Unlurker

GitLab scan finds 17,000 secrets in public repos, leading to $9000+ in bounties (trufflesecurity.com)

> Each Lambda invocation executed a simple TruffleHog scan command with concurrency set to 1000. This setup allowed me to complete the scan of 5,600,000 repositories in just over 24 hours. Gitlab must have been thrilled about a bot cloning 5.6 million repo's in 24 hours. That doesn't really sound responsible to me.

The post keeps saying "verified secrets" - how are they verified? Did the author attempt to login to each service? Or does verified just means that it looks like a valid token?

9000 in bounties for 17,000 secrets? You could make as much in a month creating those vulnerabilities

Pocketbase – open-source realtime back end in 1 file (pocketbase.io)

Trailbase is the same concept, but written in Rust instead of Go.

> PocketBase is an open source backend consisting of embedded database (SQLite) with realtime subscriptions I am not sure I understand—is this a wrapper around SQLite?

It got some good discussion back in January, 2024: https://news.ycombinator.com/item?id=38898934 There have been a ton of releases since then. It looked like a pretty interesting project at the time. It made me want to look for a project to use it for but I never got around to it. I'd be interested to hear from people who have been using it and how keeping up with the releases has been (compatibility / breaking changes in API, ease of migration, issues, etc).

I've been using it for a while. There was only one release that required manual migrations. I think 0.23.0 and apparently the dev is backporting security updates for those who haven't upgraded. I use Go so all I have to do is `go get -u` and `go mod tidy` and then it's upgraded. It works great.

Apparently 1 file just means a static go binary with a bunch of separate assets compiled in. I guess for some reason I was hoping for source code that was only one file.

Same

Like a single header c lib from some eastern European S tier programmer.

China's BEV Trucks and the End of Diesel's Dominance (cleantechnica.com)

The text in teeny font under the headline picture is "ChatGPT generated. Chinese electric truck production lines expanding rapidly in 2024 and 2025." So, in other words, the leading image is a lie. When people say false things that purport to be true in text we call it lying or fraud. I don't understand why when they do it with an image it's not the same thing. Putting teeny, easily missed font that says "ChatGPT generated" doesn't make it OK. I might feel less strongly if the author put a disclaimer, in larger font, that said (more accurately IMO), "The above image is fake."

Oh, look, it's another article about china dominating in electrification and reaping the rewards of intelligent investment.

The USSR was considered by many prominent intellectuals a valid counterpoint to the Western capitalist structure, up until the moment it collapsed, and then it wasn't true socialism. Some humbleness should be in order when considering imperfect knowledge

It’s apparent that the USA is falling deeply behind on all of these things. I look at the rest of my life now as the final days in Babylon and try to still enjoy going down in the sinking ship. I vote to stop it, but my votes haven’t mattered in a long time. It’s important to still do them anyway.

> my votes haven’t mattered in a long time you vote mattered. It's just that there are more people who didn't vote the way you wanted them. But that's OK, because this is how it is supposed to work. At least, in theory.

This totally won't work. The infrastructure isn't built. Truck stops are built to store fuel. They're not built to deliver electricity. Cheap electric trucks solve the wrong problem currently.

If they're cheap enough that you can swap the tractor unit or its batteries out at a truck stop, does that not solve most of the problem?

Are you just talking about the USA or are you also including the rest of the 7.8 billion people that don’t live in the USA? If the former why should the rest of the world care about whatever hangouts the USA thinks it has?

Sounds like the person taking the video is on an electric bike.

I think its the truck, near the end the bike peels off to the left and you can hear the sound fading off to the right.

The VPN panic is only getting started (theverge.com)

Regardless of your opinion of porn qua porn, surely you can admit there is something scummy about algorithmic, ad filled porn platforms, and parasocial porn influencer platforms? HN regularly and rightly dumps on these elements on the context of Facebook, IG, etc. Does porn get a pass just because porn in some incarnations is avante garde?

Wait, I'm not taking about "avant garde porn". I'm not being snobbish about this. I mean two (or more) people of your preference fucking. Nothing avant garde about it, just the good ol' thing goes inside another thing, or rubbing things together. I don't know what "algorithmic ad filled parasocial platforms" you mean, but when you're ready to discuss banning Facebook, Twitter, and almost every platform we can resume this chat. Let's be honest about the other stuff: there's nothing wrong about watching porn. Maybe if this impedes you forming real world relationships, but heh... everything in excess is bad for you. I know this is an uncomfortable topic to discuss openly in some cultures. The USA or the UK, for example. They like their porn habits private and not talked about... which is why banning VPNs is bad!

people pay to read The Verge?

or they use archive.is

Brutha when I was young my parents would ring a bell at dinnertime and if I ran to the dining room in 5 minutes I got to eat and that was basically the extent of their monitoring of me.

But did you have unrestricted access to a device with a camera where pedophiles the world over tried to talk thirteen year old you into doing dances in your underwear for them?

> I have sat down with her countless times and yeah she has broken my trust a few times and she looses access to the internet. All that does is encourage her to lie and find work-arounds rather than fess-up and suffer consequences.

That makes no sense. For rules to have any meaning at all, there must be consequences to breaking them. If OP doesn't take away his daughter's Internet access when she breaks his trust, it will just teach her that there's no reason to follow his rules because it doesn't affect the outcome for her.

Within the past week the CEO described predatory behavior on the platform as "not necessarily just a problem, but an opportunity as well". Not sure what YouTube videos have to do with that, regardless of production value.

CEO is an autistic dumbass who isn't good at conveying his thoughts. What he could have said: "While we have the best protection of any gaming or social media platform today, any amount of predatory behavior is an unacceptable problem. Roblox has increased from 20M DAUs to 150M DAUs over the last 5 years and the absolute number of these unfortunate incidents has remained flat: an 80% decline in incidence rate. In this way, we view it also as an opportunity: How can we can continue to scale the platform while getting the incidence rate to zero?"

The internet was pretty fucked up in the 90s / early 00s. Much less regulated, you could find all sorts of weird stuff (and yes, also porn) in it. And it didn't mess us up. Before that, we teens had access to naughty magazines. I had a friend who managed to rent porn movies from the local videoclub (before Blockbuster). "Life, uh, finds a way."

> And it didn't mess us up. Honest question: If it did, how would we know? Here is a thread on incels.is where a dude tricked a woman into flying to another country because he "knows she deserves it". https://incels.is/threads/i-just-made-a-woman-fly-from-spain-to-finland-for-me-lmao.17037/ With reproduction rates falling, and people having all sorts of trouble with relationships, what does "messed up" look like, and why are we so sure that we actually aren't when the world is increasingly polarized and having trouble with authoritarianism? How can we prove those things aren't actually linked?

How can we be sure that it isn’t the result of the US leaving the gold standard? Or the increase in automotive recalls? Or the increase in the number of hot dogs consumed at hot dog eating competitions? I’m sure there’s a connection. https://tylervigen.com/spurious-correlations

The world doesn’t consider it reasonable for businesses to sell beer to kids, and expect us all to constantly follow our kids around to make sure they don’t get beer. Bars don’t get to say ‘woops, we got thousands of 9 year olds drunk, their parents should keep an eye on them’”. And at this point, most kids, most people, spend more time online than outside walking around

> Bars don’t get to say ‘woops, we got thousands of 9 year olds drunk, their parents should keep an eye on them’”. Because there's no whatsoever downside in requiring bars to not serve children (if we assume that it's just to not give alcohol to children); online age checks instead have very big negative consequences for the whole populace.

Not OP but while I don't seek "punishment", I do seek accountability. I know that might seem like a flowery synonym at best, or an amorphous piece of jargon at worst, but if we are to treat online spaces as public forums, we need to structure these spaces like public forums, which means having consequences for abject lies. The "but who decides" response is a thought-terminating cliche that we need to collectively move past. Until we stop letting the perfect get in the way of the good enough, we will continue to let bad actors dictate the public understanding of technological issues, and of issues more generally (eg: antivax).

