Dictionary of Algorithms and Data Structures
395 by gballan | 42 comments on Hacker News.
Saturday, September 30, 2023
Friday, September 29, 2023
Thursday, September 28, 2023
Wednesday, September 27, 2023
Essence: A desktop OS built from scratch, for control and simplicity
Essence: A desktop OS built from scratch, for control and simplicity
449 by luismedel | 163 comments on Hacker News.
449 by luismedel | 163 comments on Hacker News.
Show HN: Unity like game editor running in pure WASM
Show HN: Unity like game editor running in pure WASM
519 by TrevorSundberg | 115 comments on Hacker News.
In the wake of all the Unity nonsense, just wanted to toss the Raverie engine into this mix :) We’re building off a previous engine that we worked on for DigiPen Institute of Technology called the Zero Engine with a similar component based design architecture to Unity. Our engine had a unique feature called Spaces: separate worlds/levels that you can instantiate and run at the same time, which became super useful for creating UI overlays using only game objects, running multiple simulations, etc. The lighting and rendering engine is scriptable, and the default deferred rendering implementation is based on the Unreal physically based rendering (PBR) approach. The physics engine was built from the ground up to handle both 2D and 3D physics together. The scripting language was also built in house to be a type safe language that binds to C++ objects and facilitates auto-complete (try it in editor!) This particular fork by Raverie builds both the engine and editor to WebAssembly using only clang without Emscripten. We love Emscripten and in fact borrowed a tiny bit of exception code that we’d love to see up-streamed into LLVM, however we wanted to create a pure WASM binary without Emscripten bindings. We also love WASI too though we already had our own in memory virtual file system, hence we don’t use the WASI imports. All WASM imports and exports needed to run the engine are defined here: https://ift.tt/LFVjpKZ... The abstraction means that in the future, porting to other platforms that can support a WASM runtime should be trivial. It’s our dream to be able to export a build of your game to any platform, all from inside the browser. Our near term road-map includes getting the sound engine integrated with WebAudio, getting the script debugger working (currently freezes), porting our networking engine to WebRTC and WebSockets, and getting saving/loading from a database instead of browser local storage. Our end goal is to use this engine to create an online Flash-like hub for games that people can share and remix, akin to Scratch or Tinkercad. https://ift.tt/2iKLrgA
519 by TrevorSundberg | 115 comments on Hacker News.
In the wake of all the Unity nonsense, just wanted to toss the Raverie engine into this mix :) We’re building off a previous engine that we worked on for DigiPen Institute of Technology called the Zero Engine with a similar component based design architecture to Unity. Our engine had a unique feature called Spaces: separate worlds/levels that you can instantiate and run at the same time, which became super useful for creating UI overlays using only game objects, running multiple simulations, etc. The lighting and rendering engine is scriptable, and the default deferred rendering implementation is based on the Unreal physically based rendering (PBR) approach. The physics engine was built from the ground up to handle both 2D and 3D physics together. The scripting language was also built in house to be a type safe language that binds to C++ objects and facilitates auto-complete (try it in editor!) This particular fork by Raverie builds both the engine and editor to WebAssembly using only clang without Emscripten. We love Emscripten and in fact borrowed a tiny bit of exception code that we’d love to see up-streamed into LLVM, however we wanted to create a pure WASM binary without Emscripten bindings. We also love WASI too though we already had our own in memory virtual file system, hence we don’t use the WASI imports. All WASM imports and exports needed to run the engine are defined here: https://ift.tt/LFVjpKZ... The abstraction means that in the future, porting to other platforms that can support a WASM runtime should be trivial. It’s our dream to be able to export a build of your game to any platform, all from inside the browser. Our near term road-map includes getting the sound engine integrated with WebAudio, getting the script debugger working (currently freezes), porting our networking engine to WebRTC and WebSockets, and getting saving/loading from a database instead of browser local storage. Our end goal is to use this engine to create an online Flash-like hub for games that people can share and remix, akin to Scratch or Tinkercad. https://ift.tt/2iKLrgA
Tuesday, September 26, 2023
The Philips Hue ecosystem is collapsing into stupidity
The Philips Hue ecosystem is collapsing into stupidity
508 by picture | 396 comments on Hacker News.
