Central authority is a poor substitute for social consensus.
If you look at a case like this, there is absolutely no question or ambiguity "which perl.com domain people really want." This issue only exists because of an artificial monopoly and an application of capitalism to an allocation problem that doesn't exist.
Domain names should be a thin wrapper around private/public keypairs. Domain keys should be pinned per application or per first use OS-wide, with configuration tools to unpin and update the mapping. Any critical access, such as update servers, should always use the full key anyways. There is no reason in principle that there shouldn't be multiple name-key assignments for perl.com, except inasmuch as it would make webdevs' and OS developers' jobs slightly harder. Hell, ping both and see which one matches the pinned https key for perl.com, and this problem would already have been solved! This whole monopoly is caused by a bad band-aid technical solution for a social problem that we can and should find a better solution for.
I'm not saying "boycott DNS." I'm saying "the fact that everyone is fine with the current state of affairs is an embarrassment."
I want an OS built from the core up around a web of trust model. I want my browser to ask my (manually introduced) peers "which of those versions of perl.com do you think is the one I want." I want a computer with no hardcoded central server queries at all. (And while we're at it, I want it connected to the internet via mesh links.) But I'll never get that, because it'll always be easier to just hardcode some central authority and go home.
How would you prevent a group from trolling or performing a hostile takeover of a small domain? How would someone acquire a domain? How do you determine consensus?
In this case, as someone who doesn't follow Perl, how would I make an informed decision on which perl.com domain I really want?
> How would you prevent a group from trolling or performing a hostile takeover of a small domain?
Several ways.
If you are accessing the domain locally, you'd normally be looking for entries that match the private key you have stored. So if you ever went to that domain, you'll get the same remote again.
If this is your first time accessing the domain, you'd ask your peers what version of the domain they have stored. Those aren't randomly assigned, but people you know IRL, similar to Freenet. You could do some degree of onion routing if you care about keeping sites you go to private from your friends. And again, you'd only do it the first time. And this is hard to attack because you can't make a person have friends in the WOT graph.
When you are following a link, the person placing the link could always just attach the full private key to the link tag.
If you are copying a URL from your browser bar, the browser could attach a random set of index-value pairs of the private key. This would be very hard to spoof, but not increase the size of the URL by much. That would cover you for posting links in forums and chat rooms.
Of course if you were searching for the domain, your first hit would almost certainly have the correct key.
Only if you are told the URL through an out-of-band source, and almost nobody you know (transitively) has gone to that domain, you are in the situation of having to figure out which key is the true key. In that case, you could fall back to certificate checks. Note that certificates as a market are a lot more competetive than the domain name market.
So there's no one-size-fits-all solution, but just like right now, most of the time you wouldn't have to think about it. And unlike right now, if it goes wrong you get a nice error instead of silently the wrong domain.
I just thought of a way to improve the privacy of the DNS lookup. Instead of asking for the domain name, ask for a prefix of the hash of the domain name chosen so you get maybe 20 domains back.
The point is - I got all of the above by thinking about the problem for maybe ten minutes. This is far from unsolvable. We as a community are just terminally lazy.
It's not an obvious problem to solve, but nobody would invest much in performing a hostile take over of a small domain.
In the case of Perl.com it looks like a hostile takeover, of a popular domain, and it didnt cost them much to take it over I guess.
Here [0] is an example of someone putting inordinate amount of effort to take down a tiny mastodon instance. If it would have been possible to take over a domain in a similar manner - it would have happened too.
> Domain names should be a thin wrapper around private/public keypairs.
This way anyone who gets access to the keys, even temporarily gets to take over the whole domain. No chance to resolve the issue with a registrar who can manually review the case and revert changes. This would include anyone working on that level of infra in your company and anyone who hacks them.
I'm not sure what would you compare the https cert to without a central authority in that case.
We tried the web or trust with PGP and it turns out key management is really hard and apart from few geeks nobody's that interested.
The certificate market is a lot better than the domain market, because it's not a monopoly. I think it makes sense to have a trusted-signature system as a backfill and bootstrap for your web of trust.
Agree that nobody cares about this though. I'm certainly not surprised that we settle for easy mediocrity.
In a sense spiders are part of the problem - insect killers. I keep one in the kitchen window, and a little jumping one lives on the bedroom roof, migrates across to the windows a couple of times a day, but all others strictly belong outside.
Jumping spiders make for great pets. Watching them hunt is fascinating, they'll crawl all over anything you put in the terrarium, and they can go without food for weeks at a time. Very low maintenance. And they're usually comfortable with climbing into your palm. I don't do it, because I worry about injuring or stressing them, but my wife loves it. We've never been bitten by a jumping spider.
If you don't like the idea of catching and caging spiders, keep one by a window. The small amount of webbing they leave isn't prominent, unless they have trouble climbing (like in glass terrariums).
Sadly they aren't wild here in the UK, but I've read a lot about them and enjoy the local spiders we get here. Spiders and octopus definitely would be ruling the world if they wanted to.
My wife and I are apparently both in the subset of the population for whom Charlotte's Web made a big impression. We leave spiders alone and let them (or the cat) do most of our dirty work. Other arthropods get a paper-towel ride to the yard.
Why not just have casual conversations instead? Standups are one those things that people disagree on endlessly without discussing context - their worth depends on the team. On my current team they're worthless. I'd rather have casual conversation, but that's like squeezing blood from a stone. Departure planning underway.
It should be, but not everyone on the team has to be confident. Not everyone has to be outspoken, not everyone has to have perfect pronunciation. Not everyone is able to structure their thoughts in 1 minute, even though they are able to work on complex systems.
What you want from "what you did yesterday, blockers, what you will do today" script is a framework for conversation starter, conversation scope and having something that you can prepare before. Some people can come up with it on the spot and some people think they should come up with it on the spot.
That is why I hate having standup right at the start of the day like 9.00, I usually have to get at least 20 mins to get check up what I finished yesterday and start picking up something new, going through priorities.
Personally I'd like a stand-up where it's ok not to have anything to say, like yeah, WIP, no problems, no blockers (except being here talking about it instead of doing it..!) etc.
Fully agree I would prefer it later. Not just 20min, I typically start ~1h before ours anyway, but it hangs over me all that time. I'd like to spend most of the day working on something and then stand-up in the afternoon, I'd be more likely to have an issue someone could help me with, or otherwise on my mind to discuss.
Yeah having standup in the afternoon is great. At my last company I worked with Americans from the EU. My standup was at ~4pm. My "last day's work" was still fresh and still had ~2 hours to resolve blockers.
Careful what you wish for. In open landscapes and in meetings with business side, there's endless pointless chatter about everything else but doing their job. I'm not a devotee to overwork and squeezing blood out of stone type of worker. However, the directionless chatter, general incompetence, lack of inquisitiveness and awareness become energy-draining over time.
Status report is when a team say the same things every day and every week, nothing changes and there's nothing new to be learned. This is Waste.
Daily scrum is meant to encourage collaboration, inspiration and brief sharing of information. However, when driven by business needs alone, it becomes another pointless status report. On the flip side, if daily scrum takes off, it should be allowed to continue as a new meeting afterwards, but is also a sign that there's not enough coherency in the group with the current practice.
Some people just don't like casual conversation and wouldn't initiate conversation on their own. If you have enough of those types, no communication wold happen. Ad-hoc conversation tends to be interruptive which is not desirable for people on maker schedules.
Either way, standups is just one communication strategy. Pick the communication strategy that works with the style your team feels comfortable with. There's rarely one solution fits all when it comes to communication.
It’s a good question that every team should ask themselves rather than just blindly follow some scrum book. One reason that standups can be worthwhile is if your product managers are hard to get a hold of (which is common), it’s a guaranteed time when you can ask them some questions. But your mileage may vary.
Psychology. Here in the UK the the lemming factor would kick in strongly - toilet paper, bicycles ... negative interest rate. The moment those words are uttered by the BBC you could expect the country to be covered with little puddles of excitement leading to the nearest bank. Some phrases trigger a threshold where reason loses strength - fomo? Panic?
It's possible that I missed that, but I believe the HN poster silently updated the title. The word "executable" does not appear anywhere in the HTML of the target page.
(sigh at how acronyms are the source for endless insider snark.)
If may have been detected in Australia in returned travellers but it is not in Australia in the community.
Yesterday Australia had 15 community acquired cases (yes, 15 in total, with a further 11 from international travel in hotel quarantine) in the country and a quarter of sydney is in lockdown due to it, the virus variant is an American strain.
There are a couple of problems with this line of reasoning - yes, as an RNA virus, there is a high rate of mutation. However because of the redundancy of amino acid encoding most mutations will be preservative (ie produce the same protein). Additionally, although there is no reason that chance can’t produce the exact same spike protein mutation in another location in the world, it will be of a different lineage which will clearly show up on sequencing as there will be some clear differences elsewhere (in the preservative mutations).
This is highly unlikely to be a result of immune response pressure, in fact I would discount this entirely, mutations arise as a response to copying errors and inside an infection cycle (initial infection, replication, transmission, adaptive immune response).
The final immune response will shut down the virus ability to replicate freely due to recognition; selective pressure to avoid immune response is unlikely due to 1) the continually lowering viral load and 2) the very high number of non-selective antibodies produced that recognise a large number of viral epitopes.
It's not just about (big) scalability - redundancy. Cockroach 3 node cluster is a no brainer to setup, just runs. I see cockroach as far easier to work with than Cassandra, and more easily expanded than postgres - sits very well between the two.
