Hacker News new | past | comments | ask | show | jobs | submit | sergioisidoro's comments login

Yesterday I went to buy an electric toothbrush and some were marketed as having "AI". This thing is reaching astronomical bandwagon proportions.


Well at least you can switch your crypto mining toothbrush with AI infused one that will analyze movements of your hands and once sold to insurance brokers conclude you have an old injury and are a risky driver raising your insurance premiums.


I was thinking "AI" is the new "blockchain".


Great point—except it’s palatable to big tech and large investors.


Current model massage chairs are marketed as having AI (which I think actually just means they have pressure sensors which they use to detect your height/weight... but who knows these days?)


From the discussion:

> My favorite way to do data fetching is as close to the place where I am using the data. React made it possible up until this change.

Well, yes, but we are nowadays in a situation where every component interacts directly with the state, or makes calls to the API (eg with the overuse of query), going against one of the architecture principles of react. It's like we're not building components, we're building component sized micro-ui.


The problem goes way beyond any singular ecosystem and extends to the most basic standards as well.

For me one of the most confusing things about this topic is the use of "Unauthorized" in 402 [1], when the dictionary definition is about not having permission and authority to do an action [2].

So in my projects I usually use:

- 402 - Unidentified (identification) ou Unauthenticated (Authentic identity)

- 403 - Forbidden (permission)

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401

[2] https://www.merriam-webster.com/dictionary/unauthorized


If you’re looking to reduce confusion, I’d avoid using HTTP status codes in non-standard ways. Yeah it’s unfortunate that HTTP calls 401 “unauthorized”, but it has the meaning of “unauthenticated” everywhere else (e.g. “you have failed to prove who you are”), but basically all devs are familiar with this wart. 402 is “payment required”, using that for errors that should be 401 or 403 according to the HTTP spec is more confusing than just using 401 and 403 in spec compliant ways.


You can sort of convolute a reason why 401 Unauthorized is valid, based on the fact that most systems which control access to resources have a (often implicit) policy that users for whom the identity is not known are not allowed to access anything.

Therefore the request is unauthorized because the server wasn't able to authenticate the user. But that's still not consistent with 403 though, so it's not very satisfying.

But this also speaks to one of the nubs of the terminology issue. "Actors" are authenticated, "Actions" are authorized.


Yeah, I think if they were renaming these response codes today, they’d name them something more like “401 Not Authenticated” and “403 Not Authorized”, but it’s too late for that. And I personally think you can say that either an actor or an action is “not authenticated.”


Sorry, I meant I use 401, not 402.

And I use those terms in all error messages, documentation, and code. Otherwise I respect the standard.


Ah I see. If you mean you’re using 401 for “couldn’t authenticate this request”, and 403 for “you lack permissions to be allowed to do this”, then yeah, that’s standard, spec compliant usage.


- 403: I have it, but you should seek the admin to give you the right permission - 404: I don't even have that (lying)


Also in the http world, the header used for authentication is called “Authorization”


From the news article I understood that this was an experimental setting, where participants were asked to perform actions in order to prevent data sharing with apple. From the news article I also interpreted that it is indeed "possible" (in the technical sense), but zero of the participants managed to get it right.

Being a software engineer / computer researcher / highly technical person (which puts them / us in a technical competent bubble), it might have been an actual surprise that zero participants managed to perform the task successfully. Add to that that they might have sourced participants from the student community in a technical university, and I don't see why their surprise is "theatrical"

Edit: As expected, quoting the original article: "The participants were recruited using the following methods: (1) posts on the university’s official LinkedIn page and (...)

Participants represented a wide variety of educational and professional backgrounds, including Computer Science and IT, Architecture, Business Administration, Art and Design, Industrial Engineering, Economics, Research and Development, and unemployed participants (...)"


It's a bit ironic that after a trust attack this person ends the article sayin

> I do have a xz-unscathed fork which I've carefully constructed to avoid all "Jia Tan" involved commits.

He may be fully legitimate, and perhaps a famous person in OSS (which I was unfamiliar with), but still ironic :)


It must be hard to see another company make profits from a product you have the IP of. However, availability of Redis in major cloud providers is also a reason for Redis' success.

And is it really a good idea to put your entire business strategy relying on hosting an OSS solution, when container technologies are more relevant than ever, and when you have major players who can leverage economies of scale against you?

Hosting is a DevOps service, not a Software service. It's appealing because of the SaaS economies, but I think OSS companies should try to be a bit more innovative if they want to monetise open source solutions and their assets...


Didn’t Redis Labs do the exact same thing? They took redis which was free and made it commercial?

And now they complain about AWS? Fwiw - I think an earlier post had pointed out that from the commit history AWS had been contributing significant code back to the open source.


This might be a controversial opinion, but with the current Russian invasion of Ukraine and tensions between East/West, forking a project like Nginx to be maintained by a Russian company, by a person living in Russia, raises additional questions, especially considering how security critical nginx is when it comes to accessing all traffic of services. I'm thinking here as well about the case of Pavel Durov and his struggles with Russian government.

From the post it seems their intention are good, and towards better secured software, and against business interfering with security. But the part where they say "I no longer able to control which changes are made in nginx within F5" might be a good thing. Should a single person have that much control over a critical piece of infrastructure?


The same argument based on the “Russia vs the global west” narrative can be leveled perfectly accurately against western-citizen maintained software.

Everyday Russian developers are no more or less involved in their country’s empire-building than everyday American developers are in theirs (lest we forget about the 12(!) foreign countries in which US forces are currently invading). “Russian” is not synonymous with “suspect”; or, if indeed it is, perhaps “American” should be, too.


Like some guy from Finland?


To the best of my knowledge, Finnish government hasn't made any attempts at interfering with software development built in Finland, or spying on software users. The same cannot be said of Russia.

I'm not saying Russian people cannot make safe and secure software, just saying that people living in Russia have historically been targets of pressure.

* and to be honest, the USA and China do not have the cleanest of records either.


Pretty sure this is a reference to Linus Torwalds


An interesting note about braces is how US-keyboard centric they are. Typing a braces in many keyboard layouts requires 3 keys presses (or AltGr)

Not having braces makes python very easy to teach where the keyboard layouts do not favour those characters accessibility.


Yes, but lists, dicts and comments still requires reaching altgr nevertheless.


True. But I would say their use is one order of magnitude less than a block delimiter.


I found Bruno after Insomnia adopted the Postman strategy of being cloud first, with a disastrous migration - I momentarily lost all my local projects after an update.

I've been using it for a while and I really like the offline first + git collaboration aspect of it. Only missing Websockets functionality at the moment.


> Do either of the following: (1) Provide Apple a stand-by letter of credit in the amount of €1,000,000 from a financial institution (...) (2) be a member of good standing in the Apple Developer Program for two continuous years or more, and have an app that had more than one million first annual installs on iOS in the EU in the prior calendar year.

Ok, so that's a no for startups.


It’s certainly not easy and apple is playing the malicious compliance game here. But it’s not impossible for a (even pre-product) startup to raise a $1M line of credit from a bank through some creative financing shenanigans without locking up too much working capital or otherwise.


> startup to raise a $1M line of credit from a bank through some creative financing shenanigans

The whole point of that $1M is to send send the message "stay out". It's like a rattle snake shaking it's tail. Basically anyone doing this has to treat that money as throw away money since Apple may keep that money for whatever reason, including criticizing them on current/future TOS policy changes.


> The whole point of that $1M is to send send the message "stay out"

Alternative take: the whole point of €1m is to send a signal “I’m serious about doing this”.


You're not giving Apple $1M. You're merely giving them a letter from a bank saying "We're $TrustworthyBank and we trust creativeSlumber enough to be willing to give them a $1M loan whenever they want, according to such and such terms".

By giving that letter to Apple, you're just telling Apple "I could give you $1M but I'm not going to, instead take this letter that says that I could give you $1M if you wanted to."

No actual money ever changes hands.


Sure. That's why Apple added the second condition.


No it specifically says, "Do either of the following:".

You can either have the letter of credit or be a known quantity. Presumably it you launch your marketplace and it goes well, after 2 years you don't need the letter of credit.


I'm not sure if you can call a company with one million downloads in the previous year a startup anymore...


Why would a startup need their own store?


Should Valve have had a million dollars for Microsoft to be able to launch Steam?


Considering I can install any app on the PC, this comparison doesn’t make sense. AFAIK Apple still reviews and gatekeeps any app. Even from other app stores.


Honestly it would have been better if they never launched it


Why can a startup not provide one or become one?


For what reason does Apple need a million dollar bond for someone to release an App Store? They don’t for regular apps. What’s the difference?


Clearly to ensure not everyone opens a store just to publish their single app that would otherwise not make it on the app store due to its content. The same reason they won't allow stores that only host first party apps. Both of these rules are made to stop this.

Either apple found a clever way to comply to DMA without actually doing so or we'll soon be hearing from EU and apple will backtrack as it did with PWAs and Epic account.


> to publish their single app that would otherwise not make it on the app store

Isn't publishing apps that wouldn't make it on the App Store the whole reason for alternatives?

Apple's still looking for a way to undermine the DMA.


That's exactly what I'm saying. Apple is creating its own rules to make it as hard as possible while pretending they opened up.


I am trying to figure out the advantage. The way it is implemented now the App Store wouldn’t be fully independent anyways and still bound to review processes.


> The way it is implemented now the App Store wouldn’t be fully independent anyways and still bound to review processes.

This is entirely the point many people are up in arms about - the implementation is the problem, not the concept of alternate app stores as such.

There is nothing in most people's definition of a generic "app marketplace" that involves the steps Apple are demanding at present (stand by letter of credit for a million dollars etc).

If it was implemented fairly (and IMHO in the original spirit of the EU legislation), its pretty obvious what the advantages would be; being able to compete with Apple to offer lower fees and thus hopefully attract developers and sales.

Most outside observers with a reasonable understanding of the facts and a capacity for independent thought do not think this process is fair or implemented in the spirit of the legislation at all. Apple have made the process about as difficult as they could get away with while still appearing to follow the rules to secure their existing app store moat as best they could.


Maybe someone wants to start up a new store?


But for what? You still need to submit your app through the Apple review process. If this was true Sideloading I’d understand but the way it is now I don’t see any advantage.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: