The internal logic of these claims is non-existent. During the actual campaign Hillary and her supporters were convinced Russia (the generic bogeyman of the western establishment everywhere) was shilling for Trump. After all Trump was a lot more friendly and Hillary was stating that she'd shoot Russian planes out of the sky over Syria, so such a motive would have at least made sense.

Now that whole narrative fell apart entirely. We have the head of famously anti-gay and conservative Russia posting LGBT memes and supporting Hillary, despite the risk of war between Russia and America should she have won.

Yet, the desire to believe is so strong, that like all conspiracy theories it's simply morphed into whatever the smallest step to fitting with new information is, that preserves the core. Now it's all a genius plan to "sow division" by posting pictures of fox statues made of shotgun cartridges. Quite why Russia specifically benefits from generalised "division" or why US culture needed help being divided is left unexplained.

This is exactly the behaviour you'd expect to see if people with strong motivations were looking at noise. Leading us to your last question:

how much confidence do we have these are Russian state sponsored ad?

We only appear to have Facebook's word for it. But you have to watch out. One of the subtle ways this conspiracy theory tends to morph and warp is the distinction between the Russian government and Russians. Even in the headline of this thread, note that it's "Russians" and not "the Russian government".

There are liberal Russians. There are conservative Russians. There are 144 million Russians, a little under half the population of the USA itself. If even 0.1% of them decided they cared about the globally-famous US election, and if Facebook had simply selected "ads paid for by Russians", then this is exactly what you would see - a mishmash of stuff with no unifying theme or agenda.

Or Facebook could have just made a mistake. The government asked them to find evidence of Russian interference, and let's face it, going back with "there's nothing there you are all delusional" is not a good political strategy. I'm sure they felt they had to find something.

For example, a key issue identified in this discussion is the perceived career risk of being friends with women at work. Stories have been shared about harmless comments that came back to bite innocent men years later, or being described as creepy, and of course, we've all seen the string of high profile men losing their jobs based on mere tweets.

An obvious action that could address this is for women to stop collectively insisting that they never lie and that they should be able to shoot down the career of any man based on nothing more than a complaint to HR. But there is no sign this will happen, why would people give up such power.

I've presented my sources. Why not go find counter-examples? I bet you'll find it's harder than you expect. But OK, I'll make my case more strongly.

Here's a simple exercise. Pick a buzzword, say blockchain, search for "women in X" and let's look at some of the top results.

https://www.womenontheblock.io/ - check out the speakers. The first is a PhD student in cryptography, not a bad start. But then there's a co-founder, another co-founder, another founder (of "Investing in Women" i.e. an activist), a lawyer, an actual software engineer! Sort of - in 2011 she was an intern, she spent two years doing support tickets and is now a PM, but hey, that's at least something. Then we're back to a lobbyist, another founder (of a foundation), another lawyer, "Chief Discovery Officer" whatever that is, lawyer, digital content lead, shareholder (?), co-founder, business development executive, CFO, lawyer, CTO of the World Bank Group whose background is actually management consulting and "thought leadership", sales, "human capital officer" etc etc.

You get the picture. I just worked down the list and of all the people listed, only two appeared to do anything actually related to writing software: a cryptography student and someone who spent a couple of years as a support engineer but then quickly moved into product management.

Notice the pre-ponderance of women calling themselves founders and co-founders. That's very common. They are not what HN readers would recognise as a startup founder. Often they've founded entities that don't do anything, or are just organising more "women in X" meetups, or in the rare case where they're making software, have partnered with men / outsourcing shops to do so.

Here's another example: https://www.blockchainbeach.com/live-2018-women-in-blockchai...

Look at the agenda. It starts with a basic intro to blockchain, ok, slightly technical but nothing you can't find on YouTube. But then we're right into a discussion of "her time in the middle east and dispelling misconceptions about women in that region" i.e. about general women's issues, not tech. Then a panel whose first listed topic is "social impact" and one of the members is a musician (at least two of the women do appear to be at least somewhat technical). Then a marketing pitch for some random alt-coin whose relevance appears to be mostly that the marketing person for NEM is a woman. Then a keynote on "diversity in blockchain" - women's issues/feminism again. Then a panel on "women empowerment and inclusion". Useful observations like "42% of all the women in the world do not have a bank account" (men's problems of course don't count). And so on.

Really, if you have never investigated these events before - don't bother. They are mostly just non-technical feminists complaining about men, engaging in outrageous sexism and generally making the whole feminist cause look bad.

Machines don't have empathy. They do not care about feelings. Code is harsh. So are professional code reviewers. Therefore if you're a programmer, you will in fact spend a lot of time dealing with nitpicking issues, finding sources for claims you make, debating alternative theories and so on.

If women can't even do that in debates they start then they should give up in being programmers. They won't make it and they won't get along with their colleagues.

I don't think they are incapable of such things, as I always get the impression posts like this one ("why can't you just respect her opinion") are actually written by men. But her compiler won't give her opinions automatic respect. Why should anyone else?

- Men strongly discouraged or banned from participating.

- Many of the attendees are "women in tech" but not "technical women", it's common to see women who describe themselves as co-founders, activists, HR staff and so on but relatively rare to find someone who actually spends all day banging out code.

