Items tagged with: most
HN Discussion: https://news.ycombinator.com/item?id=19971953
Posted by Reedx (karma: 3924)
Post stats: Points: 140 - Comments: 113 - 2019-05-21T16:53:48Z
#HackerNews #details #expensive #hack #lesson #life #most #port #sim #the
HackerNewsBot debug: Calculated post rank: 131 - Loop: 339 - Rank min: 100 - Author rank: 48
HN Discussion: https://news.ycombinator.com/item?id=19844153
Posted by cuchoi (karma: 435)
Post stats: Points: 206 - Comments: 56 - 2019-05-06T21:37:45Z
#HackerNews #altair #for #most #python #reason #the #using #visualization
HackerNewsBot debug: Calculated post rank: 156 - Loop: 178 - Rank min: 100 - Author rank: 20
HN Discussion: https://news.ycombinator.com/item?id=19819789
Posted by jbegley (karma: 5514)
Post stats: Points: 105 - Comments: 106 - 2019-05-03T16:28:16Z
#HackerNews #file #format #important #most #pdf #the #worlds
HackerNewsBot debug: Calculated post rank: 105 - Loop: 252 - Rank min: 100 - Author rank: 184
HN Discussion: https://news.ycombinator.com/item?id=19818899
Posted by ingve (karma: 102796)
Post stats: Points: 153 - Comments: 32 - 2019-05-03T14:46:31Z
#HackerNews #abstractions #cpu #eliminate #faster #lets #most #pdf #than #the
HackerNewsBot debug: Calculated post rank: 112 - Loop: 93 - Rank min: 100 - Author rank: 127
HN Discussion: https://news.ycombinator.com/item?id=19815155
Posted by longdefeat (karma: 2675)
Post stats: Points: 117 - Comments: 115 - 2019-05-03T03:02:10Z
#HackerNews #2014 #and #chills #doesnt #eggs #its #most #the #why #world
HackerNewsBot debug: Calculated post rank: 116 - Loop: 63 - Rank min: 100 - Author rank: 63
HN Discussion: https://news.ycombinator.com/item?id=19799443
Posted by evanwalsh (karma: 391)
Post stats: Points: 221 - Comments: 43 - 2019-05-01T17:24:46Z
#HackerNews #code #computers #dell #execution #most #remote
HackerNewsBot debug: Calculated post rank: 161 - Loop: 132 - Rank min: 100 - Author rank: 75
HN Discussion: https://news.ycombinator.com/item?id=19770237
Posted by rbanffy (karma: 79299)
Post stats: Points: 101 - Comments: 122 - 2019-04-28T09:45:47Z
#HackerNews #2017 #ban #finds #its #most #reddits #study #subreddits #toxic #worked
HackerNewsBot debug: Calculated post rank: 108 - Loop: 100 - Rank min: 100 - Author rank: 26
HN Discussion: https://news.ycombinator.com/item?id=19750667
Posted by enraged_camel (karma: 12353)
Post stats: Points: 104 - Comments: 120 - 2019-04-25T17:48:17Z
#HackerNews #americans #among #are #finds #most #people #poll #stressed #the #world
HackerNewsBot debug: Calculated post rank: 109 - Loop: 299 - Rank min: 100 - Author rank: 25
HN Discussion: https://news.ycombinator.com/item?id=19733418
Posted by JumpCrisscross (karma: 59644)
Post stats: Points: 105 - Comments: 136 - 2019-04-23T22:03:59Z
#HackerNews #after #buffett #decline #most #newspapers #sees #toast #warren
HackerNewsBot debug: Calculated post rank: 115 - Loop: 244 - Rank min: 100 - Author rank: 47
HN Discussion: https://news.ycombinator.com/item?id=19721343
Posted by objections (karma: 957)
Post stats: Points: 88 - Comments: 74 - 2019-04-22T18:23:49Z
#HackerNews #americas #beppo #buca #chain #most #postmodern #red #sauce
HackerNewsBot debug: Calculated post rank: 83 - Loop: 325 - Rank min: 80 - Author rank: 416
HN Discussion: https://news.ycombinator.com/item?id=19704792
Posted by nnx (karma: 1772)
Post stats: Points: 103 - Comments: 48 - 2019-04-20T04:22:00Z
HackerNewsBot debug: Calculated post rank: 84 - Loop: 172 - Rank min: 80 - Author rank: 56
Org-Mode Is One of the Most Reasonable Markup Languages to Use for Text
HN Discussion: https://news.ycombinator.com/item?id=19622019
Posted by funkaster (karma: 896)
Post stats: Points: 165 - Comments: 48 - 2019-04-10T05:07:54Z
#HackerNews #2018 #for #languages #markup #most #one #org-mode #reasonable #text #the #use
Update 2017-09-25: Simplified the table syntax even more
Update 2018-04-06: Comments on the standardization argument
Disclaimer: this is a very nerdy blog entry. It is about lightweight markup languages and why I think that Org-mode is the best lightweight markup language for many use-cases. And with lightweight markup language, I do mean the syntax, the way you express headings, lists, font variations such as bold face or italic, and such things.
Please do note that this is not about Emacs. This is about Org-mode syntax and its advantages even when used outside of Emacs. You can type Org-mode in vim, notepad.exe, Atom, Notepad++, and all other text editors out there. And in my opinion it does have advantages compared to the other, common lightweight markup standards such as Markdown, AsciiDoc, Wikitext or reStructuredText.
Of course, Org-mode is my favorite syntax. Despite my personal choice you will see that Iʼve got some pretty convincing arguments that underline my statement as well. So this is not just a matter of personal taste.
If you already have a grin on your face because you donʼt have any clue what this is all about: keep on reading. It makes an excellent example for making fun of nerds at your next dinner party.
Here you are. This is almost anything you need to know about Org-mode syntax:
- This Is A Heading ** This Is A Sub-Heading *** And A Sub-Sub-Heading Paragraphs are separated by at least one empty line. bold /italic/ underlined +strikethrough+ =monospaced= [[http://Karl-Voit.at][Link description]] http://Karl-Voit.at → link without description : Simple pre-formatted text such as for source code. : This also respects the line breaks. bold is not bold here. - list item - another item - sub-item 1. also enumerated 2. if you like - [ ] yet to be done - [X]item which is done
Iʼve seen many coworkers who typed Org-mode markup when taking notes in their text editor. And they did not even know anything about it. So it is that intuitive Iʼd say.
While I was learning Org-mode, I did not even use a cheat-sheet for the syntax as I normally do. It was very natural for me to type Org-mode right from the start.
Tables are a bit more complicated like in all other markup languages I know of:
| My Column 1 | My Column 2 | Last Column | |-------------+-------------+-------------| | 42 | foo | bar | | 23 | baz | abcdefg | |-------------+-------------+-------------| | 65 | | |
You most probably wonʼt type a table like this outside of Emacs. The manual alignment without tool-support is very tedious. But even here you are able to deliver a perfectly fine Org-mode table by simply ignoring the alignment altogether:
| My Column 1|My Column 2 | Last Column | |- | 42 | foo | bar| | 23 | baz | abcdefg| |- | 65 |||
This is an almost ridiculous argument because in my opinion a markup is of no use when it is not the same for tool A as for tool B.
However, there are markup languages that are different. For example the very widely used markup language named Markdown has many flavors to choose from:
Pandoc lists six different Markdown flavors as output formats. This is an absolutely bad situation which foils the original idea behind lightweight markup languages. When some web service tells me that I can use "Markdown" for a text field, I have to dig deeper to find out which of those many different Markdown standards the web page is talking about. After this I will have to continue and look for a cheat-sheet of this dialect because nothing is more difficult to differentiate than multiple standards that are almost the same but not really the same. A usability hell. I get furious every time I have to enter this hell.
With Org-mode, life is easy. The snippet from the previous section explains all there is. Any tool that interprets Org-mode accepts this simple and easy to remember syntax.
Many lightweight markup languages do offer multiple ways of typing headings. There are basically three ways of defining headings:
1. Prefix headings
2. Pre- and postfix headings
3. Underlined headings
Here are some examples for each category:
Prefix headings: # Heading 1 ## Heading 2 ### Heading 3 Pre- and postfix headings: = Heading 1 = == Heading 2 == === Heading 3 === Underlined headings: Heading 1 ========= Heading 2 ~~~~~~~~~ Heading 3 *********
I prefer the prefix heading style. Org-mode use this as well with * as prefix characters. The more asterisks, the deeper the level of the heading is.
Pre- and postfix headings do offer bad usability. The user has manually synchronize the number of prefix character with the number of postfix characters. And it is totally unclear how something like = heading == with different numbers of pre/postfix characters is going to turn out when being interpreted.
And in case the user already used a markup language with simple prefix headings, it is not logical why there is the need for the postfix characters at all.
Even worse than this is the underlined heading category. The user is completely irritated for multiple reasons. Besides the tedious manual work to align the stupid heading characters with the heading title, it is not clear what characters must be used for those heading lines. If youʼve got a bigger document with different levels of headings you get confused which heading character stands for which heading level.
Are the tilde characters level one? Or was it the equals characters? And how about asterisks? Without a cheat-sheet, the occasional markup user is completely lost.
This gets even more worse: some markup languages let you choose your "order" of heading characters. This results in weird situations. For example one author is starting to write a reStructuredText document using her favorite heading syntax. A second author is joining in and has to analyze the document in order to know what heading syntax he must use.
In the reStructuredText mode of Emacs you can find following function:
You can visualize the hierarchy of the section adornments in the current buffer by invoking rst-display-adornments-hierarchy, bound on C-c C-a C-d. A temporary buffer will appear with fake section titles rendered in the style of the current document. This can be useful when editing other peopleʼs documents to find out which section adornments correspond to which levels.
Yes, you got it right, it is true: this functionʼs only purpose is to generate a dummy-hierarchy of headings to visualize which markup has to be used for heading 1, which one for heading 2 and so forth just for this single document. What a bad design decision of the markup when you need such hacks just to know how a heading should look like in a markup even if you are familiar with in the first place.
Here is one more: some markup languages even allow mixed heading styles. You can use an underlined heading style for heading level 1, a prefix style for level 2, another underlining style for level 3 and so forth. Now the chaos is a perfect one.
Letʼs have a look at a different markup element: external links. As you already remember in Org-mode, a link looks like this:
[[http://Karl-Voit.at][my home page]]
The only difficult thing here is to remember that the URL is at the beginning and the description follows after the URL. Many markup languages do add additional and unnecessary levels of difficulties.
Here are some examples from Wikipedia and comments by me where a user might be irritated.
The form is simple but for complex URLs, the [Text]might look like being part of the URL itself. Not beautiful but at least something I could live with.
Brackets or parentheses first? Why using different kind of markup characters in the first place like only brackets? Is the Title part of the URL? Why not part of Text? Very confusing design decisions from my point of view.
Holy moly. This is some weird stuff. First, you have to grave accents ` and not apostrophes ʼ. Then what about the underscore character at the end? This is as complicated as you can define a simple URL. Iʼd even prefer the hard to type HTML version of linking. A disaster for something which has "lightweight" in its class name.
The simple syntax of Org-mode does not imply typing unnecessary characters. You donʼt have to manually align something like underlined headings. Anybody using a simple text editor is very fast at adding markup for headings, font variations, and so forth. The previous section proved that other markup languages clearly fail in many cases.
You donʼt have to use the Emacs editor to write and work with Org-mode markup text. As I mentioned above, many people already do so just because Org-mode is an intuitive and clean way of typing text characters.
When youʼve got text information in Org-mode markup, you can process it with many tools. Most prominent and most important examples are files pushed within a GitHub repository and the swiss army knife named Pandoc which is able to convert Org-mode to dozens of formats like HTML, odt (LibreOffice), docx (Word), LaTeX, PDF, and so forth.
As I mentioned in the beginning, this is not an article about Emacs. Nevertheless for anybody not familiar with Emacs I have to mention that with Emacs there is a tool that supports (not only) in writing Org-mode syntax in a perfect way.
You might start with mouse-only usage. There are menu items with all important functions. For the users that want to get a minimum of efficiency, the menu items show you the keyboard shortcuts you might want to use.
For Org-mode it is really easy to learn. Basically you just have to use TAB for toggle the collapsing and expanding of headings, lists, and blocks. Itʼs Alt and the arrow keys to move around headings, list items, and even table columns/rows. Ctrl-Return creates a new heading or list item without the need of entering the markup characters and manually matching indentation levels at all.
Thatʼs it. With those three things youʼre good to write Org-mode syntax efficiently. The basic file open/save, finding help, exiting Emacs stuff is accessible with icons or the menu. No need to learn more keyboard shortcuts if you donʼt want to.
Having experienced this great tool-support, users typically are eager to learn more. You donʼt have to. You might be happy with Org-mode for capturing minutes of meetings and your shopping list. However, others do master a few additional things and write whole eBooks within Org-mode.
Lightweight markup languages are designed to be used with a minimum effort compared to full-blown and therefore more complicated markup languages such as HTML or LaTeX.
Some are doing their job better than others. In my experience, many design decisions of widely adapted markups such as Markdown or reStructuredText (and others) are questionable from a usability point of view. At least I do have some issues when I have to use them in my daily life.
Unfortunately, I hardly see any people out there using Org-mode as a markup language outside of Emacs although there are very good reasons for it as an easy to learn and easy to use markup language.
With this blog article I wanted to point out the usefulness of Org-mode even when you are not using Emacs as an writing tool.
"revocation" has a valid point related to the missing standardization of Org-mode. Here is my comment on this:
The statements here refer to a /lightweight/ markup, the basic things of Org-mode syntax. I explicitly listed "headings, lists, font variations such as bold face or italic, and such things".
What I do not cover here is a full syntax statement or standard. In my opinion, currently this is not possible outside of Emacs for various reasons.
Of course, there are variations in interpreting Org-mode files between Emacs and pandoc. Also, pandoc only supports a sub-set of Org-mode. Otherwise, pandoc would have to re-implement or embed Emacs for parsing purposes.
In this specific case, pandoc seems to have a more strict parser related to leading spaces for #-lines, or keywords. Iʼm pretty sure that the pandoc project accepts this issue as a bug. In doubt, the interpretation of Emacs is the definition, or golden-standard, of Org-mode syntax. Even this beta-version of a syntax definition does not mention optional spaces before keywords. The manual mentions org-element-parse-buffer and org-lint which would be most probably the best choice for defining the official standard if you would search for one.
However, this does not relate at all with the intention of this article: the design of the (basic) Org-mode syntax compared to other lightweight markup languages. All the issues mentioned where other markups show inconsistencies and usability issues where Org-mode seems to have advantages still do apply here. Completely independent of the standardization argument. My personal believe is, that if there would be more use of Org-mode syntax elements outside of Emacs, there would be a much higher pressure on formally defining Org-mode as a syntax which pandoc and even Emacs could use as the golden standard.
So far, there is not even the necessity of defining this golden standard because nobody outside of the Emacs community knows or even is using Org-mode. And this is what I tried to change a bit because other markup languages do tend to hurt my geeky soul when I do have to use them.
HackerNewsBot debug: Calculated post rank: 126 - Loop: 61 - Rank min: 100 - Author rank: 31
Tens of thousands of public servants have applied to have their federal student loans forgiven through a temporary program run by the U.S. Education Department. Fewer than 300 have had success.
Article word count: 803
HN Discussion: https://news.ycombinator.com/item?id=19587528
Posted by ilamont (karma: 25788)
Post stats: Points: 87 - Comments: 87 - 2019-04-05T22:15:12Z
#HackerNews #applicants #dept #education #for #forgiveness #loan #most #program #rejects #student
Skip to content
Tens of thousands of public servants have applied to have their federal student loans forgiven through a temporary relief program run by the U.S. Education Department. Fewer than 300 have had success.
Now, one of the lawmakers who championed the initiative wants to know what happened.
“We authorized $700 million dollars to help ensure public servants — including firefighters, teachers and nurses — receive the loan forgiveness they have earned, and it’s maddening that the Trump administration is letting it go to waste,” Sen. Tim Kaine (D-Va.) said in an email.
Kaine and other Senate Democrats have said the Education Department created eligibility criteria that are far more rigid than Congress envisioned. The measure in the fiscal 2018 budget that set up the onetime expansion, based on legislation introduced by Kaine and Sen. Sheldon Whitehouse (D-R.I.), directed the agency to develop a simple way for borrowers to apply for forgiveness. Instead, lawmakers say, the Education Department has restricted access with a litany of rules.
It has been about a year since the Education Department launched the temporary expansion of the Public Service Loan Forgiveness program, with $700 million from Congress to spend over two years. The goal was to give public servants enrolled in the wrong repayment plan another shot at having the balance of their debt erased after 10 years of on-time payments.
In response to an inquiry from Kaine, the Education Department disclosed last week that 38,460 people had submitted requests for forgiveness as of Dec. 28 under the new program. Most of those, 28,640 people, were immediately rejected because they had not previously filled out a formal loan forgiveness application — one of the many criteria of the relief program.
Of the 9,820 applicants who cleared the first hurdle, 1,184 are still under consideration. The rest were rejected for myriad reasons. Of the applicants who cleared the initial hurdle, 40% still had years to go before hitting the required 10-year mark. Nearly a quarter were ineligible because they were paying less money in the wrong payment plan than they would have in the correct one.
Others were turned away for having the wrong type of federal loan — those originated by private lenders through the now-defunct Federal Family Education Loan Program. Some had not made enough on-time payments or had not had at least 10 years of full-time employment certified by a qualifying employer, according to the department.
“The Department thoroughly evaluates, approves, and denies requests for consideration for Temporary Expanded Loan Forgiveness based on the criteria Congress established,” Education Department spokeswoman Liz Hill said in an email.
Only 262 people have jumped through all the hoops required for their loans to be discharged. A total of $10.6 million in student loans has been forgiven, a small fraction of the $700 million provided to cover canceled loans.
“We’re talking about thousands of people who have given a decade of service to our country, and the Education Department is leaving them out to dry,” Kaine said Tuesday.
Senate Democrats wrote to Education Secretary Betsy DeVos in June urging her to let people submit an application to be processed under the new loan forgiveness program regardless of whether they had already applied for public service forgiveness. The department agreed to the recommendation.
But lawmakers say they have heard from borrowers who had no idea they needed to fill out an earlier application for public service loan forgiveness before requesting forgiveness under the new program, which could account for some of the high rate of rejections. Frustrated borrowers also say they have not received an explanation for the denial of their requests.
The Education Department pushed back against accusations of poor communication with borrowers. Rejection letters contain a list of possible reasons for denial, as does an agency web page about the temporary expansion initiative, according to the department. The agency said it has turned to social media, hosted a webinar and sent targeted emails to public servants to raise awareness of the program.
Congress carved out money for the temporary expansion after lawmakers said they heard too many stories from constituents about receiving inconsistent and unclear guidance about Public Service Loan Forgiveness.
The earlier program, introduced in 2007 by the administration of President George W. Bush, requires borrowers to be enrolled in specific repayment plans, primarily those that cap monthly loan payments to a percentage of their income. But some borrowers say loan servicing companies led them to believe they were making qualifying payments when they were not.
People have complained to the Consumer Financial Protection Bureau about the company overseeing the program, FedLoan Servicing, processing payments incorrectly or botching paperwork. Those mistakes could lead to additional years of payments or rejected applications. FedLoan has rebutted the claims and contended it is working within the confines of the program.
HackerNewsBot debug: Calculated post rank: 87 - Loop: 118 - Rank min: 80 - Author rank: 70
Employers cut 190,410 jobs in the first 3 months of 2019.
Article word count: 20
HN Discussion: https://news.ycombinator.com/item?id=19583735
Posted by Reedx (karma: 3135)
Post stats: Points: 173 - Comments: 145 - 2019-04-05T15:52:22Z
#HackerNews #decade #had #just #layoffs #most #the
HackerNewsBot debug: Calculated post rank: 163 - Loop: 170 - Rank min: 100 - Author rank: 44
According to a 2018 McKinsey report, China boasts 114 of the world’s 147 female, self-made billionaires (America has 14). And almost 50% more women hold professional or technical jobs for every 100 men in the Philippines. Asia is one of the most progressive regions for women, yet stereotypes of what Asian women are like and look like persist. BBH Singapore’s ‘See Different’ collection of images seeks to change that by showing the true diversity and personality of women across the Asian region.
Photo by @meaneggs on Instagram.
Location: Khidarpur Jadoo, India
Full image: Link
#photography #CC0 #Unsplash #APIRandom #According #to #a #2018 #McKinsey #report #China #boasts #114 #of #the #worlds #147 #female #self-made #billionaires #America #has #14 #And #almost #50% #more #women #hold #professional #or #technical #jobs #for #every #100 #men #in #the #Philippines #Asia #is #one #of #the #most #progressive #regions #for #women #yet #stereotypes #of #what #Asian #women #are #like #and #look #like #persist #BBH #Singapores #‘See #Different #collection #of #images #seeks #to #change #that #by #showing #the #true #diversity #and #personality #of #women #across #the #Asian #region
#Photo #by #@meaneggs #on #Instagram #KhidarpurJadoo #India
tl;dr: Building new solar, wind, and storage is about to be cheaper than operating existing coal and gas power plants. That will change everything. When the history of how humanity turned the corne…
Article word count: 1541
HN Discussion: https://news.ycombinator.com/item?id=19564179
Posted by kickout (karma: 109)
Post stats: Points: 142 - Comments: 86 - 2019-04-03T15:33:50Z
#HackerNews #clean #disruptive #energy #most #phase #the #third #will #yet
tl;dr: Building new solar, wind, and storage is about to be cheaper than operating existing coal and gas power plants. That will change everything.
When the history of how humanity turned the corner on climate change is written, we’ll look back and see that clean energy – specifically clean electricity from solar, wind, and storage, went through four distinct phases.
RENEWABLES PHASE 1 – POLICY DEPENDENT
From the 1980s until roughly 2015, there was virtually no place on earth where new solar, wind, or energy storage was cheaper than generating electricity from coal or natural gas. This was the first phase of renewables, one where they scaled entirely because of government subsidies and mandates. And in this time, renewable growth was paltry. Solar reached 1% of global electricity. Wind reached perhaps 4%. The world spend hundreds of billions of dollars subsidizing clean energy, and seemingly got nothing.
RENEWABLES PHASE 2 – COMPETITIVE FOR NEW POWER
Except that the world didn’t get nothing. As I’ve written often, the most important aspect of clean energy policy has been to drive down the price of clean energy by scaling it, and thus kicking in the learning-by-doing that continually lowers the unsubsidized price of new solar, new wind, and new energy storage. The policies of the 80s, 90s, 2000s, and 2010s finally drove down the cost of new solar and wind electricity by more than a factor of ten. That finally paid off around 2015, when, for the first time, building solar or wind power was, even without subsidies, sometimes cheaper than building new coal-or-gas fired electricity.
You can see this in IRENA’s graph showing the price of new solar PV, on-shore wind, off-shore wind, and solar CSP.
[IMG]The cost of solar and wind is dropping below the cost of fossil fuel electricity around the world. Each blue or orange circle reflects one solar or wind project. The heavy lines reflect global weighted average prices of solar and wind. Source: IRENA.
RENEWABLES PHASE 3 – DISRUPTIVE TO EXISTING FOSSIL ELECTRICITY
Now, after decades of subsidizing solar and wind, we’re on the verge of a new, radically different point in history – the point at which building new solar or wind power (or new energy storage systems, in some cases), is cheaper than the cost of continuing to operate existing coal- or gas-fueled power plants.
Dubious? Consider the following:
1. NextEra CEO: Cheaper to Build Solar & Wind Than Operate Existing Coal by the Early 2020s: In January 2018, NextEra CEO Jim Robo told investors that by the early 2020s, it would be cheaper to build new solar and wind power than to operate the utility’s fleet of existing coal power plants.
2. NIPSCO: Cheapest Option is to Go from 65% Coal-powered to Zero – and Replace it With Solar, Wind, and Storage. In October of 2018, a utility in Northern Indiana, NIPSCO, reached Jim Robo’s prophesied point years ahead of schedule, when it submitted a 5 year resource plan that would take the region from being 65% coal powered in 2018 to just 15% coal powered in 2023, and 0% coal powered in 2028, and replace virtually all of that coal power with a mix of solar, wind, storage, and flexible demand. Bear in mind that NIPSCO is in a region with mediocre sun, pretty good but not amazing wind, and which voted for Donald Trump by 19 points. Admittedly, this is with prices of solar and wind which are still somewhat subsidized in the US. But not tremendously so, as the US federal solar and wind tax credits (the ITC and PTC) are winding down in exactly this same period.
3. 2019: Florida Power and Light: Cheaper to Build New Solar + Storage Than Operate Existing Gas Plants. In March of 2019, Florida Power and Light said it would retire two aging natural gas plants, and replace them with a combination of energy efficiency and the world’s largest (so far) battery, which it will use to charge with solar power during the day to deliver during the evening peak.
4. CarbonTracker – New Wind and Solar Cheaper than Existing Coal and Gas in the US, China, and India by the mid-2020s. Meanwhile, think tank CarbonTracker has been quietly pumping out reports showing that in country after country, new solar and wind are headed for prices cheaper than the operational cost of existing coal and gas. Consider this chart (slightly modified by yours truly) of new solar and wind cost in the US vs coal operational cost:
[IMG]See CarbonTracker’s report on the disruption of Coal in the US for more: No Country for Coal Gen. Or, more importantly, consider what CarbonTracker forecasts for China: That new solar and wind will be cheaper than the operating cost of existing Chinese coal power plants by the 2020s.[IMG]See more at CarbonTracker’s report on China’s coal fleet, “NoWhere to Hide“
5. McKinsey: New Solar and Wind Cheaper than Existing Coal and Gas… Pretty Much Everywhere by 2030.
Finally, if reports from CarbonTracker, or announcements by actual utilities aren’t enough, consider McKinsey’s assessment from its Global Energy Perspective 2019. In the chart below (with a bit of help from me), McKinsey shows that on almost every continent, and particularly in China and India, where energy demand has the most to grow, new solar and wind are cheaper
than existing coal and gas by 2030. And often much sooner.
[IMG]We’ve gone from Phase 2 to Phase 3 much more rapidly than we went from Phase 1 to Phase 2. Why? Because solar and wind power had to drop by a factor of nearly 10 in price – from 60 cents / kwh for new electricity to roughly 6 cents / kwh for new electricity – to move from their early days to being competitive for new power. But they only have to drop by another factor of 2 or 3 to move from being competitive for new power to being cheaper than the operating cost of existing coal and gas. The “competitive zone” is much narrower and faster to pass through than the long history of subsidized prices leading up to the first fair market competition.
RENEWABLES PHASE 4 – SLOWED BY HEADWINDS
Finally, there will in fact be a Phase 4 of renewables, when their penetration has grown so high that they become limited by headwinds of their own creation: Value deflation, where renewables create so much supply at certain hours that they drive down wholesale prices; Depletion of the best sites in some regions; Seasonal intermittency and the unsolved problem of seasonal storage.
But these problems are distant. Renewables will start to encounter them in earnest when solar makes up >20-30% of electricity and when wind makes up >40-50% of electricity. Today, worldwide, solar is only 2% and wind is only perhaps 6% of global electricity. Cheap multi-hour storage will arrive before that (indeed, in the next few years), lowering the price of using solar to meet the evening peak, and of dealing with intermittency on the order of minutes to several hours. Only seasonal storage (and perhaps the political challenges of long-range transmission) seem to be truly difficult problems. And we have time before they begin to impair the growth of renewables.
WHAT THE THIRD PHASE MEANS FOR RENEWABLE GROWTH RATE
I’ve said often that renewables have grown exponentially. But the truth is that wind power growth rates around the world have slowed substantially. And solar power, once growing rapidly in Europe, has stagnated there over the last several years (at least, until a recent growth spurt spurred by solar entering Phase 2 in parts of Europe in the last year.)
But growth rates up until now are largely irrelevant. The whole point of growing renewables has been to drive down their cost. The actual amount of solar and wind that policies have deployed up until now is almost immaterially small. It just isn’t enough to matter. What matters is that policies up until now have driven down the cost of solar, wind, and energy storage by more than an order of magnitude.
If those policies – and the fact that renewables are now competitive for new power even without subsidies in the sunny and windy parts of the world – continue for long enough for renewables to drop another factor of 2 or 3 in price – on top of the factor of 10 or more that they’ve fallen already, then we’ll enter a new domain where renewable growth rates aren’t determined by fickle policy. Instead, they’ll be limited only by the pace at which renewables can be deployed – the pace at which factories for solar panels, wind turbines, and batteries can be built; the pace at which labor forces can be trained to deploy them; the pace at which capital can be deployed to pay for their installation.
How fast is that? I have no idea. But there’s good reason to believe that in this second and third phase of renewables, the growth rate will accelerate rather than slowing. We will look back and see that the growth of renewables is an S-curve to be sure. But we may also look back and find that, as of 2019, we had not yet hit the first upward swing in that S-curve.
HackerNewsBot debug: Calculated post rank: 123 - Loop: 183 - Rank min: 100 - Author rank: 35
Earnings at Saudi Arabia’s giant oil company, at $111 billion last year, far outstripped the profits of giant tech companies or rival oil producers.
Article word count: 956
HN Discussion: https://news.ycombinator.com/item?id=19544825
Posted by dkyc (karma: 1337)
Post stats: Points: 114 - Comments: 85 - 2019-04-01T16:09:00Z
#HackerNews #apple #aramco #company #exceeding #far #most #profitable #saudi #worlds
Saudi Aramco’s Shaybah oil field in Saudi Arabia. Aramco has some of the world’s largest oil fields, leading to very low costs.CreditCreditAhmed Jadallah/Reuters
The earnings of Saudi Arabia’s giant oil company have long been a mystery, kept under wraps by the country’s government. But on Monday, Saudi Aramco opened its books, revealing that it generated $111.1 billion in net income last year, making it probably the world’s most profitable company by far.
It handily beat Apple ($59.5 billion in net income in 2018) and ran laps around other oil companies like Royal Dutch Shell ($23.9 billion) and Exxon Mobil ($20.8 billion).
Aramco issued the financial data as it prepares to borrow up to $15 billion through a bond sale, in what could signal a more aggressive approach to capital-raising for both the company and Saudi Arabia. The disclosure reveals a company that is hugely profitable but also tightly bound to one country and the price of oil.
The money will help finance Aramco’s $69 billion purchase, announced Friday, of most of Saudi Basic Industries, or Sabic, a major petrochemical company. Aramco will be buying the stake from Saudi Arabia’s sovereign wealth fund, whose chairman is Crown Prince Mohammed bin Salman.
The crown prince, who is the kingdom’s main economic policymaker, wants to ease the economy’s dependence on oil and gas revenue through investments in technology companies like Uber. A planned stock sale by Aramco — which the Saudis hoped would be the largest initial public offering on record — was expected to raise money for that purpose. The I.P.O. was postponed last year, and the sale of the Sabic stake, appears to be an alternative way of raising the funds.
While the crown prince pursues these investments and tries to recover from the political fallout caused by the killing of the Saudi journalist Jamal Khashoggi last year, Aramco also appears to be trying to make itself into a broader energy producer and, thus, more attractive if the government decides once again to try to sell a slice of the company.
Aramco’s chief executive, Amin Nasser, has said that the company is pursuing international acquisitions in areas like liquefied natural gas, a chilled fuel that can be transported globally on ships like oil.
The financial results also serve to show how the company is tied to oil prices. In 2016, for instance, a time of low prices, the company reported only $13.3 billion in net income.
For investors, Aramco’s ties to the Saudi government are also a persistent concern. “Unlike Exxon and Chevron, its revenue streams are highly dependent on a single country that could face real instability risks,” Ayham Kamel, an analyst at Eurasia Group, a consulting firm, wrote in a recent note to clients.
But analysts said that the financial information revealed on Monday showed that Aramco had plenty of firepower for more deals.
Aramco has “a huge amount of room” to issue debt, said David G. Staples, a managing director at Moody’s Investors Service, which issued a credit rating for Aramco on Monday.
Mr. Staples and a colleague, Rehan Akbar, noted that the company had already achieved enormous size and profitability without borrowing or selling stock to investors. In 2018, Aramco paid about $160 billion to the government in dividends, taxes and royalties.
Moody’s attributed Aramco’s profitability in part to economies of scale stemming from enormous production volumes extracted from oil and gas assets of unmatched size. Aramco has some of the world’s largest oil fields, leading to very low costs.
“Aramco’s scale of production in combination with its vast hydrocarbon resources is a very strong competitive advantage,” Moody’s analysts wrote.
The prospectus reveals some long-hidden details about the size of Saudi Arabia’s oil fields. Chief among these is a monster called Ghawar, which extends for about 120 miles in the eastern part of the country. The world’s largest oil field, according to the prospectus, Ghawar has accounted for more than half of Saudi Arabia’s cumulative production yet it still has reserves of 48 billion barrels and is capable of producing nearly four million barrels a day, both more than all but a handful of countries.
The oil wealth doesn’t stop there. The kingdom has four more fields that dwarf most others.
Aramco produced 13.6 million barrels per day in 2018 on average, more than three times the 3.8 million barrels per day reported by Exxon Mobil, according to the report. Overall, its revenue was about $360 billion.
Moody’s wrote that Aramco was “conservatively managed” with “very low debt levels.”
Mr. Staples said that based on his conversations with Aramco officials, he expected this careful approach to debt to continue, a policy that would likely find favor with investors if the Saudi government decides to revive its I.P.O. plans.
The agency rated the company A1, a strong rating but below that of large Western oil companies including Exxon Mobil and Shell. Mr. Staples said the lower rating reflected the concentration of most of Aramco’s operations in Saudi Arabia, which shares the same credit rating, and the government’s dependence on oil and gas revenue.
The thinking is that if Saudi Arabia were to encounter political instability or hard times, the oil company would feel the impact. “We have to take into account the risk profile” of the country, he said.
The company, founded by United States oil companies (Aramco is short for Arabian American Oil Company), was nationalized by the Saudi government in the 1970s.
