Hacker News new | past | comments | ask | show | jobs | submit | noitpmeder's comments login

What's the sentiment towards Mullvad?

Generally? Very positive.

They're a model company for data-minimization. No account names, no passwords, can pay by cash in an envelope, RAM-only infrastructure, thorough and frequent 3rd-party auditing, etc.

They provide back, fund privacy initiatives, have a history of being unable to provide user data when requested by governments, all of their stuff is well documented. You'd be hard-pressed to find anyone privacy & security conscious speak poorly about them.


They were deceptive about why they removed static IPs and port forwarding. Such deceptions speak to character, and a VPN company isn't private -- it's trust transference. So character matters.

There are 6 other providers that do offer static IP, and one of those uses AWS nitro to ensure that mappings aren't available to LEO. So this wasn't a technical limitation.


>They were deceptive about why they removed static IPs and port forwarding.

What were they deceptive about? Their announcement is straight forward.

"Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.

The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked."

https://mullvad.net/en/blog/removing-the-support-for-forward...

I'm not saying you have to agree with the decision, but I don't see any deception. They even gave a months notice.


that was not their original announcement


I stand corrected, apologize for misinformation, and thank you for sticking with this thread.

But if I may put my cynical hat on (I think this is fair for any VPN provider), mullvad states in HN[0]

> Port forwarding needed to be removed on moral grounds.

Fair enough, however such moral grounds only came to light when extreme and immediate pressure was applied to their business model. The same post does talk about abuse, but only in terms of how it created a negative experience for "some" users (no details). The blog post does go into those negative effects, good, and doesn't try to whitewash it in moral reasons, also good. I think I mistook the official blog with an official statement here on HN.

There was another HN post apparently by a mullvad engineer that didn't pull any punches. I can't find it anymore, but I remember that it was that post that somehow led me to kfred's post and then left a very bad taste in my mouth. Maybe someone else is a better researcher than me and can dig it up.

I'll retract my "character" criticism, since mullvad clearly cares deeply about privacy, regardless of my perceived problems with their public communications.

Personally, iCloud Private Relay ticks all the boxes for my use cases, so I should have just kept my mouth shut.

[0] https://news.ycombinator.com/item?id=37062965


What do you mean by static IPs? Mullvad has never offered static IPs to customers. Please clarify.

I also think their starlink system still needs localized ground base stations -- their network isn't at the point they can do satellite<->satellite communication.


It does have satellite<->satellite communication, but the latency is way worse if your traffic has to flow like that, so ideally they're building as many ground stations as they can all over the globe. But laser service is always how cruise ships in the middle of the pacific will get full starlink internet.


now THIS sounds like an exploit


I see this was accepted (I think?); is the implementation available in a released python version? I don't see an "as of" version on the pep page, nor do lite google searches reveal any official python docs of the feature.


It's not a python the language feature, it's for packaging. So no language version is relevant. It's just there for any tool that wants to use it. uv, an IDE, or anything else that manages virtual environments would be the ones who implement it independent of python versions.


This is a specification for Python packaging, which is tooling separate from Python releases (for better or worse, IMHO worse but the BDFL disagrees). There's a box below the Table of Contents of the PEP that points here:

https://packaging.python.org/en/latest/specifications/inline...


What? How are they getting screwed


Where are they now allowed to smoke ? Outdoor was the last safe space as indoor is banned since a long time. They must quit smoking from today then? I just don't get how on one hand you can pass such brutal laws affecting so much people, and at the same time you are pampering kids with their "trauma" from COVID and giving them a pass. My guess is that smokers are dumb and ugly, that's why it's ok to throw them under the bus.


Would a ccache or similar help alleviate the pain?


If there are competitive advantages they should be able to convince everyone to switch without lobbying the govt


How exactly would that happen? Because this statement seems beyond absurd otherwise (unless it’s sarcasm?)

You need actual functioning devices that people use before any of those hypothetical advantages become obvious.


What's the path forward? Where do we go from here?


Dump $1 trillion into Kaiser and push it out to all 50 states. I have it in Bay Area and it’s mostly been great for me. It’s not the best but it also gets 90% of things right.


Kaiser is the one thing I miss the most having left the Bay Area. It has sort of moved in here, but it took over an existing group and afaik, it's not really integrated like it was down there; there's no Kaiser hospitals here, so hospital care is going to be a mess, and I'm not sure if they have pharmacies either.

But, a lot of people don't like Kaiser. You have to be ok with getting good enough care, and not really be trying to seek 'the best' care. Integration is so nice though. I'm sure Kaiser never puts you in the situation where the Dr says I'm not sure which drug will be covered, let's try A, the pharmacist says A isn't covered, ask your Dr to write a script for B, and your Dr doesn't answer the phone so you have to decide to either pay $250 for A or wait over the weekend to start your kid's treatment.


There was a study comparing Kaiser Permanente with the UK's National Health Service (NHS) that found Kaiser achieved better performance at roughly the same cost.

If we could use tax dollars to make Kaiser national, and scale that large without losing the efficiency and results, we'd be in darned good shape.

