More like a failure on TechCrunch. There is an implied agreement and violating it will result in a flat refusal to talk outside of prepared press releases.
This isn't good journalism and should not be celebrated.
That's not how that works. You don't get to decide statements are off the record after you realize you said something that would look bad. Every interview would be a puff piece if that was how things worked.
This will just stop people from talking to journos, like many have done. This whole rhetoric of the journalist being an "adversary" that is "outing" things is extremely problematic. You should be able to retract statements. If it's live, it's practically not possible so it's fine, but for articles I think that journos should respect retractions, regardless of whether it is post-hoc or pre-decided.
Now, the "victim" here is NSO, so not expecting any sympathy, but journos do this to everyone, even normal people.
> Puff pieces
But with the aforementioned rhetoric in vogue these days, every piece of journo is a forced "scoop", leading to most of modern media(social and mainstream, the incentives are the same) being misconstrued non-factual brain damage. Even press conferences, most questions are just loaded and very bad-faith, basically trying to get you to say something they can quote out of context, or use for a misconstrued "non-truth", or a false equivalence. Or sometimes they just make things up! Retarded scoop-bait headlines as well.
The root cause for all this is that adversarial rhetoric.
Before you say "but the press is an adversary against the government", they do this to sportspersons, and a variety of other normal people too. If they only did this to the designated government spokesperson, it would be OK.
Now, this rhetoric itself is a result of "news"[1] companies competing for audiences. A fairly obvious incentive there. On socials too. Engagement is rewarded, leading to the same thing.
Furthermore, LLMs if used for content generation, will compete for audience, and even inference-time feedback driven optimisation leads to it giving the same reality-bending outputs. It's been simulated and shown in this stanford paper already: https://arxiv.org/abs/2510.06105
> This whole rhetoric of the journalist being an "adversary" that is "outing" things is extremely problematic. You should be able to retract statements.
It's quite the opposite, actually. As Katherine Graham, the former publisher of the Washington Post, used to say: News is what someone wants suppressed. Everything else is just advertising.
TechCrunch is not obligated to let NSO's mouthpiece advertise on their pages.
The H1-B visa is intended for bringing specific technical expertise that does not exist in the US for a set period of time. This is why one of the requirements is that you must have interviewed US persons first. Its the same reason it's a nonimmigration visa.
The rampant abuse of the visa has a remedy - criminal charges against the HR directors of any company who is found to have committed fraud, and capping the number of visas per company (setting up many shell companies is a strong signal that fraud is being committed).
If an H1-B worker can't negotiate on a global level for their expertise - they should not be on that visa.
There are 85,000 visas emitted every year. Such measure isn't consistently enforceable as you can't really investigate each visa. As a result, it will be considered by the main offenders as a cost of doing business spread out across thousands of applications.
> Such measure isn't consistently enforceable as you can't really investigate each visa
You don't have to look at every single one lying on government forms is fraud start putting at the company who signed off and the person brought over (before they are deported) in jail for a couple of years and people will clean up their act real quick.
- You need to have a clear way of defining liability, otherwise companies will lawfare. For instance "you could have hired someone else in the US" is impossible to really prove or disprove.
- Jailing a foreigner before sending him back to his country for an administrative offense is somehow a big waste of public money.
- A very hard punishment still requires to consistently catch offenders, otherwise it will slowly become hypothetic.
Temperature sensors are a great example for alerting because they fluctuate constantly, have multiple seasonalities, and failures can be subtle. In the end, you'll want:
1. If the sensor dies and there is no data at all
2. If the sensor gets stuck (giving same value)
3. If the sensor slowly drifts (adjusting for daily, weekly, and yearly seasons) - indicating a clogged filter or leaking refrigerant
4. Statistical spikes - this is the hardest to tune so you need to treat it as a model that detects anomalies and it takes a long time to label extremely rare events
5. Static thresholds, over varying windows to deal with sensor error and transient spikes.
It also raises questions like "if the sensor is reporting 400C then either the building is on fire or the sensor is broken", or "how do we get the alert if the building is indeed on fire" and the inevitable followup: do we even need to get an alert if the building is on literal fire?
> It also raises questions like "if the sensor is reporting 400C then either the building is on fire or the sensor is broken", or "how do we get the alert if the building is indeed on fire" and the inevitable followup: do we even need to get an alert if the building is on literal fire?
Haha, I was looking at a BAS front end with a customer and we were trying to figure out why an air handler kept tripping out. The return air duct static pressure sensor was reading 65536 kpa, so either the sensor was faulty or the building was moments away from being vaporized in a massive explosion. Replacing the sensor corrected the issue and hundreds of lives were saved ;)
I'm fond of using KaTeX for my personal blog posts. There is support for server side rendering for KaTeX (but not on GitHub pages because it necessarily opens it to arbitrary code execution - I asked).
