Happy to see some positive news stories regarding Ozempic/Semaglutide.
I really dislike that most stories try to taint it in the "diet trend", "TikTok challenge" light, obesity is a serious illness which is extremely unhealthy and leads to many many preventable deaths, this drug is a miracle.
And yeah, there shortages, but then the drug stores shall give out this drug to those who need it the most, and not who pays the most. It's not like the US healthcare system is fair anyways. And also the suppliers can ramp up production (as they are already doing).
Friendly reminder: The STEP 5 trial of semaglutide showed that even in long-term usage a sort of "cutoff" BMI is reached, so even skinny/normal bodied people who take semaglutide don't drop to an anorexic level BMI, but stay above the 18.5 line (after which you are considered underweight) [1].
Indeed, here here. As manufacturing capacity ramps up, and cost approaches $1-$5/month/person, it is an antidote against an economy wired to profit off of miswired reward centers. Success is comin'. Healthier humans, less spending on poor nutrition, lower healthcare costs and improved health at scale. There is even robust evidence that GLP-1 agonists reduce addictive consumption of alcohol, nicotine, and opioids [1] [2].
It's the next metformin imho (cost to benefit ratio). We should be scaling up production like it's a war effort.
[2] https://news.ycombinator.com/item?id=40357197 ("u/comova: 1. GLP-1 drugs appear to dramatically reduce addictive drive across substances. 2. GLP-1 drugs can reach vastly more patients than existing medications and they have positive mental health benefits for anxiety and depression. 3. This is our first ever opportunity to make a big dent in the addiction crisis, which kills 770,000 people a year between opioids, cigarettes, and alcohol.")
There are multiple GLP-1 agonists on the market (five approved by the FDA for glycemic control, two of those also for weight loss) so I expect competition to drive down prices.
An interesting fact is that as long as there is a shortage of a compound, pharmacies can make a version using compounding. If demand always outstrips supply, compounding will be permitted.
I wish we'd finally start calling obesity food addiction. It's an addiction that we've allowed to be economically viable, no different than alcohol and tobacco.
There isn't a shortage of the drug, there is a shortage of auto-injector pens, and it is impacted multiple medications. If you go vile+subcutaneous syringe it bypasses this limitation and is readily available.
The auto-injector pens are great, but when people need medication, it should be offered optionally with or without.
In my opinion (as a security engineer) the biggest benefit of such programs is not amoral "hackers will always sell exploits to the highest bidder so companies must provide a high bounty for bugs in their software"[1] but "having a responsible disclosure process makes it totally clear that it's ok to report vulnerabilities without being sued".
Looking at the timeline below the post I can't see anything problematic. The author even waited the usual[2] 90 days before disclosure, even though the vulnerability was hotpatched a day after report (congrats to Cox btw). They also shared a draft blog post with them a month ago.
[1]They certainly should, in the ideal world.
[2]A deadline popularized (or even invented) by Google's project zero.
Yeah when a company says one of their responsible disclosure rules amounts to "just don't ruin our prod system, or reveal or steal data pls" they basically invite you to try and break in - responsibly.
>In Germany you would get minimum 3 years in jail for this, people got in front of court for way way way way less.
Great way to make sure researchers don't notify the victim of vulnerabilities, but rather stay quiet or sell it.
You'll note they never tried to change anything but their own equipment; doing otherwise would have been immoral and, yes, likely illegal. Without testing you have no idea whether or not you're actually looking at something that needs to be reported.
In Germany it is common for vendors to acknowledge the security flaw you send to them, but if you want to publish it (and damage their reputation by doing so) they are going to try you in court, and win.
Sometimes they even try you in court if you don't publish it (yet)
To be fair, Germany is unusually harsh on security researchers. As far as I know (but German law is not my forte) there's no exclusion for "ethical hacking". I remember reading about many German cases that went like:
* A security researcher discovers that the main database of some service is available publicly with default password
* They notify the company
* They get sued for unauthorized access to the company's data
This wouldn't happen in my (also European) jurisdiction, because as long as your intention is to fix the vulnerability you found, and you notify the company about the problem, you're in the clear.
Regarding Germany and large corporations, and somewhat of a tangent, I remember a decade ago a bunch of hedge funds had tried to sue Porsche, the parent company of VW, for cornering the market for VW’s open interest and cause the mother of all short squeezes.
They tried the case in New York but it got thrown out for lack of jurisdiction. They did try the case in Germany, but Porsche had fittingly cornered the market for the best and biggest law firms. All of the best law firms refused to take the case because it would mean that they’d be essentially blacklisted by the largest companies in Germany for bringing a case against a German company.
In a production environment, where you deal with huge sets (think OSM), the solution may be a mix of both.
One aspect that I didn't deal with (yet) is also, that a Polygon can have redundant points (think A(1|1) B(2|2) C(3|3) D(1|2)), which you should simplify.
Ideally you would also split the map into hexagons, and compute which Geometry lays within which hexagon(s), and then only compare the geometry that shares a hexagon(s), but this information should be persisted and not computed each runtime, making it a bit out-of-scope for pure GeoJSON hashing.