508 by picture | 396 comments on Hacker News.
FTC Sues Amazon for Illegally Maintaining Monopoly Power
FTC Sues Amazon for Illegally Maintaining Monopoly Power
522 by marcopolis | 378 comments on Hacker News.
522 by marcopolis | 378 comments on Hacker News.
Monday, September 25, 2023
Sunday, September 24, 2023
Text editing on mobile is an invisible problem no one appreciates
Text editing on mobile is an invisible problem no one appreciates
570 by kaftan-permans | 346 comments on Hacker News.
570 by kaftan-permans | 346 comments on Hacker News.
Saturday, September 23, 2023
Show HN: Paisa – Open-Source Personal Finance Manager
Show HN: Paisa – Open-Source Personal Finance Manager
467 by ananthakumaran | 197 comments on Hacker News.
I have been using plaintext accounting for some time and had a duct-taped together reporting system. Paisa is my latest attempt at making it usable for others. I am interested in knowing what people normally want to understand about their finances PS: Please avoid editing the demo data. Download and run locally if you want to edit.
467 by ananthakumaran | 197 comments on Hacker News.
I have been using plaintext accounting for some time and had a duct-taped together reporting system. Paisa is my latest attempt at making it usable for others. I am interested in knowing what people normally want to understand about their finances PS: Please avoid editing the demo data. Download and run locally if you want to edit.
Friday, September 22, 2023
Thursday, September 21, 2023
Studio Ghibli set to become subsidiary of Nippon TV
Studio Ghibli set to become subsidiary of Nippon TV
534 by sohkamyung | 229 comments on Hacker News.
534 by sohkamyung | 229 comments on Hacker News.
My uBlock Origin filters to remove distractions
My uBlock Origin filters to remove distractions
414 by mig4ng | 166 comments on Hacker News.
Repository with my filter lists that block some distractions from sites I want to keep using. I am pretty ruthless removing distractions from my life (e.g. no Instagram, Facebook, TikTok), but some tools I'd like to keep using some parts of it. E.g. Twitter/X, I dislike the feed but I like reading some threads that are shared here or on blog posts. Same for YouTube, I enjoy some videos but I do not want recommendations when I finish the video I was watching. Feel free to suggest more, open issues, pull requests or send me an email :)
414 by mig4ng | 166 comments on Hacker News.
Repository with my filter lists that block some distractions from sites I want to keep using. I am pretty ruthless removing distractions from my life (e.g. no Instagram, Facebook, TikTok), but some tools I'd like to keep using some parts of it. E.g. Twitter/X, I dislike the feed but I like reading some threads that are shared here or on blog posts. Same for YouTube, I enjoy some videos but I do not want recommendations when I finish the video I was watching. Feel free to suggest more, open issues, pull requests or send me an email :)
Wednesday, September 20, 2023
Show HN: ElectricSQL, Postgres to SQLite active-active sync for local-first apps
Show HN: ElectricSQL, Postgres to SQLite active-active sync for local-first apps
404 by samwillis | 118 comments on Hacker News.
Hi HN, James, Valter, Sam and the team from ElectricSQL here. We're really excited to be sharing ElectricSQL with you today. It's an open source, local-first sync layer that can be used to build reactive, realtime, offline-capable apps directly on Postgres with two way active-active sync to SQLite (including with WASM in the browser). Electric comprises a sync layer (built with Elixir) placed in front of your Postgres database and a type safe client that allows you to bidirectionally sync data from your Postgres to local SQLite databases. This sync is CRDT-based, resilient to conflicting edits from multiple nodes at the same time, and works after being offline for extended periods. Some good links to get started: - website: https://ift.tt/pZNe8Rb - docs: https://ift.tt/6BYr2WJ - code: https://ift.tt/PCgpALd - introducing post: https://ift.tt/ZrFcwQh... You can also see some demo applications: - Linear clone: https://ift.tt/P4hRoSL - Realtime demo: https://ift.tt/FTPvx4c - Conflict-free offline: https://ift.tt/u0FEPZG The Electric team actually includes two of the inventors of CRDTs, Marc Shapiro and Nuno Preguiça, and a number of their collaborators who've pioneered a lot of tech underpinning local-first software. We are privileged to be building on their research and delighted to be surfacing so much work in a product you can now try out.
404 by samwillis | 118 comments on Hacker News.
Hi HN, James, Valter, Sam and the team from ElectricSQL here. We're really excited to be sharing ElectricSQL with you today. It's an open source, local-first sync layer that can be used to build reactive, realtime, offline-capable apps directly on Postgres with two way active-active sync to SQLite (including with WASM in the browser). Electric comprises a sync layer (built with Elixir) placed in front of your Postgres database and a type safe client that allows you to bidirectionally sync data from your Postgres to local SQLite databases. This sync is CRDT-based, resilient to conflicting edits from multiple nodes at the same time, and works after being offline for extended periods. Some good links to get started: - website: https://ift.tt/pZNe8Rb - docs: https://ift.tt/6BYr2WJ - code: https://ift.tt/PCgpALd - introducing post: https://ift.tt/ZrFcwQh... You can also see some demo applications: - Linear clone: https://ift.tt/P4hRoSL - Realtime demo: https://ift.tt/FTPvx4c - Conflict-free offline: https://ift.tt/u0FEPZG The Electric team actually includes two of the inventors of CRDTs, Marc Shapiro and Nuno Preguiça, and a number of their collaborators who've pioneered a lot of tech underpinning local-first software. We are privileged to be building on their research and delighted to be surfacing so much work in a product you can now try out.
We are retroactively dropping the iPhone’s repairability score
We are retroactively dropping the iPhone’s repairability score
460 by fraXis | 319 comments on Hacker News.
460 by fraXis | 319 comments on Hacker News.
Tuesday, September 19, 2023
Monday, September 18, 2023
Show HN: HyperDX – open-source dev-friendly Datadog alternative
Show HN: HyperDX – open-source dev-friendly Datadog alternative
467 by mikeshi42 | 108 comments on Hacker News.
Hi HN, Mike and Warren here! We've been building HyperDX (hyperdx.io). HyperDX allows you to easily search and correlate logs, traces, metrics (alpha), and session replays all in one place. For example, if a user reports a bug “this button doesn't work," an engineer can play back what the user was doing in their browser and trace API calls back to the backend logs for that specific request, all from a single view. Github Repo: https://ift.tt/I1BZqCG Coming from an observability nerd background, with Warren being SRE #1 at his last startup and me previously leading dev experience at LogDNA/Mezmo, we knew there were gaps in the existing tools we were used to using. Our previous stack of tools like Bugsnag, LogRocket, and Cloudwatch required us to switch between different tools, correlate timestamps (UTC? local?), and manually cross-check IDs to piece together what was actually happening. This often made meant small issues required hours of frustration to root cause. Other tools like Datadog or New Relic come with high price tags - when estimating costs for Datadog in the past, we found that our Datadog bill would exceed our AWS bill! Other teams have had to adjust their infrastructure just to appease the Datadog pricing model. To build HyperDX, we've centralized all the telemetry in one place by leveraging OpenTelemetry (a CNCF project for standardizing/collecting telemetry) to pull and correlate logs, metrics, traces, and replays. In-app, we can correlate your logs/traces together in one panel by joining everything automatically via trace ids and session ids, so you can go from log <> trace <> replay in the same panel. To keep costs low, we store everything in Clickhouse (w/ S3 backing) to make it extremely affordable to store large amounts of data (compared to Elasticsearch) while still being able to query it efficiently (compared to services like Cloudwatch or Loki), in large part thanks to Clickhouse's bloom filters + columnar layout. On top of that, we've focused on providing a smooth developer experience (the DX in HyperDX!). This includes features like native parsing of JSON logs, full-text search on any log or trace, 2-click alert creation, and SDKs that help you get started with OpenTelemetry faster than the default OpenTelemetry SDKs. I'm excited to share what we've been working with you all and would love to hear your feedback and opinions! Hosted Demo - https://ift.tt/9aQXxOm Open Source Repo: https://ift.tt/I1BZqCG Landing Page: https://hyperdx.io
467 by mikeshi42 | 108 comments on Hacker News.
Hi HN, Mike and Warren here! We've been building HyperDX (hyperdx.io). HyperDX allows you to easily search and correlate logs, traces, metrics (alpha), and session replays all in one place. For example, if a user reports a bug “this button doesn't work," an engineer can play back what the user was doing in their browser and trace API calls back to the backend logs for that specific request, all from a single view. Github Repo: https://ift.tt/I1BZqCG Coming from an observability nerd background, with Warren being SRE #1 at his last startup and me previously leading dev experience at LogDNA/Mezmo, we knew there were gaps in the existing tools we were used to using. Our previous stack of tools like Bugsnag, LogRocket, and Cloudwatch required us to switch between different tools, correlate timestamps (UTC? local?), and manually cross-check IDs to piece together what was actually happening. This often made meant small issues required hours of frustration to root cause. Other tools like Datadog or New Relic come with high price tags - when estimating costs for Datadog in the past, we found that our Datadog bill would exceed our AWS bill! Other teams have had to adjust their infrastructure just to appease the Datadog pricing model. To build HyperDX, we've centralized all the telemetry in one place by leveraging OpenTelemetry (a CNCF project for standardizing/collecting telemetry) to pull and correlate logs, metrics, traces, and replays. In-app, we can correlate your logs/traces together in one panel by joining everything automatically via trace ids and session ids, so you can go from log <> trace <> replay in the same panel. To keep costs low, we store everything in Clickhouse (w/ S3 backing) to make it extremely affordable to store large amounts of data (compared to Elasticsearch) while still being able to query it efficiently (compared to services like Cloudwatch or Loki), in large part thanks to Clickhouse's bloom filters + columnar layout. On top of that, we've focused on providing a smooth developer experience (the DX in HyperDX!). This includes features like native parsing of JSON logs, full-text search on any log or trace, 2-click alert creation, and SDKs that help you get started with OpenTelemetry faster than the default OpenTelemetry SDKs. I'm excited to share what we've been working with you all and would love to hear your feedback and opinions! Hosted Demo - https://ift.tt/9aQXxOm Open Source Repo: https://ift.tt/I1BZqCG Landing Page: https://hyperdx.io
OpenRA – Classic strategy games rebuilt for the modern era
OpenRA – Classic strategy games rebuilt for the modern era
431 by xbmcuser | 106 comments on Hacker News.
431 by xbmcuser | 106 comments on Hacker News.
Sunday, September 17, 2023
Tracking Austrian grocery prices by scraping store sites
Tracking Austrian grocery prices by scraping store sites
596 by boffbowsh | 361 comments on Hacker News.
596 by boffbowsh | 361 comments on Hacker News.
Saturday, September 16, 2023
Friday, September 15, 2023
Thursday, September 14, 2023
Wednesday, September 13, 2023
Ask HN: Why did Visual Basic die?
Ask HN: Why did Visual Basic die?
405 by Zelphyr | 507 comments on Hacker News.
I've been a software developer for almost 30 years. I remember using VB back in the 90's and I was thinking about it the other day and it dawned on me; despite all the advances in technology since then, nothing I have found compares to that development experience today. I would go so far as to say we've gone backwards in a big way. Now, I'm no fan of Microsoft products but, I have yet to find a tool that can allow me to be as productive in so short a time as Visual Basic. Yet I can't help wondering what problems it had that caused them to abandon it? Moreover, why hasn't someone come out with a solid replacement?
405 by Zelphyr | 507 comments on Hacker News.
I've been a software developer for almost 30 years. I remember using VB back in the 90's and I was thinking about it the other day and it dawned on me; despite all the advances in technology since then, nothing I have found compares to that development experience today. I would go so far as to say we've gone backwards in a big way. Now, I'm no fan of Microsoft products but, I have yet to find a tool that can allow me to be as productive in so short a time as Visual Basic. Yet I can't help wondering what problems it had that caused them to abandon it? Moreover, why hasn't someone come out with a solid replacement?
Tuesday, September 12, 2023
Fine-tune your own Llama 2 to replace GPT-3.5/4
Fine-tune your own Llama 2 to replace GPT-3.5/4
491 by kcorbitt | 126 comments on Hacker News.
