<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: jurassic</title><link>https://news.ycombinator.com/user?id=jurassic</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Sun, 05 Jul 2026 23:21:39 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=jurassic" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by jurassic in "Economic Termites: Monopolies not noticeable enough for most of us"]]></title><description><![CDATA[
<p>Sorry you are having a rough search. I was part of a large layoff so I know plenty of people who’ve been through it recently, some more than once if they went into another company that then had layoffs. I’d say the average search in my circle for those actively looking was about 3-4 months, with people who were very junior taking perhaps double that. I got some rejections that shocked and upset me at the time, but now that time has passed I’m glad I’m not in those roles because I found something later I liked much better.<p>For myself, referrals were a huge part of getting a job somewhat quickly. As more people are looking, the slush pile of resumes gets bigger which causes employers to feel they can be more picky. So if you’re relying on a cold application turning into an interview, that will definitely have a very low success rate.<p>I know only one person who didn’t get a job for an entire year, one of the smartest people I worked with at my last job, but to be honest it seemed like they were having some mental health / mid-life crisis things going on and not actually applying much if at all. I don’t know you and your situation, and I’m not saying this is the only explanation for a long and fruitless search, but if you think you might be like this person then I’d encourage you to reach out to someone who knows you and get the support you need. Marinating in negative thoughts won’t get you anywhere. This stuff has to be addressed because attitude, emotional state, and overall vibes can bleed into the entire interview performance and undermine what is otherwise a solid showing.<p>I hope something good comes your way soon.</p>
]]></description><pubDate>Mon, 10 Jun 2024 02:25:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=40629543</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=40629543</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40629543</guid></item><item><title><![CDATA[New comment by jurassic in "Economic Termites: Monopolies not noticeable enough for most of us"]]></title><description><![CDATA[
<p>A small percent of tech workers struggling to get a job doesn’t change the overall picture that most people working in tech are living relatively prosperous and comfortable lives. We are paid at a level that means we don’t feel stressed at the grocery store figuring out how to feed our kids or wonder how will we get to work when our cars break down. And as a bonus, we get to sit comfortably in air-conditioned rooms and spend a good chunk of our day thinking about things we actually take some enjoyment from.<p>None of this is true for the “underclass” mentioned above who have little to look forward to each day; the labor they provide is in various amounts boring/tedious/demeaning/physical, and doesn’t pay enough to give them the middle class lifestyle they feel entitled to (e.g. home ownership, healthcare, etc).<p>I and many people I know have gone through job searches over the last 18 months. Yes, it was more work than we’ve come to expect over the last 10 years. But ultimately everyone I know has landed on their feet. As an industry we are still incredibly privileged compared to most.</p>
]]></description><pubDate>Sun, 09 Jun 2024 15:46:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=40625219</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=40625219</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40625219</guid></item><item><title><![CDATA[New comment by jurassic in "Should I use JWTs for authentication tokens?"]]></title><description><![CDATA[
<p>Not as I understand it. When I've seen this discussed, a "logout requirement" has usually meant some stakeholder thinks they need a way to prevent previously issued access tokens from being used even though the tokens are signed by the trusted authorization server and not expired (i.e. still valid). This requirement asks that you find a way to instantly shut off access even though the auth server has previously issued access tokens that should entitle the bearer to perform actions against protected resources until the token expires.<p>Blocking refresh in the authorization server is trivial, but trying to implement the same on access tokens in the resource server at the point of use breaks the entire security model of JWT. It's unreliable, because now every resource server has to take on partial responsibility for authorization which multiplies opportunities for mistakes. As the OP points out, you need to keep track of some sort of block list and lose out on many of the benefits of JWT (i.e. a resource server being able to rely fully on claims in a signed token before allowing an action).<p>When people show up with this kind of requirement, in my experience, it is often because they foolishly configured a client with a very long expiration on access tokens (e.g. ~months/years instead of ~minutes/hours). This creates a problem when some aspect of a user's access needs to change (e.g. disgruntled employee was fired, customer didn't pay their bill, etc). You can address this more easily by pairing a short access token lifetime with a long refresh token lifetime.</p>
]]></description><pubDate>Tue, 28 May 2024 04:22:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=40497290</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=40497290</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40497290</guid></item><item><title><![CDATA[New comment by jurassic in "Should I use JWTs for authentication tokens?"]]></title><description><![CDATA[
<p>The more confidently people make blanket pronouncements, the less you should believe them. There are a lot of use cases for OAuth2 and OIDC that are not covered by “just use a web session”.<p>The real thing to push back on is the logout requirement. Everyone pretends they need this, when what almost everyone should do is just mandate appropriately short token lifetimes and revoke refresh tokens as needed.</p>
]]></description><pubDate>Mon, 27 May 2024 20:13:13 +0000</pubDate><link>https://news.ycombinator.com/item?id=40494214</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=40494214</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40494214</guid></item><item><title><![CDATA[New comment by jurassic in "Ask HN: Why are people so mean in the open source community? (about xz again)"]]></title><description><![CDATA[
<p>I don't think this specifically is a great example of "being mean", but in the broader ecosystem it's definitely a problem that can wear down maintainers over time. I think it boils down to a widespread sense of entitlement from users of free software. It's amazing the demanding and disrespectful things people will say when the project you've shared with them, for free, doesn't meet their exact needs or preferences.<p>If something is provided free of charge and it's not working for you, there are constructive ways to engage and help nudge a project in a beneficial direction. But if you're not up to doing that, just move on.</p>
]]></description><pubDate>Sun, 19 May 2024 07:20:09 +0000</pubDate><link>https://news.ycombinator.com/item?id=40404926</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=40404926</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40404926</guid></item><item><title><![CDATA[New comment by jurassic in "A rent-stabilized 1 bedroom apartment for $1,100 In NYC? broker's fee is $15K"]]></title><description><![CDATA[
<p>It’s basically impossible to rent a place worth living in Boston without paying a broker fee. Even the listings you find yourself on craigslist won’t rent to you unless you pony up the fee.<p>When I rented a place in Cambridge in 2019, the rent was $3200/month. To get the lease signed I had to write a check for 4x that amount (first+last+security deposit+broker fee). $12,800 before even dealing with any moving costs.<p>The worst thing about it is that it increases the cost of moving very significantly. So people are coerced into accepting large rent increases as long as the increase is less than forking out another broker fee to move to a cheaper apartment.</p>
]]></description><pubDate>Sat, 10 Feb 2024 16:55:08 +0000</pubDate><link>https://news.ycombinator.com/item?id=39327799</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=39327799</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39327799</guid></item><item><title><![CDATA[New comment by jurassic in "Netflix is turning into cable TV"]]></title><description><![CDATA[
<p>Could be, I'm not really old enough to remember how linear TV dealt with new television series. Perhaps it is mainly a problem of perception. When you turn on the hotel TV and see a Law & Order rerun playing for the umpeenth time you aren't really thinking about all the other shows that never got beyond a pilot because they couldn't outperform a juggernaut like Law & Order and earn a slot in the schedule.<p>The way Netflix seems to drive every season into a cliffhanger ending and then cancel seems pretty short-sighted though. If they just let stories be a little more self-contained, then these one-season shows (dare I say "miniseries"?) would accumulate into a catalog of stories that are actually worth a damn for the audiences that find them later. Every piece of content in the library that they don't have to pay to license can earn back an ROI from a niche audience over a much longer period of time since they don't have to optimize the limited number of hours in the schedule like linear TV.<p>I think there is an emotional difference also that plays a role here. With traditional TV, people I think were maybe more accustomed to the idea of "you get what you get". Don't like what's on? You can change the channel, but you can't pick out exactly what you want, so you have to get used to settling for "good enough". So you leave Law & Order playing in the background even if, really, police procedurals aren't something that inspire passion in you. But with streaming, there is the illusion of infinite choice. The magic of it is getting exactly what you want exactly when you want it, and the magic fizzles the moment the thing you like and very much want to continue watching gets unceremoniously cancelled. It feels like having a choice taken away.</p>
