Like what you see? Subscribe here and get it every week in your inbox!
Issue #147 - January 2, 2022
Here are the top threads of the week, happy reading!
1. Ask HN: How did my LastPass master password get leaked?
Top comment by ComputerGuru
Because LastPass is beyond stupid and uses your master password to log in to their bbulletin or whatever php forum.
That’s what got me to write and publish this: https://neosmart.net/blog/2017/a-free-lastpass-to-1password-...
EDIT: "or whatever" means I couldn't remember the name of the php forum notorious for its insecurity, I thought it was something like 'bbulletin'. It was phpBB.
2. Ask HN: What is your spiritual practice?
Top comment by sam0x17
100% atheism. Was raised some kind of protestant I forget which one, and derived tremendous spiritual and psychological relief when I realized all of that was absolute nonsense at the age of 9. I knew I was gay at the time and wouldn't come out until I was 18 or so, but my life just got a lot easier when I removed religion completely. I also recall discovering increased moral agency -- as a Christian I had been taught I could simply confess whatever and it would be forgiven (an idea I found laughable), and that the objective basis for making moral judgements comes directly from god (another idea I found laughable). As an atheist I was suddenly responsible for making my own moral judgements and conclusions (I had to decide upon my own objective basis for making moral judgements), and forgiveness was something I had to work towards myself (as in I had to forgive myself for things, which is not easy, but is incredibly rewarding) versus simply getting it for free from some nonexistent deity. All in all, was an incredibly positive change in my life, and I do believe there can be a weird sort of spirituality to 100% atheism that people don't really acknowledge.
3. Ask HN: Why doesn't YC list compensation for their own open positions?
Top comment by aerosmile
Here's the problem with non-deterministic conversations: everyone has an opinion (fair enough), and is willing to state it with the authority of a highly experienced subject matter expert.
In deterministic conversations, a naive opinion stated with a lot of authority would be shut down quite quickly (eg: many areas in programming where you can quickly prove something to be right or wrong). You can't do that in politics, business, and many other areas. As a result, we have about 8 billion politicians and business experts.
The author is making the assumption that listing a salary is connected to being a progressive business. A bunch of other people take this a step further and state how not listing the salary is a part of some conspiracy (in YC's case, apparently this is an attempt to lower the payroll costs of their portfolio companies).
The reality is that even the most transparent companies out there (eg: Gitlab) do not disclose individual salaries. No, it has nothing to do with some secret plan to underpay anyone or certain groups. It's simply a fact that people become incredibly irrational when it comes to compensation, and the minute you lay it out in the open, you open up a huge surface area for conflict. Last year we learned that encouraging political activism at work has a similar dynamic, and many companies have made that a no go zone as well. It's not because they are racist or don't care - it's because it takes a tiny minority of people to get the entire business derailed, and it's hard enough to keep that from happening in the best of times; once you add a catalyst like salaries or politics, it's like adding fuel to the fire.
But rather than ask ourselves why the leaders at Gitlab and millions of others companies have made the decisions they did, it's a lot easier to just make assumptions - "it must be coming from a bad place, so let me brainstorm what some of those bad places could be."
I'll take it a step further - Colorado State Senator Jessie Danielson would make you believe it's more likely that millions of companies are "bad actors" than that she just doesn't have the relevant experience in business to predict which way her bill was going to work out. Now that she's cost so many of her constituents lucrative remote jobs, it's too late to admit Mea Culpa, and instead it's everyone else's fault. If she was held a bit more accountable, the next time someone tries to bridge the gender pay gap they will hopefully spend some time interviewing and learning from people who have the relevant experience in hiring.
4. Ask HN: Who wants to collaborate?
Top comment by caseyslaught
I work for a national park in the Democratic Republic on the Congo as a tech lead. Some of the things we are doing: LoRaWAN for tracking and emergency response, ML to identify gorillas by their unique nose prints, and long-range drones for mapping and surveillance, and a management web app.
If you’re interested in conservation / sustainable development and associated technologies let me know! Always looking to collaborate and bounce ideas off others.
5. Ask HN: How to find a job in 2021 if I dislike remote?
Top comment by niemenmaa
Before pandemic I started working remotely and soon noticed that, like OP, working alone doesn't suit me.
I solved this by joining a co-working hub that offers offices to remote workers / entrepreneurs. My employer pays for the hub membership.
I drive to our offices around once a month, but rest of the time I sit in a room with an accountant and gym owner. They are fun to chat and go to lunch with but they don't interrupt me with work related things.
As a bonus I get to meet and hang with professionals in many different areas and I find that really satisfying.
If I change company I work for, I just get the new employer to pay for the office. If I need to move, I prefer cities that have this kind of co-working place.
This is quite doable, here in Finland at least and while it has some downsides, it has worked for me!
6. Ask HN: What’s the most outrageous belief you’re confident is true?
Top comment by mikewarot
Capability Based Security is the only way out of the current tarpit of insecurity that we find ourselves in.
Unix, and everything modeled on it assumes competent users running applications they wrote for their own use. Anything that follows this model can't ever be made secure without rendering it useless well before then.
Capability Based OSs can be just as easy to use as Unix, except for the core assumption that code is to be trusted. When I say capabilities, I mean fine grained ones, like access to a file, which could then even be filtered down to access to part of a file, or read-only, etc.. then passed on to other tasks that require it. It makes permission composable, like being able to make $16.23 from exact change, instead of handing your wallet to the cashier and hoping for the best.
Until Capability Based Security becomes the norm, no nodes on the internet are safe, and it will always be an excuse to clamp down on freedoms. If we are to have freedom, we have to migrate to Capability Based Systems, and then continue on to win the war for general purpose computation, which most people don't even realize is already in play.
If you're old enough, remember shareware and dual floppy drive PCs? You could try out anything, and not worry a bit, because you didn't risk everything to the code you picked up for $2 on a shareware disk, you could always return to a known state. Capability Based Security makes that possible, even with mobile code on the internet.
7. Ask HN: Have you found something you love to do? If yes how?
Top comment by honkycat
I'm not obsessed about "working for my passion" or anything like that. I have a good life outside of work, supported by my high paying programmer job.
I did a lot of job-hopping the past few years looking for the right place to work, and I finally found it. I look for companies that respect work-life balance, don't want me to work too hard, and have excellent engineering culture that values high quality work and has managed to retain their senior employees. I deliver great work, they make money off of the code I ship, everybody is happy. I can crunch every once in a while but we all understand that it sucks and isn't a long-term strategy.
My father was a funeral director & coroner. He would NEVER claim he "loves what he does", but he used his career to build a life for him and his family. I look at my career the same way.
What do I ACTUALLY want to do? Develop video games, make music, write fiction. But nobody is shelling out for that, and even if they are, I'm not good enough at it to compete. I know if I pursued any of my passions, I would have to work much harder for much less pay, and be treated much more poorly by my employer. I know my limits and I know that I cannot thrive in a situation like that, I've done it before, no thanks.
Part of growing older is mourning the person you could have been. If I had a time machine, I would have stayed in better shape, practiced guitar more, invested my time more wisely. But I can't, and honestly my life has turned out pretty great by trusting my instincts.
8. Ask HN: How did you move on from past experiences?
Top comment by Intermernet
There isn't a quick fix. Time is the answer.
My parents were murdered 16 years ago. I spent 10 years before I could adequately deal with this. CBT was incredibly beneficial once I found the right person, but it took a long time to find them.
The previous chapters of your life cannot be closed. They can only be learnt from.
Remember that life is short and you can waste a lot of it in a bad state.
Talk to friends, do memorable things, try to be a good person.
Do whatever works for you, and ignore negativity. Sport, learning, activism, religion? Whatever works.
Golden rule is don't harm yourself, and don't harm others.
9. Ask HN: How do you take care of yourself?
Top comment by Disruptive_Dave
Sometimes you have to crawl through a river of shit to come out clean on the other side. I have suffered from overachiever syndrome / high functioning assholeness for most of my life. Constant doing, constant striving, constant movement, rare moments of nothingness, rare moments of celebration. More hobbies than I can count. It all led to some decent career and life success. And also stress. And anger. And rage. And self-defeating patterns.
Eventually I began to learn how my mind works. Backed off the gas a bit. Took steps to do less, not more. Made a commitment to either go hard on an activity (new biz idea, project, hobby) or kill it. Focus became my north star. Free, open play with no agenda is my Atlantis.
Meditate. Therapy. White russians on a Tuesday morning. Read some Bukowski, some Vonnegut, maybe some Easton-Ellis.
The real breakthrough happened when I removed the attachment that had grown like an umbilical cord between me and work. I love work. I fear being anything less than perfect. Those were hard fucking opponents to tussle with. But I write this from the other side, and it's really comfortable here.
10. Ask HN: Favorite Podcast Episode of 2021?
Top comment by geocrasher
There are about 3 or 4 Darknet Diaries, but here's my fav. OK it's a tie:
https://darknetdiaries.com/episode/90/
Jenny
Meet Jenny Radcliffe, the People Hacker. She’s a social
engineer and physical penetration tester. Which means she
gets paid to break into buildings and test their
security. In this episode she tells us a few stories of
some penetration testing jobs she’s done.
https://darknetdiaries.com/episode/95/
Jon & Brian's Big Adventure
Jon and Brian are penetration testers who both worked at
a place called RedTeam Security. They’re paid to break
into buildings and hack into networks to test the
security of those buildings. In this episode they bring
us a story of how they prepare and execute a mission like
this. But even with all the preparation, something still
goes terribly wrong.