Eliminate other private health insurance and if people want above and beyond service they can negotiate directly with providers and pay out of pocket for that.


That comparison has a lot of criticisms, for example:

https://bjgp.org/content/54/503/415


> There was a study comparing Kaiser Permanente with the UK's National Health Service (NHS) that found Kaiser achieved better performance at roughly the same cost.

Linky?


>If we could use tax dollars to make Kaiser national, and scale that large without losing the efficiency and results, we'd be in darned good shape.

It's hard to do that without turning it into the NHS.


As a Brit, that sounds like a positive not a negative, though I appreciate that in the US it might be a political negative.


I don't know, the experience with my mother in law over the last few weeks has left me wondering about that.

I certainly don't want a free for all system like the US has (and I suspect the Tories want) but it isn't great at the moment.


The NHS does have serious problems, but it's a LOT worse now than it was a few decades ago, and the two significant things that have changed are a) funding (per capita and accounting for inflation) is far lower and b) a lot of privatisation has happened.

Politicians - mostly the tories but Blair's government take a lot of blame too - have defined "not privatising the NHS" as only meaning keeping it free at point of use. But in the background, NHS trusts have been forced to sell land and buildings that they used to own and rent it back from the new private owners, and many areas have seen both staff and equipment privatised, from agency staff (where instead of hiring cleaners or nurses or whatever, they instead hire agency staff, where the hourly cost to the NHS is double or more what an employee would cost with most of that increase going to the agency companies not to the workers) to private hospitals (where instead of investing in a new operating theatre, or whatever, they pay to have NHS patients operated on in private hospitals), etc.

The NHS is far from perfect, but the lesson we learn from those imperfections shouldn't be that nationalised healthcare is bad, but that underfunding it and then using that underfunding to justify privatising lots of stuff in the background is not a good way to run a nationalised health service.

The root problem is that many politicians would like to see the NHS fall to pieces so that an American healthcare system can create lots of opportunities for companies to make money, but because the NHS is hugely popular it would be political suicide to make that an official policy, so instead they've taken this approach which not only creates these short term opportunities for companies to come in and profit as mentioned above, but also gradually erodes the it's popularity with the long term goal being that eventually it won't be political suicide to say "Look the NHS is a failed experiment, we need to replace it with American style private companies and healthcare insurance".


The NHS is far from perfect (and was already far from perfect before the Tories spent a decade and a half making it worse) but given you -can- get private health insurance in the UK if you want it, IMO it's best to judge the NHS as 'universal basic healthcare' and accept that at that scale it's always going to suck sometimes but it's still better to have access to such a thing than not.


>given you -can- get private health insurance in the UK if you want it

You can but as soon as something gets serious they dump you back on the NHS.


Kaiser in Oakland is without exaggeration the best medical care I’ve ever experienced. Aligning incentives between the care provider and the insurer, vertically integrating care and putting it all on a walkable campus (even with a pharmacy!!) was such an efficient and pleasant process.

I was never healthier. The other Kaisers in Oregon aren’t geographically collocated so there’s less of an effect and they’re far away from me so I don’t use them anymore, sadly


Asking doctors about Kaiser will be an eye opening experience for you.


Psychology / Therapy: A horrible model that doesn't work properly. Limited to seeing patients once a month when they need it to be once a week, and constant fighting with the system by clinicians and patients. Overloaded schedules are ultimately unethical.

Doctors: It's like working for any other hospital; it's not bad.


I know Kaiser doctors. They mostly like it at least in Norcal. They said Socal Kaiser wasn't as good. My own Kaiser doctor said that Kaiser has been pushing more and more work on her like taking notes, etc, and it's frustrating but as far as I can tell it's a lot better than dealing with insurance companies. She gives me everything I request, like endoscopy, MRI, CT scan, blood tests, prescriptions, etc. The only time I was rejected was when I asked to see if blood sugar monitor could be covered but that was rejected because I'm only pre-diabetic and not diabetic.


In what way? I'm curious, because I'm a European doc, and things are gravitating towards the US model around here.


Congress fixes this or we continue to drag ourselves towards worse failure modes.


Vote and legislate. Doesn’t even have to be federal, since the exchanges are state run. But it’s a highly regulated industry (for good reason, this isn’t a place where deleting laws helps normal people), so you have to fix the regulation. The ACA killing pre-existing coverage denials was a great start, but you have to fix risk adjustment before anything else can happen, as it’s literally just a wealth transfer from new entrants to existing behemoths (I think it was well intentioned, and works well in MA, but is completely broken in the commercial market). Reinsurance fixes to address the fund lockup would also probably help, but they’d be tax-expensive and probably untenable.

But it all starts with voting for people who want to fix it, and not for people who just want to burn it down or maintain the status quo.


Will be consider mostly irrational, but I'll mention it:

Learn medicine, and practice outside of of the mainstream clandestinely (a past real world example would be abortion clinics on ships). It needs a group of committed/smart people to pull it off, so not easy. Also it cannot be offered to the public at large for several obvious reasons.

As a general rule one cannot involve 'average' people in such an endeavor. All organization settle down to the lowest common denominator. When it come to large organizations in govt/health/etc. they are prone to increasing corruption and bureaucracy if average people are involved.


Educate humans (not possible because they have to want to learn). Abolish Citizens United. Stop funding insurance. Put the insurance money to healthcare for all.


So my four pigs analogy, where insurance companies, drug/device companies, doctors/hospitals, and lawyers all feed at the trough, increase costs and point to someone else (although I will admit lawyers are probably the smallest cost component and the most blamed by the other three).

There is a fifth one that imposes costs: our comprehensively unhealthy food, health, and lifestyle in America that capitalism feeds upon with addictive high-margin food and drink, with overworked workers that can barely have time to raise kids (our healthy demographics are due to immigration) much less a healthy lifestyle. The entertainment complex certainly doesn't help either.

Providers: you need comprehensive family care to avoid specialist care being needed, an increase in supply of doctors, decreasing their educational loan burden (which strongly incentivizes specializataion, and a system that involves specialists). I think advanced AI systems can do much more day-to-day tracking and diagnosis/information, but of course that is a personal information nightmare. Actually I don't mean advanced. I think current AI is plenty good enough. Unfortunately only insurance companies will employ these systems or pay for them.

Insurance: Probably need a medicare-for-all option. We were close to this with Obamacare but FUCKING JOE LIEBERMAN killed it. Exhibit A in why the Democrats with full control of government will never get anything done.

Drug/Device companies: reduce patents, I don't know, maybe allow price negotiation (which is just mind blowing in a "free market" economy), reform the FDA to make bringing drugs to market cheaper.

Lawyers: caps caps caps so there isn't costly malpractice insurance. Maybe would also necessitate a federal review board to weed out "bad doctors".

But the biggest is probably governmental direction to actually get people to be able to eat and live active lives. Maybe GLP-1 will help, but the quiet time bomb of increasing obesity in Americans each decade is probably a sneaky large amount of our costs.

Otherwise, on the nihilistic side, keep doing whatever our society is doing which is causing men to kill themselves in huge rates (soma ... uh... I mean opioids were also doing this as well) before they reach their ultra-expensive late stage of life.

Anyway, none of that is happening (except, sadly, the nihilistic solution is the most realistically happening).

Maybe setup huge provider networks across the border in Mexico and Canada served by high speed transit, so large portions of the world get health maintenance in functioning health care systems, and only do hospitalization and emergency care here?


> reform the FDA to make bringing drugs to market cheaper.

We recently tried this with some vaccines and now a large segment of the population is now vaccine-hesitant.

https://pmc.ncbi.nlm.nih.gov/articles/PMC10257562/

> Lawyers: caps caps caps so there isn’t costly malpractice insurance.

Caps don’t always result in improved health outcomes.

https://scholarship.law.georgetown.edu/cgi/viewcontent.cgi?p...

> Maybe would also necessitate a federal review board to weed out "bad doctors".

This exists; each state medical board has a procedure for reviewing medical licenses.

https://www.mbc.ca.gov/


Didn't Jon Oliver do a bit on those review boards, pointing out how friendly to fellow doctors they generally are? I think when someone says that we need "a (federal) review board", I think they mean one that works, one with teeth.


> We recently tried this with some vaccines and now a large segment of the population is now vaccine-hesitant.

Forced vaccination was the problem here.


> reform the FDA to make bringing drugs to market cheaper.

Uh, definitely not. The drug discovery and trial process is every bit as complex and expensive as it is for a reason. If you're serious about lowering the cost of getting compounds through the pipeline the first thing that should go is private equity's growing chokehold on the provider practices that perform clinical studies.


But you _can_ put a good SDK in place to abstract away a terrible API.

I've done this at work to ease use for clients -- once they're happy with the SDK interface I can do whatever I want behind the scenes to shore up the API/backend without impacting those same clients and their OK SDK.


In what regard? The SDKs change out from underneath you?


SDKs are just bad because they are unnecessary. 90% of the time they'll be doing something that you should be doing; and because of that they'll be doing a bad job. I don't want an SDK that starts processes, wants to read my env variables or do some other sh*t like that. The best SDK is a REST/GraphQL endpoint. After all I am just querying the database of the service. I'd like to do it on my terms.


It's either there isn't full coverage, or some convoluted way to migrate, or documentation is missing, or it's a 3rd party library by some guy in living in the mountains of Bhutan who happens to be on vacation at the moment, or any combination of these.


Not OP but yep. Forced SDK upgrade, dependency chain and vendor driven churn.

But, eg, Twilio been using the same HTTP methods for like 10 years. Many other SDK based interfaces (not necessarily Stripe) have forced that churn.


Trying to understand, wouldn't you see the same issues if you depended on an API that had a breaking change?

I guess my view is that shitty interfaces are shitty and people don't think enough about forwards/backwards compatibility, but it's not tied to a pure SDK or API problem


It adds an extra layer of maintenance. Instead of a breaking API change now you might also have an SDK that hasn't updated yet or is incompatible for any number of reasons, and you don't want to be embedded in it before you find out. It's just easier using a REST API.


Most serious enterprises should have their API versioned.


Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: