Hacker News new | past | comments | ask | show | jobs | submit | endergen's comments login

I think being fact based doesn't make you put your foot in your mouth, that's perhaps correlated though. You can have empathetic-delivery/patience while being staunchly objective. With some patience/skill you can win people over to accepting or at least considering what might be a truth.

It's rarely cut and dry as to what is true though, and you have to speculate at much in order to make sense of any real world complex situation.


I was hoping this meant that html native submissions would be possible, so that people made interactive explanations.


Doesn't using your botnet expose your botnet IP addresses/devices?


Yes, but currently that has zero consequences. Say you infect 500.000 Windows XP machines or consumer routers, the owners of those devices isn't going to be informed, nor is their ISPs. In many cases the manufacturer of those devices also aren't going to provide security update, but those probably wasn't going to be applied anyway.


Are you positive that "tell nobody" is the mitigation strategy that Google used here? They could have easily asked router vendors to patch their devices, asked ISPs to blackhole those customers until they're patched, etc.


Patch what though? They know that they're getting hit with unprecedented traffic, not how those computers were infected.


It's mostly not infected computers, but rather poorly configured proxies that are open for anyone to bounce malicious traffic through. Convincing everyone to clean up their open proxies is a long-term, hard problem. But I plan to tackle it soon....


How? I suppose the most effective way is to have those proxies attack each other. But don’t, it’s likely illegal.


Get a few companies to agree that open proxies are a scourge that needs to be stopped. They each apply some action to open proxies (user-facing messaging, loss of functionality, captcha, or complete block), and the users of those proxies will get the problem fixed.

The hard part (and it truly is hard!) is convincing a few companies to do this. It risks user complaints in the short term, to solve a problem that may not be very acute for the largest companies (who can simply absorb these attacks).


How about downgrading all connections from said proxies to http 1.1? This can be done in coordination, but it ought not to be too hard to embed such ‘graylisting’ functionality in a webserver.

(No I don’t expect any response but I am just leaving this thought for those who stumble on this thread in the future).


the most efficient way would be to write a script that gains root on those open proxies and then fixes the issue.


Effective or efficient? Would seem rather inefficient to spend time researching all the possible ways to gain route on x number of servers, finding an exploit, crafting some plan to execute it, keeping your prints clean etc etc


What way would be more efficient?


So you're saying Google and Cloudflare, just as an example, should block consumers of other ISPs because they run "unpatched" software or they have malware running on their devices? Lol, this is a very absurd and narrow minded view how the internet works. You deal with the traffic, you don't randomly block eyeball networks because they're attacking you.


> you don't randomly block eyeball networks because they're attacking you.

ISPs do this literally all the time. They sell services that do this.


Google should start using their ad network to silently update people’s security!


Uh, no thanks from this user.

Also, sounds illegal.


Definitely illegal in the US.


> the owners of those devices isn't going to be informed, nor is their ISPs

not necessarily true


But these ISPs that give something and inform and even isolate their infected customers are few and far between.

Shout out to Dutch ISP XS4ALL who was (is?) very very strict and active in this space.


Are you saying Text Mesh Pro is better or using a similar improvement over SDFs?


This is great, well done, and thanks for open sourcing it.

I started to build something like this early last year, but got too busy with another pet project and having a baby. Here's some demos and notes if you're interested. https://twitter.com/convey_it/status/1433163282597171200


Holy smoke that's so cool, thanks for sharing it! I love that your work helped increase the number of morphTargets in Three.js. That's real impact!


Thanks! Yeah, that felt good.


Most people in the world pretty much have to, due to the prevalence of English in CS based businesses, projects, and academia.


Seems unlikely.

An estimated 2 billion people understand English globally. That number is only growing.

While Excel has probably the most programmers in the world, their instructions are localized.

And among programmers of other programming languages I bet that way over 50% understand English. So I’d say that most programmers do understand English.


>> An estimated 2 billion people understand English globally. That number is only growing.

And what's the reason for that? Exactly what the comment you are answering says.

>> While Excel has probably the most programmers in the world, their instructions are localized.

And what a mess that is. And if you have a problem chances are that the answer will be in English. So, again, you have to know English.

>> And among programmers of other programming languages I bet that way over 50% understand English. So I’d say that most programmers do understand English.

Again, they don't have an option, have they? Who knows? Maybe, someday in the future we will have to learn Mandarin.


I surely hope not, learning English is much much easier than Mandarin for a good 60% of the world : anyone speaking a language using the latin alphabet so most of Europe + America North and South + a good chunk of Africa. Even in countries where the main language is not using the Latin alphabet, it is very common to speak English or French.

People might not have much of an option because English is there de facto, but learning English is much much better than having to learn both English and Mandarin


There is a great deal more to learning a language than its alphabet, and English is probably one of the worst languages to learn that use the Latin alphabet, with many inconsistencies and exceptions in grammar and pronunciation. The reason so many people learn it is because they have to, not because it's easy to learn or use.

English is the JavaScript of human languages.


> There is a great deal more to learning a language than its alphabet, and English is probably one of the worst languages to learn that use the Latin alphabet

No denying English spelling is particularly atrocious – but still easier than learning Chinese characters. The Chinese writing system is arguably the most difficult to learn of all writing systems in common modern use – even if your native language doesn't use the Latin alphabet, the Latin alphabet is going to be much easier to learn than the Chinese writing system is; even learning crazy inconsistent English spelling is likely easier.


Pick your poison.

Knights ride at night nightly, to get knighted.

Does that make any sense to someone learning English.

It's a silly argument though. Other countries are willing to learn English. We aren't willing, not nationally anyway, to learn anything else.


You can operate on very little knowledge of English.

Essentially you can learn middle-out vs other languages.

To understand a programming language you just need the bare bones.

English is the JS of programming languages though, being that it's everywhere and it's very easy to use.


> I surely hope not, learning English is much much easier than Mandarin for a good 60% of the world : anyone speaking a language using the latin alphabet

As well as the writing system, there is another factor: Mandarin is tonal, English isn't. If your native language is non-tonal (true of roughly 50% of the world population), trying to learn a tonal language is an extra challenge on top of the general challenge of trying to learn another language. Your brain just isn't used to considering tone as semantically significant.


> And what a mess that is

Not really; there are no localized function names for languages that use non-Latin based scripts because otherwise one would have to constantly switch keyboard layouts to type any formula. Except for the Russian version of Excel which uses Latin-spelt cell names (D1, F2, etc.) but Cyrillic-spelt function names (ЕСЛИ, СУММ, БЕССЕЛЬ.J, etc.), of course.

> Maybe, someday in the future we will have to learn Mandarin.

Optimists study English, pessimists study Mandarin, realists study M16.


I’ve recently built a VS Code extension that adds a Joy.js Editor to VS Code and then you can save and version control .joy files.

See some progress videos here: https://twitter.com/seflless/status/1460788493500796935?s=21


Definitely checkout the VS Code extension so you can version control diagrams/drawings along side your code.

Works on VS Code for Desktop, github.dev, vscode.dev, GitHub Codespaces.

https://marketplace.visualstudio.com/items?itemName=tldraw-o...

Some thoughts on the extension and workflows are here: https://twitter.com/seflless/status/1446892923661045767?s=20


Here’s another early experiment with the extension. This time using Tldraw as a personal or team Trello style task planner. https://twitter.com/seflless/status/1452296968718401536?s=21

Not sure that this would work for most people , but would for sure for individuals who think I’m sticky notes


I care way less about this than alternate stores have no or much less stringent app reviews


This is how remember things historically.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: