Hacker News new | past | comments | ask | show | jobs | submit | more DaftDank's comments login

It is for me


Check out APEC RO systems.


Plot twist: He's applying at Pornhub next, and this gets him instantly hired.


Out of curiosity, how many Pornhub'ers are also here on HN? (I mean employees, not users haha)


I believe the company is referred to as MindGeek.


The company is mindgeek and AFAIKT they outsource (/ use subcontracts / off the shelves tools) in most of their operations.


They do have a lot of open positions in SRE and development, from the job descriptions it doesn’t sound like just outsourcing.

https://www.mindgeek.com/careers/

They do a pretty good job at never mentioning anything related to porn. So I guess in most cases it won’t be a problem on someone’s cv


I remember the AMA one of their devs did on Reddit a few years ago, it was interesting.


I'm not following. I feel like you are trying to tell me the Sun isn't warm, and is in fact, cold. Opioids are most definitely addicting by any definition of the word.


I think when you are providing such a valuable service, there is almost zero chance they just stop.


Yep. The way I think about it in mainstream terms is, "Jeffrey Epstein's clients didn't just stop wanting what he was providing, someone took his place. Who is that?"


After reading "Ghost Fleet" by P.W. Singer and August Cole, the idea in there about China putting backdoors in chips sent to the US for years -- laying the 'groundwork' for an eventual cyber and physical invasion -- has really stuck with me. He makes the point in the book (which has tons of citations to describe the attacks/weapon systems) that even critical defense-related chips, for things like our most advanced fighter jets, are often still assembled/manufactured in China. But I imagine an equally useful strategy could just be putting backdoors in all the various things ordinary people order off Amazon each day: fast charger wall outlets, USB cables, etc.

I've always assumed that we just had a way to 'check' each chip used in critical industries, such as defense, if they came from another country. It kind of feels the same way it did the first time I learned how to pick pin and tumbler locks, and realized locks are purely an illusion of security.


US is already paranoid about sourcing components. Even European companies are asked to use US components when trying to sell to US. China is selling to the world. One confirmed case of backdoors and financial loses will be far greater than benefit of spying on average US citizen.

People like you are spreading propaganda. This is most likely propagated by organizations trying to bring manufacturing back to US. It is actually harmful because it distracts from security that matter. Every week you have US companies hacked by Russian hackers, but somehow IC security of USB cable should be important.


I am spreading propaganda by mentioning a fictional book I read, which made me think of potential security vulnerabilities? Things like a LAN Turtle exist, and have probably existed long before most people were aware of them.


For sure, P.W. Singer is unbiased. It just pure accident that he worked with U.S. Department of Defense and CIA and some books are on reading list of U.S army. He himself is selling his books as "useful fiction"(combination of research and fiction, wtf?).

There is a very thin line between unbiased facts and opinions and propaganda. For most people, electronics is like magic, circulating ideas about dangers to security where probability is low from both technical and economic point of view is not useful. Both old style printer yellow dots and recent CSAM are US ideas pushed to whole world in open and much higher level than individual IC components.


I think China's intention to surpass the U.S. as the dominant superpower by 2049, the 100-year anniversary of the PRC founding, is absolutely crystal clear and without doubt. They have said they would like to accomplish this through military means if necessary, but focusing on economic and technological means/"warfare" -- their term not mine (see "Unrestricted Warfare" by PLA Colonels Liang and Xiangsui written in 1999 on the 8 year anniversary of the Gulf War; https://www.c4i.org/unrestricted.pdf) In fact, the paper clearly argues for going to war with a more powerful adversary by using network warfare prominently. Full disclosure: I have not read the entire paper, but enough of it to get the gist since they clearly state their goals and intentions.

Now, is China doing something America has not done? Absolutely not. Is it crazy for a country to want to become more powerful? Absolutely not. Is it wrong for a country to do so? I would argue not, since their first responsibility should be to their people, and usually -- not always -- a more powerful country on the world stage is better for the people of that country.

I believe in a globalized world, I am not a nationalist, and think if the world could truly come together, it would obviously be better for all of mankind. However, I am also an American, and although I don't love everything about my country by any means, I am going to pick and favor my country over a foreign one when that country is clearly an adversary. Does that mean I want harm to come to China? No. Does that mean I wish ill-will of the Chinese people? No.

