|
Zamujasa posted:the best part about working from home is being able to just peace out during a meeting to take a big fat poo poo do you bring the laptop in with you or no
|
# ? Jan 7, 2022 08:49 |
|
|
# ? Apr 19, 2024 16:12 |
|
Sniep posted:do you bring the laptop in with you or no just my wireless headset. after all, if they wanted to see something horrible constantly spewing poo poo they need simply turn off their monitor
|
# ? Jan 7, 2022 08:51 |
|
oh, headset, i dont have one of those i just use speaker/mic
|
# ? Jan 7, 2022 08:56 |
|
Zamujasa posted:just my wireless headset. after all, if they wanted to see something horrible constantly spewing poo poo they need simply turn off their monitor remember to forget to mute
|
# ? Jan 7, 2022 09:27 |
|
Jabor posted:A lot of the time you don't sit down at your desk and immediately jump into coding poo poo up. then my whole afternoon is thinking about what ill do tomorrow
|
# ? Jan 7, 2022 10:12 |
|
FMguru posted:yeah its for your morning administrative tasks - update tickets, add notes to stories, read the cafeteria menu, ping people you need responses from, etc. ok i kind of can imagine doing stuff like this on a phone when sitting on a packed tokyo commuter train or the paris metro/rer, both of which are pubtrans commutes i have experienced. my work currently means that each morning is sync up with the head office on the other side of the planet before they clock out, which means voice meetings, which means it is impossible to do on any kind of mass transit, because you will piss everyone else off at best but also this is probably against every company regulation that even vaguely cares about randos shouldersurfing and overhearing you talking about corporate stuff i am currently remote, but my calculus for office commute is basically: if i can bike there and back, it counts as exercise and i will still leave early some days because drugs that completely shut off work think outside of office hours have not been invented yet, not to mention the ability to just leave my work knowledge into a magical orb on the desk at gently caress this poo poo o'clock i usually try to live in a 10-30 minute bike ride from the office
|
# ? Jan 7, 2022 13:21 |
|
cryptonector 1 hour ago | root | parent | next [–] You can never know if the vaccine made it less bad. If you don't like anecdotes about how tame covid was w/o vaccines, don't say things like "it would have been worse w/o the vaccine". reply gitgrump 1 hour ago | root | parent | next [–] But statistically it is. Unvaccinated people die more. Vaccinated people die less. You can't _know_ in a meaningful sense in your specific instance, but your risk is what it is no matter what. I'm not sure what's hard about this. reply cryptonector 57 minutes ago | root | parent | next [–] Sources please. Include the ones that get censored. reply
|
# ? Jan 10, 2022 23:38 |
|
oops how do i unattach something uhh
alexandriao fucked around with this message at 04:32 on Jan 11, 2022 |
# ? Jan 11, 2022 04:25 |
|
technomancy 27 hours ago When trusting the developers (and if you don’t, why would you use their library?) If you trust the developers, why not give them root on your laptop? After all, you’re using their library so you must trust them, right? --
|
# ? Jan 11, 2022 05:28 |
|
technomancy is actually super cool & good and I know them IRL.
|
# ? Jan 11, 2022 13:22 |
|
I think the point they're trying to make is that if you trust someone enough to execute their library, it's sort of silly to say "oh well obviously you should do ... (pin the version, etc.) just in case they make a malicious change." If you just pin the version and leave it you also run into problems from unpatched vulnerabilities, etc. I'm not sure there's really a solution, although the situation is definitely worse in javascript-land because every package has twenty thousands indirect dependencies. Also this seems to be from lobste.rs and it seems like this person stopped posting on hacker news so maybe they deserve a little benefit of the doubt.
|
# ? Jan 11, 2022 13:37 |
|
i think even that is overcomplicating the point. it is not like you're reading the version you pin either, you're deploying and running this persons code sight unseen, as far as security boundaries and trust go you may indeed as well just give them root access.
|
# ? Jan 11, 2022 13:56 |
|
root’s bad but I got a lot of poo poo in dotfiles under my own user
|
# ? Jan 11, 2022 14:29 |
|
MononcQc posted:root’s bad but I got a lot of poo poo in dotfiles under my own user yeah, i think people overestimate how important a distinction root is for most systems. if you control library code you'll have the access devs have, and the access the system in production has. even without invoking some privilege escalation i think in most cases that will add up to just about anything you might actually want. at the very least i don't think it is an unfair comparison in levels of trust.
|
# ? Jan 11, 2022 14:36 |
|
Cybernetic Vermin posted:i think even that is overcomplicating the point. it is not like you're reading the version you pin either, you're deploying and running this persons code sight unseen, as far as security boundaries and trust go you may indeed as well just give them root access. what? it makes perfect sense to both (a) trust that the code currently published on npm and already used in the dev environment is fine, and (b) not trust that the guy who wrote that code won't leak his npm private key to or go nuts and push an infinite loop on a friday night and no, you don't need to manually audit every line of code you import, unless you run a medical software company or something. you can do what LTS releases of ordinary software does: wait a few weeks or months before pulling updates, trusting that malware or horrible bugs will have been sniffed out by then.
|
# ? Jan 11, 2022 15:54 |
|
that is not at all perfectly reasonable, the sniffing out is not something that happens by itself. do you even have a system for the months of sniffing criteria set up?
|
# ? Jan 11, 2022 15:58 |
|
NihilCredo posted:what? it makes perfect sense to both (a) trust that the code currently published on npm and already used in the dev environment is fine, and (b) not trust that the guy who wrote that code won't leak his npm private key to or go nuts and push an infinite loop on a friday night and it also makes sense to (c) not trust the guy to not introduce a bug that suddenly breaks your poo poo there are application domains like aviation related stuff where they won't even dare upgrade the hardware and pay a premium for old rear end replacement network cards or whatever because they have validated and certified that their poo poo works on that particular hardware when they developed it decades ago and then you have all the idiot webdevs that automatically update all their dependencies everytime their ci runs just lmao
|
# ? Jan 11, 2022 17:29 |
|
idk about you but i don't particularly want to use the nasa coding guidelines for writing games or internal tools, no sure, there are domains like aviation where every line of code needs to be inspected by multiple pairs of eyes, vetted by a qualified engineer, and relentlessly tested in every possible scenario at all times. so is medicine and anything capable of physically maiming or financially ruining a man there are far more domains where as long as you don't happily download a crypto miner or a fresh left-pad into your program, a reasonable effort to discover show-stopping bugs during tests is more than enough there's a kind of programmer, who is incidentally quite common on hn, who love to ponder their orbs insist that everything should fall under the former category in the log4j threads i saw some hn'ers suggesting with a straight face that it was irresponsible and unprofessional to import log4j in the first place unless you had personally gone through its entire source code yourself. rofl
|
# ? Jan 11, 2022 18:35 |
|
I just login as root, op never run into permissions issues
|
# ? Jan 11, 2022 18:55 |
|
NihilCredo posted:idk about you but i don't particularly want to use the nasa coding guidelines for writing games or internal tools, no see, this is a very different take from "as long as i pin already old packages magic gnomes i also don't pay will keep me safe"
|
# ? Jan 11, 2022 19:16 |
|
dncornholio 9 hours ago | parent | context | flag | favorite | on: PHP in 2022 Hating on PHP almost feels like racism. All the arguments are biased or false. I always get sad after clicking on PHP articles on HN. reply HN: racism isn't real, except when it's against PHP developers.
