Hacker News new | past | comments | ask | show | jobs | submit | x86a's comments login

My assumption is that they exist, but are now competing in a larger pool of asian and white applicants - who may have better access to extracurricular opportunities that are still considered in admissions decisions - and therefore are less likely to be admitted.


So, Grafana? ;)


That is very unrealistic. Infrastructure monitoring at that scale won't even be collecting metrics at that interval.

And simple HTTP monitoring would be too flappy for a public status page.


What monitoring tools are you using? I know a ton that can do 30 seconds or less at scale. I'm fact, I'm pretty sure all the big players can do that.


This is intentional. It's mostly a matter of discussing how to communicate it publicly and when to flip the switch to start the SLA timer. Also coordinating incident response during a huge outage is always challenging.


That it may be but there’s no excuse.

Declare an incident first, investigate later.

Cheating SLAs by delaying the incident is a good way to erode trust within and without.


> Declare an incident first, investigate later.

If that would be the best way to deal with it- why is literally no one doing it this way and what does that tell you?


because it involves admitting that you messed up which companies are often disensentivized to do


False positives?


Maybe I've been ruined by the internet, but a grandma didn't write this.


It's probably more akin to "my son's first book" being co-authored by both parents and each set of their parents, proofread by sister, and sent to a professional printing house to be sent back on thick glossy paperboard.

I'm just jealous to granma doesn't understand DNS


https://archive.is/oxIuk


I don't think this is ever a good idea. Even for non-enterprise use cases, you wouldn't want some public hotspot to be able to inject random garbage into responses, even if not done with malicious intent.


> Even for non-enterprise use cases

I don't think non-enterprise, non machine use cases should be automatically handles, though. Attempting client upgrade is better than not, but we should be more clear about whether our devices are acting safely, i.e. calling out the change, and in the case of http local usage, reminding to use visible, out of band verification methods.

Of course this only works if the default is secure, but I am glad that browser still let me go unencrypted when I really need to, I prefer the giant warning banners...


• It allows retro computers to connect.

• It allows very low power embedded devices to connect without extra overhead.

• It's not a real security concern if you're on a private network.


> • It's not a real security concern if you're on a private network.

I'm not convinced that private networks should be assumed secure by default.


It's definitely not improving security when, in order for a website to interact with an API that both are hosted on my private network, possibly even on the same machine, I need to set up publicly accessible DNS entries and/or hosting my own resolver. That and CORS makes local-first anything a huge PITA.


I setup a photo viewing web service running locally on my home computer, now I can access my photos over HTTP from my phone when I'm out and about. Both devices are on the same Tailscale network. If I can't trust in the security of that, HTTPS isn't going to help me, and the security of viewing my photos is the least of my concerns. But sure, in other contexts (like an enterprise company), some thought should be given to what's possible when the attacker is inside the corporate VPN since that's all too easy.


Perhaps, but the other realistic option is a self-signed cert. Since browsers refuse to implement any kind of TOFU or otherwise 'trust history', a self-signed cert is pretty much exactly equivalent to no TLS at all.


Yes, I think these are valid reasons.

If you are still concerned, you can make API keys that have been registered by TLS to require TLS, while those that haven't, do not require TLS.

(However, the note about private networks only applies if you run the service yourself. Sometimes this will be the case, though. Even then, the administrators can configure it to use TLS if this is desired.)


As a solidly-middle-class tech worker in Massachusetts, your stance hurts a bit.

I'm a life-long renter with a family and elderly mother to support, and an IPO windfall would give me some much needed breathing room.

I don't know who you picture when you think of a windfall recipient, but I can assure you I am not lighting any cigars with $100 bills.


Poor baby getting $540k after tax instead of $580k On your $1M windfall. How will you sleep at night?

(Edit: and that’s aggressively acting as if the marginal income tax rates were applied to the whole thing)


I'm really excited to see the end-to-end state encryption. I've always thought it was bizarre that Hashicorp didn't prioritize this.


Could it be because it weakens the business case for using their SAAS?


Possibly, but we are paying enterprise customers (but not using HCP) and this still isn't possible. Seems like an obvious thing they could have at least offered to vault enterprise or TF enterprise customers years ago.


My guess is internal politics in the development team(s) rather than commercial reasons.


Same here, and my personal email is also not in the list.

However, my former work email, that I used to sign up for both U-verse fiber and a corporate mobile account, is on the list. I suppose that all happened in 2016-2018.


Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: