Hacker News new | past | comments | ask | show | jobs | submit | davedx's comments login

I’ve been working on KYC recently, curious to hear what the problems with it are in your opinion?

Speaking as a fraud detective, it appears to be completely ineffective.

Well yeah, you're only looking at the instances of fraud. You're not investigating fraud that never happened because it was prevented, that would be impossible.

Synthetic identities, probably

Can mypy type check SQLAlchemy somehow? That's what caused me to give up on Python type checking recently

SQLAlchemy 2.x has direct support for mypy, it works out of the box, no longer needing mypy plugins. Many things in SQLAlchemy as are still dynamic and can't be type checked, but the native support works great where it can.

I’ll give that a try. Thanks

What might, possibly, redeem Python in my eyes as a potential language for making production applications (something that today, it is most certainly not) would be if the type checker worked across the broader ecosystem of common Python packages.

For example, as my recent struggles showed, SQLAlchemy breaks `pyright` in all kinds of ways. Compared with how other 'dynamic' ORMs like Prisma interact with types, it's just a disaster and makes type checking applications that use it almost pointless.

How does Ty play with SQLAlchemy?


This is a weakness of the Python typing system and not necessarily of individual typecheckers. Pyright has a policy of only implementing what's standardized, and the Python type system is simply inadequate to annotate most real world Python code out there. It's been years now and something as basic as properly typing kwargs is still not supported.

Ty could solve this if they rebel and decide to ignore the Python typing standards, which I honestly would appreciate, but if they take the sensible approach and follow the standards, it won't change anything.


> properly typing kwargs is still not supported.

I've been typing them with TypedDict for a while now and it's been fine. What can't you do?



Python code feels like back in the day when JavaScript was typed using JSDoc comments, and libraries would use all kinds of fantastical object shapes for their option parameters, so users could pass "just about anything" and it would work. You would never know how to configure an Express app without digging through the documentation, for example.

I loathe the Python convention of just using kwargs instead of clearly annotated parameters; most libraries don't even have doc comments in the code, so you're really required to look up the documentation, hope that it actually describes the method you're interested in and contains more than stuff like "foo: the foo to use"—or fall back to rummaging in the library intestines to figure out how it works.

It's pathetic.


I'm not sure into what kind of industry you're in, but having most functions as (args, *kwargs) is not the way I deal with most of my code and the libraries I work at all (backend development). Everything is typed fully.

Maybe you're in a niche spot, or using scientist-based code. I've seen plenty of trainwrecks in 'conda-only' ""libraries"" done by scientists. Maybe that's the niche you're at?


Sometimes, though, you may get lucky, and find some tests for the code you want to use!

On a more serious note, I can't even blame library devs as long as they try. Type "hints" often are anything but _just_ hints. Some are expected to be statically checked; some may alter runtime behavior (e.g. the @overload decorator). It's like the anti-pattern of TypeScript's enums laid out here and there, and it's even harder to notice such side-effects in Python.


My experience is this is nearly impossible, the solution is new packages written after typing was introduced.

I don’t know about SQLAlchemy, but for libraries like pandas I just don’t see how it can be done, and so people are actively replacing them with modern typed alternatives


Ha. I just finished a huge rewrite at work from sync SQLAlchemy to async SQLAlchemy, because the async version uses a totally different API (core queries) to sync. So this implies if I want type checking I need to use a different ORM and start again?

I love how Python makes me so much faster due to its dynamic nature! Move fast, break things!


I don't agree that dynamic nature makes things necessarily faster, if you compare Python to C or Java it is true, but if you compare to Typescript it is not. With a decent typing system and a good editor that makes use of it (and AI-assistants nowadays) the prototyping can actually be both faster and more stable.

Yes, I 100% agree. My career has been Java/C++ -> php/JavaScript -> typescript/python. Types are a godsend

I think davedx was being sarcastic. Python's dynamic nature cost them time.

What version of SQLAlchemy? SQLAlchemy v2 is built with with type-hinting support, I didn't have any issues with it when I used it few months ago

Only tangentially related but does anyone else here get very bothered when looking at the SQLAlchemy documentation? It seems so hard to find what kind of magic incantation you need to do in which order when trying to do a somewhat non-trivial query and I often just write the SQL I want and then tell chatGPT to rewrite it to SQLAlchemy operations but thats not really a sustainable solution.

Have you sat down and read the SQLAlchemy docs properly? It made a lot more sense to me once I'd set aside an hour or two to work through the Unified Tutorial.[0] I feel like these days people just want quick answers to do very specific things but that's a very inefficient way to learn something like SQLAlchemy.

If you know the SQL you want it's just a matter of writing it in SQLAlchemy's query language which is quite close to SQL. Should just be a matter of practice to become fluent in it. "Complex queries" usually turn up when you're doing something like rendering a table or report or something. You don't need the ORM for this kind of thing, just write a query.

An ORM is useful when you want to write domain logic to do read/write operations against domain entities and persist them back to a database. IMO people get hung up on ORMs and think if they're using one then they have to use it for everything then do the most horrible contortions that should have just been db queries. SQLAlchemy allows you to use the ORM judiciously.

[0] https://docs.sqlalchemy.org/en/20/tutorial/index.html


> I feel like these days people just want quick answers to do very specific things but that's a very inefficient way to learn something like SQLAlchemy.

Good documentation should absolutely provide a usable reference to quickly look up common ways to solve common problems. Even the PHP docs got that right twenty years ago.

Also, I disagree: A library should be as self-evident and incrementally understandable as possible, not require reading a full tome and grow a grey beard before being accessible.

> "Complex queries" usually turn up when you're doing something like rendering a table or report or something. You don't need the ORM for this kind of thing, just write a query.

Or, when building generic filtering/sorting/pagination logic for a bog-standard CRUD app. Or to do full-text search. Or when doing lateral joins to minimize queries. Or to iterate over a huge table. There's lots of cases where I want the ergonomics and malleability of ORM query instances even when working with complex queries.


> I feel like these days people just want quick answers to do very specific things but that's a very inefficient way to learn something like SQLAlchemy.

In defense of OP, a particular frustration I have with SQLAlchemy is that I understand SQL just fine, but the ways in which I translate my SQL knowledge into SQLAlchemy incantations is often pretty obscure. I think I deserve "quick answers to do very specific things" because I already have the exact form of the SQL solution in my head. That it then takes 20 minutes of digging through docs or ChatGPT is annoying.


Exactly the reason I stay away from it. I prefer just SQL and something like aiosql to load it.

Yes. It’s super opaque. SqlAlchemy is one of those libs I want to like but the docs just make it too difficult.

Have you tried SQLModel?

I've tried using it but it's still so immature and poorly documented. I wish it were different because I love the idea of it.

You mean Python is not a language for production applications ?

Only when performance doesn't matter, then it becomes a DSL for C and C++ libraries.

For me, until it gets a production quality JIT, or PyPy and GraalPY get more community love, it remains a scripting language for learning on how to program, automating OS and applications tasks.

Instagram I think would like a word with you on its viability for production.

Maybe you should first investigate all the gimmicks they had to do, between amount of servers they had to ramp up burning needless budget, rewriting code into C and C++ libraries, Go or whatever else they ended up adding, before doing such statements.

https://stackshare.io/instagram/instagram


Any other link to share about that? The stackshare url does not even mention anything related.


It surely does, it is quite simple to correlate how many of those technologies are actually implemented in Python.

Pure Python that is.


One thing that struck me was the lavish praise heaped on the ECS of the game engine being migrated away from; this is extremely common.

I think when it comes to game dev, people fixate on the engine having an ECS and maybe don't pay enough attention to the other aspects of it being good for gamedev, like... being a very high level language that lets you express all the game logic (C# with coroutines is great at this, and remains a core strength of Unity; Lua is great at this; Rust is ... a low level systems language, lol).

People need to realise that having ECS architecture isn't the only thing you need to build games effectively. It's a nice way to work with your data but it's not the be-all and end-all.


For sure. I've worked at orgs where we disabled package vulnerability scanners because they created a constant stream of upgrading busywork. So many "vulnerabilities" are things like "JavaScript prototype pollution in this package that does something in your build toolchain". So much noise and so very little signal, the incentives of these scanning and vuln tracking companies just aren't aligned well I don't think.

Nowadays I tend to more rely on tech news to hear when there's an actual serious vuln I need to address.

(Note I'm not advocating everyone do this. Do your own risk assessment).


Note that tech news is biased towards flashy or relatable security issues. Nobody is going to n-day your phone (though you should, of course, keep it up to date). It's your Drupal you should worry about.

With that said, there is a long and proven track record of attacks on phones.

But those tend to be against journalists and activists.

What threat model you operate under is a nontrivial problem.


