leodeid's comments

Sure, but it is still a valid 'char *' :)

I haven't touched C in years, but here's my descending "wtf" list:

1. Returns pointer to stack-allocated data, which immediately becomes invalid. Instead, it should be using some sort of allocation (e.g. 'malloc'), or taking in a destination pointer.

2. 'r' is arbitrarily set with length 100. Smaller strings don't need all that space, and larger strings definitely will overrun.

3. The function signature is really awkward. Without any of the surrounding textbook content, I'm not sure what behavior is supposed to happen. At first, I expected something like 'strcat', which takes two char* and appends the second one to the first one. But that isn't happening here and instead it seems to require dynamic allocation. (Hiding allocations inside a function is generally kind of weird. Usually the caller should be responsible for passing in a handle to the destination.)

4. There's no sensical limit on the loop iteration. If the input 't' doesn't have a null terminator, this is going to throw a ton of garbage into the stack space (because 'r' is stack-allocated to a fixed size). And also maybe run for a really long time.

5. 'strcpy' should usually be replaced by 'strncpy', which performs the same function but also requires you to provide a limit ("copy this string, but at most 'n' bytes"). That prevents a class of exploitable errors known as "buffer overruns". I don't know when the 'n' string functions were added to C or became popular, though.

This is a teaching exercise, so the fact that this is implemented as a separate function instead of calling 'strcat' from <string.h> doesn't seem like a big problem.

The "vaccine" you refer to here is racotumomab. It's not a vaccine in the common-parlance sense ("prevents disease"), but a different immunotherapy treatment which is only approved for use in Cuba and Argentina. I'm mildly curious why it doesn't exist in the US. All of the clinical trials in the USA which I can find on that drug are either incomplete[1] or completed-but-without-results[2][3][4]. For all of those trials, "Laboratorio Elea" is the sponsor or a collaborator, so I presume they have the rights to the drug in the USA. That's apparently a company out of Argentina[5]. I don't know why they seem to have given up on getting the drug approved in USA, but wikipedia says "[a study] is underway in Argentina, Brazil, Cuba, Indonesia, Philippines, Singapore, Thailand and Uruguay", though the citation for that seems incredibly suspect[6].

[1] https://clinicaltrials.gov/ct2/show/NCT02998983

[2] https://clinicaltrials.gov/ct2/show/NCT01460472

[3] https://clinicaltrials.gov/ct2/show/NCT01598454

[4] https://clinicaltrials.gov/ct2/show/NCT01240447

[5] http://www.elea.com/

[6] https://en.wikipedia.org/wiki/Racotumomab#Clinical_trials

Check out the cancer.gov page[1], which does a decent job of giving an overview. The drug in question, pembrolizumab, is a monoclonal antibody (you can tell because the name ends with '-mab'), and you can read more about how those work on this page[2].

[1] https://www.cancer.org/treatment/treatments-and-side-effects...

[2] https://www.cancer.org/treatment/treatments-and-side-effects...

Palantir.net is not the same Palantir everyone is talking about here. Palantir.net seems to be a website consultancy for drupal-based sites.

Palantir.com doesn't seem to have anything referencing the source of the name.

Submission which links to the underlying MIT News source: https://news.ycombinator.com/item?id=16401904

Maybe it is a reference to the Rick and Morty episode "Anatomy Park". http://rickandmorty.wikia.com/wiki/Anatomy_Park_(episode)

In the intro, it is stated that "literally five or less" cities do not have these monetary problems. I'm curious what those cities are, and why are they special. If the answer isn't "they've always used accrual accounting", I don't buy that most cities are doomed due to accounting problems.

I would be surprised, to be honest, if more than half the american population knew that a nuclear power plant literally cannot blow up like an atomic bomb. However, I can't find any information to support either of our gut feelings. All of the polling information is of the form "how much do you like nuclear" or "what is the best non-fossil fuel power source". I'd love to see answers to "why do you think nuclear energy is a bad idea" or something.

Yes, yes, the best time to plant a tree was 20 years ago, the second best is today. Is nuclear any different? I am unaware of anything about nuclear energy that would have worked 20 years ago but is a bad idea to do today.

Thank you, this explanation made a lot more sense to me.

I read the wikipedia page and that "what is TRIZ" article, and I still don't understand what it is. At times, it sounds like an automated program (especially with statements like "More than three million patents have been analyzed to discover the patterns that predict breakthrough solutions to problems"). But at other points, it seems like a human-centric problem solving strategy, but without the strategy. It describes problems and then solutions without any discussion of the in-between.

Do you have experience with TRIZ? What "is it" to you?

This (and the other) article seems to be adamant that the study was horribly put together. Was the intent of the original study merely to determine the efficacy of screening? That sounds like a really really weird study to want to run, as I'd think you can just get that from already existing cases. (I'm not a medical research person, but I'd expect that there's some cancer.gov database of diagnoses/histories/outcomes that you could chew on.)

I don't know how the Gates Foundation functions, so the level of which Bill should be implicated in the failings of this study are unclear to me. It sounds like the study would have been fairly inexpensive, and thus relegated to maybe just a footnote on one afternoon for Bill.

The eugenics-style arguments seen up in the parent comment seem to be a result of over-extrapolation of his "Innovating to zero" TED talk[1]. He alludes to, but does not cite, statistics correlating quality of life, health, and number of children. I also cannot find a concrete source, but playing around with wolfram alpha, it seems like there is at least a correlation according to their datasets[2].

[1] https://www.ted.com/talks/bill_gates/transcript?language=en#... [2] https://www.wolframalpha.com/input/?i=life+expectancy+%7C+ch...

That was a rather entertaining article, both for the story, but also for the subtext about the dangers of SIGINT-only intelligence gathering. The NSA hoovers up everything it can get automatically, but that data is used without context. In this story, the context of being a diplomat, the context of being in Pakistan, and the context of being conversational partners with a HUMINT source.

I'm sure the NSA is (at this point) aware of this problem, and trying to make the collected data more context-aware. I wonder to what extent the content of just phone calls, texts, emails, and facebook posts can be used to learn small-group dynamics. (Like the fact that the people of E-7 in the story consider talks of a Pakistani coup to be normal idle dinner talk.)

Can you explain the part about injury recovery? Are you not allowed to take the medications because it would stress your kidney too much? (Also, do you mean NSAID drugs, or are there issues with pretty much all anti inflammatories?)

What are some of the things that you find yourself needing to advocate for yourself about? Isn't long term care just annual creatinine level tests (which looks like a simple blood draw)?

Nit: The inalienable rights of "Life, Liberty and the pursuit of Happiness" is in the Declaration of Independence. None of those things are broadly recognized as rights in the Constitution. I have been unable to determine to what extent referencing the Declaration of Independence is permissible in questions related to constitutional law. I'm inclined to believe that it depends on the party involved. (Scalia certainly objects to Declaration of Independence having legal sway [1]. Surprisingly to me, Clarence Thomas goes the other way [2].)

[1] https://www.law.cornell.edu/supct/html/99-138.ZD1.html [2] http://www.nationalreview.com/bench-memos/373697/clarence-th... - I wasn't able to find a clear opinion from Thomas citing the DoI, but I am not good at searching through opinions.

Seems that the requirement being due to the Widener family donation is apocryphal[0], but still an interesting idea. Also, that source suggests that there was a swimming requirement for all students only from fall 1970 to spring 1975. It wouldn't surprise me to hear that it wasn't officially required in 1976 but was effectively compulsory for anyone without a "legitimate" dispension.

[0] http://asklib.hcl.harvard.edu/faq/81791

I'm a little confused about the point here. Security researchers often hunt down bugs that are deemed esoteric or state-actor only. Security researchers are often the sort of people who would do things like stalking. Therefore we need security researchers to find security flaws so other security researchers can't use them?

If that is the point, it seems to humanize the problem space in a different sort of way. Security researchers are people, too. Some are "good", some are "bad", but most people are in between. But instead of framing your work on targeted individual attacks as a journalist being targeted by a state-level actor, realize that there are other researchers out there with your same very specific set of skills which would allow him/her to target someone of their own choosing. In this example, perhaps the researcher is vindictively stalking an ex.

Outside of that, though, I can't help but think that there is a much more interesting and broader point about the humanity that is affected by the work you do in both security and privacy. If you consider people who are not as skilled, but still as vindictive, malicious tweets from fake accounts multiple times per day is pretty bad. Couples that share passwords can end up really enabling this vindictive behavior. (gasp who would ever share passwords to something private like that? Perhaps an abusive partner demands access to email and hangs onto a recovery key.)