Most claims of 'the other side' is lying are themselves lies. It's mostly people just spinning things to suit their own personal biases (without necessarily even realizing that's what they're doing). For instance the vaccine topic is one I did a deep dive on not too long ago when deciding which vaccines to approve for my children. This [1] is essentially the bible of vaccines - it's a massive study across a large sampling of evidence for all major vaccines, carried out by the National Academies of Science. I'll quote them: ---- The vast majority of causality conclusions in the report are that the evidence was inadequate to accept or reject a causal relationship. Some might interpret that to mean either of the following statements: - Because the committee did not find convincing evidence that the vaccine does cause the adverse event, the vaccine is safe. - Because the committee did not find convincing evidence that the vaccine does not cause the adverse event, the vaccine is unsafe. Neither of these interpretations is correct. “Inadequate to accept or reject” means just that—inadequate. If there is evidence in either direction that is suggestive but not sufficiently strong about the causal relationship, it will be reflected in the weight-of-evidence assessments of the epidemiologic or the mechanistic data. However suggestive those assessments might be, in the end the committee concluded that the evidence was inadequate to accept or reject a causal association. ---- The overwhelming majority of the rhetoric around vaccines, including from governmental figures, is doing exactly what they warn against. There's simply a lot of nuance on most of every issue worth discussing, that people often don't want to acknowledge. [1] - https://www.nationalacademies.org/projects/PHPH-H-08-17-A/publication/13164

> but if we are to treat online spaces as public forums, we need to structure these spaces like public forums, which means having consequences for abject lies. The "but who decides" response is a thought-terminating cliche that we need to collectively move past. In order to "move past" that, you have to find a way to address official lies and cases where the majority is wrong. . For example the official denial of the fact that the Wuhan lab was researching things similar to covid-19. (Doesn't matter whether it actually came from there.) Or the official lies about mask effectiveness. (Regardless of whether they're effective or not, the government told people things that it believed at the time were false.) Or the lies about the world's best anti-parasite medication (that just isn't an antiviral) being dangerous horse-paste. Or the lies about Hunter Biden's laptop being Russian disinformation. Or that still-ongoing culture war topic where both sides claim the other is lying.

How Charles M Schulz created Charlie Brown and Snoopy (2024) (bbc.com)

Interestingly, Peanuts started with a focus on Shermy and Violet as the 'straight men' and young(er) Charlie Brown as the comic upstart. Snoopy shows up fairly soon, but he doesn't even seem to be CB's pet for the first while. It's fascinating to see Lucy, Linus, Schroeder and Sally grow from tots or babies to the developed characters we know today.

> Snoopy shows up fairly soon, but he doesn't even seem to be CB's pet for the first while. Snoopy shows up in the third strip, by which point the count of total appearances is Patty: 3, Charlie Brown: 2, Shermy: 1, and Snoopy: 1. He appears again in strip 5, but it takes until his third appearance (in strip 8) before he can be identified as Charlie Brown's dog. He remains somewhat ambiguous: strip 8: Charlie Brown is reading at home, accompanied by Snoopy. strip 11: Shermy is eating (presumably at home?), accompanied by Snoopy. strip 12: Shermy takes Snoopy for a walk, holding him on a leash. 1950-10-21: Shermy, Patty, and Snoopy are walking together when they encounter Charlie Brown. 1950-10-25: Patty is speaking on the phone (at home?); Snoopy is present. 1950-11-07: Charlie Brown delivers a lecture to Snoopy beginning "You don't seem to realize that I'm the boss in this house!"; he is interrupted by a call from his mother. 1950-11-13: Patty receives Charlie Brown at her home; Snoopy is already present. 1950-11-25: Charlie Brown says goodbye to Snoopy before going to bed; Snoopy is shown to be able to hear him as he says "I'll see you in the morning" from his bedroom. 1950-12-05: Patty is walking Snoopy on a leash when they run into Charlie Brown. 1950-12-13: Snoopy is playing on the footboard of Charlie Brown's bed while he tries to go to sleep.

There was a long read article that came out a few years ago called "How Snoopy Killed Peanuts:" https://kotaku.com/how-snoopy-killed-peanuts-1724269473 about how Peanuts lost it's edge once the "cute" popular dog was introduced, whereas prior it used to be more subversive, philosophical/theoretical with darker material.

It's too bad that there are probably meant to be so many example comics in that article, judging from how it's written, and what's really there is just ads where the comics are probably supposed to be. Wonder what happened.

The Thanksgiving and Christmas specials aired every year, and might still. But who has an antenna any more? I do.

The combination of cable-cutting and the fact that many people either can't access OTA (or don't bother) probably means that a lot of the content that people reflexively tuned into over various holidays just doesn't happen any longer. Even if some of it is on streaming, it's not an automatic holiday thing. I can't get OTA and cut cable TV so I don't get a lot of things without effort that I don't generally go to.

Bird flu viruses are resistant to fever, making them a major threat to humans (medicalxpress.com)

Well, most humans (unlike me) take Tylenol even with a "fever" of just 38°C/100.5°F, so what difference does it make?

Huh. I don’t know if I’m picking up what they’re putting down here, but it kind of sounds like suppressing fever e.g. with Tylenol would actually be bad for (normal) flu progression.

Our pediatrician didn’t want us to give Tylenol unless the fever was over 99.5 and not to bring them in unless it was over 101 with Tylenol.

I know someone who doesn't get fever. When he gets sick with regular cold or fly it's much longer and worse than for anyone else I know.

Most people don't get a significant fever when infected with most common cold viruses.

I think what they're saying here is that you're not just suppressing a symptom, you're suppressing a sickness fighting mechanism.

He said that.

Fever isn't just a symptom. It's a defense mechanism. The idea is that use of antipyretic drugs may make the infection worse.

So was the one during COVID-19

Only after it made the vax.

It’s even cheaper to just eat the potatoes, corn, wheat, soy directly like humans have at least for 1000s of years. It would also be healthier and less damaging to the planet as well as local environments, and save tens if not hundreds of billions of animals lives. The processing is simply unnecessary and the output isn’t food but essentially drugs that people get addicted to. That’s completely different from the actual food that we grow.

> just eat the potatoes, corn, wheat, soy directly like humans have at least for 1000s of years. Humans (and our ancestors) have been eating meat for around 2.5–3 million years, and possibly even earlier if you include earlier hominin species.

People used to literally live with the livestock attached to home or even under the same roof. This was probably the case for most of agricultural history. Factory farming is bad, over use of antibiotics in live stock is bad. But OP's point is that this is how many of the diseases in human history and therefor unlikely we would ever be able to avoid this while raising animals for food. As they said, both are true

Some places would put the livestock on the ground floor/basement so their heat would warm up the house. I can only imagine what that would smell like. https://en.wikipedia.org/wiki/Low_German_house

I can't speak for OP, they may have been advocating for giving up farming animals (or fowl) altogether, but personally I see a huge inflection point between traditional and factory farming methods with regards to the level of risk. When you are compromising the immunity of your livestock, you beg trouble. I understand the temptation to zoom out to a several hundred year timespan, that can be clarifying. But when (as in this case) there are substantive differences in recent history, it muddies the waters. I totally buy that endemic diseases are largely zoonotic diseases plus time. But that doesn't clarify how much risk exists in our current methods of farming. Factory farming is not equivalent to traditional farming in this respect. History is not featureless and when we flatten it we lose important details.

Consider how many fewer people interact with livestock now than before factory farms. I don't know if it matters but there are significantly fewer farmers than there used to be by several orders of magnitude. Also, before cars, the streets of major cities were covered in horse shit.

