> I believe another contributor managed to get an app running using Postgres, but I don't know how they did it. I think there's some aspect of the Sandstorm sandbox that throws Postgres for a loop, and you have to kinda hack around it.
That would be me. I've done it on a private app and helped bring it to another app, so it's repeatable. I'll try to explain it on the sandstorm-dev group in the next week or so.
I'm sorry that you celebrated your birthday alone. That's not fun.
Don't beat yourself up because you think that someone younger and richer can solve the problems that you are solving more effectively. The reality is that someone younger and richer is not interested in solving the problems that you are actually solving. Elon is working on space, but he's not working on helping the homeless.
The world is bigger than it seems and your impact on it is beyond what you can see. Don't worry that you aren't Elon Musk. Your post, thus your existence, reminded me to get back to looking into emergency mesh networks. (I looked at your submissions and comments.) One of my clients is a clinic in a place that is expecting a natural disaster and will likely lose communications when that disaster happens. Your work on LoRa and ESP32s may end up saving the lives of people you've never known.
I agree that everyone, even security researchers, will make mistakes. But there are people who survive with state-level actors in their threat model. These people probably 1) do not post their threat model and mitigations in easy-to-Google places and 2) have the help of one or more other state-level actors.
Well it’s twofold: one is that security researchers will use bad passwords and click in shady links just like anyone else, and the second part is that even people with state-level adversaries that are actively trying to avoid getting hacked (journalists, whistleblowers, the like) get hacked anyways because they…carry an up-to-date flagship. There really doesn’t seem to be actual protections against a determined state actor short of not using computers…
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good pass-word and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFI-NITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them."[0]
I feel like James had the deadline wrong in his calendar and this article is what "Right, sorry, I'll get it over to you by the end of the day" looks like when there is not in fact already a pretty much complete piece that just needs some polish but instead an empty Word document and half an idea in your head.
Like so many people, James is pretty confident that anything he doesn't understand (including apparently elliptic curve cryptography) is probably unimportant, and that the solution to his pressing problems is just to make something he knows isn't possible easy (remembering a separate strong random password for every site) so the people who are working on stuff James doesn't understand ought to work on that instead.
This piece was written, I think, slightly before BCP 188 ("Pervasive Monitoring Is an Attack") but to me it feels as though that's the answer to it. Yes, the NSA (or Mossad, but realistically the NSA) could definitely win if that's what it came down to, you or them. But that's very rarely the situation. Their budget, though large, is finite, and your value, even if large, is also finite. If snooping every word said on the telephone by an American costs 5¢ per citizen, why wouldn't the NSA do it? Worth a shot. But if it costs $5000 per citizen that's gonna blow their budget, and for what? So that's what BCP 188 is about, the question isn't whether you're dealing with "Mossad or not-Mossad" it's whether you are the Protagonist or just another extra. We can't make it impossible for a sophisticated and resourceful adversary to succeed, but we can make it very expensive so that they are obliged to choose their shots.
> But if it costs $5000 per citizen that's gonna blow their budget
The end result is that they split the type of surveillance between "cheap" blanket surveillance, and targeted surveillance for the targets that are deemed valuable enough, while also striving to drive the "per target" price down.
Mass surveillance offers a good opportunity for economy of scales, and gives you a very granular estimate of how valuable a particular target is.
I mean, it is pretty clear the piece is supposed to be burlesque, right? Do you actually think James is trying to write about how cryptography is totally useless and we should just give up?
It's certainly busking, which, I dunno if this is a regular column he did, but if so as commissioning editor I'd be pretty unhappy with that. I was serious that this feels like it was churned out at pace.
I can't see a way to interpret this that doesn't come back to, fix passwords and stop bothering with this other stuff. In some forms (e.g. satire) you are supposed to sneak in an actual point you wanted to make (e.g. Swift's "Modest Proposal" lists the things Swift thinks would actually work, pretending to dismiss them as inferior to eating babies). But I believe in Burlesque it is considered satisfactory just to point and laugh. I didn't laugh, maybe that's on me.
So, just for context, he wrote a number of these: https://mickens.seas.harvard.edu/wisdom-james-mickens. They're joke articles meant to satirize some field of computer science; cryptography isn't the only topic he discusses.
Six articles like that :( Worse, it appear this is his style everywhere, including live in person. Perhaps somewhere in amongst this James is actually an expert on something who has useful knowledge to impart to Harvard's students, but perhaps not? Maybe you really can go to a "lecture" in which a tenured Harvard professor expects you to laugh at jokes which even by the already woeful standards of Computer Science jokes, are not funny. Ouch.
One of these articles proposes that the problem with smartphones is that they aren't very good phones. In this "satirical" form it proposes a pyramid shaped "hierarchy of needs" for phones with "Make phone calls" as the most important element at the bottom.
Perhaps in 2014 that felt like an insight, to James Mickens or to his readers. I don't think so, but maybe 2014 is longer ago than I think it is, and maybe nobody had noticed back then that (and I apologise if this is an amazing insight to you now):
Calling them phones was an excuse. People aren't very good at figuring out what they actually want, so telling people we're going to offer them Network capable handheld computers wouldn't work, they don't realise they want those. So you say these are "phones" and then let them gradually figure out that actually they have never wanted to make a telephone call in their life but they did want a handheld computer to access the Network.
The form factor makes no sense for a phone. Clearly a rectangular sheet of glass isn't the right shape for a phone. But it is a good shape for a handheld computer. Which, again, is what you actually wanted anyway.
And yet there is a need for software. I'm supporting a clinic in Asia that is using OpenEMR for records. The government is requiring reporting of diagnoses by category. This is exactly the sort of paperwork that an EMR system should be able to solve well. Since we haven't figured out how to do this with OpenEMR, the staff is doing it by hand. I hope to solve this problem soon, whether by figuring out how OpenEMR supports this or by adding this functionality.
I worked for an Indian manager in a game studio. I don't know what caste, except that he wasn't Christian or Muslim, probably because he didn't think it worth mentioning. He hired based on demonstrated skill, so we had a diverse group of coworkers. He actively encouraged the group to eat together, arranging meals out with careful consideration for the group's preferences. He was approachable, personable, considerate, friendly and kind.
People are people and stereotypes do not always fit.
I think you are right. I had this part of the comment in mind:
> Then there is the case where if an Indian gets into management, they will start
> filling everything with their friends. Other management positions, they will start
> fighting to bring in some contractors from some place like Infosys.
This was not my experience. I also felt that the overall tone of the comment was negative, so I wanted to share that not everyone has had a negative experience with Indians in management.
But no one ever calls it out when a white manager reports to another white manager who reports to another white manager and so on. That has an effect on the group dynamic as well, where an Indian employee or those of other backgrounds may not feel included. Another example is the comments here calling out Indian managers’ nepotism, which feels like an assumption without basis. Referrals and leveraging employees’ personal networks are a key hiring strategy for every tech company. And yet when Indians do it, an ugly label of “nepotism” gets affixed to it, with accusations of racial or religious discrimination.
I’m very disappointed in how HN views Indians - it seems like they are not treated as other minorities in America, and aren’t afforded the advantages of being white in America either. Instead a different standard is used against them, labeling standard professional practices with ugly terms. I wonder if the HN crowd also regards other Asian coworkers similarly.
When two members of the same underrepresented group are a reporting pair, they tend to get disproportionately more suspicion of nepotism than when two members of the majority/plurality do.
Armbian on Espressobin is a nice platform. I have three v5 Espressobins. Sadly, the v5 units have some quality issues. One of the three runs non-stop. The second reboots sporatically. The third freezes sporatically and has to be unplugged. I don't know if the cause is thermal or poor soldering or something else. I would buy many more if they were reliable.
I had some experience with Espressobin v5 and v7 devices. All the issues that I had with the devices were caused by terrible software support. Openwrt was unstable. The original kernel was too old.
The best results were using armbian kernel and userspace for this device. You should be able to build one in a less than an hour on modern pc.
I have a v7 device that I use with a sata drive. It has been stable so far.
Edit: forgot about needing a recent bootloader. This is also mentioned by armbian docs.
That's a pity that the build quality is bad. Librecomputer might be worth a look - they spent years and significant amounts of money upstreaming the kernel for at least one of their boards, but I haven't used them enough to comment on the build quality.
I can confirm that cloning a local Borg repository to a cloud system works. One of my systems uses Borg to make a local backup. Next, B2's command line tool synchronizes the local Borg repository to B2.
I don't think I understand how this is not circular reasoning (can't use UUIDs in place of phone numbers because contact list is comprised of phone numbers instead of UUIDs.) If contacts are not phone numbers, then is there a problem with them living on Signal's servers? Are we back to the complaint about discovery being difficult?
Signal uses phone numbers because it makes discovery easy. Threema, for example, can use phone numbers for discovery but does not require it. Discovery without phone numbers is easy. I see my contacts and scan their Threema QR codes. If I need to contact a friend of a friend, my friend gives me the FoaF's Threema ID.
Sandstorm has accidentally solved the problem of rapid change by not having enough developers to continually update the available applications, which include Wordpress. You can also ignore updates.
Thankfully, the architecture of Sandstorm turns many types of vulnerabilities in the installed applications into non-events. This means that the lack of updates is not so alarming.
Good to hear Sandstorm is still alive! It is precisely the kind of thing that has some chance of making self hosted popular among the wider public, instead of ever shrinking patches maintained by die-hard enthusiasts inside a sea of corporate silos.
Sandstorm(.io) is very cool, and it does make managing your self-hosted web apps very easy. But it does not run Docker containers and it only runs on Linux x86-64. (There have been some attempts at running Docker containers with Sandstorm, but they are not easy to use.) Instead, the web applications must be specifically packaged for Sandstorm.
That would be me. I've done it on a private app and helped bring it to another app, so it's repeatable. I'll try to explain it on the sandstorm-dev group in the next week or so.