HackerTrans
TopNewTrendsCommentsPastAskShowJobs

NoahZuniga

no profile record

Submissions

Tunesia authoritative nameservers for .tn are down

google.com
3 points·by NoahZuniga·há 4 meses·2 comments

comments

NoahZuniga
·há 15 dias·discuss
> Hohman examined eight major projects—"those that offered $100 million in payments and received significant media attention"—totaling $2.7 billion in promised incentives

> All told, the governor said that her major subsidy projects would create 20,595 jobs in Michigan

Even using these numbers that works out to $135k/job, which is bonkers!
NoahZuniga
·há 17 dias·discuss
for me its all in english.
NoahZuniga
·há 22 dias·discuss
probably enforceable via patents.
NoahZuniga
·há 23 dias·discuss
Usually days. I've had one take ~5 working days and another one ~3.
NoahZuniga
·há 24 dias·discuss
Yes you need a card (ov-chipkaart or ov-pas) but you don't need to be a local to get one. You just order one online for 7.5/5 euros. You do need an address for it to be delivered to, but its valid for 5 years so if you visit the Netherlands again you can reuse it.
NoahZuniga
·há 29 dias·discuss
I didn't say if LLMs are allowed do that, I said that humans are allowed to do that.
NoahZuniga
·há 29 dias·discuss
Yes!

Creating personal copies of copyrighted works are allowed. (Also, libraries really don't mind if you take pictures of the content of works they have.)
NoahZuniga
·há 30 dias·discuss
I really like https://dynomight.net/
NoahZuniga
·mês passado·discuss
The market can stay irrational longer than you can stay solvent.
NoahZuniga
·mês passado·discuss
Well they're not fully charging you. You get opus 4.8 pricing when it falls back to opus 4.8. Also you can disable it (and it seems like it's off by default in the api)
NoahZuniga
·mês passado·discuss
that wasn't a show HN?

> There was a thread yesterday

said thread was: CT scans of BYD car parts (https://news.ycombinator.com/item?id=48375824)
NoahZuniga
·mês passado·discuss
> The only way to allow this behavior is to have the two web pages in the different origins cooperate with each other using the Window.postMessage() API

Small nitpick, but it's also possible to communicate by changing the location.anchor property (by either the iframe or its parent window.)
NoahZuniga
·mês passado·discuss
well I agree, my point is that ie 2007-2021 is better than 2009-2021, and with my example I meant to illustrate that the best performers will perform less well and the poor performers perform better if you include 2008, showing that this does in fact matter.
NoahZuniga
·mês passado·discuss
Judging a pension fund by how it performs in a bull market seems wrong. Like their main job is to limit your downside from market crashes (if they're not doing that then they offer nothing compared to an index fund), so its strange to not include 2008 crisis (or .com bubble popping).

Checking this shows that the top 2 performers in this graph lost more money (~8%) in 2008 than the bottom 2 (~2%)
NoahZuniga
·mês passado·discuss
* only on sites that implement a new api
NoahZuniga
·há 2 meses·discuss
The entire premise of this article is wrong!

> Signal ships safety numbers because the platform might one day be compelled or compromised, and the architecture is meant to let you catch that. But almost nobody verifies

We have a solution to this! Wa and Signal both have key transparency. This uses cryptography to make it possible to verify that everyone is getting the same data[1]. Now your phone can check the keys listed under your username are all keys you made (and your contacts can check this too!)

Edit 2 (quick note): if you don't trust the app on your phone to verify your keys, then you also can't trust it to show you a valid security code, or do what the author proposed in their product spaces.

Edit:

It's also striking how similar (in essence) the current solution is to the solution the author is working on/proposing:

> Spaces takes this shape. (Disclosure: I work on it.) Issued names live in a binary Merkle trie. The root of that trie is committed to Bitcoin’s chain, used here as a widely-replicated, hard-to-rewrite timestamp service

Fundamentally the same: the name is your phone number (or alternatively in signal your username), key transparency also uses a merkle tree based structure. Instead of using the bitcoin chain as a consensus mechanism, key transparency implementations generally use trusted witnesses: simple servers that promise to only sign consistent versions of the merkle tree. This is better! Because essentially no clients (phones) have a local copy of the bitcoin chain, so you still have to trust a server to tell you what was posted in the bitcoin block.

For the rest current key transparency systems also have verifiers, which verify that the append only merkle tree is transformed into a dictionary legitimately (this is pretty compute intensive, and needs to be done by a trusted server too. WA currently contracts cloudflare as their only verifier). Spaces would also have to do this to be secure if they reach any scale, but this isn't mentioned in TFA.

Also a message for the author: Key transparency is cool tech, but you shouldn't reinvent the wheel! I hope you research current solutions more! You can ask questions in the transparency.dev slack (https://transparency.dev/slack/)

[1]: There are a bunch of details here. You need to check that everyone _is_ actually getting the same data. There are multiple ways to do this. The transparency ecosystem has generally stabilized on a system where you have trusted verifiers. But anyone (yes you!) can setup a server that can help monitor the chat app and trusted verifiers.
NoahZuniga
·há 2 meses·discuss
No I checked this. They aren't.
NoahZuniga
·há 2 meses·discuss
Logius is actually not a company but a part of the dutch (national) goverment.
NoahZuniga
·há 2 meses·discuss
Even with CAA records, any CA can still create a cert for any website. So if you're worried about an untrustworthy CA, then this won't help you.

It could make it less likely for a CA with buggy code to accidentally issue a cert for your domain.
NoahZuniga
·há 2 meses·discuss
pornhub doesn't even accept payment via credit card. A while back they were kicked off due to there being too much CSAM.