|
# ? Jan 11, 2022 22:56 |
|
or conversely HN: racism is bullshit since people can just learn a new race
|
# ? Jan 12, 2022 00:16 |
|
Mr.Radar posted:dncornholio 9 hours ago | parent | context | flag | favorite | on: PHP in 2022 ackthully php is anti-semetic because they removed the paamayim nekudotayim for being hebrew, and furthermore
|
# ? Jan 12, 2022 00:45 |
|
Zlodo posted:and it also makes sense to (c) not trust the guy to not introduce a bug that suddenly breaks your poo poo in those domains it’s called “software of unknown provenance” or soup I’m sure web devs would counter that npm, inc isn’t unknown! just look at their crunch base https://www.crunchbase.com/organization/npm
|
# ? Jan 12, 2022 00:51 |
|
this one isn't bad or anything, i just appreciated this unironic article title Why I Like D (aradaelli.com) 9 points by aradaelli 1 hour ago | hide | 6 comments
|
# ? Jan 12, 2022 03:44 |
|
https://news.ycombinator.com/item?id=29900496 i like this thread because everyone gives a different (conflicting) answer prime nerd hn know-it-all-ism
|
# ? Jan 12, 2022 14:45 |
|
Mr.Radar posted:dncornholio 9 hours ago | parent | context | flag | favorite | on: PHP in 2022 yea im a php realist
|
# ? Jan 12, 2022 14:54 |
|
Jensson 9 minutes ago | root | parent | next [–] Those were thanks to labor movements, not unions. They are not the same thing, labor movements happens thanks to Democracy. Democracy is crucial, I agree, it lets groups organize, protest and fix problems with how society works. But what we call unions today are not that. I'm all for labor engaging in politics, but they can do that without paying union dues for working at a company. The problem USA's workers face today isn't lack of unions, it is lack of proper representation in their democracy. reply
|
# ? Jan 12, 2022 18:29 |
|
"I'm all for labor engaging in politics, but" - an archetypically HN way to start a sentence
|
# ? Jan 12, 2022 18:32 |
|
shot: sahil50 1 hour ago | prev | next [–] fyi, "dark matter" is not a real thing. Modified gravity (MOND) accurately models galactic rotation for hundreds of galaxies with sqrt(GM/R^2 * c*H / 2pi), without the stupid and ludicrous idea of invisible, noninteracting blobs of dark matter around every galaxy. The reason "dark matter" has persisted in the public consciousness is that TV cosmologists keep pumping it, and academics currently in charge built their careers on it and don't want to lose their funding. reply chaser: sahil50 41 minutes ago | root | parent | next [–] I have a degree in Computer Science from Yale. I built https://zedtime.live and I'm building https://spase.io and I've been in direct communication with cold dark matter (CDM) and modified gravity (MOND) cosmologists for the last 20 weeks. I basically ask the questions that I'm gonna guess everyone has on their mind, and I'm just moving the conversation along faster. reply
|
# ? Jan 13, 2022 01:41 |
|
Sabine Hossenfelder’s blog is a real good resource if you want to know true things about MOND and other physics past the standard model btw
|
# ? Jan 13, 2022 02:16 |
|
that could be the realest of real things but my first assumption from the phrase “I've been in direct communication with cold dark matter (CDM) and modified gravity (MOND) cosmologists for the last 20 weeks” will always be that this is an oh god this rear end in a top hat emailed me again?!! situation
|
# ? Jan 13, 2022 03:29 |
|
I've been in direct communication with cold dark matter (CDM) and it wants you to turn on the lights and raise the thermostat
|
# ? Jan 13, 2022 03:32 |
|
if you're cold, it's cold. let it in
|
# ? Jan 13, 2022 03:35 |
|
Zamujasa posted:if you're cold, it's cold. let it in I can't tell if I did or not.
|
# ? Jan 13, 2022 03:35 |
|
Nomnom Cookie posted:Sabine Hossenfelder’s blog is a real good resource if you want to know true things about MOND and other physics past the standard model btw a trip there reminded me that: 1. MOND is MOdified Newtonian Dynamics which means we know and always have known it's not a complete and useful theory in and of itself, as it does not address relativistic phenomena 2. MOND vs. dark matter isn't settled by any means, except in the sense that as per #1, we know MOND can't really be a "winner" i am probably saying the above things wrong and/or getting some of the implications wrong, of course
|
# ? Jan 13, 2022 03:36 |
|
Someone saying "it is a fact that x is wrong and all the experts agree y is right" when in reality the experts are divided on whether x or y is correct is pretty much every conversation on the internet
|
# ? Jan 13, 2022 03:39 |
|
mystes posted:Someone saying "it is a fact that x is wrong and all the experts agree y is right" when in reality the experts are divided on whether x or y is correct is pretty much every conversation on the internet the people who say x is right aren't experts because all experts know x is wrong
|
# ? Jan 13, 2022 05:32 |
|
rjmccall posted:that could be the realest of real things but my first assumption from the phrase “I've been in direct communication with cold dark matter (CDM) and modified gravity (MOND) cosmologists for the last 20 weeks” will always be that this is an oh god this rear end in a top hat emailed me again?!! situation my dad is an astronomer and said these guys would up in person in the 90s. email only is probably a godsend
|
# ? Jan 13, 2022 09:05 |
|
|
# ? Apr 19, 2024 16:12 |
|
my father-in-law has taken up the collatz conjecture in his retirement in an attempt to sideline him for awhile, i taught him to use latex in his defense, he’s not trying to prove it himself, just help someone else to get real mathematicians looking at his preprint
|
# ? Jan 13, 2022 09:13 |