]]></description><pubDate>Wed, 24 Jan 2024 01:44:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=39112592</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=39112592</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39112592</guid></item><item><title><![CDATA[New comment by jurassic in "Netflix is turning into cable TV"]]></title><description><![CDATA[
<p>I don't follow it closely enough to know. I would assume because the child actors were aging out of their roles.</p>
]]></description><pubDate>Wed, 24 Jan 2024 01:18:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=39112408</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=39112408</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39112408</guid></item><item><title><![CDATA[New comment by jurassic in "Netflix is turning into cable TV"]]></title><description><![CDATA[
<p>> a graveyard of prematurely canceled originals<p>This is the crux of the issue for me. I lost interest in even trying new Netflix shows because they developed a reputation for cancelling lots of good, not great, shows with loyal followings because they weren't pulling in blockbuster viewership numbers on the level of Stranger Things. This spray and pray strategy is fundamentally disrespectful to the audience.</p>
]]></description><pubDate>Wed, 24 Jan 2024 00:31:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=39112028</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=39112028</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39112028</guid></item><item><title><![CDATA[New comment by jurassic in "Nightshade: An offensive tool for artists against AI art generators"]]></title><description><![CDATA[
<p>I hear what you’re saying, but I think maybe we just have different standards for what counts as acceptable quality.</p>
]]></description><pubDate>Tue, 23 Jan 2024 06:14:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=39100157</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=39100157</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39100157</guid></item><item><title><![CDATA[New comment by jurassic in "Nightshade: An offensive tool for artists against AI art generators"]]></title><description><![CDATA[
<p>I find this difficult to believe; no matter how small your camera is, photography is about light. Art reproduction photography is surprisingly hard to do if you care about the quality of the end result. Unless you can surreptitiously smuggle in a studio lighting setup, tripod, and color checker card… sure you can take an image in secret, but not one that is a good representation of the real thing.</p>
]]></description><pubDate>Sun, 21 Jan 2024 10:53:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=39077366</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=39077366</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39077366</guid></item><item><title><![CDATA[New comment by jurassic in "Multigenerational Living Often Makes Sense. That Doesn't Make It Easy"]]></title><description><![CDATA[
<p>I tend to agree. There’s too much room for subjectivity in this definition for it to be a useful statistic. Physical violence is relatively unambiguous and severe, but these emotional/verbal boundaries have no clear definition. My mother got insulted the other day when I added mayo to a sandwich she made for me because she finds it distasteful.<p>While verbal and emotional abuse are absolutely real, there are many parts of aging that inherently feel undignified. Are they really being talked down to or insulted in all these cases, or are they just being made to hear something they don’t want to hear? Like, grandpa, we love you but it’s best for everyone if you stop driving now. Mom, stay out of my bedroom (I’m an adult now and this is my house).</p>
]]></description><pubDate>Fri, 05 Jan 2024 17:29:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=38881800</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38881800</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38881800</guid></item><item><title><![CDATA[New comment by jurassic in "Ask HN: Has the tech recession affected you?"]]></title><description><![CDATA[
<p>If they ended the conversation after a modest ask like that, you probably dodged a bullet. I bet they are also miserly at every annual review.</p>
]]></description><pubDate>Thu, 04 Jan 2024 02:21:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=38862322</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38862322</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38862322</guid></item><item><title><![CDATA[New comment by jurassic in "Ask HN: Has the tech recession affected you?"]]></title><description><![CDATA[
<p>If you consider that almost nobody gets a job without going through some rejection, it is. It's a stochastic process, and every interview is another roll of the dice.</p>
]]></description><pubDate>Thu, 04 Jan 2024 02:02:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=38862219</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38862219</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38862219</guid></item><item><title><![CDATA[New comment by jurassic in "Ask HN: Has the tech recession affected you?"]]></title><description><![CDATA[
<p>Hang in there. Every rejection is bringing you one step closer to your ultimate goal.</p>
]]></description><pubDate>Wed, 03 Jan 2024 02:42:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=38850044</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38850044</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38850044</guid></item><item><title><![CDATA[New comment by jurassic in "Ask HN: Has the tech recession affected you?"]]></title><description><![CDATA[
<p>Of the people I know who got laid off in the last year, pretty much everyone got a job after seriously pursuing one for 3 or 4 months. By seriously pursuing I mean preparing, applying, networking, and interviewing for >20 hours per week. If you aren’t talking to people in your network to find warm leads and obtain referrals and introductions, you’re doing it wrong.<p>Things seem toughest for the very young. If you have <2 years of experience and get laid off, you are neither new nor experienced. That seems like a tough sell. Companies have a pipeline of new grads for junior roles and are hesitant to give bigger titles to people that are still relatively inexperienced. This goes double for anyone afflicted with imposter syndrome and unable to tell the story of their experience with a bit of salesmanship.<p>Also, even though more experienced folk are in great demand in general, finding the right role that aligns your interests and expertise with what a company needs and values is still a lot of work. You may be awesome, but you aren’t as interchangeable as somebody with say 4-8 years of experience. For leadership roles (staff+) hiring managers can get very picky and specific about what they want to see.<p>It’s best not to get discouraged by this but just recognize the rejections as a necessary step in the process.</p>
]]></description><pubDate>Wed, 03 Jan 2024 00:00:15 +0000</pubDate><link>https://news.ycombinator.com/item?id=38848907</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38848907</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38848907</guid></item><item><title><![CDATA[New comment by jurassic in "NY Times copyright suit wants OpenAI to delete all GPT instances"]]></title><description><![CDATA[
<p>I suppose part of the challenge here is that music and video content holds value much longer. Studios can invest in music and video content and see a return from the catalog over a long period of time as more enduring hits are produced and the duds fall away. But with news, they have to make the money on it now because yesterday’s news isn’t worth much no matter how expertly crafted.</p>
]]></description><pubDate>Thu, 28 Dec 2023 21:37:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=38798992</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38798992</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38798992</guid></item><item><title><![CDATA[New comment by jurassic in "What's up Python? Epic CPython commit, Django 5 and 2FA for PyPI"]]></title><description><![CDATA[
<p>Good to know, I wasn't aware. But if you're storing passwords, TOTP seed, and recovery codes all in the same shared password vault, it's not really multi-factor anymore. It's security theatre.</p>
]]></description><pubDate>Wed, 27 Dec 2023 21:54:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=38787252</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38787252</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38787252</guid></item><item><title><![CDATA[New comment by jurassic in "What's up Python? Epic CPython commit, Django 5 and 2FA for PyPI"]]></title><description><![CDATA[
<p>While I'm not against security and 2FA in general, making PyPI 2FA mandatory ahead of any kind of org support is a major pain for big projects with more than one maintainer. This week I was forced to link my company's pypi account to a personal device to unblock our latest release and now none of the dozen other maintainers I work with can get access. Things will get spicy if someone in my position were to die, leave the company on bad terms, etc and a big project can no longer be managed.<p>PyPI announced orgs back in April, but it seems they still haven't figured out the details on pricing, etc. No telling when those will roll out, but I sure hope it's soon. I'm cynical, but the sequencing of work here very much feels like somebody at Google (or wherever) wanted to push a big open source security project to advance their personal promo case rather than thinking through the needs of serious project maintainers.</p>
]]></description><pubDate>Wed, 27 Dec 2023 21:35:28 +0000</pubDate><link>https://news.ycombinator.com/item?id=38787040</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38787040</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38787040</guid></item><item><title><![CDATA[New comment by jurassic in "How we turned the tide in the roach wars"]]></title><description><![CDATA[
<p>I had the same experience in a big building. I basically rendered my own kitchen unsafe for human food preparation with all the poisons I tried, but still it hardly made a dent because there was a near infinite population of german cockroaches waiting to recolonize my unit from the walls and surrounding units.</p>
]]></description><pubDate>Wed, 27 Dec 2023 17:39:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=38784342</link><dc:creator>jurassic</dc:creator><comments>https://news.ycombinator.com/item?id=38784342</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38784342</guid></item></channel></rss>