Right, those posts are kind of like newspaper articles about shark attacks

I find it unacceptable that a critical infrastructure operator like Red Electrica seems to only be posting updates on X.com, a website where if I don't have an account, I can't see a timeline of updates (because when logged out X jumbles up the post order). Updates should on on their website. This kind of outage can be life threatening

This complaint needs to be passed to European regulators at either BEREC, ACER or DG Connect, since using a loginwalled site is a violation of EECC directive 2018/1972. Ideally they can just designate 1 approved site that all utilities should harmonize on using for their status updates.

Is this a joke? Because that seems like exactly the wrong thing, and such a system would itself be a bottleneck for downtime issues.

Using twitter has the huge advantage that spikes in users in Spain for checking this stuff is a rounding error in the normal traffic so is very unlikely to take down the status page.


no one would/should prevent companies from using also private channels like X, FB, Instagram, etc but enforcing a public channel that doesn't require private citizens to register, accept T&S and share their private data with 3rd party, unrelated private corporations to be informed of critical, public safety information would be helpful.

Aside from the login issue, Twitter has outages too. It really isn't really that hard to replicate posts across multiple services in 2025.

They may not be aware. We had Dutch fire depts do the same, it used to be possible to see tweets without logging in.

Totally agree. In the meantime, while Musk fetishism doesn't wear off, you could use xcancel to bypass the sign-in wall

https://xcancel.com/redelectricaree


It's not Musk fetishism. It's network effects. Most people hate X and hated Twitter but people use them because people use them.

This should show people just how powerful network effects are. They are legitimately a force of nature.


I strongly agree, and to me this supports the argument for heavier regulation (or any really)

[flagged]


Saying things you know to be untrue will not win you political friends in the long run; quite the opposite: it’ll cast doubt on every other opinion you have

That's funny, Fascism has never struggled to gain followers while lying about everything. In fact, an explicit abandonment of truth and reality is inherent in most Fascist regimes, and is also prominent in other types of cult of personality authoritarianism.

Maybe outright lies are more effective at getting followers than you suggest.

That being a distasteful reality doesn't make it incorrect.


There will always be a number of loons willing to support any fringe idea you might mention.

The key is: will the bulk of the people, who are in the center, go for it?

And the answer is: if they perceive the idea as being cynical, or purposely deceptive, then no. Even if politicians temporarily get away with lies, every lie does long-term damage to a movement.

The truth will out.


Only for those who don't understand sarcasm or other forms of figure of speech and art in general. For those I'll prefer distance anyway, so it's a win-win.

It's hyperbole, not sarcasm, and it's an effective way to neuter yourself politically. Have you ever rolled your eyes at someone going on and on about communists in the deep state?

Ok thanks for the heads up.

> Have you ever rolled your eyes at someone going on and on about communists in the deep state?

Not really, I'm indifferent to those that I'm not interested in what they have to say.


They did post on BlueSky, but not every update so I assume someone is cut and pasting manually...

https://bsky.app/profile/redelectricare.bsky.social


While I don't particularly like twitter (X), in a situation like this it probably has a better reach than the website of REE.

That said, twitter should allow for official profiles and organizations to have their tweets (xs?) made public.


You’re kidding right? The overwhelming majority of people do NOT use X or have accounts there. We are in a bubble. (Not making a Musk point here as it was the same before the “exodus”)

They probably did not patch their firmware in years and have their SCADA systems live on Shodan with default passwords...allegedly...

I remember years ago someone scanned the Internet IPv4 space for open unpassworded VNC servers. Many of them looked disturbingly like industrial control systems.

Just take a look at https://infosec.exchange/@shodansafari. A lot still look like that.

Even the water control system for a big French Dam:

"115 batshit stupid things you can put on the internet in as fast as I can go by Dan Tentler" - https://youtu.be/hMtu7vV_HmY


[flagged]


They could definitely just post updates on their website, the infrastructure is there, running, if they want to inform people on Twitter it's just a bonus to message it through the network that is Twitter.

But important/urgent updates only via Twitter is definitely a huge no-no.


[flagged]


I assume that a major electric provider has the capacity to build a simple status update system where they post. It's much simpler than any "blog platform" case study used to assess junior engineers. You are assuming that it's their IT systems which crashed the electrical network and there's no sign of that at all at this moment, you are misleading in there to try to score a point, stop.