And for what it's worth, I don't think anyone is unbiased and believe it is unrealistic to expect people to be. I think biases are as fundamental (in good and bad ways) to being human as walking on two legs is. Biases are critical to how our brain/memory works -- we have something like 180+ known cognitive biases (https://en.wikipedia.org/wiki/List_of_cognitive_biases). I think the best thing we can do is recognize and acknowledge when we have bias, and factor that knowledge in to how we are thinking about a topic. For example, because of what I do for a living, if I see a positive story about the benefits of marijuana or crypto, I will initially be inclined to believe it may be true; the good ol' confirmation bias at work. But, I also usually try to stop myself, and think more critically of the information being presented, since I know that I am going to be inclined to have that bias towards the two topics. I feel as humans, that is the best we can do. Anyone who pretends to not be biased in any way whatsoever is lying. My father was a psychiatrist for 43 years, and I talked to him about this many times over the course of my life, and he agreed that he's never seen someone who did not have bias.


Maybe you could have / should have mentioned in the OP that the book is a novel.

It's in no way clear from your post alone that the book you're talking about is fiction.


That's my mistake then, if it still allowed me to edit the comment I would do so to make that more clear.


"which has tons of citations"


Chips != USB cable: https://shop.hak5.org/products/o-mg-cable-usb-a

> To get a cable like this, you used to need a million dollar budget .. It is packed with a web server, 802.11 radio .. The O.MG Cable is built for covert field-use, with features that enhance remote execution, stealth, forensics evasion, all while being able to quickly change your tooling on the fly. And, of course, it works just like a normal USB cable when not deploying payloads. Keystroke Injection payloads are transmitted out of the USB A connector. The Keylogger Edition ... adds a Keylogger capable of storing up to 650,000 keystrokes.


I think in china you could make one for a lot less than a million dollars. They have some pretty good electronic fabrication facilities there.


The problem is that we (USA) used to have 90% of all chip design and production.

Now we have less than 10%-15% of it because it was cheaper to outsource it to Taiwan, Korea or Japan. We created the problem ourselves by shunning manufacturing and wanting to be a "knowledge-service economy" which only sounds good in the abstract but you still need to have the hardware in trustable form and even worse: most innovation (easily 80% or more) in anything but especially in computers, only comes from innovation of the manufacturing process, and only AFTER that does any other innovation (e.g. software) FOLLOW - software is the tail, not the dog!


The book must have been the source of Bloomberg's horrible reporting with the "Big Hack".

> fast charger wall outlets, USB cables, etc.

This seems far more likely than supply chain attacks on enterprise hardware.


Calling something an illusion is the wrong way of looking at things because everything in life is about getting at least 80-99% there — to be “good enough.” Everything therefore is an illusion by that logic.

There’s no absolute guarantee that a seat belt will save you, or that no one will poison your water supply, or that your AWS service will always be up.

Perhaps we are no longer 90% in this space due to changing political climates but we were there before.


There are safety-critical systems, though.

Big vessels full of poisonous (but useful!) chemicals. Aircraft control systems. All carefully designed to be far more nines than 99% reliable - provided that the components behave according to their datasheets and how they behaved during validation.


And if it’s critical enough, that isn’t just left to chance after the initial design validation. There are continuous supply chain and acceptance testing checks that have to keep being run and managed. This is one reason the costs are higher.


There are a few ways this is dealt with in government. First is a requirement to provide engineering diagrams sufficient to rebuild a chip from scratch if necessary. When purchasing a few hundred thousand servers at a time from Dell or leasing space in Amazon's data centers, nobody is physically auditing that every chip actually matches the diagram, but they will randomly audit at least a few. If someone is shipping a bunch of motherboards that have undocumented backdoors on them, it will get noticed.

Second is network disconnection of the systems. Most exploits rely on remote access. If there is no network path from a C&C server to the infected host due to it not being exposed to the Internet and not having any kind of commodity radio capability, there isn't much an attacker can do short of something like Stuxnet, that is, just frying machinery instead of trying to exfil data or take over control. Something like that needs to be pretty tightly targeted, though. The factory line in China likely doesn't have any reliable way to identify exactly which chips are going to end up in US critical systems and only sabotage those.

Third is extremely thorough sandbox testing. Observe something for a long time in a controlled environment and see what it does. That is also something that is not feasible to do for every part, but it is feasible and is done for randomly selected equipment samples.

Obviously, different levels of scrutiny, testing, and security will be applied to, say, the public homepage of the Department of Labor versus the servers running blue force tracking for operational military units. In some ways, it is actually a lot easier to secure critical defense and IC systems than something like banking or email. Not having to expose an information system to external networks or allow arbitrary users signup access is already a huge first step that simplifies the problem space a ton.


You need to know what are you looking for in a potentially hostile device. I really like the story about The Thing: https://en.m.wikipedia.org/wiki/The_Thing_(listening_device) You’ll never know what opponent has discovered and using for his advantage.


Interesting, but what is the source?


Has there been a single case where a backdoor by a state actor has been found in a chip?

I've often thought that if they were going to do it, we would have heard about it by now.


Earlier this year Bloomberg double-downed on it's infamous 2018 "The Big Hack" story with "The Long Hack", https://www.bloomberg.com/features/2021-supermicro (Oddly it seems to have snuck under everybody's radar, including on HN.)

In The Long Hack they not only reiterate the same claim regarding SuperMicro motherboards, they reference a 2010 criminal case involving counterfeit Cisco hardware in which a witness (Marine Staff Sergeant on active duty at the time, thus speaking for the military) discussed supposedly chipped IBM-branded Lenovo-built laptops sent to the military circa 2008. (The counterfeit Cisco hardware case itself seems a less interesting example as it simply might have involved trojan'd firmware, which is sadly quite common.)


I wonder how easy these attacks are to control. The reason the great powers signed the Geneva protocols against poison gas use is that the gas was as likely or more to cause problems for the user as it was for the enemy. The same applies to biological agents.

Once you push parts into the supply chain you can’t really tell where they will end up.


>Once you push parts into the supply chain you can’t really tell where they will end up.

That's why I wonder if it wouldn't be a good, "broad spectrum" attack. I imagine aides to key Senators, Congressmen, White House staffers, C-suite people at defense contractors etc. buy all sorts of devices off Amazon, which they plug in without a second thought like the vast majority of us do. Obviously, 98% of the people plugging in the devices aren't valuable from a military/intelligence perspective, but even if only 1 in 10,000 targets was worthwhile, I imagine there would be a few that were goldmines of information.

On the other hand, I imagine if it was that sophisticated of an attack, the more devices you have randomly "in the wild" increases the chances it is discovered potentially, which could then nuke your whole operation. I remember in the Snowden docs, the NSA's TAO was sometimes intercepting orders for laptops etc people placed online, carefully placing backdoors in it, then sealing it all perfectly back up and putting it back on track for delivery. It arrives and you think it's safe since it's factory sealed and you got it brand new from a reputable retailer. That's a more targeted example of the same concept


It takes a lot of patience, and good IPM, but living soil has been awesome to me. We often say we grow soil, rather than plants, because of the fact a healthy living soil will provide all the nutrients the plant needs, and all you have to do is water essentially. Speaking strictly from a marijuana perspective (the limit of my experience with living soil), it makes the marijuana taste better and have a better smell. I've seen two different growers, starting with the same clones from the same mother planet, where one grows in soil using bottled nutes, and the other does living soil. The living soil definitely was superior.

With that said, living soil is not practical for everyone. Trying to do it indoors where you also live could create issues if you do not have a good IPM strategy, and fully understand the soil food web. "Teaming with Microbes" by Jeff Lowenfels is an excellent book to learn about how the soil food web works.


So long growers are maximizing THC content and yield per area Hyrdo will outcompete organic soil. Personally I grow organic because I too prefer the taste and I really enjoy composting. However having grown in hydro I can tell you that plants grow bigger, faster, and more potent.


> So long growers are maximizing THC content and yield per area Hyrdo will outcompete organic soil

In my case that's a feature and not a bug of soil-grown marijuana. I'm way more of lightweight compared to my college days and would prefer good taste over potency.


I think is because of the oxygenation of the roots, do you think that an organic fertilizer will necessary give lower yield?


I agree with @wefarrell that it generally gives a lower yield. It can also be very difficult to do living soil on scale, but there are definitely plenty of businesses doing it. Closest to me, in Ann Arbor, Michigan is a place called Apothecare that does living soil on scale for example.


Based on my experience yes.


IPM = Integrated Pest Management


What do you do about spider mites?


Sns217. Spider mites like it dry, so mist your plants and it may be a little wise to repot your plants or fertilize with cal/mag


I live in a fairly rural, but affluent, part of Michigan now, and at one of the township board meetings, they were discussing a proposed bike lane. The reason they didn't want it? Only one person (on the board) really said anything at all, and his reasoning was that he imagined a scenario in which there would be some sort of biking event where lots of people would be biking the trail, and his driveway could somehow end up getting blocked. Keep in mind, this is a rural area where most properties sit on 5-10+ acres at least, and the driveways are very far apart generally.

It didn't make a whole lot of sense to me, but I just got the impression that for whatever reason, they were deeply opposed to the idea of people being able to safely bike down country roads. After living in San Francisco and Indianapolis in the years before, it was definitely weird seeing people being opposed to bike paths, especially when it would not interfere with their country life almost at all. Maybe they thought it would start them down a path of changing their way of life? I don't know.