- As a consequence of the above most of the talk at these events revolves around gender politics, not tech.

Source: girlfriend has learned to code and attended one or two meetup events advertised as being for women in tech, also from reading agendas or blog posts about such events.

Meanwhile the men are creating inclusive events that focus on knowledge sharing about hard tech topics. They use what they learn to build new things, they scope out each others talent and form professional relationships that can be used to build companies. True geek girls go to these events and are in the minority. The rest self-select out and create the exclusion they then blame men for. I have no sympathy.

Most of the people on my CS course hadn't programmed before, and they mostly all passed. But many of them couldn't code at graduation and went into non-programming jobs.

They passed anyway because the university carefully rigged the course to ensure it was possible to get good grades despite being unable to write any sort of non-trivial program. After all what are they going to do, constantly fail 90% of their class and attract questions about their own competence as teachers?

For what it's worth, I agree that the post was ridiculous - Musk's behaviour is dumb and with every week that goes by I expect reality to catch up with him more and more. But I don't think the HN community should be flagging and killing posts for being naive and un-business-like. I struggle to identify what rule was broken there, and (supposedly) west coast "money is free" bias is not a good reason to suppress someone's post from being visible.

The enhanced versions compile to faster code, pretty much. You can do without them if you don't want to pay.

I suspect you aren't quite sure about what "support" means here. It doesn't mean your app suddenly stops working one day. For most apps it'll make no difference in fact.

"I found what looks like a flaw in a system but I didn't try to exploit it for real, look how clever I am"

So his mate registered a company with the same name as another company and got an EV cert. Well done. Everyone knew that was possible already, at least everyone who has gone through the process. It doesn't matter much:

1. Ian wasn't actually a phisher or criminal. If he had been, and had used that EV cert to phish Stripe customers, he'd have been reported to the police using the details from the CA and possibly prosecuted. Bear in mind he had to register a company in the USA, not Kazakhstan.

2. Therefore in reality it is very rare for phishers to use EV SSL certificates. Actually I've never seen it.

So is this a demo that the system is horribly flawed? I don't think so. It's rather similar to people who send 10 spams to some accounts they just registered themselves and claim they've found a way to beat a spam filter so the whole thing is useless ... well, no, you weren't actually a spammer so the filter did the right thing. You're testing a flaw you think sounds realistic but isn't. Another common case of this, someone who beats a DRM system on a game 6 months after it was released and then talks about how useless copy protection is, not realising that after 6 months almost all sales happened already so the system worked just fine from the developers perspective.

What about revocation? Is the CA exercising undue control here? Probably not. CAs have language in the contracts you agree to at the time about how you're not trying to misrepresent yourself as if you were someone else. Ian's argument that he registered a name that happens to be identical to a well known payment processor, but in another state, is technically correct, which is of course the best kind of correct. But the underlying purpose was clearly impersonation, which is a violation of the agreements and thus not only grounds for revocation, but to not do so would rather undermine the whole system - why should Ian get away with it when others do not?

If stripe.ian.sh had been an actual operating company that happened to have experienced an unfortunate naming conflict with the other Stripe, I bet the CAs would not have revoked. They'd have found some reasonable solution - probably by letting the cert continue, on the grounds that no malicious behaviour was taking place in violation of the agreements. But it wasn't - it was just a dummy site.

Overall I don't understand Scott or Ian's point. Yes, legal names aren't globally unique. Did anyone think they were? Yes, Chrome's EV UI is rubbish and the big players other than Apple tend to have an institutional dislike of EV certs because of historical clumsy attempts at market segmentation pricing by CAs, that were totally unreasonable for companies with lots of servers. Yes, EV is imperfect.

The alternative though is paypal-customer-centerr.com ... which is better, how, exactly? It isn't.

If Scott Helme or Ian Carroll don't like how EV works today, why not go find actual criminal abusers and propose specific improvements that would stop them - perhaps making Chrome's address bar work more like Safari's. Otherwise this is just another blog pointing out security stuff that doesn't really matter.

OpenJDK is Oracle. They're the same people. If Oracle stop releasing bug fixes to the open source project OpenBSD isn't going to step up and suddenly start doing backports all themselves.

As far as I can tell, the reason Oracle is the sole maintainer of Java is mainly historical (Sun legacy) and because no one felt an urge to do anything about it before. I'm sure it's going to change now.

Why? Neither Google nor IBM particularly require Java bug fixes from Oracle. Google maintains an in-house OpenJDK already and IBM actually maintains an entirely separate JVM. Also Google is hardly famous for its long term commitment to stable APIs and old versions of software, quite the opposite.

It doesn't make much sense for a company to pay for the expensive work of finding, fixing and backporting bug fixes to years old software .... all for free.

How is that even remotely unreasonable though?

The game example is poor for a different reason; Oracle don't seem to care about desktop apps anymore and they want you to bundle the JVM with your app anyway. Hence new tools like jlink and javapackager.

The point of the new warnings is to try and start slowly weaning the Java ecosystem off the use of internal APIs, something to which it has become quite accustomed.