Absolutely nothing. I've had my personal site reach the top a couple of times and its been totally fine each time. My site is static and runs on a $5 Digital Ocean droplet. The traffic barely even made it blink.
I'm the original author for this post, and there are a few things I've realised since writing it (despite the fact that it was only 2 days ago).
The first is as allwein says below: Just because I made an assumption that source control is ubiquitous, it doesn't mean that it actually is, and it probably shouldn't be removed from the list.
The second is with regards to quiet working conditions. I've seen here, and on Reddit, that most people seem to vehemently disagree with me. I didn't imagine that there would be this level of disagreement. The popular opinion is that everyone should have quiet working conditions. My statement was that working conditions are tied to open office vs closed office, and it was a personal preference. So, my question to HN is: Am I wrong in thinking that this is a personal preference and that it benefits everyone to have private offices?
What would the alternative be? Allow anyone to request that an account is deleted? Facebook needs some form of verification due to the password being breached (and its great that they are checking for that sort of thing)
This thread is great. Whenever H-1B threads come up on HN, I prepare for the onslaught of what can only be described as hatred. It's the view of many people on this site that all H-1B holders are "cheaters" of the system, and they don't deserve to get a job in the US. As a former H-1B holder, the threads always made me feel guilty, and feel bad about wanting to work for a well regarded, successful company. It's nice, and refreshing, to see that it's not the view of everyone, and that H-1B holders are equals and deserve the same rights as everyone else.
One of the 1Password ones (https://team-sik.org/sik-2016-040/) about leaking URLs is marked as fixed, however, that's a little misleading. It's fixed if you use their newer vault format, which has limitations, and is not selected by default when you create a new vault. I wrote this about it a while back: https://myers.io/2015/10/22/1password-leaks-your-data/
I'm really curious to know how this compares to the rest of HN. I'd expect this to be somewhere in the middle, varying depending on country. However, am I going way overboard on what I'm willing to pay for, or are there services I should be using, which I'm not?
One of the more concerning matters on this is that the BBC, for some reason, are choosing not to report on this at all. Gone are the days when the BBC were the most trusted and reputable news source. http://www.bbc.com/news/scotland
The author quite rightly points out that most of the English speaking countries would treat people exactly the same way, however I find it a little odd that she wouldn't ever go back to the UK, but makes no mention of visiting these other countries. It seems that her opinion of the UK doesn't quite match up with the statement that they are all the same.
The unfortunate problem with this is that while piping directly into bash can be exploited, it remains as one of the easiest ways to install programs.
Taking RVM for example. Their instructions are to run this: `curl -sSL https://get.rvm.io | bash -s stable`. The script that is executed is 887 lines long. The installation is "complex", requiring a lot of different stages. Now, the solution to this is "Use a package manager". Sure, that works in a lot of cases. However, when you have something like RVM which is used across several major operating systems, and hundreds of different flavours, each with their own quirks and package managers it suddenly gets difficult to manage each of these.
The problem we face is, how can we make it easy to install something, while still being safe and maintainable?
Breaking this down further, there are 2 issues to solve. The first is "How do we ensure what we download is what the maintainer says that we should download?". I.e. How do we make sure there are no malicious injections. That one is simple. Use SSL.
The second issue is, "I want to install this thing but I don't know if I can trust the installer". Are you crazy!? This isn't an issue. If you don't trust the installer, you sure as hell can't trust the product. If you don't trust either of them, then you automatically don't trust the other and shouldn't be installing it.
The result is that, yes, people can maliciously serve up code when you pipe the output of curl through bash without you realising. However, this is no different than blindly trusting and installing a script.
When light interferes with itself it creates a "pattern". When the light beams are out of phase, the interference pattern is different. The gravitational waves basically minutely increase the distance that one of the beams travels and causes it to go out of phase with the other, thus changing the interference pattern.