Skittles are bad for reasons having nothing to do with "ultraprocessing". This is just the new incarnation of people believing Mexican Coke is healthier because it's made with cane sugar instead of corn syrup.

I never heard anyone say it is more healthy. HFCS just tastes horrible if you grew up eating cane (or beet) sugar.

Care to engage more substantially than this, or are you just repeating the argument that because UPF is imperfectly defined, that means UPF as a category is absolutely worthless and therefore we should dismiss all precautionary options surrounding any and all UPFs with prejudice?

"Ultra processing" is corollary to unhealthy food, not causal. It's not the ultra processing that makes it unhealthy. That's the crux of this disagreement. Assuming the relationship and then assuming the next step that the antitheses must be true. Unprocessed foods aren't inherently healthy and ultra processed foods aren't inherently unhealthy, the two things have nothing to do with each other.

“They want us to fear birds” is wild man

Alfred hitchcock was ahead of his time.

250MWh 'Sand Battery' to start construction in Finland (energy-storage.news)

> the big issue during winters is when there's cold air high pressure systems we get neither sun nor wind Wind does better in the winter. See eg here for Canada monthly stats: https://www150.statcan.gc.ca/t1/tbl1/en/tv.action?pid=2510001501&pickMembers%5B0%5D=1.1&pickMembers%5B1%5D=2.1&cubeTimeFrame.startMonth=07&cubeTimeFrame.startYear=2024&cubeTimeFrame.endMonth=05&cubeTimeFrame.endYear=2025&referencePeriods=20240701%2C20250501 Also, wind does better at night than day, which may be related or not.

And in Finland: 60% of Finnish wind energy 'collected' in the winter months (Oct-Mar) https://suomenuusiutuvat.fi/en/wind-power/wind-power-in-cold-temperatures/

Theres not going to be built any more interconnectors from Norway anytime soon. Electricity became a lot more expensive in Norway after building several interconnectors to UK and mainland Europe. Importing high prices from the failed energy politics of UK and Germany which both have among the most expensive electricity in the world. This has been a huge debate, and the general concensus seems to be that joining ACER and building inrerconnectors to mainland Europe was a big mistake.

Well, with the destruction of Nord Stream 2, Norway needs more pockets to save money in.

That seems counterintuitive to me. Electricity prices don't go up because you have access to expensive power, it goes up because you don't have enough cheap power so you have to buy the expensive power. It seems like Norway just wouldn't have power if they weren't connected to other sources, not that they'd have more cheap power.

Electricity prices go up when you have access to customers who are willing to pay more. If grid connections to other regions are limited, people in regions with a lot of cheap generation (such as Norway) pay low prices. But if you add grid connections without increasing generation capacity, prices start equalizing between regions, as every power company tries to sell to the highest bidder. Norway could power itself fully with domestic hydro. But it chose not to, as the power companies make more money by importing foreign power when it's cheap and exporting hydro when it's not.

Obviously the presumably large amount of money spent to interconnect could have been spent adding local production and storage. It would be a waste of money if there was a reasonable path to local energy independence that was neglected.

I've always wondered why we don't build homes with a buried tank of water used as heat storage. In the summer it can be heated with solar thermal to around 90c, and in the winter heat can be drawn out and go through radiators or underfloor heating, with a mixer valve. You just need a few pumps and valves, not even a heat pump is needed. If you assume a modern house with a heat load of 1800kWh per year (fairly standard for a new build medium sized home where I live, in Northern Europe) that means you'd need a tank roughly 50m3, or 10,000 gallons for Americans. In terms of insulation you'd need around 50cm of XPS foam, and it would be buried a meter below ground. It's nothing terribly complicated in terms of construction or engineering. Of course you'd pay more upfront, but then your heating bills would be practically zero. In warmer climates it would be much simpler, you could probably get away without burying it.

Something like that was attempted south of Calgary, in Canada: https://en.wikipedia.org/wiki/Drake_Landing_Solar_Community