HackerTrans
TopNewTrendsCommentsPastAskShowJobs

aazaa

no profile record

comments

aazaa
·6 years ago·discuss
The move seems to be specifically in response to the recent court order:

> Superior Court Judge Ethan Schulman ruled Monday [August 10, 2020] that Lyft and Uber's thousands of contract drivers should be given the same protections and benefits under labor law as other employees of the ride-hailing companies.

> The judge said Uber and Lyft have refused to comply with a California law passed last year that was supposed to make it harder for companies in the state to hire workers as contractors, so gig economy workers such as drivers for the ride-hailing companies would receive health insurance, workers' compensation and paid sick and family leave. As independent contractors, Uber and Lyft drivers are not provided these benefits.

https://www.npr.org/2020/08/10/901099643/california-judge-or...
aazaa
·6 years ago·discuss
The reason Lego works is a simple, well-defined interface. Two bricks stick together by friction because the stud pattern on one matches the hole pattern on the other precisely. Fortunately, that's a model that translates well to software.

The way to make software reuse more like organ transplant than building Legos is to ignore the advice to keep the interfaces simple and precise. Or worse, don't even bother defining an interface, its data types, or error conditions.
aazaa
·6 years ago·discuss
> It seems crazy to require that technically talented people should be forced to spend time doing something - report writing - at which they're not gifted, but how else can the world benefit from their brilliance? Without communicating their ideas, their work is lost and might never have been.

Peter Thiel has an interesting take on sales in his book Zero to One. He makes the case that good selling and good teaching are pretty much the same thing.

The best teachers know how to sell the topic they teach. K-12 teachers in particular know in their bones how crucial a sales perspective is to getting an important message across.

The best salespeople sell in a way that doesn't seem like selling. Thiel gives the example Steve Jobs. It almost seems strange to call what he did sales, but that's essentially what he did when he got on stage. Another example, is Elon Musk, who gets his message across without seeming very much like a salesperson. It's probably no coincidence that both figured out good ways to inspire their audiences.

So if the word "sell" makes you want to run for the door, consider the more or less equivalent form: communicate. Or, maybe "educate." If you think salespeople are all liars, focus your "sales" efforts on conveying facts in the most compelling way possible - without lying. I find that from this perspective, the idea doesn't seem nearly as bad. It also presents a much more actionable path forward.
aazaa
·6 years ago·discuss
No access to article, but an entire generation of money managers have grown up with the Everything Bubble starting in 2009, fueled by Fed largesse. They've never even seen a bear market, let alone a financial panic. Most have completely ignored the alarming rise in valuations and market distortions, engaging in extremely risky behavior for years on end.
aazaa
·7 years ago·discuss
> My co-founder recently decided to shut the company down, focusing on what he/she does best rather than being reliant on tech/design loops by making our amazing designer create a Shopify site that he/she can manage him/herself.

It sounds like your co-founder is trying to fire you and leave you with the code, which is not needed because it can be done with Shopify now.

> Should I contact these startups? Anything I should do first, legally wise?

Don't sign anything regarding the breakup of your company. Consider your founding documents very carefully. What do you own according to these documents?

The breakup of a company is a negotiation. Maybe not a very pleasant one, but potentially every bit as important as the founding negotiation.

You will probably want to run your question by a lawyer.
aazaa
·7 years ago·discuss
I'd take issue on two points. First, "wallets' don't exist in the Bitcoin protocol. Second, the tool being used is not sophisticated enough to list the inputs and outputs, giving the false impression that something unusual is "unknown." Try this link to get details:

https://blockstream.info/tx/4410c8d14ff9f87ceeed1d65cb58e7c7...

There are numerous inputs and a single pay-to-script-hash (P2SH) output.

The relatively high fee is due in part to the large number of inputs. ~400 satoshis/byte is high by today's standard but not too unreasonable as early as 2017.

We can't tell anything about the identity of the owner(s) of the new coin from the block chain alone.

Making a transaction this large is a security risk. It effectively establishes a billion dollar bounty for any party who can rewrite enough blocks to erase it. Now that the value resides in a single coin, any subsequent transaction faces the same risk. Plunking this much value into a single coin seems like an odd strategy at best. Not to mention the destruction of privacy in combining all those inputs into a single transaction with a single output.

I can think of one reason you might want to do this. A consortium/trust has formed in which individuals pay into a common pool of money. That money is then protected with a multi signature script (consistent with the P2SH type). Given a threshold of signatures, the money can be spent, subject to other constraints. These will remain unknown until the first payment is made. At that point we'll know the number and identity of all the eligible keys and the threshold needed to make payment.

If so, this transaction can be thought of as a kind of digital charter for the consortium in that it defines how the money can be spent going forward.

Edit: to be clear, the "bounty" I'm talking about can't be directly claimed just by mining some blocks. Instead, it would have to be claimed as part of a double spend of either the transaction in question or as subsequent transaction of the now-enormous output. Most likely, there would be collusion of some kind between a miner and the owner of the keys. I'm not saying this will happen, but the bigger the transaction, the greater the risk.
aazaa
·7 years ago·discuss
The paper notes another, distinct, attack possibility:

> Before going to this, we mention quickly another mistake in the design that could in itself have led to devastating attacks. The generators that are given in public- key.json are generators of the whole multiplicative group. However, due to the Chinese remainder theorem, it is a good practice to use a generator of prime order. In the present case, the generators will have their order divisible by 2, and therefore there is a huge risk that one bit of information leaks from a ciphertext. In a context like e-voting where a ballot can have a very simple form, this bit of information could reveal a lot of the vote (or even all of it in the case of a yes/no question). In principle, we would have had to investigate more in this direction. But due to the main attack that is much easier and far more powerful, we keep this as a remark.

https://arxiv.org/pdf/1908.05127.pdf

This still leaves the question why the developer(s) decided to roll his/her own crypto in this way:

> A possible explanation is a confusion with the key size that can be used when using elliptic curves for which the Number Field Sieve algorithm does not apply.

This is such an obvious mistake that the entire protocol (whether or not it's ever documented) might be vulnerable.

> Another less excusable but still possible explanation might be related to the use of the Ethereum blockchain. In the Solidity programming language that is used to write smart contracts, the bit size of the largest supported integers is 256. Maybe the authors did not want to write a multiprecision arithmetic library that would have been required to deal with larger key sizes. This hypothesis is supported by frequent tests in the source code, checking that the big integers they manipulate are not bigger than SOLIDITY_MAX_INT.

This seems more likely. However, that last sentence checking for overflow sounds like another trove of vulnerabilities.

Moreover, the claim by the developer in the ZDnet article that a patch is forthcoming seems suspect given that it will need to also include multiprecision arithmetic functionality, where there are still more opportunities for snafu.