There has been a lot of interest on HN in fine-tuning open-source LLMs recently (eg. Anyscale's post at https://ift.tt/TL6HqWS ). I've been playing around with fine-tuning models for a couple of years, and wanted to share some insights and practical code. I’ve condensed what I’ve learned into a small set of notebooks at https://ift.tt/fJA94TL... , covering labeling data, fine-tuning, running efficient inference, and evaluating costs/performance. The 7B model we train here matches GPT-4’s labels 95% of the time on the test set, and for the 5% of cases where they disagree it’s often because the correct answer is genuinely ambiguous. What is fine-tuning? You can think of it as a more-powerful form of prompting, where instead of writing your instructions in text you actually encode them in the weights of the model itself. You do this by training an existing model on example input/output pairs that demonstrate the task you want your fine-tuned model to learn. Fine-tuning can work with as few as 50 examples but I usually try to get 1000+ if possible. Prompting still has some big advantages over fine-tuning. It's way easier/faster to iterate on your instructions than label data and re-train a model. And operationally it's easier to deploy one big model and just adjust its behavior as necessary vs deploying many small fine-tuned models that will likely each get lower utilization. Fine-tuning has one huge advantage though: it is far more effective at guiding a model's behavior than prompting, so you can often get away with a much smaller model. That gets you faster responses and lower inference costs. A fine-tuned Llama 7B model is 50x cheaper than GPT-3.5 on a per-token basis, and for many use cases can produce results that are as good or better! For example, classifying the 2M recipes at https://ift.tt/v0zZwNd with GPT-4 would cost $23k. Even with GPT-3.5 it would cost over $1k. The model we fine-tuned performs similarly to GPT-4 and costs just $19 to run over the entire dataset. Disclaimer: My brother David and I are working on an open-source product called OpenPipe ( https://ift.tt/hEZb3sl ) to help engineers adopt fine-tuning as simply as possible. But none of the information above depends on our startup. The current post is just about sharing information that we’ve learned about fine-tuning. I hope it’s useful!
491 by kcorbitt | 126 comments on Hacker News.
There has been a lot of interest on HN in fine-tuning open-source LLMs recently (eg. Anyscale's post at https://ift.tt/TL6HqWS ). I've been playing around with fine-tuning models for a couple of years, and wanted to share some insights and practical code. I’ve condensed what I’ve learned into a small set of notebooks at https://ift.tt/fJA94TL... , covering labeling data, fine-tuning, running efficient inference, and evaluating costs/performance. The 7B model we train here matches GPT-4’s labels 95% of the time on the test set, and for the 5% of cases where they disagree it’s often because the correct answer is genuinely ambiguous. What is fine-tuning? You can think of it as a more-powerful form of prompting, where instead of writing your instructions in text you actually encode them in the weights of the model itself. You do this by training an existing model on example input/output pairs that demonstrate the task you want your fine-tuned model to learn. Fine-tuning can work with as few as 50 examples but I usually try to get 1000+ if possible. Prompting still has some big advantages over fine-tuning. It's way easier/faster to iterate on your instructions than label data and re-train a model. And operationally it's easier to deploy one big model and just adjust its behavior as necessary vs deploying many small fine-tuned models that will likely each get lower utilization. Fine-tuning has one huge advantage though: it is far more effective at guiding a model's behavior than prompting, so you can often get away with a much smaller model. That gets you faster responses and lower inference costs. A fine-tuned Llama 7B model is 50x cheaper than GPT-3.5 on a per-token basis, and for many use cases can produce results that are as good or better! For example, classifying the 2M recipes at https://ift.tt/v0zZwNd with GPT-4 would cost $23k. Even with GPT-3.5 it would cost over $1k. The model we fine-tuned performs similarly to GPT-4 and costs just $19 to run over the entire dataset. Disclaimer: My brother David and I are working on an open-source product called OpenPipe ( https://ift.tt/hEZb3sl ) to help engineers adopt fine-tuning as simply as possible. But none of the information above depends on our startup. The current post is just about sharing information that we’ve learned about fine-tuning. I hope it’s useful!
Monday, September 11, 2023
Google Chrome just rolled out a new way to track you and serve ads
Google Chrome just rolled out a new way to track you and serve ads
459 by ed_westin | 335 comments on Hacker News.
459 by ed_westin | 335 comments on Hacker News.
Sunday, September 10, 2023
Privacy Nightmare on Wheels’: Every Car Brand Reviewed by Mozilla
Privacy Nightmare on Wheels’: Every Car Brand Reviewed by Mozilla
584 by sandermvanvliet | 296 comments on Hacker News.
584 by sandermvanvliet | 296 comments on Hacker News.
Saturday, September 9, 2023
Friday, September 8, 2023
Thursday, September 7, 2023
NSO group iPhone zero-click, zero-day exploit captured in the wild
NSO group iPhone zero-click, zero-day exploit captured in the wild
561 by ericzawo | 342 comments on Hacker News.
561 by ericzawo | 342 comments on Hacker News.
Show HN: Host a Website in the URL
Show HN: Host a Website in the URL
448 by acidx | 147 comments on Hacker News.
I wrote this silly thing a couple of weeks ago. It's absolutely useless but it's a fun tech demo for my web server library. Enjoy!
448 by acidx | 147 comments on Hacker News.
I wrote this silly thing a couple of weeks ago. It's absolutely useless but it's a fun tech demo for my web server library. Enjoy!
Wednesday, September 6, 2023
Show HN: Puck – Open-source visual editor for React
Show HN: Puck – Open-source visual editor for React
397 by chrisvxd | 90 comments on Hacker News.
Hey hackers, OP here! I've been dipping in and out of this problem space for the last few years with many of my clients. Puck sits somewhere between an old-school WYSIWYG-powered CMS and headless one, allowing content teams to author content using real React components. Traditional CMS solutions were flexible but often resulted in page that completely broke the brand guidelines. Headless CMS solutions are a fantastic way of controlling brand by restricting UI changes to developers, but makes layout changes restrictive and slow as developers often need to get involved. Puck provides a visual editor for React that can sit on top of your existing headless CMS (or act as standalone). We've been dog-fooding it on a few pages at https://measured.co and on https://wellpaid.io . So far, so good The API is built for React, which allows FE devs to quickly integrate their existing component and add some form fields for author input, or connect it to a headless CMS of choice. It's open-source under MIT, and pairs nicely with Next.js (check out the demo application). Next in the pipeline: support for multi-column layouts, richer demos, new plugins. Looking forward to hearing your comments!
397 by chrisvxd | 90 comments on Hacker News.
Hey hackers, OP here! I've been dipping in and out of this problem space for the last few years with many of my clients. Puck sits somewhere between an old-school WYSIWYG-powered CMS and headless one, allowing content teams to author content using real React components. Traditional CMS solutions were flexible but often resulted in page that completely broke the brand guidelines. Headless CMS solutions are a fantastic way of controlling brand by restricting UI changes to developers, but makes layout changes restrictive and slow as developers often need to get involved. Puck provides a visual editor for React that can sit on top of your existing headless CMS (or act as standalone). We've been dog-fooding it on a few pages at https://measured.co and on https://wellpaid.io . So far, so good The API is built for React, which allows FE devs to quickly integrate their existing component and add some form fields for author input, or connect it to a headless CMS of choice. It's open-source under MIT, and pairs nicely with Next.js (check out the demo application). Next in the pipeline: support for multi-column layouts, richer demos, new plugins. Looking forward to hearing your comments!
Tuesday, September 5, 2023
Ask HN: I’m an FCC Commissioner proposing regulation of IoT security updates
Ask HN: I’m an FCC Commissioner proposing regulation of IoT security updates
615 by SimingtonFCC | 192 comments on Hacker News.