In its prospectus, Aramco listed some of the risks and drawbacks that if faced in its operations. The Saudi government, for instance, determines how much oil Saudi Aramco should produce “based on its sovereign energy security goals or for any other reason.” The company also may face litigation over climate change or antitrust issues stemming from its membership in the Organization of Petroleum Exporting Countries, especially in the United States, Aramco’s prospectus said.
HackerNewsBot debug: Calculated post rank: 104 - Loop: 333 - Rank min: 100 - Author rank: 102
As a threat to wildlife, an amphibian fungus has become “the most deadly pathogen known to science.”
Article word count: 1115
HN Discussion: https://news.ycombinator.com/item?id=19515362
Posted by jchanimal (karma: 789)
Post stats: Points: 144 - Comments: 68 - 2019-03-28T18:57:54Z
#HackerNews #amphibian #become #deadly #fungus #has #known #most #pathogen #the
As a threat to wildlife, an amphibian fungus has become “the most deadly pathogen known to science.”
The mossy red-eyed frog is one of hundreds of species threatened by a virulent fungus that may be responsible for 90 extinctions in the past 50 years.CreditCreditJonathan E. Kolby/Honduras Amphibian Rescue & Conservation Center
On Thursday, 41 scientists published the first worldwide analysis of a fungal outbreak that’s been wiping out frogs for decades. The devastation turns out to be far worse than anyone had previously realized.
Writing in the journal Science, the researchers conclude that populations of more than 500 species of amphibians have declined significantly because of the outbreak — including at least 90 species presumed to have gone extinct. The figure is more than twice as large as earlier estimates.
“That’s fairly seismic,” said Wendy Palen, a biologist at Simon Fraser University who is a co-author of a commentary accompanying the study. “It now earns the moniker of the most deadly pathogen known to science.”
[Like the Science Times page on Facebook. | Sign up for the Science Times newsletter.]
Scientists first noticed in the 1970s that some frog populations were declining quickly; by the 1980s, some species appeared to be extinct. The losses were puzzling, because the frogs were living in pristine habitats, unharmed by pollution or deforestation.
In the late 1990s, researchers discovered that frogs in both Australia and Panama were infected with a deadly fungus, which they named Batrachochytrium dendrobatidis — Bd, for short.
The fungus turned up in other countries, but studies of its DNA suggest that Bd originated on the Korean Peninsula. In Asia, amphibians seem impervious to Bd, but when it got to other parts of the world — probably via the international trade in pet amphibians — the pathogen reached hundreds of vulnerable species.
Amphibians are infected with Bd by contact with other animals or by spores floating in the water. The fungus invades skin cells and multiplies. An infected frog’s skin will start to peel away as the animal grows sluggish. Before it dies, a frog may manage to hop its way to a new stream or pond, spreading the fungus further.
In 2007, researchers speculated that Bd might be responsible for all known declines of frogs that had no other apparent cause — about 200 species. For the most part, however, scientists studied Bd at the local level, looking at its impacts on particular species in particular places.
“We knew that frogs were dying all around the world, but no one had gone back to the start and actually assessed what the impact was,” said Benjamin Scheele, an ecologist at Australian National University and the lead author of the new study.
In 2015, Dr. Scheele and his colleagues gathered data from over 1,000 published papers on Bd, and traveled around the world to meet with experts and hear their unpublished observations.
Not only did the team analyze data on living amphibians, but they also looked at data from museums, where scientists found Bd DNA embedded in preserved specimens tucked away in cabinets.
The new study showed that some amphibians are at greater risk than others.
The fungus thrives in cool, moist conditions. As a result, frogs that live in cloud forests on mountainsides have been hit particularly hard.
Espada’s marsupial frog, near the Gocta Waterfall in the Chachapoyas province of Peru.CreditTiffany Kosch
Big frogs are at a greater risk, too, possibly because they don’t multiply as quickly as small ones.
Dr. Scheele and his colleagues identified 501 species in decline, far greater than the previous estimate of 200. Certain factors once thought to account for the decimation of frog populations — like climate change and deforestation — are not the greatest threats, the scientists found.
“A lot of those hypotheses have been discredited,” said Dr. Scheele. “And the more we find out about the fungus, the more it fits with the pattern.”
As it turns out, Bd wiped out some species long before it was discovered. Only by going back to museum specimens were scientists able to estimate the toll. “It’s scary that so many species can become extinct without us knowing,” said Dr. Scheele.
The decimation of frogs peaked in the 1980s, the researchers found, a decade before the discovery of Bd. Today, 39 percent of the species that suffered population declines in the past are still declining. Twelve percent are showing signs of recovery, possibly because natural selection is favoring resistant animals.
As dire as the study’s results turned out to be, Dr. Scheele is guardedly optimistic about future wildlife outbreaks. The element of surprise may have had a lot to do with Bd’s devastating success.
“It wasn’t expected or predicted, and so it took the research community a long time to catch up,” said Dr. Scheele.
In 2013, researchers discovered that a related fungus was attacking fire salamanders in Belgium. Called Batrachochytrium salamandrivorans (Bsal for short), it seemed poised to do to salamanders what Bd has done to frogs.
But this time, things are playing out differently.
Researchers discovered the outbreak and identified Bsal quickly. They immediately began running experiments to understand the threat it posed. Thanks to barriers to trade now in place, Bsal has yet to threaten another species anywhere.
“We’ve learned, and we’re dealing with it better,” said Dr. Scheele. “I guess the question is always, ‘Are we doing enough?’ And that’s debatable.”
There’s still plenty of reason to worry about outbreaks to come. Bd has yet to reach New Guinea, home to a wealth of amphibian species found nowhere else on Earth.
If a Bd-infected frog got to either place — through the pet trade, or as an accidental stowaway — the fungus would have a vast number of vulnerable hosts to attack.
“It could be a meltdown of the ecosystems over there,” said Daniel Greenberg, a graduate student at Simon Fraser University and co-author of the Science commentary.
The loss of frogs can alter entire ecosystems.
Without tadpoles to guzzle algae, blooms may choke streams. Without frogs to eat insects, some disease-carrying species may become more common. Birds and other predators that eat frogs have to find alternatives.
Scientists are not even resting easy about the species that have emerged intact from the Bd assault. Another strain of Bd, or some different species of fungus altogether, may prove to be even deadlier.
“It’s just Russian roulette, with moving pathogens around the world,” said Dr. Scheele.
Correction: March 28, 2019
An earlier version of this article, using information provided by a researcher, misstated the extent of the spread of a fungus that kills frogs. It has spread to Madagascar; it is not the case that the island country remains free of the fungus.
Carl Zimmer writes the “Matter” column. He is the author of thirteen books, including “She Has Her Motherʼs Laugh: The Powers, Perversions, and Potential of Heredity.” @carlzimmer • Facebook
HackerNewsBot debug: Calculated post rank: 118 - Loop: 180 - Rank min: 100 - Author rank: 41
#about #americans #analyzes #care #cato institute #don #emily ekins #investigations #most #oan newsroom #paul manafort #pollster #president trump #probes #robert mueller #russia probe #says #special counsel robert mueller #the hill #trump
Very few people have heard of them, but "dev-fused" iPhones sold on the grey market are one of the most important tools for the best iOS hackers in the world.
Article word count: 3948
HN Discussion: https://news.ycombinator.com/item?id=19321270
Posted by runesoerensen (karma: 25457)
Post stats: Points: 154 - Comments: 34 - 2019-03-06T18:30:12Z
#HackerNews #apples #code #hackers #iphones #most #prototype #research #sensitive #that #use
Mathew Solnik stood next to two of the best iPhone hackers in the world and addressed the question the hundreds of people watching him were all wondering.
“The white elephant in the room: How exactly did we get it?” Solnik, a well-known security researcher, said as he wrapped up one of the most anticipated talks at the Black Hat security conference in Las Vegas in early August 2016. In attendance, among hundreds of security professionals and hackers, were researchers from a company that sells iPhone-cracking services to cops around the world, and Apple’s own employees.
The thing that his team had been able to analyze for the first time was the iPhone’s Secure Enclave Processor (SEP), which handles data encryption for the iPhone. How they were able to do this was a valid question given Apple’s notorious secrecy, and the fact that the SEP is one of the most important and most closely guarded components of the iPhone, the most secure smartphone on the market.
“Well, you get to ask us next time we talk,” Solnik added. (Solnik said the same when I approached him after the talk.)
There was no next time: The team has never publicly discussed its methods.
Now, more than two years later, Motherboard has learned how the team did it. During our investigation, we also discovered how other iPhone hackers research the most secure components and processes of the device.
“Itʼs kind of the golden egg to a jailbreaker.”
Solnik’s team used a “dev-fused” iPhone, which was created for internal use at Apple, to extract and study the sensitive SEP software, according to four sources with specific knowledge of how the research was done. Dev-fused devices are sometimes called prototypes in the security research industry. They are essentially phones that have not finished the production process, or have been reverted to a development state.
In other words, they are pre-jailbroken devices.
These rare iPhones have many security features disabled, allowing researchers to probe them much more easily than the iPhones you can buy at a store. Since the Black Hat talk, dev-fused iPhones have become a tool that security researchers around the world use to find previously unknown iPhone vulnerabilities (known as zero days), Motherboard has learned.
Dev-fused iPhones that were never intended to escape Apple’s production pipeline have made their way to the gray market, where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers. Using the information gleaned from probing a dev-fused device, researchers can sometimes parlay what they’ve learned into developing a hack for the normal iPhones hundreds of millions of people own.
During Motherboard’s months-long investigation, I spoke to two dozen sources—security researchers, current and former Apple employees, rare phone collectors, and members of the iPhone jailbreaking scene—about the underground trade of dev-fused iPhones and their use in the iPhone hacking community. I used one of these devices and obtained “root” access on it, giving me almost total control over the phone; gaining root access allows researchers to probe many of the phone’s most important processes and components. And I learned that these devices are used by some of the highest-profile companies and independent experts that research and hack iOS to find valuable bugs that may later be exploited by governments and law enforcement agencies.
A dev-fused iPhone, connected to a Mac with a special cable, boots up. (Image: Motherboard)
At BlackHat, Solnik and his two former colleagues David Wang and Tarjei Mandt—also known as Planetbeing and Kernelpool in the iPhone jailbreaking community—blew the doors off the SEP with the impressive and technical talk, which delved into, for example, how the phone’s application processor and SEP communicate using a “secure mailbox,” the SEP’s “bootflow,” and the specific “opcodes” that Apple uses to read information from the processor.
For iPhone hackers, the presentation was a godsend. At the time, Patrick Gray, who hosts an influential infosec podcast, described it as a “how2pwn guide” for the SEP, and thus, the iPhone.
One reason the iPhone is so hard to hack is that Apple makes it almost impossible to study how the SEP and other key components work. That’s because the SEP operating system is encrypted, and—in theory—cannot be extracted or reverse engineered from a regular iPhone. But from a dev-fused device it’s possible, and has been repeated since Solnik’s talk by other researchers.
“Wish I could say that they succeeded in pwning the system, but like many in the field [Solnik’s team] leveraged specific prototypes,” an iPhone jailbreaker who asked to be identified as Panaetius told Motherboard. Panaetius did not want to be identified given that he has also used dev-fused devices and is worried Apple may go after him.
A person who formerly worked in Apple’s security team told Motherboard that he approached Wang after the talk at the conference. When he asked Wang how they managed to study the SEP, Wang told him that “Solnik got a dev-phone and dumped the firmware through standard Apple tools.”
An independent iOS security researcher, who spoke on condition of anonymity in order not to damage his reputation within the jailbreaking community, said “Solnik was full of dev-fused [iPhones],” at the time of the SEP talk.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
Another iOS security researcher, who also asked not to be identified, said he saw Solnik’s dev-fused devices and the proprietary cables used to work on them in the lead up to the SEP talk at Black Hat.
Solnik, Wang, and Mandt, did not respond to multiple requests for comment. (At the time of the talk, Wang and Mandt were working for Azimuth, an Australian company that provides top-end hacking tools to governments such as the USA, Canada and the UK. Solnik had just left Azimuth.) Solnik was the subject of an episode of Phreaked Out, Motherboard’s 2014 documentary series about hacking.
At the time, they may have been the first ones to get to the SEP, but thanks to the proliferation of dev-fused iPhones, others have repeated their feat. Lisa Braun, a pseudonymous independent iOS researcher, recently claimed to have dumped the SEP from an iPad Air 2 prototype.
And he is not the only one.
A few dev-fused iPhones.
A few dev-fused iPhones, collected by Giulio Zompetti. (Image: Giulio Zompetti)
According to five sources in the iPhone hacking world, Cellebrite, a forensic firm that sells devices that can unlock iPhones, has purchased and used dev-fused devices to develop its products. Cellebrite did not respond to a request for comment.
Chris Wade, the cofounder of Corellium, a startup that sells a product that allows users to create virtual instances of almost any iOS device in the world, has also gotten his hands on these devices, according to three sources in the iPhone hacking world and three sellers.
Wade, who is known as cmw in the jailbreaking community, told Motherboard he has never purchased a dev-fused device. He admitted having “played” with them at a conference, but denied using them in the development of Corellium. (In a 2016 tweet, however, Wade joked about owning “iPhone prototypes.”)
“I want to be 100 percent clear we didn’t/don’t use dev phones @ Corellium. We don’t buy stolen Apple stuff!” Wade told Motherboard in an online chat. “I spent years working on Corellium and we never needed them. Using stolen dev phones is 100 percent the best way to get Apple to sue you or just fuck your life up.”
Before Solnik’s Black Hat talk, Apple had yet to provide decrypted kernels to the public. Analyzing the kernel is a key step to hacking the iPhone and to understanding how iOS really works under the hood. And these dev-fused iPhones, available on the gray market for four or five figures, are the perfect tool to do that.
“If you are an attacker, either you go blind or with a few thousand dollars you have all you need,” Luca Todesco, one of the most well-known iOS security researchers in the world, told Motherboard, referring to people who buy dev-fused iPhones. “Some people made the second choice.”
Other researchers in the community told Motherboard that dev-fused devices are widely used in the iPhone hacking scene by researchers looking for zero day vulnerabilities.
As Mandt put it in a Tweet in July of 2017, “anyone with a bit of effort and money can get hold of a switchboard device.” (“Switchboard devices” are another term for some dev-fused phones, which refers to the proprietary operating system they run.)
While the devices are indeed rare, if you go looking for them, they’re not hard to find.
“I’m here,” he texted me as I nervously looked around in the crowd of people criss-crossing a busy street in downtown Manhattan.
I looked up and saw a slender man with long dark hair, a colorful hat; and—of course—he was holding an iPhone. I followed him to his workshop nearby. To open the door, he used a fingerprint reader that he said he made and programmed himself. Inside the workshop, there’s a handful electric skateboards, two fish tanks, and a sign that reads “If you taka my space I breaka your face.”
The man is one of the few people in the world who openly advertises and sells dev-fused iPhones. He has a Twitter account called “Apple Internal Store,” but doesn’t share his real name because he is concerned Apple may go after him. He openly advertises dev-fused and other prototype iPhones for sale: One type of dev-fused iPhone X costs $1,800, for example. After reaching out on Twitter, he agreed to meet with me.
The seller said he’s sold to several security researchers, and believes that many big security firms that hack iPhones have them.
“Those people they don’t care about money. They donʼt care about the price.” he said. “Whatever it is, the company buys it.”
He’s defensive when I ask how he got the phones.
“Well, I didn’t steal any device. I actually paid for them,” he said as he showed off a bunch of dev-fused devices. “As long as you don’t break [Apple’s] balls, or show an iPhone 11 prototype, or an unreleased device, they’re most likely cool with that.”
On the back of dev-fused iPhones seen by Motherboard, there’s a QR-code sticker, a separate barcode, and a decal that says “FOXCONN,” referring to the factory that makes iPhones and other Apple products. Otherwise, the phones look like normal iPhones. That standard iPhone experience ends when the phone is turned on. When booted up, you briefly see a command line terminal. And then when it loads, gone are the sleek icons and colorful backgrounds of iOS. The phone boots into an operating system known as “Switchboard,” which has a no-nonsense black background and is intended for testing different functionalities on the phone. The home screen is populated with icons for apps with names like MMI, Reliability, Sequencer, and Console, an app that allows you to open a command line terminal inside the iPhone.
An iPhone dev-fused device
An dev-fused iPhone mounted on a rig. (Image: Motherboard)
Clicking through these apps is at times frustrating as they’re made to be used via the command line terminal while connected to a computer. Most of them cannot be closed by tapping or swiping, meaning the phone needs to be turned off and back on to get back to the home screen. Switchboard’s apps suggest a playfulness that Apple doesn’t always let through on iOS. The icon for “Reliability” features a doge (from the meme) playing a musical keyboard. The app itself allows you to test the functionality of the phone’s cameras, speakers, microphone, battery, and ambient light sensors, among other functionalities. An app called “Ness” features the lead character from Nintendo’s game Earthbound. Though the iPhone wiki speculates it could be used to test the phone’s temperature; when I try to launch it, the phone turns off. An app called “Sightglass” used to have the logo for a San Francisco coffee roaster by the same name; it has been changed to a matrix of colored dots.
