Contents^

Table of Contents
date title user score
2021-10-26 11:13:21 Is college worth it? A return-on-investment analysis paulpauper 128
2021-10-14 14:54:06 Show HN: OtterTune – Automated Database Tuning Service for RDS MySQL/Postgres apavlo 164
2021-10-24 10:14:11 Despite having just 5.8% sales, over 38% of bug reports come from Linux otreblan 1265
2021-10-24 16:26:23 Arrow DataFusion includes Ballista, which does SIMD and GPU vectorized ops westurner 2
2021-10-21 02:51:09 Parsing gigabytes of JSON per second signa11 139
2021-10-21 15:14:23 Fed to ban policymakers from owning individual stocks awb 576
2021-10-21 10:52:11 Hardened wood as a renewable alternative to steel and plastic Tomte 314
2021-10-20 03:27:50 Investors use AI to analyse CEOs’ language patterns and tone pseudolus 109
2021-10-09 19:15:34 Graph of Keybase commits pre and post Zoom acquisition 0des 348
2021-10-19 17:57:29 Single sign-on: What we learned during our identity alpha open-source-ux 145
2021-10-19 14:23:13 Five things we still don’t know about water Anon84 302
2021-10-19 19:45:09 New Optical Switch Up to 1000x Faster Than Transistors ofou 267
2021-10-17 21:00:38 Show HN: I built a sonar into my surfboard foobarbecue 332
2021-10-15 18:29:05 Cortical Column Networks RageoftheRobots 49
2021-10-05 07:30:30 Startup Ideas luu 223
2021-10-05 13:15:42 It is easier to educate a Do-er than to motivate the educated tosh 448
2021-09-30 09:59:40 Are software engineering “best practices” just developer preferences? floverfelt 316
2021-09-30 10:50:30 Major Quantum Computing Strategy Suffers Serious Setbacks elsewhen 90
2021-09-29 09:27:45 Attempts to scientifically “rationalize” policy may be damaging democracy anarbadalov 235
2021-09-29 04:18:46 Response to 'Call for Review: Decentralized Identifiers (DIDs) v1.0' lorn3 86
2021-09-29 18:01:08 Apple didn't revolutionize power supplies; new transistors did (2012) Rondom 208
2021-09-27 18:02:51 What does my engineering manager do all day? mooreds 187
2021-09-23 12:29:15 Using two keyboards at once for pain relief ruffrey 349
2021-09-22 10:52:56 Waydroid – Run Android containers on Ubuntu pabs3 684
2021-09-16 11:36:55 Biologists Rethink the Logic Behind Cells’ Molecular Signals theafh 104
2021-09-16 23:47:13 The Shunting-yard algorithm converts infix notation to RPN westurner 2
2021-09-16 23:46:10
2021-09-13 20:13:29 How should logarithms be taught? raviparikh 34
2021-09-15 12:12:35 Automatic cipher suite ordering in Go’s crypto/tls FiloSottile 122
2021-09-14 04:50:14 Scikit-Learn Version 1.0 m3at 260
2021-09-14 09:11:22 Signed Exchanges on Google Search oedmarap 5
2021-09-11 17:43:17 AlphaGo documentary (2020) [video] rdli 248
2021-09-11 11:16:26 Interpretable Model-Based Hierarchical RL Using Inductive Logic Programming YeGoblynQueenne 66
2021-09-13 07:41:02 Ship / Show / Ask: A modern branching strategy NicoJuicy 157
2021-09-13 13:38:02 Show HN: TweeView – A Tree Visualisation of Twitter Conversations edent 55
2021-09-11 15:07:03 Wireless Charging Power Side-Channel Attacks tosh 68
2021-09-11 15:07:11 How We Proved the Eth2 Deposit Contract Is Free of Runtime Errors michaelsbradley 179
2021-09-12 08:36:03 Physics-Based Deep Learning Book Anon84 195
2021-09-10 03:38:41 Ask HN: Books that teach you programming languages via systems projects? Foe 204
2021-09-04 16:40:30 How you can track your personal finances using Python siddhant 140
2021-09-09 17:22:35 CISA Lays Out Security Rules for Zero Trust Clouds CrankyBear 6
