dannyincolor's comments

As usual on HN, I find the pragmatic response about 3 pages down in the replies to an extremely hyperbolic top-level comment.

I also don't want to diminish the concerns around Github or similar orgs losing control of a private key, but the far more realistic concern for the vast majority of threat models is often put to the wayside in favor of what amounts to a scary story. Rather than the straightforward key removal and replacement that this should be, I (and surely many others) have spent all morning combatting this specific FUD that cropped up on HN with leadership and many engineers. It's actually quite detrimental to quickly remediating the actual concerns introduced by this leak.

I understand that security inspires people to be as pedantic as possible - that's where some big exploits come from on occasion - but I really hope the average HN narrative changes toward "what is your actual, real-world threat model" vs. "here is a highly theoretical edge-case scenario, applicable to very few, that I'll state as a general fact so everyone will now wonder if they should spend months auditing their codebase and secrets". Put simply: this is why people just start ignoring security measures in the real world. Surely someone has already coined the term "security fatigue".

It's all just a bit unbalanced, and definitely becomes frustrating when those suggesting these "world is burning" scenarios didn't even take the available precautions that apparently would satisfy their threat model (i.e. commit sigs, as you suggested)

Ok, end rant :)

Most services I use integrate Plaid. I believe Plaid is just a federated authentication glue that accesses your bank's systems and is granted access to account balances and ACH details (routing/bank account numbers).

It always struck me as an odd product, since I can just plug my ACH info in directly, but it does provide some level of convenience by allowing, say, a roboadviser app to show the embedded balances of my other accounts.

I feel like the branding really shot it in the foot. If they'd named it something less "startup-y" sounding, and marketed it as secure, instant transfers backed by the banks themselves, they might be in a better position.

I still use it all the time since it's a superior to any other offering for instantaneous high-dollar transfers, but it always feels like a "Venmo got embedded in my banking app" type of interface vs. "my bank is offering a direct payment service to it's other networked banks".

Hard to define, but I do think the marketing/branding/rollout were more to blame than the merits of the service itself (IMHO, Zelle is great).

So, the current situation if you get scammed via Venmo/PayPal or other electronic payment methods is for the FBI / local law enforcement to subpoena the provider for records about the incident.

Now, imagine all that data is sitting on Federal servers by default. No subpoena required, and fraud systems would be integrated directly with investigative services at the Federal level. This integration should strike fear in the heart of anyone who currently scams via 3rd-party payment providers.

I am bothered that fraud isn't directly addressed in this page, but it's only an FAQ and it'd be silly to think the Fed wouldn't build industry standard (or better) fraud protections into a system they're building from scratch.

A direct link to the source code, for those interested: https://github.com/AdRoll/rustenstein

Unrelated, but just curious: Why did you get rid of a car because of a bad battery and a $100 part?

I didn’t know about Walmart’s innovation labs til recently. Might not be as innovative as I think, but it certainly changed the way I view them.

Agreed. And a big part of this is a person’s definition of perfect weather.

I’m in SoCal just coastal enough to not get very high highs, but lows rarely pass 55. But, if SF was exactly the same price, I’d prefer that weather by quite a bit (even though anywhere SF to TJ is leagues “better” - by my definition - than the weather of the state I moved from).

I just love that cozy but not-too-chilly climate of SF, ah. Perfect thinking/studying/hiking/reading weather for my tastes.

Back at ya! I also don’t agree with all the laws either, btw, but overall I found them far less onerous than they were hyped to be by my IDPA (sport shooting club) friends asserted.

And yeah, I think being a transplant really helps; it’s easier to realize just how unique the climate and culture truly are. And that applies to any other state where one is a transplant to: I think a big part of this conversation that’s missing is the whole “grass is greener” effect. CA has more population than anywhere else, so we have the most natives by definition (or at least close enough that my point stands - I know the birth rate is below the national median here, but I’d suspect the population outweighs that effect). It’s only in leaving the Midwest that I appreciated some things I overlooked there, but none of those were in the areas of personal freedom (e.g. my city had an amazing food scene and I didn’t know how much I’d miss the unique spirit of that scene).

I do think people make it into this “competition” almost, which is a really odd reflex to me, considering this country has freedom of movement and you can just hit up any of 100s of sites to find a place with the right balance of laws for your lifestyle, costs, diversity, etc.

It’s the furthest from a zero-sum game, in other words, and that argumentative spirit seems like it could be easily replaced with a cooperative one.

Makes me want to start a national real estate/moving consulting company where it’s all focused on finding the perfect place for your specific interests and price point, but I digress

As were most laws that are now criticized. We actually have a huge amount of Conservatives in CA. It’s far from the leftist whatever-the-heck you probably hear.

Make sure you can afford the few % more you’ll pay in taxes and you’ll be just fine! It was negligible compared to my Midwest home state’s taxes; I was genuinely surprised by that after hearing so much negativity about the place and it’s laws.

Come visit sometime, there’s a place for everyone here and housing will snap back after our pandemic precautions phase out.

Also a gun owner in CA. Came from a state with open carry/no license needed.

I found CA’s laws to be quite reasonable; I was told all variety of stories about guns being taken from my home when I told people I was moving out. Weird stuff.

I think CA is highly demonized and I don’t really get it, even as someone originally from a very conservative (and also evangelical Christian) background/area.

I actually live in a very ethnically diverse area that’s about 50/50 red and blue, and right near the ocean in SoCal. Love the diversity in this state!

*asking people to.

Also, public health policies have to track with population density.

This would be a massive encroachment on freedom in rural Texas or somewhere of that nature, but is a reasonable ask in the most populous city in the country.

How is public transit in Austin? Scalable for urban sprawl? I don’t know much about it from an on-the-ground POV

That is correct.

Source: just bought my first home in CA. Taxes were surprisingly reasonable

I think they said “the environment”.

Whether that’s important to you is - as always - completely up to you in this country. I don’t understand the animosity between different states; we can all go wherever we fit best and that’s a great thing.

Nothing wrong with wanting a big house, but also nothing wrong or coercive with mentioning it has environmental impacts

You are correct; Walmart actually does have some nice innovation labs around the country doing some great work.

Forgot about that and Walmart is an easy target for a lot of things :)

Why do you think this is? I find it really bizarre.

My own family in the Midwest kind of passive aggressively implies that they hope I “feel the effect” of these “oppressive laws” and I’m out here shooting guns, enjoying the desert on HOVs, and visiting Yosemite to bask in the beauty. Oppression seems like the last thing I’ve found here, honestly.

Like what grinds people’s gears so hard about CA? Really would love a clear answer

I always wonder if these commenters even live here? I moved from (edit: one of) the most deregulated states in the Union to CA and I have yet to see any tangible example of this.

I’d like to know what specific events or changes or limits on freedom are being referenced. I’m even a (very prolific) gun owner, and found CA’s laws to be perfectly reasonable for my self-defense and hunting/sporting needs.

Seems like a lot of anti-CA hype so far; perfectly fine with being proven wrong, but just don’t see the real world evidence to back these claims.

I imagine we will just have more innovation centers. Nothing wrong with that and certainly not deserving of the “California is dying” hype

Ironically, a ton of SV companies have been working on ways to keep drivers employed (and possibly even better paid, plus a safer job closer to home).

Regularly overlooked when SV is being demonized for automating jobs though, naturally.