Hi everyone, I’m FCC Commissioner Nathan Simington, and I’m here to discuss security updates for IoT devices and how you can make a difference by filing comments with the FCC. As you know, serious vulnerabilities are common in IoT, and it often takes too long for these to be patched on end-user devices—if the manufacturer even bothers to release an update, and if the device was even designed to receive them. Companies may cease supporting a device well before consumers have stopped using it. The support period is often not communicated at the time of sale. And sometimes the end of support is not even announced, leaving even informed users unsure whether their devices are still safe. I’ve advocated for the FCC to require device manufacturers to support their devices with security updates for a reasonable amount of time [1]. I can't bring such a proposal to a vote since I’m not the chairman of the agency. But I was able to convince my colleagues to tentatively support something a little more moderate addressing this problem. The FCC recently issued a Notice of Proposed Rulemaking [2] for a cybersecurity labeling program for connected devices. If they meet certain criteria for the security of their product, manufacturers can put an FCC cybersecurity label on it. I fought hard for one of these criteria to be the disclosure of how long the product will receive security updates. I hope that, besides arming consumers with better information, the commitments on this label (including the support period) will be legally enforceable in contract and tort lawsuits and under other laws. You can see my full statement here [3]. But it’s too early to declare victory. Many manufacturers oppose making any commitments about security updates, even voluntary ones. These manufacturers are heavily engaged at the FCC and represented by sophisticated regulatory lawyers. The FCC and White House are not likely to take a strong stand if they only hear the device manufacturer's side of the story. In short, they need to hear from you. You have experienced insecure protocols, exposed private keys, and other atrocious security. You have seen these problems persist despite ample warning. People ask, ‘why aren’t there rules about these things?’ This is your chance to get on the record and tell us what you think the rules should be. If infosec doesn’t make this an issue, the general public will continue falsely assuming that everything is fine. But if you get on the record and the government fails to act, the evidence of this failure will be all over the Internet forever. If you want to influence the process, you have until September 25th, 2023 (midnight ET) to file comments in the rulemaking proceeding.[4] Filing is easy: go to https://ift.tt/VUQwREC and click to file either an ‘express’ comment (type into a textbox) or a ‘standard’ comment (upload a PDF). Either way, the FCC is required to consider your arguments. All options are on the table, so don’t hold back, but do make your arguments as clear as possible, so even lawyers can understand them. I’m here to listen and learn. AMA. Feel free to ask any questions about this or related issues, and I’ll answer as many as I can. I just ask that we try to stay on the topic of security. My legal advisor, Marco Peraza, a security-focused software engineer turned cybersecurity lawyer, will be answering questions too. I’m open to incorporating your ideas (and even being convinced I’m wrong), and I hope that my colleagues at the FCC are as well. Thank you! [1] https://ift.tt/CPH2GeW... [2] https://ift.tt/c0Nt6yu... [3] https://ift.tt/c0Nt6yu... [4] If your comments are purely in response to arguments made in other comments, you have an extra 15 days, until October 10, 2023.
615 by SimingtonFCC | 192 comments on Hacker News.
Hi everyone, I’m FCC Commissioner Nathan Simington, and I’m here to discuss security updates for IoT devices and how you can make a difference by filing comments with the FCC. As you know, serious vulnerabilities are common in IoT, and it often takes too long for these to be patched on end-user devices—if the manufacturer even bothers to release an update, and if the device was even designed to receive them. Companies may cease supporting a device well before consumers have stopped using it. The support period is often not communicated at the time of sale. And sometimes the end of support is not even announced, leaving even informed users unsure whether their devices are still safe. I’ve advocated for the FCC to require device manufacturers to support their devices with security updates for a reasonable amount of time [1]. I can't bring such a proposal to a vote since I’m not the chairman of the agency. But I was able to convince my colleagues to tentatively support something a little more moderate addressing this problem. The FCC recently issued a Notice of Proposed Rulemaking [2] for a cybersecurity labeling program for connected devices. If they meet certain criteria for the security of their product, manufacturers can put an