Ah, the rare Reverse Betteridge.
@ghughes
From 1/6/2013, 11:24:53 PM till now, @ghughes has achieved 1404 Karma Points with the contribution count of 235.
Recent @ghughes Activity
> Nowadays people just accept whatever I say as the best way.
If you don't have management aspirations, this is a very clear signal that you should leave. Growth is almost impossible in this position.
"Introducing Envoy Gateway" is kinda misleading, as it appears no code has been written yet.
Emissary-ingress and Contour are mentioned, but not a word is said about how this will be different and why they're starting from scratch.
Ask HN: Startups working on services enabled by autonomous vehicles?
1 points • 0 comments
Google has Inactive Account Manager [1] and Apple has Legacy Contacts [2]. You could take a photo of the password and store it on an account created for this purpose.
I have a fun one. The front door to my house had an automatic door opener, paired with a single-button remote control to unlock and open the door. The remote control was annoying to carry and use. (This was before IoT became a thing.)
I pried open the remote, soldered on an extra circuit bypassing the push switch, and hooked it up to an Arduino. When a packet is sent over serial, the Arduino simulates a button push:
const int basePin = 2;
void triggerRemote() {
digitalWrite(basePin, HIGH);
delay(2000);
digitalWrite(basePin, LOW);
}
void setup() {
pinMode(basePin, OUTPUT);
Serial.begin(9600);
}
void loop() {
if (Serial.available() > 0) {
Serial.read();
triggerRemote();
}
}
#!/opt/bin/python2.6
PORT = 5525
import BaseHTTPServer, SocketServer
class LoccaHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
server_version = "LoccaServer/1.0"
def do_GET(self):
if self.path.startswith("/trigger"):
serial.write('A')
self.send_response(200)
else:
self.send_error(404)
serial = open("/dev/ttyACM0", 'wb', 0)
httpd = SocketServer.TCPServer(("", PORT), LoccaHTTPRequestHandler, False)
httpd.allow_reuse_address = True
httpd.server_bind()
httpd.server_activate()
httpd.serve_forever()
- (IBAction)triggerRemote:(id)sender {
NSURL *url = [NSURL URLWithString:@"http://10.0.8.48:5525/trigger"];
NSURLRequest *request = [NSURLRequest requestWithURL:url];
[NSURLConnection connectionWithRequest:request delegate:nil];
}
Ancient write-up with some photos: https://web.archive.org/web/20120103180640/http://ghughes.co...
Has anyone else been rate limited for all of stackoverflow.com after seeing the filters? I assume that's not part of the joke
Recently I've noticed that the GitHub and Stack Overflow scraper clones will often be the only result for this kind of query. It looks like the blackhats have found a way to rank higher then the content they're cloning. I suspect this has the side effect of tricking Google's anti-spam system into punishing the canonical domains and URLs, because it thinks they're copies of higher ranked content.
"Computing in a straitjacket" - this is wonderfully pithy.
Probably? The author limited their audit to the top 1,000 packages + dependencies. I would not be surprised if both of the following things are true: 1) a lot of damage can still be done outside of that scope; 2) there are domains that NPM/GitHub have not attempted to send mails to since expiration, and those accounts have therefore not yet been flagged for manual intervention by the support team.
I don't like GitHub's security screener dismissing this report because of the "social engineering" aspect. There is a real problem here; it's easy to imagine this disclosure leading to another major OSS supply chain incident. I hope GitHub security folks are taking this more seriously than indicated by the response to the researcher.
> Their response seemed to indicate that the account was flagged due to previous issues sending emails, which would be expected with the domain having expired.
It's entirely possible that the domain could have been re-registered long before their next attempt to send an email to it.
I wonder if it's safer (and plausible) to run a daily whois audit job for all maintainer email domains and block anything that enters the redemptionPeriod status?
Ask HN: What's the best cold email you ever received?
3 points • 3 comments
Analyzing the Open App Markets Act
1 points • 0 comments
Congrats! It's impressive to go from learning to code, to shipping a product with this level of polish, in less than two years.
I tried to build essentially the same thing on top of Matrix (and got rejected from YC in the process) - I haven't tried the app yet but I have some initial thoughts and questions. I really hope you succeed with this; forgive me if I come across as a skeptic.
#1 question: every notable social app had some clever strategy and/or shenanigans to attract a critical mass. What's your plan to tackle the network effect problem? Maybe 10% of the value of a social app is the UX, the other 90% is that the people I care about are there.
Are posts end-to-end encrypted, or encrypted at rest? Your video says E2EE but your landing page says encrypted at rest. There's no wiggle room for confused messaging on this. Your blog says you're using Matrix but one of your comments here suggests you abandoned that idea? If so, I'm curious to hear why. Are/were you sharing content directly in Matrix rooms, or storing encrypted content in an object store and using Matrix as a key sharing mechanism, or something else? Can you say more about the problems you encountered?
The landing page design is slick, but there's too much motion pulling my attention all over the place, and too many red flags. The animation for "Automatic Contacts" evokes a feeling that you're going to swallow up my address book and send unsolicited requests to my friends as soon as I sign up. The alarm bell with red dot is an anti-pattern. It feels weird to see all the other social networks I can integrate into my profile, considering this is squarely aimed at people who have rejected those other apps.
Your video says there are no ads, there never will be, and users are not the product. How, then, are you going to thrive in such an intensely competitive space?
Better yet, hire developers who enjoy and excel at selecting and utilizing emerging technologies that will be a better long-term fit for the problem at hand. This is of course more difficult, but makes for a better team and product. I want my competitors to be afraid of technology and to de-prioritize hiring generalists.
I've been noticing something similar happening with GitHub issue threads. Spam sites like githubmemory.com are frequently ranking higher than GitHub itself, and sometimes GitHub doesn't even show up at all, even with a specific search term that appears in an issue thread for a popular repo.
The cynic in me can see good reasons for both Google and Microsoft to be okay with this.
> ensure security, install the software you need, keep it updated and secure etc
These things are now trivial enough that it doesn't make sense to pay 10x the cost of bare metal for a cloud provider to solve them for you unless you have a crazy amount of runway or absolutely no idea what you're doing.
Picking up major WeWork vibes from this.
> But players said they see the moves as a blatant cash grab.
It seems ironic to call out a "blatant cash grab" with a piece on a controversial topic that is primarily sourced with the musings of "thousands of fans on Twitter and Reddit".
No, you can't do that. Once you've been a member of an iMessage group, iOS will not allow participants who have iMessage enabled to switch to MMS with that same group of users, even if everyone deletes and re-creates the thread.
site design / logo © 2022 Box Piper