You can’t do too much with the phone on its own. But once you connect it to a Mac with a proprietary Apple USB cable called “Kanzi,” which can cost around $2,000 on the gray market, you are able to use other internal Apple software (that is widely shared in the jailbreaking community) to get root access on the phone and burrow deep into its software and firmware. The special cable is required because Apple uses a proprietary protocol for accessing certain data within the iPhone to debug the kernel and other hard-to-reach components.
Two people showed Motherboard how to get root access on the phone we used; it was a trivial process that required using the login: “root” and a default password: “alpine.”
Not all dev-fused devices look normal, though. Some of them come mounted on clunky-looking metal rigs that allow you to open them up like a pizza box to inspect the phone’s guts, look at the battery, motherboard, and other internal parts. One that I saw had external wires running from the rig to the inside of the device; the rig itself had what looked like RF connector ports attached to those wires, as well as external, metal volume and power buttons.
Once I started looking for dev-fused iPhones, they weren’t that hard to find, provided you’re willing to shell out a few thousand bucks and aren’t worried about potentially pissing off Apple. Besides Apple Internal Store, there are other Twitter accounts that openly advertise them.
Screenshot of a tweet from Jin Store
A screenshot of an advertisement on Twitter from Jin Store for an iPhone X prototype.
The owner of the Twitter account Jin Store, which claims to sell dev-fused or prototype iPhones, shared their catalog with Motherboard. A dev-fused iPhone 8 Plus costs $5,000, an iPhone XR $20,000, and an older iPhone 6 costs $1,300 (there are several different types of dev-fused devices that have different levels of security and varying features on them. The price of the dev-fused device depends on the security and features it includes.)
In a conversation via WeChat, Jin said that they personally know Solnik, but declined to say whether he was a customer.
The person behind another dev-fused store that advertises on Twitter, who goes by Mr. White, said he has “almost all” iPhone models. He also claimed to have sold “a lot of” dev-fused iPhones to security researchers.
“I donʼt know how to get SEPROM,” Mr. White told me in an online chat, using another technical term for the SEP. “But I know that their research needs my equipment.”
THE DEVICES THAT ESCAPE SHENZHEN
Though it’s possible to buy dev-fused iPhones from various sources, it’s not like there’s a huge supply of them. Outside of Apple and the security research industry, these devices are almost a complete unknown. Even finding any substantial online references to the term dev-fused is difficult.
In a Hacker News thread prompted by a Motherboard investigation on the iPhone bug bounty program, former iPhone jailbreaker and current security researcher Will Strafach wrote that “Apple has dev-fused devices which use separate development certificates and keys.” An entry in the unofficial iPhone wiki also briefly mentions prototype devices. The page is introduced by a big red rectangle that warns readers that “acquiring a copy [of internal Apple software] without Appleʼs consent is illegal and may result in being scammed.”
The day after Solnik, Mandt and Wang’s talk, Apple’s head of security Ivan Krstić also spoke at Black Hat. A single line of his presentation slides referred to “development fused” iPhones, though he didn’t actually mention them during his talk. As far as we know, that’s the only time Apple has publicly acknowledged their existence. An Apple spokesperson declined to discuss these devices with Motherboard.
When reached via Twitter, Krstić said that he could not talk about anything work related, and instead joked I could ask him about his “borderline-encyclopedic knowledge about preparing steak.”
But despite being essentially a secret from the public, security researchers and hackers have known about and used these devices for years.
“They are very popular among security researchers,” said a person who’s familiar with the supply chain of smuggled iPhones in China, who spoke on condition of anonymity to avoid putting his associates in China at risk. “I’ve had a number ask me and say they were willing to pay a significant amount of money to get dev phones.”
“They are stolen from the factory and development campus.”
Andrew “Bunnie” Huang, a well-known hardware security researcher who wrote the ultimate guide to Shenzhen’s electronics markets, told Motherboard that he has seen some of these devices in China. Few people know exactly how they get from Foxconn, which manufactures iPhones, to Shenzhen’s markets. But they find a way there.
“They are stolen from the factory and development campus,” a person who sells these devices on Twitter told Motherboard.
At times, Huang said, even the people who sell dev-fused devices in Shenzhen aren’t aware of how valuable they can be to hackers and security researchers.
“The gray market guys donʼt even know what they sit on half the time,” Huang said in an online chat. “They are just trading trash for cash.”
“It gives you a new attack surface thatʼs not as heavily fortified,” Huang added. “They donʼt put the metaphorical lock on the door until the walls are built on the house, so to speak.”
Giulio Zompetti uses a dev-fused iPhone.
A couple of dev-fused devices, collected by Giulio Zompetti. (Image: Giulio Zompetti)
To be more technical, and unlike the iPhones you can buy at the Apple store, called “prod” or “production fused,” these devices allow their owners to boot into Switchboard. This software allows researchers to hack and reverse engineer different components of iOS. These would be usually off limits without hard-to-get vulnerabilities and a jailbreak, which is worth millions of dollars in today’s zero-day market.
“Prod fused means there’s a specific pin on the board that is ‘blown’ in the production phase. The board checks that pin to see if the device is prod or not,” a former Apple employee who wanted to remain anonymous because he is bound by a non-disclosure agreement, told Motherboard. “If it isn’t, and the firmware is dev version, then certain features are enabled.”
With a proprietary Apple cable and the right skills, they’re the perfect iPhone hacker’s playground.
In 2017, Motherboard reported that the best iPhone hackers in the world did not want to report bugs to Apple, even after the company promised six-figure rewards. One of the complaints the researchers had was that it was incredibly hard to find bugs without already knowing about other bugs. In other words, security researchers need iOS bugs—those that allow them to jailbreak the device and disable security features—just to be able to do their research. If independent researchers were to report bugs to Apple, in their view, they could lead Apple to fix the flaws they rely on to find other bugs.
At the time, some of the researchers said that it’d be better if Apple gave them “developer devices.”
As it turns out, some already had them.
“Itʼs kind of the golden egg to a jailbreaker,” according to Panaetius, who said he’s bought and re-sold several dev-fused devices. “Here’s a device where you can slap all the security mechanisms out of the way. Because there are still security mechanisms on a development fused device, but you can kind of just push them.”
iPhone hackers, however, are not too keen to discuss the fact that they use them. Some told me that using them is like “cheating,” and others swore to me that they have never used them because it’d be perceived in the scene as being lame.
“Many folks are very wary of these. Just because many do not want to deal with Apple’s allegedly vicious legal folks,” a security researcher who has been in the jailbreak community for years, and asked to be anonymous to discuss sensitive issues, told Motherboard.
Others aren’t nearly as concerned.
Giulio Zompetti, who calls himself a collector of iPhone prototypes, told me he has 14 dev-fused iPhones, as well as some iPods and iPads. He showed me many of them on a video chat.
He said that while he plays around with his dev-fused devices, he doesn’t hack them—he only collects them.
“For me it’s a bit of an investment. The older they are, the harder it is to find them,” Zompetti said in a phone call. “It’s just fun. The search of something that by itself is really hard to get.”
“The goal is to reconstruct history,” Zompetti told me as he showed me some of his pieces, including an iPhone 5S that he said was dated just a couple of months after the release of the iPhone 5, the previous model.
Another collector who showed me pictures of his devices told me they have too many devices to count.
Mathew Solnik poses during a demo of a hacking technique for Motherboard’s 2014 documentary Phreaked Out. (Image: Motherboard)
Apple is well aware of the fact that dev-fused devices get traded around, according to five sources within and outside the company. Several sources both inside Apple and in the jailbreaking community believe that Apple has ramped up its efforts to keep these devices from escaping Foxconn and to go after people who sell them. It’s no surprise Apple knows that researchers covet these—some of them have even poked Apple publicly. Back in 2016, Solnik teased his great breakthrough on Twitter weeks before his Black Hat talk.
“Who wants to see a security team jump?” he tweeted, along with a screenshot of a terminal window that showed Solnik had been able to obtain the Secure Enclave Processor firmware. “I’ll just leave this here.”
The precise step-by-step of how Solnik, Wand, and Mandt, were able to decrypt and reverse engineer the firmware has never been discussed publicly. Their talk, however, was enough to attract Apple’s attention and boost the speakers’ careers and reputation within the iPhone security research community.
A tweet from Mathew Solnik
Mandt is still at Azimuth, whereas Wang moved to Corellium. Solnik, on the other hand, is himself a bit of a mystery. At the time of the SEP talk, he was heading his own startup, called OffCell, which was founded with the goal of becoming a government contractor providing offensive security tools and exploits to governments, according to several sources who know Solnik.
In 2017, however, Solnik was hired by Apple to work on its security team, specifically on the so-called red team, which audits and hacks the company’s products. His talk at Black Hat had apparently impressed the folks at Cupertino. A few weeks later, however, he abruptly left the company, according to multiple sources.
The full story of Solnik’s short stint at Apple is a closely-guarded secret. Motherboard spoke to dozens of people and was unable to confirm the specifics around his leaving the company; one source within Apple told me information about Solnik is “incredibly restricted,” and another confirmed that even within Apple, few know exactly what happened.
Apple repeatedly declined to comment or respond to any questions regarding Solnik, but did not deny that Solnik worked there.
In any case, the underground market for dev-fused iPhones is now flourishing. And, for now, Apple doesn’t seem able to stop the flood, despite the fact that these leaks are fueling a growing industry of iPhone hacking companies.
“To be honest everyone benefits from Apple’s lousy supply chain management,” Viktor Oreshkin, an iOS security researcher, told Motherboard in an online chat. “Except Apple, obviously.”
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.
14. https://twitter.com/cmwdotme/status/793829482851434497" target="_blank">https://web.archive.org/save/https://twitter.com/cmwdotme/status/793829482851434497
42. https://twitter.com/msolnik/status/742546465847840768" target="_blank">https://web.archive.org/save/https://twitter.com/msolnik/status/742546465847840768
HackerNewsBot debug: Calculated post rank: 114 - Loop: 391 - Rank min: 100 - Author rank: 198
We take a look at the differing firearm regulations in each country and take into account potential factors that could have an effect on this trend.
Article word count: 2496
HN Discussion: https://news.ycombinator.com/item?id=19297132
Posted by egusa (karma: 464)
Post stats: Points: 109 - Comments: 102 - 2019-03-03T21:45:17Z
#HackerNews #gun #guns #laws #lives #most #take #the #where
A study released last year revealed that just six countries make up over half of all gun-related deaths, and they’re all in the Americas. Topped by Brazil with 42,000 deaths, the macabre list is followed by the United States, Mexico, Colombia, Venezuela and Guatemala.
One in four people murdered annually is a Brazilian, Colombian, Mexican or Venezuelan, reported the Igarape Institute, and although Latin America only holds 8% of the world’s population, 38% of the world’s murders occur on the continent. Between 2000 and 2006 in South America, 53% of all murders were committed with a firearm, a statistic which skyrockets to 78% in Central America. The global average is 32%.
Why are firearm deaths so prevalent in these six countries? We take a look at the differing firearm regulations in each country and take into account potential factors that could have an effect on this trend.
Despite ex-President Lula Da Silva’s attempt to place stronger restrictions on gun ownership in 2003, a 2005 referendum showed that 64% of Brazilians did not want to ban the sale of guns and ammunition to civilians. Newly-inaugurated President Jair Bolsonaro used this as leverage to sign new legislation in January making it much easier to obtain and use firearms. The reason, Bolsanaro explained according to Reuters, is “to guarantee citizens’ legitimate right to defense.”
Some constraints from previous legislation do still apply, such as restricting the purchasing age to 25. To obtain a permit it is also necessary to pass a psychological test, maintain consistent employment, show proof of a fixed residence and a clean criminal record.
However, Bolsonaro’s new legislation created new categories that warrant citizens’ possession of a firearm in their house or business. These include gun collectors, hunters, those living in rural or urban areas with high homicide rates, as well as those responsible for commercial or industrial establishments. The new measure is temporary and will have to be ratified by congress within 180 days.
Brazil has one of the highest murder rates in the world, with 27.8 people in each 100,000 murdered in 2016 and 19.4 of those being deaths caused by firearms, reported a JAMA report on Global Mortality from Firearms.
A 2015 Map of Violence commissioned by ex-President Dilma Rousseff found that there were around 15 million guns in Brazil (eight per 100 residents), with 6.8 million legally registered and 8.5 million illegal firearms. The study estimated that at least 3.8 million were in the hands of criminals.
The Economist stated that rapid urbanisation and inequalities in wealth distribution were some of the largest factors in violent crime, and as one of the most unequal countries on the planet, Brazil backs up this claim. A UNESCO study states that between 2006 and 2013, the top 1% of the richest people in Brazil accrued 25% of all incomes. The Igarape study on Citizen Security in Latin America reported that 90.6% of Brazilian citizens live in cities, and that of the 50 most murderous cities on earth in 2016, Brazilian cities occupied 27 places on the list.
Article 10 in the Mexican Constitution states that Mexicans “have the right to possess firearms in their home, for their security and legitimate defense, with exception to those prohibited by Federal Law.”
A member of the Mexican security forces. Photo courtesy of Pixabay.
In order to legally acquire a gun, an individual must obtain a one-year gun permit within 30 days of purchasing a firearm. Requirements for this include being 18-years old, passing mental and physical capacity tests, having fulfilled military service. and holding no criminal convictions. The gun owner must also be part of a shooting club, can get permits for up to 10 weapons and can only buy ammunition for the calibres of guns owned.
However, there is a loophole. In a country of nearly 132 million people, there is only one shop that sells firearms, which is located in Mexico City. Despite this limiting factor, Small Arms Survey reported that in 2017, Mexico had 12.9 guns per 100 civilians, although of the 16,809,000 guns estimated in circulation in that year, only 3,118,592 were legally registered.
This high level of unregistered firearms has been attributed to Mexico’s proximity with the United States, as thousands of gun retailers sit just over the border. A report on gun trafficking between the US and Mexico revealed that almost 90% of the guns recovered and identified from Mexican crime scenes can be traced back to firearm dealers in the neighbouring country.
The Central American country is notorious for its rising crime rates, and Reuters reported that 2018 was the most violent year in Mexican history with over 34,000 homicides. This has been attributed, in part, to struggles between splintered drugs cartels and conflict over the rising market of stolen fuel.
In Colombia, according to article 233 of the National Constitution, only the government can control the distribution and fabrication of arms, as well as exercising the right to give licences.
To legally acquire a firearm, an individual must be over 18, and will have to prove that the weapon is either necessary for self-defense or is required for their profession. A permit is valid for 10 years, which requires the applicant to pass a background check which considers mental health, physical health as well as criminal and addiction records.
However, although possession of guns in the home is allowed, in 2015, then-President Juan Manuel Santos signed a decree that suspended civilian’s ability to carry guns. Due to a subsequent “decreasing trend in homicides and injuries caused by firearms,” this was extended year-by-year, however, on December 24, 2018, President Iván Duque added exceptions to the decree.
Decree 2652 will allow the Ministry of Defense more flexibility to give carry permits “for urgent or security reasons […] taking into account, among other factors, the individual conditions of each application.” Publimetro reported that special evaluation committees will be created in order to provide carry permits, which will also be subject to quarterly assessments.
The JAMA report states that in 2016 there were 25.9 deaths by firearm per 100,000 people. Gun violence remains problematic in the country, as there is a large disparity between registered and illegal guns in Colombia. The country is estimated to have 4,971,000 guns in circulation, but only 706,210 of them are registered with the Ministry of Defense.
Despite its gun woes, Colombia has come a long way from the 1990s when it held the title as “most dangerous country in the world,” and Forbes estimated that there were 300 murders per 100,000 inhabitants.
In Venezuela, civilians are not allowed to possess weapons of war, although what this refers to is not specifically defined. Handguns are allowed under licence, and automatic and semi-automatic guns are not specifically prohibited and may be allowed at the discretion of the authorities.
In 2002, Congress passed the Law of Disarmament, which aimed to collect illegal weapons as well as prohibiting them in public spaces and where alcohol is sold.
It also raised the age for gun possession to 25, as well as added certain prerequisites such as a clean criminal record, passing a psychological exam, gaining a training certificate, and showing legal proof of purchase of the firearm. Gun permits must be renewed every two years and holders may only have one gun with 50 bullets per year.
Nicolas Maduro created another disarmament campaign when he came into power in 2013, where citizens were encouraged to hand in their unlicensed guns, and according to Noticias 24 over 26,000 guns were destroyed in 2014.
However, as the country entered into crisis, the government stopped releasing official data. The JAMA study states that there are 18.5 guns per 100 citizens, and estimated the amount of guns in the country at 5,895,000 although there is no data available to determine how many of these are legally registered with the government.
The Igarape study also revealed that Venezuela is internally perceived as one of the most dangerous countries, as only 14% of citizens said they felt safe. In 2015, the study continued, just 19% of Venezuelans reported being confident in the police – the lowest score of any country on the planet.
The Economist stated that perceived danger and a lack of trust in security forces are influencing factors for increased gun use in society, as citizens feel they need to take matters into their own hands. JAMA reported that there are 38.7 firearm deaths per 100,000 people, the second highest among these six countries.
At least 17 of the top most violent countries in the world are Central American or Caribbean, and Guatemala is no exception. It is one of the most dangerous countries on this list, with 32.3 deaths by firearm per 100,000 residents, and as of 2016, the capital city of Guatemala was ranked the 9th most homicidal in the world.
Guatemalan law states that “all citizens have the right to have firearms in their place of living,” although they can only be acquired by licensed gun owners. No reason is required to possess a firearm, but owning one for personal security reasons does require government approval. Minimum age is not defined for gun ownership, although there is a minimum age of 25 for carrying firearms, and across the country there are 12.1 firearms per 100 civilians.
A gun licence requires proof that the applicant does not suffer from any mental illnesses, that they haven’t deserted either the Guatemalan army or police force, and they must have a clean police record. Carrying guns in public places is permitted with a license.
Across Latin America there are more private security guards than police officers – Igarape puts the ratio at 3.8 million private guards to 2.6 million police officers. In Guatemala, this is even more pronounced, as 120,000 private guards massively outnumber the 19,900-strong police force. A lax public attitude to vigilante behaviour also exists, as over 30% of Guatemalans agree with “taking the law into their own hands.”
The United States is the only developed country on the list, yet still has a high rate of firearm death at 10.6 per 100,000 citizens. This is higher than other wealthy nations which have similar gun laws, such as Canada (2.1) and much higher than the United Kingdom’s 0.3 or Japan’s 0.2, whose firearm regulation is much stricter.
Another difference, which also follows the trend of developed countries, is that most gun deaths (6.5 per 100,000 citizens) were suicides, whereas globally they are more likely to be homicides.
The rest of the countries on this list have “restrictive” gun regulation, according to Gun Policy, whereas in the United States, it is “permissive.”
The right to bear arms is an intrinsic part of the United States constitution, and owning semi-automatic guns and handguns is permitted without a license in almost all states. Fully automatic weapons, however, are subject to federal licensing and registration. The age restriction is 18-years old for rifles and shotguns, and 21-years for other types of firearm.
Individuals are not allowed to bear arms if they have been sentenced to a year of imprisonment in a federal court or two year’s imprisonment in a state court, unless the crime was due to regulation of business practices. The right to own a firearm is also not permitted if the buyer has been convicted of domestic violence or have been discharged under dishonorable conditions from the US armed forces.
The Small Arms Survey reports that there are more guns than civilians in the United States, with 120.5 guns per 100 citizens. That adds up to an estimated 393.3 million guns, of which only 1 million are registered. This is due to the fact that guns don’t need to be registered upon purchase in most states.
Guns have symbolic, cultural, and economic importance in the United States, where ownership provides a sense of security, allows participation in traditional sports such as hunting, and the industry employs hundreds of thousands of Americans, reported RAND research and analysis group.
Normally, as a country becomes wealthier and develops stronger governmental institutions, the rate of firearm death reduces, but this is not the case for the United States. The Harvard School of Public Health (HSPH) suggests there is a simple answer to this: “where there are more guns there is more homicide.”
“With less than 5% of the world’s population, the United States is home to roughly 35–50 per cent of the world’s civilian-owned guns,” the Small Arms Survey stated in 2007. “[…] Therefore, any discussion of civilian gun ownership must devote disproportionate attention to the United States.”
Is there a correlation between gun regulation and firearm deaths?
All the Latin American countries on the list have restrictive gun policies, but this is counteracted by large amounts of unregistered and illegal firearms, and in Mexico’s case, guns trafficked from the U.S.
The Economist reported that Latin America is the most urbanised part of the developing world. This recent and concentrated movement of people from the countryside to urban areas has been dogged by inequality, unemployment, poor government services and easy access to firearms. This created a fertile breeding ground for violence, which was left unchecked by government security forces who never managed to gain citizen’s trust.
For the United States, the situation is a little different. According to a 2018 Gallup poll, only 15% of Americans have very little or no confidence in the police, with 54% having a “great deal/quite a lot” of confidence, making the police force the third most trusted institution in the country. Although income inequality is on the rise in the US according to the 2018 World Inequality Report, it is still far below countries such as Brazil.
Despite this, gun crime remains high. The correlation between high gun ownership and high gun crime could be the primary factor, something which often holds true among wealthy nations even when the US is removed from the equation, reported the HSPH. Among the top 25 countries with the highest firearm-to-civilian ratio, Uruguay was the only country in Latin America to make it on the list.
Ultimately, where there are guns there will be gun crime, and limited regulations are likely to exacerbate the issue. Muggah echoed this sentiment in his criticism of Bolsonaro’s recent loosening of gun laws.
“There is no hard evidence that loosening access to firearms improves public safety or security,” he told Reuters. “By contrast, there is considerable evidence that responsible regulations are associated with reductions in gun-related homicide of civilians and police officers alike.”
The causes of gun crime cannot be limited solely to gun restrictions. However, in developed countries such as the United States, which has much higher rates of gun crime than other wealthy nations with more restrictive policies, it could be a factor to consider. But for Latin American countries, where restrictive policies are already in place, what is clear is a lack trustworthy government institutions and internal security that can effectively monitor gun use.
HackerNewsBot debug: Calculated post rank: 106 - Loop: 82 - Rank min: 100 - Author rank: 12
we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. Most vulnerabilities originate in the base image you selected.…
Article word count: 884
HN Discussion: https://news.ycombinator.com/item?id=19255603
Posted by vinnyglennon (karma: 10948)
Post stats: Points: 196 - Comments: 43 - 2019-02-26T16:24:41Z
\#HackerNews #contain #docker #each #images #least #most #popular #ten #top #vulnerabilities
Welcome to Snyk’s annual State of Open Source Security report 2019.
This report is split into several posts:
Or download our lovely handcrafted pdf report which contains all of this information and more in one place.
DOWNLOAD THE STATE OF OPEN SOURCE SECURITY REPORT 2019!
Known vulnerabilities in docker images
The adoption of application container technology is increasing at a remarkable rate and is expected to grow by a further 40% in 2020, according to 451 Research. It is common for system libraries to be available in many docker images, as these rely on a parent image that is commonly using a Linux distribution as a base.
Docker images almost always bring known vulnerabilities alongside their great value
We’ve scanned through ten of the most popular images with Snyk’s recently released docker scanning capabilities.
The findings show that in every docker image we scanned, we found vulnerable versions of system libraries. The official Node.js image ships 580 vulnerable system libraries, followed by the others each of which ship at least 30 publicly known vulnerabilities.
Number of OS vulnerabilities by docker image
Snyk recently released its container vulnerability management solution to empower developers to fully own the security of their dockerized applications. Using this new capability, developers can find known vulnerabilities in their docker base images and fix them using Snyk’s remediation advice. Snyk suggests either a minimal upgrade, or alternative base images that contain fewer or even no vulnerabilities.
Fix can be easy if you’re aware. 20% of images can fix vulnerabilities simply by rebuilding a docker image, 44% by swapping base image
Based on scans performed by Snyk users, we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. This remediation advise is unique to Snyk. Developers can take action to upgrade their docker images.
Snyk also reported that 20% of docker image scans had known vulnerabilities that simply required a rebuild of the image to reduce the number of vulnerabilities.
Vulnerability differentiation based on image tag
The current Long Term Support (LTS) version of the Node.js runtime is version 10. The image tagged with 10 (i.e: node:10) is essentially an alias to node:10.14.2- jessie (at the time that we tested it) where jessie specifies an obsolete version of Debian that is no longer actively maintained.
If you had chosen that image as a base image in your Dockerfile, you’d be exposing yourself to 582 vulnerable system libraries bundled with the image. Another option is to use the node:10-slim image tag which provides slimmer images without unnecessary dependencies (for example: it omits the main pages and other assets). Choosing node:10-slim however would still pull in 71 vulnerable system libraries.
Most vulnerabilities originate in the base image you selected. For that reason, remediation should focus on base image fixes
The node:10-alpine image is a better option to choose if you want a very small base image with a minimal set of system libraries. However, while no vulnerabilities were detected in the version of the Alpine image we tested, that’s not to say that it is necessarily free of security issues.
Alpine Linux handles vulnerabilities differently than the other major distros, who prefer to backport sets of patches. At Alpine, they prefer rapid release cycles for their images, with each image release providing a system library upgrade.
Number of vulnerabilities by node image tag
Moreover, Alpine Linux doesn’t maintain a security advisory program, which means that if a system library has vulnerabilities, Alpine Linux will not issue an official advisory about it; Alpine Linux will mitigate the vulnerability by creating a new base image version including a new version of that library that fixes the issue, if one is available (as opposed to backporting as mentioned).
There is no guarantee that the newer fixed version, of a vulnerable library will be immediately available on Alpine Linux, although that is the case many times. Despite this, if you can safely move to the Alpine Linux version without breaking your application, you can reduce the attack surface of your environment because you will be using fewer libraries.
The use of an image tag, like node:10, is in reality an alias to another image, which constantly rotates with new minor and patched versions of 10 as they are released.
Docker terminal screenshot
A practice that some teams follow is to use a specific version tag instead of an alias so that their base image would be node:10.8.0-jessie for example. However, as newer releases of Node 10 are released, there is a good chance those newer images will include fewer system library vulnerabilities.
Using the Snyk Docker scanning features we found that when a project uses a specific version tag such as node:10.8.0-jessie, we could then recommend newer images that contain fewer vulnerabilities.
Known vulnerabilities in system libraries
There is an increase in the number of vulnerabilities reported for system libraries, affecting some of the popular Linux distributions such as Debian, RedHat Enterprise Linux and Ubuntu. In 2018 alone we tracked 1,597 vulnerabilities in system libraries with known CVEs assigned for these distros, which is more than four times the number of vulnerabilities compared to 2017.
Linux OS vulnerabilities steadily increasing
As we look at the breakdown of vulnerabilities (high and critical) it is clear that this severity level is continuing to increase through 2017 and 2018.
High and critical vulnerabilities in system libraries
DOWNLOAD THE STATE OF OPEN SOURCE SECURITY REPORT 2019!
HackerNewsBot debug: Calculated post rank: 145 - Loop: 135 - Rank min: 100 - Author rank: 58
At first glance, it’s hard to know what’s happening in this picture. A giant mushroom seems to have sprouted in a factory floor, where ghostly men in...
HN Discussion: https://news.ycombinator.com/item?id=19233706
Posted by lelf (karma: 37588)
Post stats: Points: 128 - Comments: 44 - 2019-02-23T15:29:42Z
\#HackerNews #2016 #chernobyls #dangerous #famous #material #most #photo #radioactive
Artur Korneyev, Deputy Director of Shelter Object, viewing the “elephants foot” lava flow at Chernobyl, 1996. (Photo: US Department of Energy)
At first glance, it’s hard to know what’s happening in this picture. A giant mushroom seems to have sprouted in a factory floor, where ghostly men in hardhats seem to be working.
But there’s something undeniably eerie about the scene, for good reason. You’re looking at the largest agglomeration of one of the most toxic substances ever created: corium.
In the days and weeks after the Chernobyl nuclear disaster in late April 1986, simply being in the same room as this particular pile of radioactive material—known as the Elephant’s Foot—would have killed you within a couple of minutes. Even a decade later, when this image was taken, the radiation probably caused the film to develop strangely, creating the photo’s grainy quality. The man in this photo, Artur Korneyev, has likely visited this area more than anyone else, and in doing so has been exposed to more radiation than almost anyone in history.
Remarkably, he’s probably still alive. The story of how the United States got a hold of this singular photo of a human in the presence of this incredibly toxic material is itself fraught with mystery—almost as much as why someone would take what is essentially a selfie with a hunk of molten radiated lava.
This picture first came to America in the late 1990s, after the newly independent Ukrainian government took over the plant and set up the Chornobyl Center for Nuclear Safety, Radioactive Waste and Radioecology (spelling often gets changed as words go from Russian to English). Soon after, the center invited other governments to collaborate on nuclear safety projects. The U.S. Department of Energy tapped the Pacific Northwest National Laboratories (PNNL)—a bustling science center up in Richland, Washington—to help.
At the time, Tim Ledbetter was a relatively new hire in PNNL’s IT department, and he was tasked with creating a digital photo library that the DOE’s International Nuclear Safety Project could use to show its work to the American public (or, at least, to the tiny sliver of the population that was online back then). He had project members take photos while they were in Ukraine, hired a freelance photographer to grab some other shots, and solicited images from Ukrainian colleagues at the Chornobyl Center. Intermixed with hundreds of images of awkward bureaucratic handshakes and people in lab coats, though, are a dozen or so shots from the ruins inside Unit 4, where 10 years before, on April 26, 1986, a reactor had exploded during a test of the plant turbine-generator system.
As radioactive plumes rose high above the plant, poisoning the area, the rods liquefied below, melting through the reactor vessel to form a substance called corium, perhaps the most toxic stuff on Earth.
Corium flowing like lava through the reactor. The valve was made for steam to move through. (Photo: PNNL library)
Corium has been created outside of the lab at least five times, according to Mitchell Farmer, a senior nuclear engineer at Argonne National Laboratory, another Department of Energy center outside of Chicago. Corium formed once at the Three Mile Island reactor in Pennsylvania in 1979, once in Chernobyl, and three separate times during the Fukushima Daiichi meltdown in Japan in 2011. Farmer creates modified versions of corium in the lab in order to better understand how to mitigate accidents in the future. Research on the substance has found, for example, that dumping water on it after it forms actually does stop some fission products from decaying and producing more dangerous isotopes.
Of the five corium creations, only Cherobyl’s has escaped its containment. With no water to cool the mass, the radioactive sludge moved through the unit over the course a week following the meltdown, taking on molten concrete and sand to go along with the uranium (fuel) and zirconium (cladding) molecules. This poisonous lava flowed downhill, eventually burning through the floor of the building. When nuclear inspectors finally accessed the area several months after the initial explosion, they found that 11 tons of it had settled into a three meter wide grey mass at the corner of a steam distribution corridor below. This, they dubbed the Elephant’s Foot. Over the years, the Elephant’s Foot cooled and cracked. Even today, though, it’s still estimated to be slightly above the ambient temperature as the radioactive material decomposes.
Ledbetter’s not able to remember exactly where he got these images. He compiled the library almost 20 years ago, and the website on which they were hosted is in rough shape; only thumbnails of the images are left. (Ledbetter, who still works at PNNL, was surprised to learn that any of the site was still publicly accessible.) But he’s sure he didn’t hire someone to take photos of the Elephant’s Foot, so they likely were sent in by a Ukrainian colleague.
In 2013, Kyle Hill stumbled across the image, which had been shared several times on the internet in the ensuing years, while writing a piece about the Elephant’s Foot for Nautilus magazine, and tracked it back to the old PNNL site. Following his lead, I went back there to look for more details. After a little digging through the site’s CSS coding, I was able to locate a long-lost caption for the image: “Artur Korneev, Deputy Director of Shelter Object, viewing the ‘elephants foot’ lava flow, Chornobyl NPP. Photographer: Unknown. Fall 1996.” Ledbetter confirmed the caption matched the photo.
Korneev turns out to be an alternate spelling for Korneyev. Artur Korneyev is a dark-humored Kazakhstani nuclear inspector who has been working to educate people about—and protect people from—the Elephant’s Foot since it was first created by the explosion at the Chernobyl nuclear plant in 1986. The last time a reporter spoke to him, as far as I can tell, was in 2014, when New York Times science reporter Henry Fountain interviewed him in Slavutich, Ukraine, a city built especially to house the evacuated personnel from Chernobyl.
A zoomed image of Korneyev
I wasn’t able to locate Korneyev for an interview, but it’s possible to put together clues embedded in the photos to explain the image. I looked through all the other captions of photos similar photos of the destroyed core, and they were all taken by Korneyev, so it’s likely this photo was an old-school timed selfie. The shutter speed was probably a little slower than for the other photos in order for him to get into position, which explains why he seems to be moving and why the glow from his flashlight looks like a lightning flash. The graininess of the photo, though, is likely due to the radiation.
For Korneyev, this particular trip was only one of hundreds of dangerous missions he’s taken to the core since he first arrived on site in the days following the initial explosion. His initial job was to locate the fuel deposits and help determine their radiation levels. (The Elephant’s Foot initially gave off more than 10,000 roentgens an hour, which would kill a person three feet from it in less than two minutes.) Soon after that, he began leading cleanup efforts, sometimes even kicking pieces of solid fuel out of the way. More than 30 workers died from Acute Radiation Syndrome during the explosion and ensuring cleanup. Despite the incredible amount of exposure, Korneyev kept returning inside the hastily constructed concrete sarcophagus, often with journalists in tow to document the dangers.
In 2001, he brought a reporter from the Associated Press back to the core, where the radiation still measured 800 roentgens an hour. In 2009, Marcel Theroux, the celebrated novelist (and son of writer Paul Theroux and cousin of actor Justin Theroux) wrote an article for Travel + Leisure about his trip to the sarcophagus and the mad, maskless guide who mocked Theroux’s anxiety as “purely psychological.” While Theroux refers to him as Viktor Korneyev, it’s likely the man is Artur, as he made the same dark joke he would a few years later in a New York Times article.
His current status is murky. When the Times caught up to Korneyev a year and a half ago, he was helping to plan construction of a $1.5 billion arch that, when finished in 2017, will cap the decaying sarcophagus and prevent airborne isotopes from escaping. In his mid 60s, he was sickly, with cataracts, and had been barred from re-entering the sarcophagus after years of irradiation.
Korneyev’s sense of humor remained intact, though. He seemed to have no regrets about his life’s work. “Soviet radiation,” he joked, “is the best radiation in the world.”
HackerNewsBot debug: Calculated post rank: 100 - Loop: 164 - Rank min: 100 - Author rank: 131
The chief executive officers of two major video game companies have found their way onto a report that uses pay data to call out pay disparities in publicly traded American companies.
Article word count: 444
HN Discussion: https://news.ycombinator.com/item?id=19229502
Posted by smacktoward (karma: 38499)
Post stats: Points: 167 - Comments: 103 - 2019-02-22T21:57:49Z
\#HackerNews #100 #activision #and #blizzard #ceos #featured #most #overpaid #report #the
The chief executive officers of two major video game companies have found their way onto As You Sow’s 2019 report on "The 100 Most Overpaid CEOs", a report that uses pay data to call out pay disparities in publicly traded American companies.
Both Electronic Arts’ Andrew Wilson and Activision Blizzard’s Bobby Kotick have earned spots on this year’s list along with the likes of Walt Disney’s Bob Iger, Netflix’s Reed Hastings, and 96 other high-earning execs. This all comes just a week after Activision Blizzard announced that it would lay off an estimated 800 employees following the close of a record year.
As You Sow takes more than a CEO’s yearly earnings into account when ranking its list, something detailed in full in the full report. In short, the organization looks at factors like total shareholder return and votes against CEO pay packages to calculate the chief execs earning in excess. The methods for calculating that exact excess can be found in Appendix C in the full report as well.
Following that methodology, the group clocked Activision Blizzard CEO Bobby Kotick as number 45 on that ranked list of the most overpaid CEOs. By As You Sow’s data, Kotick is paid $28,698,375 (an excess of $12,835,277 by the organizationʼs estimates). The ratio of Kotick’s pay compared to median worker pay at Activision Blizzard is 301:1.
The median pay ratio for S&P 500 companies is 142.1, while the median pay ratio for the 100 members of As You Sow’s list is 300:1.
Electronic Arts’ Andrew Wilson, meanwhile, is ranked a bit lower on the list as number 98. His yearly take is $35,728,764 (an estimated excess of $19,673,861 as determined by the report), a paycheck that was supported by 97 percent of shareholders’ votes. Though median pay ratio wasn’t used as a metric for ranking those high-earning CEOs, the difference between Wilson’s own pay and that of the median Electronic Arts employer is greater than Kotick’s. As You Sow records that ratio as 371:1.
The gap between median worker pay and CEO pay has ballooned in just the past several decades, as explained in the following quote captured by Axios.
"If you look at the pay of top CEOs relative to workers, that ratio in the 1950s was 20 to 1, was about 30 to 1 by the late ʼ70s, and by the mid-1990s it was 120 to 1," said Robert Reich, former Labor Secretary for President Bill Clinton, during a recent call with Axios and other reporters. ”When I was working in the White House that was a cause of real concern. That ratio seemed appalling to most people. Now it’s 300 to 1."
HackerNewsBot debug: Calculated post rank: 145 - Loop: 128 - Rank min: 100 - Author rank: 65
Every device that you use, every company you do business with, every online account you create – they all collect data about you and analyze it to figure out minute details of your life.
Article word count: 1300
HN Discussion: https://news.ycombinator.com/item?id=19178282
Posted by pseudolus (karma: 11581)
Post stats: Points: 97 - Comments: 73 - 2019-02-16T12:22:47Z
\#HackerNews #americans #can #companies #data #dont #from #most #predict #realize #their #what
Sixty-seven percent of smartphone users rely on Google Maps to help them get to where they are going quickly and efficiently.
A major of feature of Google Maps is its ability to predict how long different navigation routes will take. That’s possible because the mobile phone of each person using Google Maps sends data about its location and speed back to Google’s servers, where it is analyzed to generate new data about traffic conditions.
Information like this is useful for navigation. But the exact same data that is used to predict traffic patterns can also be used to predict other kinds of information – information people might not be comfortable with revealing.
For example, data about a mobile phone’s past location and movement patterns can be used to predict where a person lives, who their employer is, where they attend religious services and the age range of their children based on where they drop them off for school.
These predictions label who you are as a person and guess what you’re likely to do in the future. Research shows that people are largely unaware that these predictions are possible, and, if they do become aware of it, don’t like it. In my view, as someone who studies how predictive algorithms affect people’s privacy, that is a major problem for digital privacy in the U.S.
How is this all possible?
Every device that you use, every company you do business with, every online account you create or loyalty program you join, and even the government itself collects data about you.
The kinds of data they collect include things like your name, address, age, Social Security or driver’s license number, purchase transaction history, web browsing activity, voter registration information, whether you have children living with you or speak a foreign language, the photos you have posted to social media, the listing price of your home, whether you’ve recently had a life event like getting married, your credit score, what kind of car you drive, how much you spend on groceries, how much credit card debt you have and the location history from your mobile phone.
It doesn’t matter if these datasets were collected separately by different sources and don’t contain your name. It’s still easy to match them up according to other information about you that they contain.
For example, there are identifiers in public records databases, like your name and home address, that can be matched up with GPS location data from an app on your mobile phone. This allows a third party to link your home address with the location where you spend most of your evening and nighttime hours – presumably where you live. This means the app developer and its partners have access to your name, even if you didn’t directly give it to them.
In the U.S., the companies and platforms you interact with own the data they collect about you. This means they can legally sell this information to data brokers.
Data brokers are companies that are in the business of buying and selling datasets from a wide range of sources, including location data from many mobile phone carriers. Data brokers combine data to create detailed profiles of individual people, which they sell to other companies.
Combined datasets like this can be used to predict what you’ll want to buy in order to target ads. For example, a company that has purchased data about you can do things like connect your social media accounts and web browsing history with the route you take when you’re running errands and your purchase history at your local grocery store.
Employers use large datasets and predictive algorithms to make decisions about who to interview for jobs and predict who might quit. Police departments make lists of people who may be more likely to commit violent crimes. FICO, the same company that calculates credit scores, also calculates a “medication adherence score” that predicts who will stop taking their prescription medications.
 [IMG]Research shows that people are only aware of predictions that are shown to them in an app’s user interface, and that make sense given the reason they decided to use the app. SIFO CRACHO/shutterstock.com
How aware are people about this?
Even though people may be aware that their mobile phones have GPS and that their name and address are in a public records database somewhere, it’s far less likely that they realize how their data can be combined to make new predictions. That’s because privacy policies typically only include vague language about how data that’s collected will be used.
In a January survey, the Pew Internet and American Life project asked adult Facebook users in the U.S. about the predictions that Facebook makes about their personal traits, based on data collected by the platform and its partners. For example, Facebook assigns a “multicultural affinity” category to some users, guessing how similar they are to people from different race or ethnic backgrounds. This information is used to target ads.
The survey found that 74 percent of people did not know about these predictions. About half said they are not comfortable with Facebook predicting information like this.
In my research, I’ve found that people are only aware of predictions that are shown to them in an app’s user interface, and that makes sense given the reason they decided to use the app. For example, a 2017 study of fitness tracker users showed that people are aware that their tracker device collects their GPS location when they are exercising. But this doesn’t translate into awareness that the activity tracker company can predict where they live.
In another study, I found that Google Search users know that Google collects data about their search history, and Facebook users are aware that Facebook knows who their friends are. But people don’t know that their Facebook “likes” can be used to accurately predict their political party affiliation or sexual orientation.
What can be done about this?
Today’s internet largely relies on people managing their own digital privacy.
Companies ask people up front to consent to systems that collect data and make predictions about them. This approach would work well for managing privacy, if people refused to use services that have privacy policies they don’t like, and if companies wouldn’t violate their own privacy policies.
But research shows that nobody reads or understands those privacy policies. And, even when companies face consequences for breaking their privacy promises, it doesn’t stop them from doing it again.
Requiring users to consent without understanding how their data will be used also allows companies to shift the blame onto the user. If a user starts to feel like their data is being used in a way that they’re not actually comfortable with, they don’t have room to complain, because they consented, right?
In my view, there is no realistic way for users to be aware of the kinds of predictions that are possible. People naturally expect companies to use their data only in ways that are related to the reasons they had for interacting with the company or app in the first place. But companies usually aren’t legally required to restrict the ways they use people’s data to only things that users would expect.
One exception is Germany, where the Federal Cartel Office ruled on Feb. 7 that Facebook must specifically ask its users for permission to combine data collected about them on Facebook with data collected from third parties. The ruling also states that if people do not give their permission for this, they should still be able to use Facebook.
I believe that the U.S. needs stronger privacy-related regulation, so that companies will be more transparent and accountable to users about not just the data they collect, but also the kinds of predictions they’re generating by combining data from multiple sources.
HackerNewsBot debug: Calculated post rank: 89 - Loop: 133 - Rank min: 80 - Author rank: 74
I’ve learned a lot of skills over the course of my career, but no technical skill more useful than SQL. SQL stands out to me as the most valuable skill for a few reasons: It is valuable across…
Article word count: 665
HN Discussion: https://news.ycombinator.com/item?id=19149792
Posted by duck (karma: 21436)
Post stats: Points: 218 - Comments: 119 - 2019-02-13T02:20:40Z
\#HackerNews #most #one #skills #sql #the #valuable
I’ve learned a lot of skills over the course of my career, but no technical skill more useful than SQL. SQL stands out to me as the most valuable skill for a few reasons:
1. It is valuable across different roles and disciplines
2. Learning it once doesn’t really require re-learning
3. You seem like a superhero. You seem extra powerful when you know it because of the amount of people that aren’t fluent
Let me drill into each of these a bit further.
SQL a tool you can use everywhere
Regardless of what role you are in SQL will find a way to make your life easier. Today as a product manager it’s key for me to look at data, analyze how effective we’re being on the product front, and shape the product roadmap. If we just shipped a new feature, the data on whether someone has viewed that feature is likely somewhere sitting in a relational database. If I’m working on tracking key business metrics such as month over month growth, that is likely somewhere sitting in a relational database. At the other end of almost anything we do there is likely a system of record that speaks SQL. Knowing how to access it most natively saves me a significant amount of effort without having to go ask someone else the numbers.
But even before becoming a product manager I would use SQL to inform me about what was happening within systems. As an engineer it could often allow me to pull information I wanted faster than if I were to script it in say Ruby or Python. When things got slow in my webapp having an understanding of the SQL that was executed and ways to optimize it was indespensible. Yes, this was going a little beyond just a basic understanding of SQL… but adding an index to a query instead of rolling my own homegrown caching well that was well worth the extra time learning.
SQL is permanent
SQL in contrast doesn’t really change. Caveat: It has changed–there is modern sql, but I’d still argue less dramatically than other language landscapes. Yes we get a new standard every few years and occasionally something new comes along like support for window functions or CTEs, but the basics of SQL are pretty permanent. Learning SQL once will allow you to re-use it heavily across your career span without having to re-learn. Don’t get me wrong I love learning new things, but I’d rather learn something truly new than just yet another way to accomplish the same task.
SQL: Seem better than you are
SQL is an underlearned skill, the majority of application developers just skip over it. Because so few actually know SQL well you can seem more elite than you actually are. In past companies with hundreds of engineers I’d get a question several times a week from junior to principal engineers of: “hey can you help me figure out how to write a query for this?” Because you’re skilled at something so few others are you can help them out which always makes life a little easier when you have a question for them.
So if you’re not already proficient what are you waiting for, do you want to seem like a SQL badass yet?
HackerNewsBot debug: Calculated post rank: 185 - Loop: 67 - Rank min: 100 - Author rank: 66
#announces #border #border security #border wall #calif #california #gavin newsom #gov #guard #immigration #jerry brown #most #national #national guard #newsom #oan newsroom #president trump #troops #trump administration #withdrawal
The idea that addiction is typically a chronic, progressive disease that requires treatment is false, the evidence shows. Yet the "aging out" experience of the majority is ignored by treatment…
Article word count: 1386
HN Discussion: https://news.ycombinator.com/item?id=19013480
Posted by dedalus (karma: 4320)
Post stats: Points: 114 - Comments: 75 - 2019-01-27T19:59:46Z
\#HackerNews #2014 #addiction #grow #most #out #people #with
The experiences of most young people with addiction are brushed under the carpet. (Photo: Phaidon)
The experiences of most young people with addiction are brushed under the carpet. (Photo: Phaidon)
When I stopped shooting coke and heroin, I was 23. I had no life outside of my addiction. I was facing serious drug charges and I weighed 85 pounds, after months of injecting, often dozens of times a day.
But although I got treatment, I quit at around the age when, according to large epidemiological studies, most people who have diagnosable addiction problems do so—without treatment. The early to mid-20s is also the period when the prefrontal cortex—the part of the brain responsible for good judgment and self-restraint—finally reaches maturity.
Thanks for watching!
According to the American Society of Addiction Medicine, addiction is “a primary, chronic disease of brain reward, motivation, memory, and related circuitry.” However, that’s not what the epidemiology of the disorder suggests. By age 35, half of all people who qualified for active alcoholism or addiction diagnoses during their teens and 20s no longer do, according to a study of over 42,000 Americans in a sample designed to represent the adult population.
Thanks for watching!
Thanks for watching!
Only a quarter of people who recover have ever sought assistance in doing so (including via 12-step programs). This actually makes addictions the psychiatric disorder with the highest odds of recovery.
The average cocaine addiction lasts four years, the average marijuana addiction lasts six years, and the average alcohol addiction is resolved within 15 years. Heroin addictions tend to last as long as alcoholism, but prescription opioid problems, on average, last five years. In these large samples, which are drawn from the general population, only a quarter of people who recover have ever sought assistance in doing so (including via 12-step programs). This actually makes addictions the psychiatric disorder with the highest odds of recovery.
While some addictions clearly do take a chronic course, this data, which replicates earlier research, suggests that many do not. And this remains true even for people like me, who have used drugs in such high, frequent doses and in such a compulsive fashion that it is hard to argue that we “weren’t really addicted.” I don’t know many non-addicts who shoot up 40 times a day, get suspended from college for dealing, and spend several months in a methadone program.
Moreover, if addiction were truly a progressive disease, the data should show that the odds of quitting get worse over time. In fact, they remain the same on an annual basis, which means that as people get older, a higher and higher percentage wind up in recovery. If your addiction really is “doing push-ups” while you sit in AA meetings, it should get harder, not easier, to quit over time. (This is not an argument in favor of relapsing; it simply means that your odds of recovery actually get better with age!)
So why do so many people still see addiction as hopeless? One reason is a phenomenon known as “the clinician’s error,” which could also be known as the “journalist’s error” because it is so frequently replicated in reporting on drugs. That is, journalists and rehabs tend to see the extremes: Given the expensive and often harsh nature of treatment, if you can quit on your own you probably will. And it will be hard for journalists or treatment providers to find you.
Similarly, if your only knowledge of alcohol came from working in an ER on Saturday nights, you might start thinking that prohibition is a good idea. All you would see are overdoses, DTs (delirium tremens), or car crash, rape, or assault victims. You wouldn’t be aware of the patients whose alcohol use wasn’t causing problems. And so, although the overwhelming majority of alcohol users drink responsibly, your “clinical” picture of what the drug does would be distorted by the source of your sample of drinkers.
Treatment providers get a similarly skewed view of addicts: The people who keep coming back aren’t typical—they’re simply the ones who need the most help. Basing your concept of addiction only on people who chronically relapse creates an overly pessimistic picture.
This is one of many reasons why I prefer to see addiction as a learning or developmental disorder, rather than taking the classical disease view. If addiction really were a primary, chronic, progressive disease, natural recovery rates would not be so high and addiction wouldn’t have such a pronounced peak prevalence in young people.
So why do so many people see addiction as hopeless? One reason is "the clinician’s error," which could also be known as the "journalist’s error" because it is so frequently replicated in reporting on drugs.
But if addiction is seen as a disorder of development, its association with age makes a great deal more sense. The most common years for full onset of addiction are 19 and 20, which coincides with late adolescence, before cortical development is complete. In early adolescence, when the drug taking that leads to addiction by the 20s typically begins, the emotional systems involved in love and sex are coming online, before the cognitive systems that rein in risk-taking are fully active.
Taking drugs excessively at this time probably interferes with both biological and psychological development. The biological part is due to the impact of the drugs on the developing circuitry itself—but the psychological part is probably at least as important. If as a teen you don’t learn non-drug ways of soothing yourself through the inevitable ups and downs of relationships, you miss out on a critical period for doing so. Alternatively, if you do hone these skills in adolescence, even heavy use later may not be as hard to kick because you already know how to use other options for coping.
The data supports this idea: If you start drinking or taking drugs with peers before age 18, you have a 25 percent chance of becoming addicted, but if your use starts later, the odds drop to four percent. Very few people without a prior history of addiction get hooked later in life, even if they are exposed to drugs like opioid painkillers.
If we see addiction as a developmental disorder, all of this makes much more sense. Many kids “age out” of classical developmental disorders like attention deficit/hyperactivity disorder as their brains catch up to those of their peers or they develop workarounds for coping with their different wiring. One study, for example, which followed 367 children with ADHD into adulthood found that 70 percent no longer had significant symptoms.
That didn’t mean, however, that a significant minority didn’t still need help, of course, or that ADHD isn’t “real.” Like addiction (and actually strongly linked with risk for it), ADHD is a wiring difference and a key period for brain-circuit-building is adolescence. In both cases, maturity can help correct the problem, but doesn’t always do so automatically.
To better understand recovery and how to teach it, then, we need to look to the strengths and tactics of people who quit without treatment—and not merely focus on clinical samples. Common threads in stories of recovery without treatment include finding a new passion (whether in work, hobbies, religion, or a person), moving from a less structured environment like college into a more constraining one like nine-to-five employment, and realizing that heavy use stands in the way of achieving important life goals. People who recover without treatment also tend not to see themselves as addicts, according to the research in this area.
While treatment can often support the principles of natural recovery, too often it does the opposite. For example, many programs interfere with healthy family and romantic relationships by isolating patients. Some threaten employment and education, suggesting or even requiring that people quit jobs or school to “focus on recovery,” when doing so might do more harm than good. Others pay too much attention to getting people to take on an addict identity—rather than on harm related to drug use—when, in fact, looking at other facets of the self may be more helpful.
There are many paths to recovery—and if we want to help people get there, we need to explore all of them. That means recognizing that natural recovery exists—and not dismissing data we don’t like.
This post originally appeared on Substance, a Pacific Standard partner site, as “Most People With Addiction Simply Grow Out of It: Why Is This Widely Denied?”
HackerNewsBot debug: Calculated post rank: 101 - Loop: 435 - Rank min: 100 - Author rank: 63
#america #calls #collusion #democrat #fbi #house judiciary #house judiciary committee #insult #insulting #interview #investigate #investigation #james comey #maga #most #new #new york times #new york times report #no collusion #nyt #oan newsroom #piece #pres #president #president donald trump #president trump #report #republican #russia #russia collusion #russia probe #saturday #times #trump #united states of america #usa #working #york
In theory, anything can happen in EVE Online, but some things are considered impossible. Well, last month, one of the “impossible” things happened: The destruction of the game’s first-ever Keepstar…
Article word count: 2095
HN Discussion: https://news.ycombinator.com/item?id=18882598
Posted by omnibrain (karma: 5108)
Post stats: Points: 251 - Comments: 96 - 2019-01-11T11:12:09Z
\#HackerNews #blow #eve #most #notorious #onlines #plot #space #station #undercover #year-long
Screenshot: Magalaus (Reddit)
In theory, anything can happen in EVE Online, but some things are considered impossible. Well, last month, one of the “impossible” things happened: The destruction of the game’s first-ever Keepstar battlestation, which was kept in a wormhole. Of course, it took 11 months of meticulous planning.
Ever since the massive Keepstars, the largest structures that can be created by EVE players, were put into the game in 2016, they have lost the sense of perceived invulnerability that they once enjoyed. Over the two years, more than 30 of the extremely expensive structures have been destroyed. But the first-ever Keepstar endured, thanks to its location: Deep in the heart of a wormhole, the most inhospitable space that EVE Online has to offer.
Wormholes do not benefit from the ubiquitous stargate network that players use to travel from system to system in the majority of EVE space. They must instead be accessed via temporary tears in the fabric of space that randomly appear throughout the entire galaxy. These rips in space are incredibly unstable: They decay over time, they collapse if too much mass passes through them, and they impose restrictions on the size of vessels that can squeeze through them.
Wormholes also don’t have Local Chat, which is a persistent channel that displays everyone inside a system in real time and makes it easy to see if your enemies are in your system watching you. These factors make incredibly difficult logistical challenges for players trying to live inside the broken and scattered wormhole systems. So why do they bother? Because with this risk comes potential rewards. Wormholes are considered to be some of the richest space in all of EVE, full of lucrative resources—resources that the alliance known as Hard Knocks used to craft the first Keepstar.
Some wormhole systems are inherently better than others, and Hard Knocks has lived in one of the best of them for quite some time. Their home system, is officially named J115405, but the vast majority of players know it as “Rage.” Through a combination of massive wealth, admirable player skill, and dogged persistence, the players of Hard Knocks established themselves as the top predator in the wormhole ecosystem. When citadels were first introduced to the game, Hard Knocks was in the unique position to be able to immediately begin construction of the first Keepstar, known as—what else?—Fort Knocks.
Building Fort Knocks and placing it in a wormhole took months of planning, hundreds of billions of ISK, and the combined efforts of the entirety of Hard Knocks. Fort Knocks was almost stolen before it was assembled by nefarious industrialists, and the convoy operation to bring the Keepstar safely to Rage narrowly avoided discovery. But the story of building something in EVE is always going to be only the first half of the story. No one has ever done anything great in EVE without someone else wanting to destroy it. Soon after the players of Hard Knocks finished building their sandcastle, players in an alliance called The Initiative began planning to kick it over.
The events that would lead to the fall of Fort Knocks began in December of 2017, during a discussion between two players in The Initiative, Riven Avaren and Pandoralica. They were discussing the aftermath of a battle over another Keepstar. The attackers’ fleet composition had showed promise, they thought, but had been unable to get the job done due to the enemy’s defenses, fleets of massive supercapital ships. The two players schemed of using a similar fleet to fight a Keepstar that didn’t have the benefit of massive supercapitals defending it. Eventually, one of them joked that the only place to find that would be deep in Wormhole space. It wasn’t a serious suggestion, because the inaccessible nature of wormholes meant that Keepstars should be invulnerable as long as their owners defended them.
Ultimately, the seeming impossibility of destroying a wormhole Keepstar came down to a pure numbers game. To defeat it, they would need hundreds of players flying battleships, and hundreds more in smaller support vessels. But wormhole entrances appeared in random places, and their inherent instability meant that even attempting to bring in a fleet capable of destroying a Keepstar would cause them to collapse on themselves after only a few ships went through.
Even if the wormhole were to stay open, Hard Knocks could defend it by “rolling” it. Rolling a hole is when players will intentionally travel through a wormhole in specially designed, incredibly high-mass ships with the intent of quickly triggering the wormhole collapse.
Screenshot: Magalaus (Reddit)
Talk of destroying the Keepstar drifted out of the conversation. Apparently, it didn’t drift too far out of Riven’s mind though. Over the next month, Riventook it upon himself to attempt to find a way into Rage, just to have a look around.
It is generally much easier to find a navigable route into a specific wormhole if you can work from your destination, and try to find connections that lead to where you want to be coming from. Riven, his friends, and his allies began doing just that. Then they started moving in. Wormhole’s lack of Local Chat meant that new ships entering the space wouldn’t immediately be apparent, as long as they were hidden well enough. With a scout safely positioned in Rage, they began to move freighters full of battleships into the wormhole.
Over the course of nearly a year, many different methods were employed to sneak these massive, slow ships into Rage. Members of The Initiative spent months racing Freighters across dangerous low-security systems, using Titans to launch them light years across space with jump portals, and sneaking them through other connected wormholes which would collapse behind the freighters due to their incredible mass.
Hours were spent late at night, often close to the game’s daily downtime in the wee hours of the morning, so that American players could better hide The Initiative’s actions.
Detail of a propaganda piece produced by The Initiative following the siege of Fort Knocks.Image: gentlteowel (Reddit)
The process was not without its hiccups. Two freighters full of ships and resources were lost when “suicide gankers,” roving thieves unconnected to either entity, saw the unarmed ships traveling through security space and destroyed them. But the true nature of the operation was never discovered, and in the end, 46 freighters containing 750 Raven-class battleships, 800 smaller support vessels, several forward staging structures, and vast amounts of fuel and ammunition were covertly seeded inside of Rage, waiting for the assault to begin.
In Pandoralica’s estimate, that the total cost of seeding The Initiative’s ships into the wormhole was close to 600 billion ISK. Roughly converted into real world currency via the game’s PLEX system, that’s nearly $8,000. With all of the assets finally in place, there was only one thing left to do. On December 8, The Initiative issued a call to arms to its full roster of members, urging them all to log in and participate in an undisclosed operation. Over 550 members of The Initiative logged in to answer the alliance’s call to battle. Elsewhere in EVE, allied fleet commanders in The Imperium and in Snuffed Out were asked to provide additional numbers to help the operation.
All together, close to a thousand players undocked from their respective homes and made their way into carefully-mapped wormhole chains, hurtling towards Rage. Out of the thousands of players assembled for the operation, only a handful were actually aware of what was about to happen. Up to this point, the assault on Rage had been kept on a strictly need-to-know basis so that spies would not inform Hard Knocks and give them a chance to defeat the attack before it began. It was only as the fleets converged in Rage that their objective quickly became clear.
The combined fleets began dismantling Hard Knocks’ infrastructure within Rage, destroying Hard Knocks starbases and replacing them with ones belonging to The Initiative. As soon as the first Initiative starbases came online, the hidden freighters, some of which had been squirreled away in the wormhole for nearly a year, began to log in and fly to the newly-anchored safe havens.
Logistics teams parsed the contents of the freighters and began assembling the Raven-class battleships inside them, filling them full of missiles and handing them out to waiting Initiative members. Instead of flying battleships into Rage, they had flown smaller, lighter vessels to prevent the wormholes from collapsing behind them. Once they were safely inside, they traded up to more powerful weapons of war.
Once the first Raven fleet, numbering 255 ships, was fully formed, the siege of Fort Knocks began. The Ravens and their support ships began pounding the Keepstar with long-range cruise missiles while the remainder of The Initiative’s fleets and their allies maintained what EVE players call “hole control”—the act of securing a wormhole from outside invaders. This relies on defenders to be on constant alert, since when a wormhole connection collapses, it’s only a matter of time before a new one spawns. Defenders must immediately locate the new connection and make sure nothing comes through it before it can be “rolled” to a critical level and be considered secure.
The Initiative and their allies would need to maintain hole control around the clock for days on end to ensure the destruction of Fort Knocks. They did so almost perfectly. Pandoralica told me recently over Discord that The Initiative had only lost hole control for less than 10 minutes during the entire operation, which lasted over a week in total.
The overwhelming force brought into Rage by The Initiative left Hard Knocks with very little in the way of options. Wormhole alliances are typically nowhere close to the size of the enormous nullsec alliances, and the fleets that The Initiative brought to Rage likely had more players in them than the entirety of the Hard Knocks alliance.
A large portion of the other groups that live in Wormhole space did rally to Hard Knocks’ aid, attempting to roll the wormhole connections into Rage to supply reinforcements and attempt to wrest hole control from The Initiative. Even groups who had previously suffered at the hands of Hard Knocks began attempting to come to their defense, under the banner of solidarity with their fellow wormhole dwellers.
But it was all for naught. After a few days of The Initiative holding control of ingress into Rage, Fort Knocks fell. The first Keepstar in EVE Online exploded into a massive shower of wreckage, scattered its contents across the battlefield. In wormhole space, unlike in normal space, when a structure is destroyed anything kept inside it has a chance of being thrown into space for the attackers to scoop up and take home. Players from the attacking fleets spent hours cleaning up the wreckage, digging through thousands of containers ejected from the exploding space station, gathering as much they could fit in their cargo holds.
The Initiative flew in formation to create the alliance’s logo in space amidst the wreck of the second Keepstar.Image: /u/deltaxi65 (reddit/r/eve)
The Initiative and its allies continued the campaign of destruction over the next few days, destroying all remaining infrastructure inside of Rage that belonged to Hard Knocks. There was actually a second Keepstar in the wormhole, and that got destroyed, too. Eventually, Hard Knocks went from defense to full-on retreat, shifting its focus toward trying to recover and evacuate its remaining assets.
In the weeks that followed, Rage calmed down. As of today, there are a few players left from the fleets still on the inside. A few scouts were left behind to make access to the wormhole easier in the future, and Hard Knocks has withdrawn to other areas where it still holds control. The repercussions of the daring assault will surely be felt throughout EVE. In the aftermath of the battle, other wormhole-based groups have begun to question the wisdom of holding all of their assets inside of their home holes. Lazerhawks, another wormhole group with several Keepstars inside of their home, has begun the process of unanchoring them, possibly to remove them as targets and to secure their assets elsewhere. Meanwhile, suicide gankers in high security space have reported destroying massively valuable freighters full of assets that look suspiciously similar to what you would expect to see in a wormhole-centered player’s hangars—the implication being that some wormhole groups are starting to evacuate.
Although Fort Knocks is gone, Hard Knocks remains. They were always a resilient, resourceful bunch—you’ve got to be, to live in a wormhole. Most players expect them to rebound, recuperate, rebuild, and then—when the time is right—get revenge.
HackerNewsBot debug: Calculated post rank: 199 - Loop: 198 - Rank min: 100 - Author rank: 99
And the finding holds true across party lines
Article word count: 1036
HN Discussion: https://news.ycombinator.com/item?id=18873937
Posted by arayh (karma: 879)
Post stats: Points: 105 - Comments: 108 - 2019-01-10T14:15:58Z
\#HackerNews #fake #finds #most #new #news #older #people #share #study #than #the
Illustration by Alex Castro / The Verge
Older Americans are disproportionately more likely to share fake news on Facebook, according to a new analysis by researchers at New York and Princeton Universities. Older users shared more fake news than younger ones regardless of education, sex, race, income, or how many links they shared. In fact, age predicted their behavior better than any other characteristic — including party affiliation.
The role of fake news in influencing voter behavior has been debated continuously since Donald Trump’s surprising victory over Hillary Clinton in 2016. At least one study has found that pro-Trump fake news likely persuaded some people to vote for him over Clinton, influencing the election’s outcome. Another study found that relatively few people clicked on fake news links — but that their headlines likely traveled much further via the News Feed, making it difficult to quantify their true reach. The finding that older people are more likely to share fake news could help social media users and platforms design more effective interventions to stop them from being misled.
Today’s study, published in Science Advances, examined user behavior in the months before and after the 2016 US presidential election. In early 2016, the academics started working with research firm YouGov to assemble a panel of 3,500 people, which included both Facebook users and non-users. On November 16th, just after the election, they asked Facebook users on the panel to install an application that allowed them to share data including public profile fields, religious and political views, posts to their own timelines, and the pages that they followed. Users could opt in or out of sharing individual categories of data, and researchers did not have access to the News Feeds or data about their friends.
About 49 percent of study participants who used Facebook agreed to share their profile data. Researchers then checked links posted to their timelines against a list of web domains that have historically shared fake news, as compiled by BuzzFeed reporter Craig Silverman. Later, they checked the links against four other lists of fake news stories and domains to see whether the results would be consistent.
"Only 8.5 percent of users in the study shared at least one link from a fake news site"
Across all age categories, sharing fake news was a relatively rare category. Only 8.5 percent of users in the study shared at least one link from a fake news site. Users who identified as conservative were more likely than users who identified as liberal to share fake news: 18 percent of Republicans shared links to fake news sites, compared to less than 4 percent of Democrats. The researchers attributed this finding largely to studies showing that in 2016, fake news overwhelmingly served to promote Trump’s candidacy.
But older users skewed the findings: 11 percent of users older than 65 shared a hoax, while just 3 percent of users 18 to 29 did. Facebook users ages 65 and older shared more than twice as many fake news articles than the next-oldest age group of 45 to 65, and nearly seven times as many fake news articles as the youngest age group (18 to 29).
“When we bring up the age finding, a lot of people say, ‘oh yeah, that’s obvious,’” co-author Andrew Guess, a political scientist at Princeton University, told The Verge. “For me, what is pretty striking is that the relationship holds even when you control for party affiliation or ideology. The fact that it’s independent of these other traits is pretty surprising to me. It’s not just being driven by older people being more conservative.”
The study did not draw a conclusion about why older users are more likely to share hoaxes, though the researchers point to two possible theories. The first is that older people, who came to the internet later, lack the digital literacy skills of their younger counterparts. The second is that people experience cognitive decline as they age, making them likelier to fall for hoaxes.
"18 percent of Republicans shared links to fake news sites, compared to less than 4 percent of Democrats"
Regardless of age, the digital literacy gap has previously been blamed on users’ willingness to share hoaxes. Last year, WhatsApp began developing a program to promote digital literacy in India — where many of its 200 million users are relatively new to the internet — after a series of murders that may have been prompted by viral forwarding in the app. That program is aimed at users of all ages.
At the same time, elderly Americans are prone to falling for so many scams that the Federal Bureau of Investigations has a page devoted to them. It seems likely that a multi-pronged approach to reducing the spread of fake news will be more effective than trying to solve for only one variable.
Guess and his colleagues hope to test both hypotheses in the future. It won’t be easy: how to determine whether a person is digitally literate remains an open question. But at least some of the issue is likely to come down to design: fake news spreads quickly on Facebook in part because news articles generally look identical in the News Feed, whether they are posted by The New York Times or a clickbait farm.
Future research could decipher what people see in the News Feed, and whether there is a relationship between seeing fake news stories and sharing them. They speculate that users may be more likely to share fake stories if they were previously shared by a trusted friend.
Matthew Gentzkow, who has researched the efforts of Facebook’s efforts to slow the spread of fake news, said the new study’s findings about age could help tech platforms design more effective tools. (He was not involved in the NYU-Princeton study.)
“The age result in this paper points very directly toward at least narrowing down the set of solutions that are likely to be most effective,” said Gentzkow, a senior fellow at the Stanford Institute for Economic Policy Research. “If the problem is concentrated in a relatively small set of people, then thinking about the interventions that would be most effective for those people is going to take us a lot farther.”
HackerNewsBot debug: Calculated post rank: 106 - Loop: 120 - Rank min: 100 - Author rank: 46
Talented in terms of general knowledge and practical skills
HN Discussion: https://news.ycombinator.com/item?id=18812643
Posted by diehunde (karma: 64)
Post stats: Points: 86 - Comments: 75 - 2019-01-03T03:41:43Z
\#HackerNews #ask #engineers #how #met #most #old #software #talented #the #were #youve
HackerNewsBot debug: Calculated post rank: 82 - Loop: 132 - Rank min: 80 - Author rank: 19
SQLite is likely used more than all other database engines combined. Billions and billions of copies of SQLite exist in the wild. SQLite is found in: Every Android device Every iPhone and iOS device…
HN Discussion: https://news.ycombinator.com/item?id=18749385
Posted by gitgud (karma: 630)
Post stats: Points: 104 - Comments: 36 - 2018-12-24T00:24:22Z
\#HackerNews #database #deployed #most #sqlite #the #world
SQLite is likely used more than all other database engines combined. Billions and billions of copies of SQLite exist in the wild. SQLite is found in:
\* Every Android device \* Every iPhone and iOS device \* Every Mac \* Every Windows10 machine \* Every Firefox, Chrome, and Safari web browser \* Every instance of Skype \* Every instance of iTunes \* Every Dropbox client \* Every TurboTax and QuickBooks \* PHP and Python \* Most television sets and set-top cable boxes \* Most automotive multimedia systems \* Countless millions of other applications
Since SQLite is used extensively in every smartphone, and there are roughly 3.5 billion smartphones in active use, each holding hundreds of SQLite database files, it is seems likely that there are over one trillion SQLite databases in active use.
Most Widely Deployed Software Module of Any Type?
SQLite is probably one of the top five most deployed software modules of any description. Other libraries with similar reach include:
Libc is omitted from the above list even though it is more common than SQLite because libc is not a single software component but rather several competing implementations (ex: BSD vs. GNU) with similar interfaces. There are also independent implementations of libjpeg and libpng, though in those cases the canonical implementations are very popular.
Precise numbers are difficult to obtain and so exact rankings are impossible. But our best guess is that SQLite is the second mostly widely deployed software library, after libz. Some commentators observe that SQLite tends to be statically linked and thus have multiple instances on each machine, whereas libz tends to have just a single instance per machine in the form of a shared library or DLL. So even though the number of devices containing libz may be greater than the number of devices that contain SQLite, the total number of instances per device might be higher for SQLite and so SQLite might be the single most widely deployed and used software component.
HackerNewsBot debug: Calculated post rank: 81 - Loop: 174 - Rank min: 80 - Author rank: 11
Should software engineers unionize? I can’t give a simple answer to this. There are advantages and disadvantages to enrolling in a collective bargaining arrangement. If the disadvantages didn…
Article word count: 2426
HN Discussion: https://news.ycombinator.com/item?id=18750070
Posted by ern (karma: 1753)
Post stats: Points: 100 - Comments: 41 - 2018-12-24T03:24:15Z
\#HackerNews #engineers #lose #most #nothing #software #unionizing #why
Should software engineers unionize?
I can’t give a simple answer to this. There are advantages and disadvantages to enrolling in a collective bargaining arrangement. If the disadvantages didn’t exist, or weren’t considerable in some situations, everyone would unionize. So, we need to take both sides seriously.
The upshots of collective bargaining are: better compensation on average, better job security, better working conditions, and more protection against managerial adversity. There are a lot of improvements to employment that can only be made with collective negotiation. An individual employee who requested guaranteed severance, the right to appeal performance reviews, transparency in reference-checking and internal transfer, and waiving of onerous (and effectively nonconsensual) but common terms in contracts– e.g., mandatory arbitration provisions, non-competition and non-solicitation agreements, anti-moonlighting provisions– would be laughed out of the building. No individual can negotiate against these terms– it is, for example, embarrassing for an individual to discuss what rights she has if a manager gives a negative performance review– but unions can.
So what are the downsides of unionization? Possible losses of autonomy. Often, an increase in bureaucracy (but most often a tolerable one). Union dues, though usually those are minimal in comparison to the wage gains the unions achieve. Possible declines in upper-tier salaries as compensation moves toward the middle– however, not all unions regulate compensation; for example, unions for athletes, actors, and screenwriters do not seem to have this problem.
There are a small number individuals in software who would not benefit from unions, and there are a few firms (mostly small, or outside of the for-profit sector) that do not need them.
To wit, if you’re a high-frequency trader making $1 million per year, you probably do not need a union– free agency is working well for you– and you may not want one.
And, if you work in a federally-funded research lab that pays for your graduate education, and that allows you to publish papers, attend conferences, and perform original research on working time, then you probably don’t need a union.
If you’re a Principal Engineer at a “Big N” technology company, making $500,000 per year, who picks and chooses his projects– you’ve never even heard of Jira– and wakes up every morning excited to implement the ideas he dreamt about over night… you may not need a union.
If your boss is personally invested in your career, so much so that the only thing that could prevent you from making senior management within 5 years would be to commit some grievous crime… then you might not want to unionize.
If you’re anyone else– if you’re part of that other 95+ percent, probably 99+ percent; the IT peons– then, chances are, you lose nothing by unionizing.
For example: if you have to justify weeks or days of your working time; if you work on Jira tickets rather than choosing and defining your own projects; if you know for sure that you’re never going to be promoted; if your work is business-driven and you have little or no working time to spend on your own technical interests… then you are hopelessly nuts if you are not in favor of unionization.
Here’s why I say that. If you’re the typical, low-status, open-plan programmer, forced to interview for his own job every morning in “Daily Scrum”, then all the bad things that unions can bring have already happened at your job. Whatever negatives unions might bring– bureaucracy, reduced autonomy, lower status of the profession– have already occurred and are therefore moot.
Is there a risk that a union will introduce bureaucracy and reduce worker autonomy? Yes; sometimes that happens. But, engineers under Jira, Scrum, and Agile (technological surveillance) already have so little autonomy that there’s nothing to lose.
Might a union will create an adversarial climate between management and the work force? Sure. But, most software engineers are low-status workers whose jobs their bosses would gladly ship overseas, and who live under the surveillance described above. They’ll be fired as soon as their performance dips, or a cheaper worker comes on the market, or they piss the wrong person off. The adversarial climate exists. Again, nothing to lose.
Do unions tend to pull compensation toward the middle (or, more accurately, the upper middle)? Of course, they do. Software engineers making $500,000 per year might not see a use for unions. That said, any engineer who works on “user stories” is highly unlikely to be anywhere close to that number, and within her current company, never will be. The same applies: nothing to lose.
What do unions do? For good and bad, they commoditize work. The technician, artisan, or engineer, once a union comes in, is no longer fully a creative, unique, lover-of-the-trade (amateur, in the original sense) valued for his intangible, cultural, and long-term (looking back and forward) importance to the organization. Nope, he’s a worker, selling time or labor for money. If both you and your employer believe your work is not a commodity– this attitude still exists in some corners of academia, and in some government agencies– then you might not want to involve a union, since unions are designed to negotiate commodity work.
Let’s be honest, though. If you’re the typical software engineer, then your work has already been commoditized. Your bosses are comparing your salaries to those in countries where drinking water is a luxury. Commoditizing your work is, quite often, your employer’s job. Middle managers are there to reduce risk, and that includes diminishing reliance on singular, high-value individuals. Running a company, if possible, on “commodity” (average) talent isn’t good for us highly-capable people; but it is, when possible, good middle management.
Chances are, you don’t get to pick and choose your projects because “product managers” have better ideas than you (so says the company) about how you should spend your time. You’re told that “story points” and “velocity” aren’t used as performance measures, but when times get tough, they very much are. Open your eyes; when middle managers say that Agile is there to “spot impediments”, what they mean is that it makes it easier and quicker for them to fire people.
A union will also commoditize your work– this lies behind all the objections to them– but it will try to do so in a fair way. Most employers– in private-sector technology, the vast majority of them– will commoditize your work just as readily, but in an unfair way. Which one wins? I think it’s obvious.
If you’ve been indoctrinated, you might think that unions are only valuable for the stragglers and the unambitious, and that the services they offer to workers are useless to average, but less high, performers. False. “I’ve never been fired,” you say. “I could get another job next week,” you say. “The working world is just,” you say.
Most people hope never to face managerial adversity. I have, so I know how it works. When it develops, things start happening fast. The worker is usually unprepared. In fact, he’s at a disadvantage. The manager has the right to use “working time” to wage the political fight– because “managing people out” is literally part of his job– while the worker has to sustain a 40-hour effort in addition to playing the political side-game of fighting the adversity or PIP. It’s the sort of ugly, brutal fight that managers understand from experience (although even most managers dislike the process) and, because they choose the time and place of each confrontation, have every advantage possible. The worker thinks it’s a “catch up” meeting because that’s what the calendar says. A stranger from HR is there: it’s an ambush. Two witnesses against one, and because corporate fascism-lite is under-regulated in our country, the employee does not have the right to an attorney, nor to remain silent.
What might be able to counterbalance such disadvantages? Oh, right. A union.
What, though, if you’re happy with your compensation and don’t consider yourself a low performer? Do you still need a union?
Saying “I don’t need a union because I’m a high performer” is like saying “I don’t need to know about self-defense, because I’m so good-looking no one would ever attack me.” Real talk: that meth-addicted, drunk scumbag does not care one whit for your pretty face, buddy. Run if you at all can; avoid the fight if he’ll listen to reason; but, defend yourself if you must.
Have you, dear reader, been in a street fight? I don’t mean a boxing match, a prize fight where there are still rules, or a childhood or middle-school fight that ends once one person has won. I’m talking about a real adult fistfight– also known as: for the attacker, an assault; for the defender, a self-defense situation– where multiple assailants, deadly weapons, and continued (and possibly lethal) violence after defeat are serious possibilities? I, personally, have not.
Most people haven’t. I’ve studied combat enough to know that most people (including, quite possibly, me) have no idea what the fuck to do when such a situation emerges. Many victims freeze. Given that an average street fight is over in about ten seconds– after that point, it’s more of a one-sided beatdown of the loser– that’s deadly. But it’s something that untrained humans are not well-equipped to handle.
Even people with excellent self-defense training avoid street fights– there are too many bad things that can happen, and nothing good. Sometimes, they lose. Why? Because their training, mostly oriented around friendly sparring, has them primed to stop short of hurting the assailant. That’s noble, but against someone who will bite and eye-gouge and resort to murder, this is a disadvantage.
What sorts of people are experienced with street fights (not sparring)? Criminals, reprobates, psychopaths…. Thugs. They’ve been in a few. Pain that would stall or incapacitate the uninitiated (that is, most of us) doesn’t faze them; they may be on drugs. They’ll do anything to win. They’ve stomped on necks and heads; they’ve pulled knives and guns; they’ve possibly committed sexual assaults against their victims. They know and choose the venue. They select the target and the time. They may have friends waiting to get in on the action. They may have weapons. They know almost everything about the situation they’re about the enter and, most of the time, their target knows nothing.
The odds for an untrained defender, in an unanticipated self-defense situation, are extremely poor.
It’s the same in the corporate world, when it comes to managerial adversity. Most workers think they’re decent performers– and, quite often, they are– and when they’re hit out of the blue with a PIP, they don’t know what’s going on. Was it a performance problem? Often, no. Perhaps the manager found a 2013 blog post and disliked the employee’s political views or religion. Perhaps, as is usual in private-sector technology, the company dishonestly represented a layoff as a rash of performance-based firings. Perhaps the employee is working in good faith, but performing poorly for reasons that aren’t her fault: poor project/person fit, or life events like health issues, sick parents, or divorce. Perhaps some stranger three levels up made the call, to free up a spot for his nephew, and the hapless middle manager got stuck doing the paperwork.
The corporate world is a might-makes-right system where there is no sense of ethics. There is no line between abuse of power and power as those on top see it; what we plebeians call “abuse”, they call “power”; what use would power have, they ask, if there were rules put on it?
People suffer all sorts of career punishments– PIPs, firings, bad references, damaged reputations– for reasons that aren’t their fault. The idea that only bad workers end up in this situation is analogous to the idea that the only people who can be assaulted on the streets are those who asked for it.
As in a street fight, the odds are overwhelmingly bad for an employee under managerial adversity. The other side has more information, more power, and more experience. Management and HR have done this before. The worker? It’s likely her first or second time.
In a non-union, private-sector organization like the typical technology company, to be an employee is to walk down the streets, alone, at 2:30 in the morning.
For everything one can learn in a self-defense class– proper fighting techniques improve one’s chances from impossible to merely undesirable– the best defense is to avoid dangerous places altogether. In the corporate world, that’s not possible. This is a country where at-will employment is the law of the land, so every time and every place is dangerous. Every street should be considered a slum; it’s always 2:30 in the morning.
If one must go into a dangerous place, what’s the best means of defense? The same rules that apply in bear country: don’t go alone. Wild animals rarely attack humans in groups, and criminals tend to be similar. But the corporate system is designed to isolate those it wishes to target. In the meetings that unfold under managerial adversity, the boss can bring in whoever he wants– HR, higher-level bosses, “Scrum Masters” and miscellaneous enforcers, even his 9-year-old son to laugh at the poor worker– while the target can bring in… only himself.
I do not intend to peddle illusions. Unions aren’t perfect. They aren’t good in all situations. However, most of private-sector technology needs them. Why? Because they allow the worker to exercise his right not to go alone. The HR tactics (e.g., stack ranking, performance surveillance, constructive dismissal) that are so common in technology companies to have become accepted practices would simply not survive under a decent union.
The average non-managerial white-collar worker has never been in the street fight of managerial adversity. Unions have. They know exactly what to do– and what not to do– when a situation turns nasty. Fights, albeit for the side of good, are much of what they do.
Again, if you’re in that elite cadre of software programmers who get to work on whatever they want, who find $400/hour consulting work just by asking for it in a tweet, and whose bosses see them as future leaders of the company… then you’re probably not reading my blog for career advice. On the other hand, if you’re in that other 95-plus (to be honest, it’s probably 99-plus) percent, you should unionize. All the bureaucracy and commoditization that you fear might come from a union is already around you; you can’t make it go away, so the best thing to do is to make it fair.
HackerNewsBot debug: Calculated post rank: 80 - Loop: 21 - Rank min: 80 - Author rank: 35
For the last 8 years I've been shooting in the San Francisco area I have been absolutely obsessed with the fog. Night and day it's what I live for and what defines my photographic style. I check the…
Article word count: 433
HN Discussion: https://news.ycombinator.com/item?id=18736473
Posted by shawndumas (karma: 65667)
Post stats: Points: 149 - Comments: 21 - 2018-12-21T20:43:41Z
\#HackerNews #after #are #beautiful #captured #experimenting #fog #most #the #thing #waves #years
For the last 8 years I’ve been shooting in the San Francisco area I have been absolutely obsessed with the fog. Night and day it’s what I live for and what defines my photographic style. I check the cams, satellites, and other forecasts to always be able to just get up and go. We even have a small group of about 20 of us known as, “Fogaholics” where we keep each other updated all the time as soon as we see it roll in.
Recently in my studies of the area I have discovered something amazing! During the summer months, when the fog is created from high amounts of inland heat, it gets too high to shoot in the bay area (including the Golden Gate Bridge) as it is usually above 1,000′ and the bridge sits at 746′. In addition, since it is coming from the Pacific ocean, the coastline is pretty much unshootable. So the only option is to hit up the high vantage points, one of the best being Mt. Tamalpais, which sits at 2,572′. Mt. Tam allows you to get, “above it all” and is literally heaven on earth as you feel on top of the world or almost on an airplane looking down on clouds. What I discovered from hundreds of trips up there is, when the fog rolls through and is at the perfect height and density, it will create wave-like movements as it contours the land. This is where I coined the term “Fog Waves” as it literally looks like waves that resemble the ocean.
I found that when playing around and experimenting with different shutter speeds in my camera it would either freeze the movement or accentuate the flow and make it more buttery and smooth. This is all done “In camera” and not photoshopped. I do this by putting on dark filters known as ND or Neutral Density filters that trick the camera into thinking it’s night time forcing a longer shutter speed. Doing this is how I am able to get these smooth effects and sometimes I shoot up to 2 minutes depending on the flow. Too long and it can turn to mush and too short will be too textured. Shooting fog is a study and takes a lot of patience, preparation, and knowledge of the area to catch it as it is very elusive. In the end though, the chase is always worth it and the views on Mt. Tamalpais are literally something out of a dream!
More info: Instagram | nicholassteinbergphotography.com | Facebook
Bored Panda works best if you switch to our Android app
HackerNewsBot debug: Calculated post rank: 106 - Loop: 135 - Rank min: 100 - Author rank: 69