FCC cybersecurity label on it. I fought hard for one of these criteria to be the disclosure of how long the product will receive security updates. I hope that, besides arming consumers with better information, the commitments on this label (including the support period) will be legally enforceable in contract and tort lawsuits and under other laws. You can see my full statement here [3]. But it’s too early to declare victory. Many manufacturers oppose making any commitments about security updates, even voluntary ones. These manufacturers are heavily engaged at the FCC and represented by sophisticated regulatory lawyers. The FCC and White House are not likely to take a strong stand if they only hear the device manufacturer's side of the story. In short, they need to hear from you. You have experienced insecure protocols, exposed private keys, and other atrocious security. You have seen these problems persist despite ample warning. People ask, ‘why aren’t there rules about these things?’ This is your chance to get on the record and tell us what you think the rules should be. If infosec doesn’t make this an issue, the general public will continue falsely assuming that everything is fine. But if you get on the record and the government fails to act, the evidence of this failure will be all over the Internet forever. If you want to influence the process, you have until September 25th, 2023 (midnight ET) to file comments in the rulemaking proceeding.[4] Filing is easy: go to https://ift.tt/VUQwREC and click to file either an ‘express’ comment (type into a textbox) or a ‘standard’ comment (upload a PDF). Either way, the FCC is required to consider your arguments. All options are on the table, so don’t hold back, but do make your arguments as clear as possible, so even lawyers can understand them. I’m here to listen and learn. AMA. Feel free to ask any questions about this or related issues, and I’ll answer as many as I can. I just ask that we try to stay on the topic of security. My legal advisor, Marco Peraza, a security-focused software engineer turned cybersecurity lawyer, will be answering questions too. I’m open to incorporating your ideas (and even being convinced I’m wrong), and I hope that my colleagues at the FCC are as well. Thank you! [1] https://ift.tt/CPH2GeW... [2] https://ift.tt/c0Nt6yu... [3] https://ift.tt/c0Nt6yu... [4] If your comments are purely in response to arguments made in other comments, you have an extra 15 days, until October 10, 2023.
Monday, September 4, 2023
Ask HN: Who is hiring? (September 2023)
Ask HN: Who is hiring? (September 2023)
375 by whoishiring | 362 comments on Hacker News.
Please state the location and include REMOTE, INTERNS and/or VISA when that sort of candidate is welcome. When remote work is not an option, include ONSITE. Please only post if you personally are part of the hiring company—no recruiting firms or job boards. One post per company. If it isn't a household name, explain what your company does. Commenters: please don't reply to job posts to complain about something. It's off topic here. Readers: please only email if you are personally interested in the job. Searchers: try https://ift.tt/GgZFOe9 , https://ift.tt/rwK48qI , https://hnhired.fly.dev , https://ift.tt/2g6uJvo , https://ift.tt/iYwvz43 . Don't miss these other fine threads: Who wants to be hired? https://ift.tt/cGBJ4nu Freelancer? Seeking freelancer? https://ift.tt/jE1Oz2W
375 by whoishiring | 362 comments on Hacker News.
Please state the location and include REMOTE, INTERNS and/or VISA when that sort of candidate is welcome. When remote work is not an option, include ONSITE. Please only post if you personally are part of the hiring company—no recruiting firms or job boards. One post per company. If it isn't a household name, explain what your company does. Commenters: please don't reply to job posts to complain about something. It's off topic here. Readers: please only email if you are personally interested in the job. Searchers: try https://ift.tt/GgZFOe9 , https://ift.tt/rwK48qI , https://hnhired.fly.dev , https://ift.tt/2g6uJvo , https://ift.tt/iYwvz43 . Don't miss these other fine threads: Who wants to be hired? https://ift.tt/cGBJ4nu Freelancer? Seeking freelancer? https://ift.tt/jE1Oz2W
I don’t want to grow my freelance design studio into an agency
I don’t want to grow my freelance design studio into an agency
436 by taubek | 180 comments on Hacker News.
436 by taubek | 180 comments on Hacker News.
Sunday, September 3, 2023
Tax prep companies: $90M lobbying against free tax-filing
Tax prep companies: $90M lobbying against free tax-filing
418 by everybodyknows | 228 comments on Hacker News.
418 by everybodyknows | 228 comments on Hacker News.
Saturday, September 2, 2023
Friday, September 1, 2023
Ask Microsoft: Are you using our personal data to train AI?
Ask Microsoft: Are you using our personal data to train AI?
450 by alabhyajindal | 142 comments on Hacker News.
450 by alabhyajindal | 142 comments on Hacker News.
Subscribe to:
Posts (Atom)