I think another part is that cycling is a culture war signifier, because it's associated with environmentalism and urbanism.


What is good?


The comment I responded to consisted of one sentence that communicated one idea. Where’s the ambiguity in what I think is good?


Ok, so I assume you are saying it's good crypto is having bad news. May I ask why?


I think there’s enough info out there on what’s bad about crypto, I don’t have a particularly unique take on it. I suggest Googling it.


I wonder if this would work for my hospital CT scans I've had in the last ~5 years. They all come on a CD, with a software program loaded onto it with the scans to view it in. It would be cool to be able to 3d visualize it all


Don’t go through that much trouble! There’s an easier solution.

You can download free radiology viewers RadiAnt (windows compatible) or Osirix (Mac compatible). Your imaging is in DICOM format probably and you can use Radiant to export all of your slices into .jpg if you want. You can also do 3D reconstructions of soft tissue, bone, lung, etc.


>Don’t go through that much trouble!

You realize this is HN where readers pride themselves on the trouble that can be accomplished in a weekend.

>There’s an easier solution.

But what else is one to do at the weekend?


Try to turn it into an stl file, slice it and print it :-)


Do this with a couple of "perfect" pumpkin shapes. Create a way to 3D print these as a mold to make your own "pumpkins" to be carved without all of the mess and able to last longer through the season. No more petroleum jelly, no more soaking them in the tub.


>No more petroleum jelly, no more soaking them in the tub.

What. I feel like I am missing out on a whole field of pumpkin science here that I was unaware of.


It's a plant. Think of it as a cut flower. After cutting open a pumpkin, they are obviously no longer sealed. They start to dry out. You can rub petroleum jelly all over the carved sides to help slow down the drying out. You can also soak them in the tub, and they will pull in some of the water to help them come back into shape.

There's all sort of things you can do to prolong things once they've been cut/carved/etc. My mom was a florist and designer. I've been in/around productions requiring things to be preserved so items can be kept around as long as possible. You just kind of pick up a thing or two


There are also various chemical solutions that you can put on the pumpkin to make it last longer. However those are not recommended if wildlife is around. Moose, in particular, love pumpkins. I suspect deer are the same.


Sure the deer, but I don't want that stuff around me. Better living through chemistry is something I'm trying to avoid now that I can make my own choices about what goes in, on, or around me.


personally I'm looking forward to "this gourd does not exist"


The program in question (3D Slicer) is also one of those easier solutions. It can load DICOM files directly.


Horos (Mac) is another - I think it’s the freeware version of Osirix.

You can find InteleViewer if you hunt about as well (Mac and PC).


You can get aeskulap on Linux. It's not anything that would be usable by a radiologist, but I've used it on occasion to look at some images.


We have been working on an open source tech that works in the browser and render 3D CTs and MRIs without installing any software, check it out:

https://openview.health


fyi you've misspelled "HIPAA" on that page


That is really nice. Thanks for sharing!


Cool, thanks for the link.


When my wife when through invasive breast cancer some years ago¹, I got started with RadiAnt because it's easy to construct a nice looking3d reconstruction, but I quickly hit a ceiling what I was able to accomplish.

With slicer I was able to produced compelling pictures to highlight the objects of interest by using custom color scales and transparency. For fun I also followed some tutorial on bone segregation for 3d printing, something that is clearly beyond the reach of RadiAnt.

Still, I would recommend to learn the basics in RadiAnt by trying to see what is in the written radiologist report². You will have to learn quite a bit of arcane terminology but I found that process quite rewarding and strangely empowering.

1- 3 years after her last treatment she is still cancer free, I hope it stays that way...

2- Ask for a copy of the report when you get the DICOM DVD. If the scan was taken at a hospital they will probably redirect you to the medical archives and it assuredly won't be ready when you get the DVD but they can mail it to you.


You're in luck, because (assuming the scans are in a compatible format), this is exactly what 3D Slicer was designed for.


there are many DICOM viewers available, ranging from the fairly horrible plugins for imageJ to very sophisticated things with maya or COMSOL or whatnot.

OSIRX is often very good, though not free.


Horos is the FOSS version of Osirix and based on the same original codebase, which lives on Github – c.f. https://horosproject.org/download-horos/


Sadly, it's MacOS-only. Would be nice to have something Qt or GTK-based.


There are many free DICOM viewer in the Ubuntu/Debian/Pop_OS repositories. I don't remember which one I used, but at least some of them allow to visit your organs in 3D :)


I recommend InVesalius. It’s in Flathub (https://flathub.org/apps/details/br.gov.cti.invesalius)


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: