f-'s comments

Well, potato is one of the higher-calorie crops, and one pound contains around 350 calories. If you produce 3,120 lbs a year, that gives you about a million calories.

Now, let's assume a family of three - an average person needs around 2,000 kcal a day. That's 2,000 * 365 * 3, or around 2,200,000 kcal a year. So, you come quite a bit short. And that's on a good year; you're gonna have bad years, too.

Also a function of climate and soil. In the 19th century, settlers in the plains - Nebraska, Wyoming, etc - often couldn't make it work on 640 acres granted by the government. In contrast, there are eastern states where 20 acres would be more than enough.

(Farming in the West is now much more viable thanks to deep wells and mechanical irrigation, but that's a capital-intensive and resource-intensive approach that works best at a scale.)

If you do that, you're merely trading one grievance for another: "evil company marked my bug as duplicate to avoid paying" for "evil company claimed to have gotten duplicate reports to weasel out of paying the full amount". More people upset, although individually, maybe to a lesser extent.

The core issue is not the reward division algorithm, it's the inherent lack of visibility. One solution here would be to just open all reports after a while, but this creates problems of its own. One is that it gives ammo to people engaging in dishonest or clueless PR. Another is that some researchers don't actually want visibility, because their employers have murky rules around such engagements, or because they have some far-off disclosure timeline in mind (as a part of a presentation at a conference, or whatnot).

As a photographer, the comparison to "raw" results without color balance or noise removal seems somewhat deceptive. The effects visible in the video seem easy to quickly replicate with existing techniques, such as the "surface blur" filter that averages out pixel values in areas with similar color.

This happens at the expense of detail in low-contrast areas, producing a plastic-like appearance of human skin and hair, and making low-contrast text unintelligible, which is why it's generally not done by default.

One of my design goals for AFL was to make it very simple to use - because there's plenty of fuzzers that work OK when you dial in 50 knobs just right, but fail spectacularly otherwise - basically ensuring that nobody but the author can really use the tool to its full capacity.

While AFL++ is cool, it sort of ditches that philosophy, giving you a lot of options to tweak, but not necessarily a whole lot of hope that you're going to tweak them the right way. So, that's one gotcha to keep in mind.

(Author here)

The funniest part is that this ugly hack kept working across platforms for many years; whereas when somebody else implemented a "proper" integration with the clang / llvm API, their solution proved to be extremely fragile. The API wasn't stable between compiler versions, and because it wasn't really used much, it had all kinds of bugs, including being outright unusable at times.

Also, most distros packaged clang in a way that made it impossible to compile the plugin, because of missing or mismatched headers, missing companions tools, etc. So you had to download and rebuild the whole compiler, which took hours (and that's if you didn't get stuck in a dependency hell).

So yeah, this was very much a lesson in "worse is better".

Does objective reality exist, my friend?

Disappointed that my LD_PRELOAD exploit - still unpatched after 20 years! - did not make the list:

http://lcamtuf.coredump.cx/soft/ld-expl

You can refuse to accept an inheritance. It goes to whoever is next in line. If everybody refuses, the state gets to keep it.

"The Population Bomb" was a pretty fashionable scientific prediction back in the 1960s which had a significant following in the academic and policymaker circles at the time.

It extrapolated from data about population growth, farmland capacity, etc, to reach the irrefutable conclusion that there is going to be mass starvation and famine in the 1970s. It led to calls for China-style population controls, to articles about whether it's ethical to have children, etc.

What happened instead is that population growth has slowed down quite a bit without government intervention, and that we've gotten a lot more efficient at growing food.

This does not prove anything when it comes to climate change, but is an interesting anecdote.

I'm no expert, but "blackmailing a bomber" does not sound like a particularly solid business plan...

Hey - I'm the author of that page. Your comment is a common misconception, but the animal pictured is actually a golden-mantled ground squirrel. You can tell because the stripe doesn't extend to the eye. Thank you for subscribing to squirrel facts!

Yeah - you can actually implement surprisingly complex motion by nesting <marquee> tags with different directions, speeds, etc.

I posted this long time ago: http://lcamtuf.coredump.cx/marquee.html

Not long ago, a significant proportion of the scientific establishment - along with a number of celebrities and policymakers - believed that the "population bomb" is an inevitable, imminent, and apocalyptic threat. There was talk of "point of no return", calls for worldwide China-style fertility restrictions, and so forth.

Instead, what happened over the past several decades is not just a drop in birth rates, but also dramatic improvements in our ability to grow cheap food at a scale (something that the article doesn't really talk about).