It's far easier to use Twitter but it doesn't mean it should be used, it fences out people like the OP and me, who do not have Twitter nor want to have Twitter, I don't want to be forced into using a private corporation service to get status updates from the electrical network where I live in. It's quite a simple proposition and very reasonable, not sure why you are so incensed by a quite reasonable expectation.

> Also, why do you assume that website wouldn't crash under the sudden 10000x load? It is an utterly useless solution, that wastes time and solves nothing.

Because it can be cached very easily, it's 2025 where setting up this kind of cache is extremely easy compared to 2005.

> Like does your engineering skills suddenly magically evaporate the moment Elon's name is mentioned?

Please, stop, you are too irrational to understand a very simple and reasonable thing, no need to start throwing Elon into this bullshit, just stop here with the rabid lunacy. I was against major corporations only posting updates on Twitter waaaay before Elon bought it, I still stand by it.


Working on an EU domiciled PaaS

...extensive setup?

Last year I went hiking in Switzerland, so I mailed a couple of different maps of where I was going and picked them up from the print shop in town, which took me...... 30 minutes?

The times I've used my phone for hiking I've always regretted it for one reason or another. Maps are so much better, and it's not extensive setup getting your hands on one, one way or another. Come on.


Right! They also explained in that series that the Scots were economic migrants there for the steelworks work. Great series too.


Some speculation

On DMS:

- DMS is a very specific configuration that’s rarely the endpoint of non-living chemical cycles.

- The simplicity of DMS doesn’t make it less indicative of life—it actually makes it a very selective molecule, which only shows up in large quantities when life is involved (at least in Earth-like chemistry).

- Until we find a compelling abiotic pathway, high DMS remains a strong biosignature, especially in the context of a planet with a potential ocean and mild temperatures

Possible origins:

We’re looking at some form of life that can:

- Thrive in a hydrogen-rich atmosphere

- Possibly live in or on top of a global ocean

- Generate large amounts of DMS—potentially thousands of times more than Earth

The closest Earth analogy is:

- Marine phytoplankton, particularly species like Emiliania huxleyi, produce DMS as a byproduct of breaking down DMSP, a molecule they use to regulate osmotic pressure and protect against oxidative stress.

- If something similar is happening on K2-18 b, we’d be talking about an ocean teeming with such microbes—perhaps far denser than Earth’s oceans.

Possibly "Giant photosynthetic mats" or sulfuric "algae"

If there’s some landmass or floating structures, maybe the DMS producers are:

- Photosynthetic, sulfur-metabolizing analogues to cyanobacteria

- Living in dense floating colonies or mats like microbial reefs

- Using dimethylated sulfur compounds in their metabolism, and leaking DMS as waste or signaling molecules

===========

Of course there have been lots of ocean planets in sci-fi literature, but I'm most reminded of the "Pattern Juggler" Planet Ararat from Alastair Reynolds' "Revelation Space" series.

This is incredibly exciting news!


> Of course there have been lots of ocean planets in sci-fi literature, but I'm most reminded of the "Pattern Juggler" Planet Ararat from Alastair Reynolds' "Revelation Space" series.

Erk. Couldn't you pick something from a less... apocalyptic universe? :)


The idea of floating mats of life reminded me more of Wang’s Carpets.

https://en.wikipedia.org/wiki/Wang's_Carpets


Not that exciting until they find other different biomarkers.

Dead Comets have DMS: https://arxiv.org/abs/2410.08724

And the interstellar medium.... "On the abiotic origin of dimethyl sulfide: discovery of DMS in the Interstellar Medium" - https://arxiv.org/abs/2501.08892

"...Although the chemistry of DMS beyond Earth is yet to be fully disclosed, this discovery provides conclusive observational evidence on its efficient abiotic production in the interstellar medium, casting doubts about using DMS as a reliable biomarker in exoplanet science..."


This planet is 2.6x larger than Earth and has concentrations of DMS "thousands of times stronger than the levels on Earth".

It would take a lot of cometary impacts to seed the entire ocean with that much.

From the paper [1]:

> Therefore, sustaining DMS and/or DMDS at over 10–1000 ppm concentrations in a steady state in the atmosphere of K2-18 b would be implausible without a significant biogenic flux. Moreover, the abiotic photochemical production of DMS in the above experiments requires an even greater abundance of H2S as the ultimate source of sulfur—a molecule that we do not detect

[1] https://iopscience.iop.org/article/10.3847/2041-8213/adc1c8/...


Or, megafauna. Some Leviathan in the deep.


Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: