HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lq9AJ8yrfs

314 karmajoined 4 anni fa
[email protected] serious inquiries only. No bots, no sales, no marketing, no offers, no drama.

I am kind but I don't forgive easily.

comments

lq9AJ8yrfs
·l’altro ieri·discuss
There are lots of small insurers at least.

Multiple resources on the internet put the startup costs at $500K or less. That's not much more than fast food or other high touch retail startups by comparison.

There are certainly a few steps on the learning curve but it's mostly high school and undergraduate math that is needed. That puts it out of reach for some but the field is pretty flat once you get there, is my perspective having considered and opted against getting into it.

In other words, there's no moat in insurance.
lq9AJ8yrfs
·l’altro ieri·discuss
You need a capital base in proportion to the policies you sell in order to pay them out without going bust, to a certain confidence level. The time sequence of premium payments vs when the risk is expected to come due for a payout is factored in.

The 50 states regulate insurance in the US and issue rules about how to do this, some of which affect competition and pricing in heavy handed ways, sometimes it's overtly political.

In general though insurance is an extremely competitive field. Margins for the most part are similar or lower than other industries.

Not sure where the popular impression that it is not competitive comes from. If anything I think the sword cuts both ways, the friction in the process is probably more a symptom of competitiveness more than its absence.
lq9AJ8yrfs
·2 mesi fa·discuss
that's nearly a requirement for anti-bot things. turnstile etc.
lq9AJ8yrfs
·2 mesi fa·discuss
LLMs, including open ones, are really good at this it turns out. It stands to reason, there is tons of training material out there no doubt they have consumed and are ready to regurgitate.

Yesterday I one-shotted several interactive pages, that Qwen built out of straight HTML and Javascript. I handed it my API (source code, not even a swagger, via an MCP that Qwen wrote for me), asked for a frontend, and it delivered. One page at a time to keep context down, and mightve gotten lucky on the first draw but after the first one I told it to make the next ones like the first.

Can't say I've had that experience with backend languages & frameworks, incl writing that same API, but perhaps I'm off the beaten path with those, or perhaps there's greater breadth of things to do vs a narrower set of acceptance criteria? IDK.

Here I was sweating that I'd have to research and learn a current-day frontend framework. It felt like a magic wand using consumer-grade AI. HTML and plain old Javascript was plenty.

Tangent but apropos of other contemporary threads on HN, it puts a spin on supply chain threats. There's no NPM or anything, except perhaps whatever mysteries are baked into the model.
lq9AJ8yrfs
·3 mesi fa·discuss
It happens in the private sector too. I was involved in procurement at a megacorp for several years.

At one point one of my colleagues asked for assistance in getting an order of 500 iphones approved. As "spares".

Fortunately the corp had a policy that phone purchases needed to have a named individual declared.

I declined politely to assist.

It was common to see certain mid level execs churning through 2x - 5x the equipment of IC's (who would never get out-of-lifecycle approvals anyeay) and some quid pro quo stuff. As a fraction of their total comp it was modest ultimately, and for this reason my boss advised me to keep my mouth shut.
lq9AJ8yrfs
·3 mesi fa·discuss
CNC milling is typically included in the bans being considered in various states.

While poetically consistent, it enlarges the crater around these bad laws if they are passed and enforced. Basically all new manufacturing setups will need to stop and reprogram to stop and start according to fluctuating rules designed by committee, and will need to be made brittle to prevent circumvention.

It is a debacle.
lq9AJ8yrfs
·4 mesi fa·discuss
I don't think I've met an llm that is adversary resistant, and here are counterparties that are actively playing the field, to put it mildly.

The bug bounty service providers did an adequate job of filtering out junk reports. There was a survivorship bias, some of the bogus ones that got through had an uncanny ability to twist words.
lq9AJ8yrfs
·4 mesi fa·discuss
As a sometimes peripheral and sometimes primary program manager for vulnerability disclosure, for companies you nearly can't avoid, $0.02 follows.

It's a signal vs noise thing. Most of the grief is caused by bottom feeders shoveling anything they can squint at and call a vulnerability and asking for money. Maybe once a month someone would run a free tool and blindly send snippets of the output promising the rest in exchange for payment. Or emailing the CFO and the General Counsel after being politely reminded to come back with high quality information, and then ignored until they do.

Your report on the other hand was high quality. I read all the reports that came my way, and good ones were fast tracked for fixes. I'd fix or mitigate them immediately if I had a way to do so without stopping business, and I'd go to the CISO, CTO, and the corresponding engineering manager if it mattered enough for immediate response.
lq9AJ8yrfs
·4 mesi fa·discuss
It doesn't help that a lot of security software is pretty niche. It's unreasonable to expect most candidates to know it or have experience.

In one case I was one of exactly two people out of 500 that had used the product as a paying customer. Neither of us was in management.

After a year or two the CISO drifted over and asked me to show him how to use the product, but he was more interested in soundbytes than actually using the system.

It became a powerpoint exercise and I collected my attaboy.
lq9AJ8yrfs
·4 mesi fa·discuss
From having worked at and consulted with security software producing companies as well as security software consuming ones, I would say the security companies are worse than average at security.

And their security teams more cynical.

Sometimes they deliberately hire lower aptitude candidates to run internal security to prevent them from getting distracted by the product.

In other cases they are getting high on their own supply, more or less.

Jack Welch style management seems to take a deeper toll in this sector.
lq9AJ8yrfs
·4 mesi fa·discuss
It seems hard to donate a trademark application to someone.

Trademarks seem like a sore spot for successful OSS but probably useful for solving this problem.

Or perhaps a license change? Might be tricky to do what the author means and still meet the definition of /open/. Maybe that's ok?
lq9AJ8yrfs
·4 mesi fa·discuss
Getting your cloud 'wiz wit' in Philadelphia would mean having melted cheese on it.
lq9AJ8yrfs
·5 mesi fa·discuss
there are a lot of "do what I mean" type papercuts in openscad. BOSL2 is a library that, for me at least, takes away enough of them to make a rewarding experience. still find myself brute forcing which axis to translate or rotate things the way i want.

concur otherwise that openscad is parameter friendly. the lightbulb moment for me was when i finally grasped its functional grammar and leaned into it, esp recursion instead of algebraic solutions. that should probably be the subject of a tutorial or several.
lq9AJ8yrfs
·5 mesi fa·discuss
i like the way prusaslicer has a conspicuous setting to enable intermediate and advanced settings so that users can start with a less intimidating setup and opt in to the bells and whistles if and when they are ready.

this pattern could probably benefit a lot of apps
lq9AJ8yrfs
·6 mesi fa·discuss
Real world CSRF attacks into hxxp://192.168.0.1 home routers and polluting DNS and DHCP settings you could argue is caused or at least facilitated by NAT, or NAT misconceptions especially.

Though IPv6 has a similar situation with well defined unicast and multicast addresses.

True story, popular browsers won't let you load a webpage via various IPv6 local address literals for this reason. Hxxp://[ff02::] addresses won't work.

/ You can have your cake by "tying a knot" with yourself and port forwarding from 127.0.0.1 to the IPv6 literal. An ssh port forward will do this with aplomb. Then load hxxp://localhost:port and it works again.

// Browser logic
lq9AJ8yrfs
·6 mesi fa·discuss
NAT causes security issues too. Reflection attacks are much harder to stop if the endpoint and its network address are decoupled.

You can provoke loops and tangles of many sorts, some at the same protocol level and others going up and down.

My memory is fading but I vaguely recall a time when all of AOL shared something like a dozen egress addresses for certain traffic -- might have been proxies as opposed to NAT/"PAT" as we know it today. Iow, you couldn't block one without blocking 1/12 of AOL users.

Stronger memories of a time when your IP address (some were nat, some were not, varied by ISP) depended on which modem bank you dialed into, which was strongly influenced by what phone number you dialed. Which diluted the identity value of a given IP for a computer or user.
lq9AJ8yrfs
·6 mesi fa·discuss
As an outsider to this industry, is there any real moat against what an enthusiast or several could pull off with a few iterations?

Feels like a well placed post to a model sharing site could affect the landscape.

If we can do ghost guns shouldn't hand tools follow?
lq9AJ8yrfs
·6 mesi fa·discuss
If your schedule allows, try to time your visit around any of the science fairs that they sponsor and/or host. Top notch all around.
lq9AJ8yrfs
·7 mesi fa·discuss
My espresso machine is semi-automated and lots of folks seem to go for fully automatic coffee experiences. Mr Coffee all the way to K-cups etc.

There are some crazy things [1] going on in the oven world, though Miele seems to have blown the marketing. My wife and kids all furrowed their brows when I told them about the fish in the ice block. They don't understand or care about physics, they just like tasty food they know how to prepare. "Why would you cook a fish in an ice block in the first place?"

[1] https://www.mieleusa.com/m/in-dialog-with-food-miele-to-unve...
lq9AJ8yrfs
·8 mesi fa·discuss
I rather disagree on the difficulty of pulling it off. The problem space is well-defined and there aren't that many degrees of freedom in functional design.

I'll concede there is some complexity in integrating with everything and putting up with the associated confusion. And granted the stakes are a little raised due to the nature of identity and access, and like you point out what could go wrong. Implementation is annoying, both writing the identity solution and then deploying and operating it. But the deployment & operation part is still there if you go with Okta or 1Login or Cognito or whomever.

The implementation is a capital type thing that is substantially solved already with the various F/OSS solutions people are mentioning - it's just a docker pull and some config work to get it going into a POC.

There are much harder problems in tech IMO, anything ill-defined for starters.

The C-level folks seem to think they are buying some kind of indemnity with these "enterprise" grade solutions, but there is no such thing. They'll even turn it around and take Okta's limitations as existential--"if even Okta doesn't get it right, there is no way we could pull it off". Out of touch, or less politely, delusional.