Threads for AhRuoWai

  1. 7

    So, what’s it like running Fuchsia on bare metal? That’s what I was hoping the article was about.

    1. 2

      Yes, I would much rather hear about what it’s like to install and run Fuchsia, than debate its ideological purity. (But then, I’m one of those blackguards who runs a corporate closed-source OS.) Has anyone actually sullied themselves?

      1. 1

        I think this can be used on bare metal with “Intel NUC” hardware, but that seems pretty limiting.

      1. 14

        In metric units 170F is about 75C, which is literal Sauna temperature. Wow.

        1. 1

          A sauna is much more dangerous. Just as the air in a 150 celcius oven is pretty hot, but a 100 degree steam coming out of a pot is going to hurt way more. Temperature isn’t the only relevant factor when it comes to cooking…

          1. 4

            You make it sound like a sauna is dangerous. It’s not, because you get out when you get too hot.

            In Finland there were less than 2 deaths in sauna per 100,000 inhabitants per year in the 1990s. That was a time when on average, Finns spent 9 minutes in a sauna twice a week. That’s one death per 780,000 hours spent in the sauna. And half of that is because people binge drink and go to the sauna.

            I don’t have statistics for deaths per hours a child spends in a hot car, but it cannot be very high considering reasonable people don’t leave children in a hot car at all yet there are dozens of deaths every year.

            1. 2

              In these comparisons I think the deciding factor is the ability/inability to leave the hostile environment…

            2. 1

              Saunas are typically dry air (although you can sometimes pour water onto hot stones). There are 100degC saunas which you can sit in for several minutes because heat transfer is so low. But a 100degC steam room would instantly burn you (and so doesn’t exist).

              1. 1

                Yeah humidity plays an important role as well. Sadly the post doesn’t show the record high with humidity info, but maybe @JeremyMorgan can enlighten us :)

                1. 2

                  It looks like the min [1] humidity was 7.8% from one of the pictures.

                  [1]: Humidity and temperature should be inversely related, so as the temperature rises, the humidity should decrease, as more water vapor can be “stored” in the air. Similarly, when the temperature drops, humidity increases, leading to dew in the early morning or fog.

                  1. 1


                    Humidity levels:


                    • Min: 13.6
                    • Max: 89.3

                    In the car

                    • Min: 6.8
                    • Max: 55.3

                    Seems like some wild fluctuations. It was an unusual weather event for sure.

              1. 1

                I guess the purpose of this is to stop employers who use TLS mitm systems or who have access to data-at-rest on employee devices from de-anonymizing users. To understand whether this is effective, I’d like to know:

                1. Does Blind use a different encryption key for each user? If not, this system is futile as an employer can just get the global key by signing up themselves.
                2. Does Blind send keys every page-load, or just once to be stored locally? If the key is stored, then it’s accessible to employers with data-at-rest access. An employer with TLS decryption can save the key from when it is first distributed or last sent.
                3. If Blind uses localStorage, does it use the key to encrypt this.
                1. 5

                  Never heard the term page builder before. Does this just mean CMS?

                  1. 3

                    Maybe tools like FrontPage? But I thought that was depreciated a long time ago…

                    1. 3
                      1. 2

                        The article mentions “ I am referring to the WordPress and Shopify ecosystems here”. So CMS-ish.

                        1. 2

                          Think Google Sites, Squarespace or Wix. These are WYSIWYG interfaces where you drag and drop text boxes, images, forms and so on to create pages. They are technically CMSes, but a lot less sophisticated and but more easily made to show a custom page than a true CMS like drupal.

                        1. 4

                          This article looks at two markets - the labor market and what I’ll call the “cost of living market”. The author clearly believes the labor market is unfair - otherwise they’d advocate paying whatever the market rate is (ie the minimum they can). However the article turns around and says you shouldn’t factor in cost of living because high cost of living in some places because the price and your choice to live there means it’s worth that amount. I don’t see how you can think workers should ignore market rate salaries but accept market rate living costs.

