Comments URL: https://news.ycombinator.com/item?id=32088845

Points: 2

# Comments: 0

Comments URL: https://news.ycombinator.com/item?id=32088641

Points: 12

# Comments: 1

'''

In parliamentary procedure, the verb to table has the opposite meaning in the United States to the rest of the world:

- In the United States, to "table" usually means to postpone or suspend consideration of a pending motion.

- In the rest of the English-speaking world, to "table" means to begin consideration (or reconsideration) of a proposal.

'''

[1] - https://en.wikipedia.org/wiki/Table_(parliamentary_procedure...

All the better if that refactoring is in a FOSS application/library to save other people the repeat effort (and potentially gather further improvements).

Your question reminded me of Raymond Hettinger's excellent 2015 PyCon talk about refactoring functional-but-messy Python code: https://www.youtube.com/watch?v=wf-BqAjZb8M

(as previously discussed on HN: https://news.ycombinator.com/item?id=10023818)

Comments URL: https://news.ycombinator.com/item?id=32069668

Points: 1

# Comments: 0

- It should be possible to compare between two releases (I'd personally like to see a code diff, ideally with a complete path of the commits involved)

- Providing a reputation visibility mechanism (for publishers? author(s)?) across a series of releases is important

Those don't require user accounts necessarily, though. And responding to the end of your message: identity assurances, yep, those seem necessary; access management, I'm not so sure.

I'm not sure I have much useful commentary to add, but it does occur to me that a sufficiently-sized pool of software users could inspect changes (either at individual-commit-time and/or at tagged-release-time) regardless of whether each changeset is by the same author or in fact a different person every time.

The technology industry (as the typical consumer of FOSS) generally understands that and introduces appropriate measures (dependency reviews, hiring developers with relevant experience, requesting professional security audits, keeping backups, ...).

Despite all those (sometimes expensive) measures, industry continues to develop (and indeed thrive) using FOSS, implying the trade-off is worthwhile. My guess is that it is in fact massively worthwhile, especially when comparing the technology economics of today with years and decades past.

Therefore I think it's reasonable to ask questions any time that barriers are raised -- however small -- on the production-side of FOSS. That's not where the bulk of the revenues are accruing.

(I also have a vague sense that 2FA could later be misused as an attempt to strongly-attribute blame, which again feels potentially unfair/unbalanced. if your business risk is high when upgrading packages, then you should review those updates more carefully and keep a record of the financial efforts and rewards)

Comments URL: https://news.ycombinator.com/item?id=32060050

Points: 4

# Comments: 0

There's an architecture diagram[1] alongside the source code, and my summary would be:

- The system has in-house web indexes built from Common Crawl[2] data

- The system receives snippets of text from Wikipedia and determines whether existing citations exist and whether they are valid

- If no valid citation exists, then the system performs queries against the indexes to find relevant URLs

It'd be interesting to learn how this approach fares compared to pasting the relevant paragraphs of text into search engines and excluding site:wikipedia.org from the results.

Something about feedback loops and data quality makes me wary that too much application of automated systems like this would lead to a degradation of content quality (each updated copy an imperfect translation or reference to an existing one).

[1] - https://github.com/facebookresearch/side/tree/a595fb09c85233...

[2] - https://commoncrawl.org/

Comments URL: https://news.ycombinator.com/item?id=32055663

Points: 1

# Comments: 0

The relevant section of the video on YouTube is: https://www.youtube.com/watch?v=LZgyVadkgmI&t=1080s

(perhaps the inputs to the promotion suggestion could be from a documented and equally-open algorithm; I still think it'd be nice to have the results reviewed and discussed (openly, by humans) before they take effect so that potential unfairness -- either in the levelling, or in the algorithm -- could be addressed)

For example, most official Debian[1] and Ubuntu[2] package repositories currently use HTTP (not HTTPS) by default for content retrieval.

That's reliable thanks to public-key encryption; the packages are signed, and the receiver verifies the signature.

Someone able to inspect your network traffic could, for example, tell that you've downloaded a genuine copy of "cowsay". Or they could detect that the server replied with a tampered copy (something that your client should reject as invalid).

[1] - https://wiki.debian.org/SourcesList#Example_sources.list

[2] - https://ubuntu.com/server/docs/package-management

- 37% : Security/regulatory policies

- 37% : IT overwhelmed by number of issues that need resolving

- 35% : Lack of training for IT personnel

- 34% : Handling the shift to hybrid/remote work

- 32% : Increasing number of endpoints to manage

- 31% : Technology in place is not appropriate for supporting DEX

- 27% : Lack of knowledge around DEX

- 25% : Lack of budget to support DEX efforts

- 19% : Lack of buy-in from leadership around importance of DEX

- 2% : No challenges being faced

(with some snark: statistics on signup/login requirements before viewing published reports, and presenting statistics in images instead of tabular data formats were not reported)