But it notably lacks tikz support and if it can emit SVGs I'm beginning to wonder why I even use KaTeX and not something like this (beyond my personal anti-JS sentiment)
A clean tie can also be super helpful! If you are say...choosing between two ties, and you get a 6/6 verdict you know they are equally good (or bad!)
But thank you for commenting and reading my post...(not sure if you tried or not, but thank you if you did!)
I'm sentimentally attached to 12, but like other things on JuryNow, I've learned to let go these past weeks! I wanted there to be no 'skip a question' option, and no chance of doing JuryDuty without a question, but have embraced the overwhelming feedback on both those!!
It means that there is a statistically significant improvement, but that improvement is tiny, and will not make you happier than your peers all by itself (assuming a standard peer group of 200 people - you'd likely swap places with 1 or 2 people).
Of course, this study only considered normative people, not marginalized or those who were experiencing active harm from exposure to social media - your personal results may vary and it's important to remember that science is imperfect and social sciences are doubly so.
If going off Facebook improves your life - you do you.
As far as I can tell, the algorithm can really harm people during times of mental illness/stress/anxiety. Part of it is that it is like a feedback loop.
When we lost our pet and my wife was very upset for a while, the algo kept showing her more and more content associated with pet loss. It got to the point that some random content pushed to her social media was upsetting her daily.
I can imagine someone experiencing depression, suicidal thoughts, etc can easily be pushed over the edge by the algorithmic feedback loop.
In a way this perfectly captures my experiences too, despite my struggles revolving around a different topic, and sometimes it wouldn't even be algorithmically inflicted, but self-inflicted.
I'd keep coming across, and sometimes seeking out, threads with political content. But beyond that, I'd keep stumbling upon or even seeking out people who are being (in my view) inciteful or misleading. This would then piss me off, and I'd start to spiral. Naturally, these are not the kind of people who'd be posting in good faith, adding even more fuel to the fire when I engaged with them and their replies would eventually come about, which of course I'd "helpfully" get a notification for.
MITM attacks are common, but noisy - BGP hijacks are literally public to the internet by their nature. I believe that insisting on coupling confidentiality to authenticity is counterproductive and prevents the development of more sophisticated security models and network design.
You don’t need to BGP hijack to perform a MITM attack. An HTTPS proxy can be easily and transparently installed at the Internet gateway. Many ISPs were doing this with HTTP to inject their own ads, and only the move to HTTPS put an end to it.
Yes. MITM attacks do happen in reality. But by their nature they require active participation which for practical purposes means leaving some sort of trail. More importantly is that by decoupling confidentionality from authenticity, you can easily prevent eavesdropping attacks at scale.
Which for some threat models is sufficiently good.
This thread is dignifying a debate that was decisively resolved over 15 years ago. MITM is a superset of the eavesdropper adversary and is the threat model TLS is designed to risk.
It's worth pointing out that MITM is also the dominant practical threat on the Internet: you're far more likely to face a MITM attacker, even from a state-sponsored adversary, than you are a fiber tap. Obviously, TLS deals with both adversaries. But altering the security affordances of TLS to get a configuration of the protocol that only deals with the fiber tap is pretty silly.
TLS chose the threat model that includes MITM - there's no good reason that should ever change. All I'm arguing is that having a middle ground between http and https would prevent eavesdropping, and that investment elsewhere could have been used to mitigate the MITM attacks (to the benefit of all protocols, even those that don't offer confidentiality). Instead we got OpenSSL and the CA model with all it's warts.
More importantly - this debate gets raised in every single HN post related to TLS or CAs. Answering with a "my threat model is better than yours" or somehow that my threat model is incorrect is even more silly than offering a configuration of TLS without authenticity. Maybe if we had invested more effort in 801.x and IPSec then we would get those same guarantees that TLS offers, but for all traffic and for free everywhere with no need for CA shenanigans or shortening lifetimes. Maybe in that alternative world we would be arguing that nonrepudiation is a valuable property or not.
It is literally impossible to securely talk to a different party over an insecure channel unless you have a shared key beforehand or use a trusted third-party. And since the physical medium is always inherently insecure, you will always need to trust a third party like a CA to have secure communications over the internet. This is not a limitation of some protocol, it's a fundamental law of nature/mathematics (though maybe we could imagine some secure physical transport based on entanglement effects in some future world?).
So no, IPSec couldn't have fixed the MITM issue without requiring a CA or some equivalent.
On this arm of the thread we're litigating whether authentication is needed at all, not all the different ways authentication can be provided. I'm sure there's another part of the thread somewhere else where people are litigating CAs vs Tor.
This isn't good journalism and should not be celebrated.