                          If you want to reject market rate salaries, why not really aim for “fairness” and shoot for a set quality of life?

                          Of course it’s all moot — any reasonably developed for-profit business is going to pay the least they can for what they want. Market rate it is.

                          1. 1

                            Exactly. If your remote workers will work for less money, that’s because they are willing to accept the work for less money. They are accepting pay in the form of their remote lifestyle.

                            1. 6

                              A fascinating read, particularly the section about Sign in with Apple.

                              As much as I dislike Apple’s app monopoly, the fact that they have been leveraging this to give a little bit of power to their users is promising.

                              Leaves me conflicted though; I don’t know whether to be pleased with the move or not.

                              1. 1

                                I’m glad to have a challenger to Facebook and Google in this space. That said I wish it had been a distributed/open solution.

                                1. 1

                                  They had to be just closed enough to ensure a consistent experience.

                                  1. 1

                                    Undoubtedly from our perspectives an open solution would have been better. But open solutions have been attempted and failed in the past.

                                    As you say, by being closed, the experience is consistent. And for better or worse, people trust Apple. I think the most important thing is that Google and Facebook’s hold is being fragmented.

                              1. 6

                                Firefox Monitor uses as it’s source and seems to provide exactly the same functionality. It’s not clear to me what the value-add is?

                                1. 15

                                  There are a couple value adds:

                                  1. Trust via brand recognition. I’ve asked my parents to check before and it took me 10 minutes to convince them it was safe to visit. I love the service, but the domain name alone makes it unsuitable for the vast majority of internet users.

                                  2. Discoverability. Only a tiny minority has ever heard of haveibeenpwned and word of mouth won’t reach nearly as many people as a Firefox can.


                                  There’s also the possibility of future integrations with e.g Firefox Lockwise.

                                  1. 8

                                    Haveibeenpwned is English only. Monitor is available in dozens of languages.

                                    The audience is non-technical. Being affected by a breach causes a lot of uncertainty and fear in a people. Monitor helps them understand what they need to do (basic password hygiene) in their own language. Tldr: localization, simplification, emails for new breaches.

                                    1. 5

                                      I guess the only difference is that Mozilla gets to collect your email address and (per their privacy policy) basically send you things and share it with salesforce and amazon:

                                      If you sign up, we (and our email providers SalesForce and Amazon) receive your email address to contact you in connection with the Firefox Monitor Service, which includes Full Reports, Breach Alerts, and Safety Tips. You can unsubscribe at any time.

                                      1. 2

                                        @ahal put it very well.

                                        Aaaand people use their emails to sign up for really shady services, which outsource their email to one of these Amazon/Sendgrid/Mailchimp companies anyway. The GDPR (allegedly, at least) helps a bit, but I think the bigger damage has been done a priori.

                                        Mozilla’s business is not in mail delivery, though in this case it sounds like they could, and maybe should, take care of it themselves.

                                        I’m taking this as a sign of them seeing outsourcing as a lesser evil and risk than hiring someone to maintain Postfix and in-house tooling.

                                      2. 1

                                        In Troy Hunt’s announcement from last year, he mentions that only 0.06% of pwned email addresses are signed up to the notification service.

                                      1. 2

                                        It’s worth checking against the entire list. Checking against the top passwords provides a degree of brute force prevention, but the real reason to check against a leaked password list is to prevent credential stuffing. That is – if a user re-uses their password on another site that gets leaked, the exact user/password combo is out there and attacks can try it on various sites to see if there is a match. This applies even if it is a unique password at the tail of that 550 million!

                                        1. 1

                                          There’s a tradeoff to be made between the false positive rate, the number of passwords checked, and the amount of disk/network bandwidth used.

                                          The full list is ~11gb compressed, and the smallest bloom filter that’ll get an acceptable false positive rate on the full list is ~1gb. This gem is 32mb.