but like, idk, attack surface seems pretty small. This sort of stuff isn't really worth worrying about unless you're an idiot or likely to be the victim of a targeted attack. I happily run code off the internet all the time and it seems fine. If there's one thing that really seems like a mind virus it's the paranoia all security people get, I can't imagine living life like that. I'm ok getting pwned every few decades if the tradeoff is never worrying about this shit.
Maybe I've just gotten lucky?
(i will say putting a device not running open source software/firmware or something very locked down like a phone on your LAN is insanity, i could never)
When you run VS Code, it spins up a local language server that is capable of making code changes. That is how refactoring python works in many editors (including VS Code).
A website that you're browsing could potentially send requests to this server asking for code to be inserted that fully compromises your device. What keeps us safe?
- maybe the website is only allowed to send GET requests, not PUT requests, and maybe the language servers that you're using are all "hardened" so that they will never permit mutations via any get requests, and never have a misconfigured CORS header
- the website has to guess the correct port and the correct language server with a known vulnerability
- any website doing this on a large scale would likely get the language server patched and the website on a block list
- there might be other safeguards that I'm not familiar with. For example, I believe that Chrome disallows this by default
So now, here's my frustration: these two statements seem hugely at odds with each other:
> I'm ok getting pwned every few decades if the tradeoff is never worrying about this shit.
> (i will say putting a device not running open source software/firmware or something very locked down like a phone on your LAN is insanity, i could never)
I'm ok with a person who makes either statement. I'm also ok with a person who makes the first statement, and also wants their LAN locked down. However, I do not feel as though the a LAN ever needs to be locked down unless a person in running a server on the LAN network. Personal devices (like laptops and phones) are plenty capable of resisting malicious networks by default (coffee shops, university wifi, etc). What else is on a LAN?
> mind virus it's the paranoia all security people get
I generally agree with you, but I feel as though I am the one who has accepted that personal laptops need to handle malicious networks, and I'm generally comfortable with that. I don't worry too much about putting IoT devices on the same network as my personal laptop, nor about connecting to coffee shop wifis.
What I love is how their own features don't even play well together anymore...
For instance you can "hide your e-mail" by using Apple's relay, but if you do so... your payments using Apple Pay will fail unless you fill all the information in manually because the e-mail addresses don't match
It's ridiculous how poorly tested everything is, and that combined with their newly entered foray into the world of politics has nearly destroyed three decades of steady Apple use for me. I'll be actively considering other options, not upgrading, and looking elsewhere for products in spaces they're in
We invented money as a way of distributing scares resources. When there is housing going empty while people live on the streets in tents with no running water, no electricity, no sewage, one has to realize that something's gone wrong.
House prices are only "out of wack" in areas with poor social housing programs.
Housing in Vienna is still affordable, only due to their very successful public housing programs. Public housing can be both beautiful and highly affordable if you want it to be, it's not like we don't know how to make good quality homes with lovely public amenities. It's mostly developers that want to skim on everything while selling it at the highest cost possible.
Poor system if this is the outcome: unaffordability.
Your reply suggests you're thinking inside a very strange (to me) box.
Have you considered… not rationing housing?
As in, you can actually pay people to build more houses, houses are not a fixed resource. Likewise roads, schools, shopping centres etc., they're all things you can just pay to get built. Only thing a little harder amongst the usual talking points is hospitals, but that's because medical qualifications take so long, not because you can't do it.
I am interested in what is working in Vienna when “housing problem” is what almost every city in “the West” has or thinks it has.
To me it seems to be a combination of
- wealth inequality (eg 20/30 trillion dollars was printed and furloughed out in Covid, which funnels its way up to the holders of the most assets, seeing asset price inflation but no attempt to tax back the money printed). Repeat on different scales for unfair tax systems and poor infrastructure and and and
- urban planning (we think the ideal city is dense using seven storey or so apartment buildings and fairly aggressive anti-car (ie far less parking than seems possible) with better public transport and lots of pedestrian access. This describes almost no cities
- mortgages and other pro house incentives. You want house price inflation for decade after decade, just allow people to borrow a greater ratio against their salary — and allow married women into the workplace. Suddenly turning a mortgage limit of 2.5 x a man’s salary into 5x a dual couples salary. People bid up prices, forcing more couples to have two salaries to compete. And companies don’t have to increase salary to compensate … people combine salaries and go deeper into debt. Hell if you only had one policy weapon, forcing 2.5 borrowing against one highest paid persons salary is not a bad one. You won’t get re-elected however.
I don’t follow it but your last suggestion (use single income not household) was new to me and interesting in as much as it seems like an obvious extension of “The Two-Income Trap” thinking.
ChatGPT with no deeper diving thinks you are further off
“””
Social/public rental makes up about 43% of the city’s housing stock; around half of that is city-owned public housing.
The rest includes limited-profit housing associations and private housing.
“””
This compares with London around 20%, paris 24% and NYC 9%
Countries like Indonesia have banned foreigners from owning land altogether. You can apparently still own property through land-lease agreements and other arrangements, but not the land. I think they've cracked down on illegal rentals too.
Real estate prices are out of whack everywhere. Even in places with no good jobs, low population density, and rapid depopulation, real estate prices are increasing exponentially. There are no market forces in play anymore.
There’s 30 posts on the front page. If someone doesn’t care about politics why can’t they just ignore that 1 post instead of flagging it into oblivion?
reply