So it is a very interesting take to claim that the population bomb has been "defused" - since this implies it wasn't an episode of pathological science flirting with mysticism (with frequent allusions to the pristine "natural" order contrasted with the evils of Man), but just some sound science that turned out to be a bit off.

(Please don't read into this as a critique of any contemporary scientific debates; that's not my point, but I think we should be more willing to recognize our past mistakes.)

Change jobs, probably? A toxic environment like this will not make you happy, and you can't easily fire your boss. The good news is that if you're working in IT, you probably have the luxury of being able to go somewhere else with relative ease.

On that topic, I'm a huge believer in a degree of financial independence, a rainy-day fund [1]. When you don't have to worry about having money for next month's rent, it really changes your outlook on things and makes it easier to make decisions that are just or right for you, without stressing over every possible misstep. And it's pretty easy to build such a fund [2].

[1] https://www.thebillfold.com/2016/01/a-story-of-a-fuck-off-fu...

[2] http://lcamtuf.coredump.cx/prep/#3.1

[Author here]

I don't there's a single answer. The "right" path is usually some combination of soft and hard skills, persistence, and dumb luck. Skill and persistence come into play because to a large extent, you are the master of your destiny, corporate or otherwise: you can settle for what's expected of you in a role, or you can go above and beyond, trying to find and fix pressing problems that others didn't even know they have, trying to help others grow, persuading other groups to give you the tools you need, and balancing it all with the reality of the business... Rinse and repeat enough times and you will probably be noticed for good judgment and the ability to get stuff done.

Now, dumb luck comes into play because to some extent, it's also a matter of being at the right stage of your career at the right time and in the right place. In some companies, especially smaller ones, there might be no way to become a manager or a director until somebody retires or is forced out. And if you miss that window, it might be several years until another opportunity to advance presents itself.

As with any other role, there are also many "wrong" paths, depending on the culture of the company; favoritism, cronyism, political horse-trading, bamboozling people, and so forth. But realistically, such things are less common than most people think. It's just easier to be cynical about others than to acknowledge our own personality flaws. We all have some, they weigh us all down; we just need to find a way to work around them and hope for the best.

I'm not working on one right now and have not talked to the publisher about it. So not in the next couple of months. In the longer haul - maybe probably?

The $100k+ price tag of top-level domains is prohibitive enough to discourage abuse and to allow them to individually review applications and reject anything even remotely problematic or questionable. In other words, life goes on at this point.

If they ever decide to relax the rules, it may become a bigger deal.

(I'm the author of the book in question.)

I think it happened quite a bit earlier (perhaps 2005 -> 2010), at least when you look at some of the "prime" web properties. Gmail or Google Docs in 2010 were already pretty close to what we have today. Hard to believe, but XMLHttpRequest actually dates back to 1999! JSON isn't much younger.

I don't think the models of web development have changed dramatically since the publication of TTW. There are some other, more incremental changes that aren't reflected in the current edition - there are two examples in my other comment here (Service Workers, parser harmonization, etc) - but by and large, the content should be still largely relevant.

(I'm the author of the book.)

Some things have changed for the better. For example, there's been a push to harmonize the behavior of some of the core parsers and APIs. Say, we now have less variability in how HTML is handled across different browsers.

On the flip side, there are also several new APIs and JS features that have some scary security implications. Service Workers come to mind.

The near-complete demise of Java and Flash are the two other major changes since 2011.

Either way, the book should still give you a very robust understanding of the fundamentals (and a mental framework to evaluate the dangers of some of the new stuff).

Because it's almost certainly true? I'm not trying to invent some sinister conspiracy, but most people on HN and otherwise acquired an exaggerated perception of the effects of nuclear war after being exposed to pop-cultural portrayals of it - chiefly in the movies.

Some of these portrayals were exaggerated simply because it resulted in a better story, but some were almost certainly colored by anti-war and anti-proliferation sentiments predominant among the cultural elites of that time. This wasn't coordinated or meant to advance some sinister agenda, but for better or worse, it skewed our understanding of what we can do in the unlikely case that any ICBMs actually fly.

An argument can be made that another factor was the government's desire to discourage the Soviets from ever trying to attack us, but I'm unconvinced - their generals, politicians, and nuclear scientists sure had a more realistic understanding of what would happen. Besides, the anti-nuclear and anti-war sentiments hurt the government in many other ways (nuclear power generation, nuclear weapons testing, Vietnam...).

Now, I'm not particularly angry at that, and I sure loved Dr. Strangelove.