The obvious next step is to crawl the whole database of vulnerable Kia cars and create a "ride share" app that shows you the nearest Kia and unlocks it for you.
Something kinda like that was done, TikTok apparently algorithmically identified likely 'drivers' and flooded them with videos instructing and glorifying taking the cars for a joyride... while other platforms did not promote and even took those videos down.
I wonder if you could construct a hash collision for high pagerank sites in the google (or Bing) index. You would need to know what hash algorithm google uses to store URLs. This is assuming that they hash the URLs for their indexing. Which surely they do. MD5 and SHA1 existed when google was founded, but hash collisions weren't a big concern until later IIRC. You'd want a fast algorithm because you're having to run your hashing algorithm on every URL you encounter on every page, and that adds up quickly.
The max legal length of URLS is 2048, but I wouldn't be surprised if there aren't plenty of non-compliant URLs longer than that in the wild. If you were limited to 2048 characters, and a valid URL format, I suspect it would be hard if not impossible to build a URL with the same MD5 of an arbitrary high ranking URL like "https://nytimes.com/" But what if you just wanted to piggy back the pagerank of any mid to high rank site? Is there a URL in the top million ranked URLs you could MD5 hash collide?
I doubt google would use a URL hash as strong and as slow as MD5. Maybe Page and Brin weren't even thinking about cryptographic hashes, and just a good mixing function.
Google has developed several non-cryptographic hash functions. CityHash, FarmHash, and HighwayHash come to mind. BigQuery provides FarmHash next to the MD5 and SHA-family of cryptographic hash functions. Who knows, maybe they use FarmHash today to index page URLs.
I don't remember the details but I think there was a legend at some point of two different search queries hashing to the same 64-bit integer once and causing problems.
> Is there a URL in the top million ranked URLs you could MD5 hash collide?
This is answered in the article. No
"Q: Is it possible to make a file get an arbitrary MD2/MD4/MD5/MD6/SHA1/SHA2/SHA3, or the same hash as another file? A: No."
I'm not sure page ranking works that way.
But you could get people to share www.nytimes.com/2011/05/02/world/asia/osama-bin-laden-is-killed.html?garbage=blahblah and collision it with your site crappyproduct.com?rubbish=meh
"Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind-boggling amounts of excrement when you least expect it. " -spaf
What if we could make every car $5-10k more expensive instead?
</satire>
I once thought that using AI to make all cars self driving might be the key to making pedestrians and cyclists safe. Self driving cars are playing a game of Russian Roulette. The systems will get it wrong occasionally, with LIDAR or without. Not if, but when. Whether or not someone dies depends on the situation.
I work on self driving vehicles. I would also like more walkable, bikeable cities.
But I've also sat in those city council meetings and seen the inane opposition people have to any sort of positive reform in that direction. Self driving vehicles have the potential to actually improve road safety because local governments won't be involved.
> I work on self driving vehicles. I would also like more walkable, bikeable cities.
Two questions, then. Firstly, do you think that self-driving vehicles will ever get even close to human standards of driving? And second, what do you see as the big challenges to getting them to be acceptably safe?
I obviously can't talk specific numbers, but there are reasonable arguments to be made that in certain limited scenarios, we may already be hovering around or exceeding equivalent human metrics. Turning that into "unequivocally safer than humans all the time, everywhere" is still an open problem.
As for safety, that's both a big topic and a "I have explicitly told not talk about this in public by legal" topic. The teams and organizations I've worked for take it very seriously, but things can always be improved. Phil Koopman puts out some excellent information about where we are currently and where industry could broadly improve.
> we may already be hovering around or exceeding equivalent human metrics.
Okay, bearing in mind your second paragraph, what are the conditions under which they're safer? I've been in a few self-driving cars and I'd struggle to see how they would ever get to an acceptable standard - like, pass UK driving test kind of standard.
That's fine actually. We (American cities) should adopt systems like they have in Singapore where the certificate of entitlement to purchase a car costs, buy itself, $70k-120k, on top of the cost of the car. The externalized costs of private cars are extremely high and it's completely insane that we have what amounts to welfare for drivers.
Search traffic has always been mostly automated spam bots.
Even back in the Open Directory Days when we powered part of search.netscape.com I estimated 80+% of all search traffic was automated. At least most of it self-identified with the same Java useragent.
Later when working Topix, despite being a news search engine, most traffic was bot traffic. Most included the word “mortgage” in the query. Topix specialized in localized content, and that was very popular for SEO scrapers.
Lastly at Blekko, I estimate 90+% of traffic was automated. By then maybe half or more learned to change the user agent. Most used HTTP/1.0, a dead giveaway as no browser still uses 1.0. This was a major aspect in Blekko's load shedding strategy. If the servers started to get overloaded, we'd start bouncing suspected bot traffic to a redirect that would show in the logs. If there was a human with a modern browser running javascript on the other end, would get redirect to a link that wouldn't get bounced. I would check the logs weekly to see if any humans got caught. None ever did. This was a huge monetary savings, you only need 1/10th the servers if you can safely ignore the bots.
Often it's endless repetition of the same keywords in a random order with a place name appended, or prepended, or inserted. over and over. Often variations on known monetizatable SEO keywords. However, much of it doesn't make any sense.
I don't have any insight into Google's numbers but I would conservatively estimate 95% or more of all their queries are automated bots and not humans. And the level of spy-vs-spy going on for Google CPU resources vs SEO bots is probably pretty evolved by now. I stopped tracking many years ago when Google switched to densely packed obfuscated javascript for page renders. Maybe this is part of why automated queries are so high across the web, maybe google is too hard to crack for most.
I have recently been discovering and combating some similar, albeit much smaller issues.
I've been finding that a bunch of my recent 'resource sucks' have been constant spidering from petal-bot, semrush bot, alibiba-bot and a few others.
Using the wordpress plugin stop-bad-bots and it's logs has been eye-opening for me recently.
I understand many of these are not directly dark-seo related, but their aggressive nature is hurting the cpu and memory limits of some of my servers and sites so it's a big issue regardless of the intents behind them.
(kind of) glad someone else has dealt with these issues,
and glad to see some of the 'how' for handling, identifying, and some actual real numbers for the impacts, as I've been guessing some of these things in my small projects, indeed it's a real thing. As well as a practical issue to pay attention to and work on.
I haven't thought of that in years. I gave up my crusade to revive use of the interrobang(‽) in writing a while ago.
After reviewing the materials I see that Cuil Theory has come a bit further since I last read. I believe that Goopt would be somewhere around -2‽ from Cuil theory itself, negative because it's literal reality, but distant because it's an abstract embodiment.
Slightly off-topic. During my cursory reading I see that imaginary Cuil got fleshed out. I'd like a second opinion. The way it reads to me is that 'i‽' is almost the literal definition of solipsism.
I was introduced to this and other calendar quirks by Professor Edward Reingold when taking introduction to CS at UIUC. One of our "machine problems" (AKA programming assignments) was to write a date converter that could convert between Gregorian, Julian, and the French Revolutionary calendars.
Dates from 1752 were in the test set.
The French Revolutionary Calendar was interesting. Ten days in the week, 3 weeks per month, with a extra "bonus" month at the end of the year with 5 (or 6) days. One reason it didn't last is that despite the change in the week length, workers only got 2 days off per week.
This is very disappointing. I would love to hear from user crhulls https://news.ycombinator.com/user?id=crhulls the CEO Life360 (or so claimed, I can't verify). Too bad Hacker News doesn't have a notify on @ mentions. Then again, not being discord is a feature not a bug.
I am probably a little bit late here - would have loved to jump in sooner.
This is the most twisted reporting that has ever happened to us. We participated in good faith and they cherry picked individual phrases from our written answers and omitted including the ones that hurt their narrative. I literally gave them a list of suggestions on how the industry could be better regulated for all involved and they didn't even mention that.
I do acknowledge we have a data platform. They made it sound like we have no safeguards and anyone can buy data which is patently false. I also pointed them to this blog post which we sent out to 100% of our email list which is highly transparent. We are one of the few companies to have a privacy center which outlines everything we do in plain english with no legalese.
I'm very sad and disappointed. And an @ notify feature could have helped but as you say this is not Discord
You're literally trying to portray Life360 as the victim.
If Life360's mission is to keep children safe, exposing their location data simply cannot be part of that. These two activities cannot coexist without undue risk.
No parent is ever going to be okay with sharing thier kids location with countless 3rd parties. Pretending otherwise is just disingenuous.
> This is the most twisted reporting that has ever happened to us.
You're being obtuse and confusing "twisted reporting" with reporting a twisted business.
I've been using emacs as my primary editor since 1989. It has for that entire time been a PITA to configure. My first customization was to map backspace to ^H and map the insert key to 'nil.
I used to dedicate a couple days every January to investigate new emacs tools. Read about the latest features or new modes, often from my org-mode TODO list where I bookmarked them. I have learned to never update emacs mid-project as I've on multiple occasions shattered my emacs config updating versions or moving to a new distros. MacOS brew install vs .dmg install? Aquaemacs? DoomEmacs? Oh, hello the malpa repo URL changed and is https only now.
VSCode has a healthy extension marketplace, something emacs should adopt.
elisp is dead. Not because it is dead, or deserves to be dead, but because everyone "believes" it dead. Same goes for Perl.
I love emacs, it has been a rock my entire programming life, but it's a time suck to configure. I know there are some who have created a Sistine Chapel in their .emacs.d, and I'm jealous. There's a fine balance between spending time and effort optimizing and sharpening your tools and emacs is deep on the wrong side of the line for me.
I don't want emacs to ever die. But come on, if you're losing to vim in popularity, you are already dead.
I’m not sure it was ever alive to begin with. Not in the classical sense. I mean, I don’t think elisp ever got good (or any) use outside of emacs configuration and extension. There weren’t any popular web frameworks, numerical libraries etc. written in elisp.
Inside its target space, though, it seems as vibrant as ever. New, helpful packages keep appearing that are written in elisp. For better or worse, the extension ecosystem is not nearly as fragmented as some other editors.
That’s not to say that elisp doesn’t need serious improvements, though. Making it natively multi threaded alone will advance the story quite a bit imo.
Common mistake. The problem is procrastination and bike shedding, not emacs. It’s because some people love their tools, sometimes more than the craft.
It’s the same with cars, photography and woodworking.
Maybe because hacking emacs lisp, supercharging a Miata, retro-fitting lenses or Tuning a pre-war Stanley handplane feels as good as using them.
>>everyone "believes" it dead. Same goes for Perl.
This week I did with Python what I used to generally do with Perl. Write big throwaway programs, written quickly. I realise this was possible because Python has been heavily Perlified over time.
That way we just managed to write Perl in Python, by converting Python to Perl.
> elisp is dead. Not because it is dead, or deserves to be dead, but because everyone "believes" it dead. Same goes for Perl.
I wonder if it's possible to move on from elisp. Create a EMACS 2. Maybe with Scheme. Maybe a language neutral extension system/API? (So you can use whatever language you want.)