2021-09-09 07:53:55 Show HN: Heroku Alternative for Python/Django apps appliku 183
2021-09-09 13:33:54 SPDX Becomes Internationally Recognized Standard for Software Bill of Materials warp 10
2021-09-07 03:35:39 Show HN: Arxiv.org on IPFS hugoroussel 238
2021-09-04 13:46:05 New Texas Abortion Law Likely to Unleash a Torrent of Lawsuits Against Education gamontserrat 118
2021-09-02 20:25:43 DARPA grant to work on sensing and stimulating the brain noninvasively [video] grawprog 83
2021-09-02 19:55:58 New Ways to Be Told That Your Python Code Is Bad nickdrozd 102
2021-09-03 05:14:58 Web-based editor pjmlp 564
2021-09-03 06:48:06 GitHub Copilot Generated Insecure Code in 40% of Circumstances During Experiment elsombrero 261
2021-09-01 10:00:44 AAS Journals Will Switch to Open Access sohkamyung 215
2021-08-30 23:46:28 White House Launches US Digital Corps elsewhen 160
2021-08-25 08:13:52 Launch HN: Litnerd (YC S21) – Teaching kids to read with the help of live actors Anisa_Mirza 127
2021-08-27 12:20:28 Nimforum: Lightweight alternative to Discourse written in Nim ducktective 172
2021-08-21 12:21:58 An Opinionated Guide to Xargs todsacerdoti 402
2021-08-20 21:41:10 Enhanced Support for Citations on GitHub chenzhekl 80
2021-08-18 17:51:46 Canada calls screen scraping ‘unsecure,’ sets Open Banking target for 2023 exotree 349
2021-08-13 09:03:22 Interactive Linear Algebra (2019) natemcintosh 365
2021-08-12 16:12:15 Git password authentication is shutting down judge2020 440
2021-08-12 10:33:42 A future for SQL on the web rasmusfabbe 925
2021-08-01 11:34:17 Show HN: Python Source Code Refactoring Toolkit via AST treesciencebot 110
2021-08-03 09:27:50 Emacs' org-mode gets citation support NeutralForest 234
2021-08-03 11:55:43 NSA Kubernetes Hardening Guidance [pdf] kennethko 635
2021-07-31 02:56:35 Hosting SQLite Databases on GitHub Pages isnotchicago 567
2021-07-22 23:42:24 Ask HN: Any good resources on how to be a great technical advisor to startups? _009 21
2021-07-11 21:23:27 Teaching other teachers how to teach CS better robfig 156
2021-07-06 12:15:22 Ask HN: Best online speech / public speaking course? i_am_not_elon 33
2021-06-30 21:39:31 Google sunsets the APK format for new Android apps kevin_thibedeau 142
2021-06-22 12:30:43 A from-scratch tour of Bitcoin in Python yigitdemirag 1187
2021-06-13 17:33:23 An Omega-3 that’s poison for cancer tumors elorant 255
2021-06-08 19:09:39 Discover and Prevent Linux Kernel Zero-Day Exploit Using Formal Verification vzaliva 3
2021-06-04 13:28:44 Anatomy of a Linux DNS Lookup belter 168
2021-05-29 02:59:45 JupyterLite – WASM-powered Jupyter running in the browser ahurmazda 205
2021-05-26 16:05:11 Accenture, GitHub, Microsoft and ThoughtWorks Launch the GSF scottcha 4
2021-05-27 14:21:55 DRAM Alternative Developed: 4X Higher Density at Higher Speed and Lower Power billyharris 14
2021-05-27 11:07:44 Rocky Linux releases its first release candidate sparcpile 147
2021-05-26 06:09:46 USB-C is about to go from 100W to 240W, enough to power beefier laptops Tomte 427
2021-05-25 12:02:06 Half-Double: New hammering technique for DRAM Rowhammer bug fqazi 189
2021-05-20 15:20:29 Setting up a Raspberry Pi with 2 Network Interfaces as a simple router geerlingguy 126
2021-05-19 03:20:31 What to do about GPU packages on PyPI? polm23 123
2021-05-18 17:17:39 Markdown Notes VS Code extension: Navigate notes with [[wiki-links]] julienreszka 2
2021-05-11 14:07:44 Ask HN: Choosing a language to learn for the heck of it bsg75 13
2021-05-10 11:53:54 Show HN: Django SQL Dashboard simonw 202
2021-05-06 13:33:00 Interactive IPA Chart Jeud 243
2021-05-06 16:15:29 Google Dataset Search abraxaz 386
2021-05-04 20:09:49 Ask HN: Cap Table Service Recommendations Ankaios 1
2021-05-02 12:43:15 Hosting SQLite databases on GitHub Pages or any static file hoster phiresky 1808
2021-04-23 13:11:53 Wasm3 compiles itself (using LLVM/Clang compiled to WASM) theBashShell 178
2021-04-24 01:18:52 Remote code execution in Homebrew by compromising the official Cask repository spenvo 387
2021-04-22 12:51:22 Semgrep: Semantic grep for code ievans 415
2021-04-10 09:05:03 Ask HN: What to use instead of Bash / Sh for scripting? lordgroff 52
2021-04-09 13:11:27 Estonian Electronic Identity Card and Its Security Challenges [pdf] IndrekR 72
2021-04-08 20:49:08 Systemd makes life miserable, again, this time by breaking DNS bcrl 5
2021-04-08 21:35:57 Ask HN: How bad is proof-of-work blockchain energy consumption? furrowedbrow 2
2021-03-30 17:42:22 What does a PGP signature on a Git commit prove? JNRowe 147
2021-03-30 06:40:47 Breakthrough for ‘massless’ energy storage reimertz 233
2021-03-25 10:08:52 OpenSSL Security Advisory arkadiyt 327
2021-03-26 14:15:06 How much total throughput can your wi-fi router really provide? giuliomagnifico 84
2021-03-23 17:28:53 The Most Important Scarce Resource Is Legitimacy ve55 119
2021-03-19 11:31:14 A few notes on message passing srijan4 151
2021-03-11 13:41:42 Duolingo's language notes all on one page rococode 265
2021-03-11 12:19:20 Ask HN: The easiest programming language for teaching programming to young kids? simplerman 25
2021-03-07 10:09:22 Raspberry Pi for Kill Mosquitoes by Laser ColinWright 342
2021-03-07 10:16:33 Donate Unrestricted razin 288
2021-03-02 09:55:02 Bitcoin Is Time taylorwc 442
2021-02-28 06:34:44 Foundational Distributed Systems Papers mastabadtomm 253
2021-02-28 21:46:20 Low-Cost Multi-touch Whiteboard using the Wiimote (2007) [video] jstrieb 49
2021-02-27 21:56:01 How to Efficiently Choose the Right Database for Your Applications gesaint 80
2021-02-21 17:26:02 A Data Pipeline Is a Materialized View nchammas 144
2021-02-18 06:17:14 There’s no such thing as “a startup within a big company” isolli 635
2021-02-18 03:21:39 Ask HN: Keyrings: per-package/repo; commit, merge, and release keyrings? westurner 1
2021-02-13 01:42:16 Threat Actors Now Target Docker via Container Escape Features pizza 134
2021-02-11 23:09:15 Ask HN: What security is in place for bank-to-bank EFT? andrewon 1
2021-02-11 09:06:18 Podman: A Daemonless Container Engine lobo_tuerto 320
2021-02-10 07:54:05 Cambridge Bitcoin Electricity Consumption Index apples_oranges 979
2021-02-10 13:41:55 Bitcoin's fundamental value is negative given its environmental impact martinlaz 134
2021-02-05 13:41:13 Ask HN: What are some books where the reader learns by building projects? Shosty123 53
2021-02-05 09:05:57 Is it wrong to demand features in open-source projects? theabbie 8
2021-02-02 09:43:58 CompilerGym: A toolkit for reinforcement learning for compiler optimization azhenley 139
2021-01-24 07:17:14 Turning desalination waste into a useful resource thereare5lights 42
2021-01-26 17:41:26 Evcxr: A Rust REPL and Jupyter Kernel batterylow 170
2021-01-24 16:51:25 Ask HN: What is the cost to launch a SaaS business MVP mikesabbagh 16
2021-01-23 17:03:11 Cryptocurreny crime is way ahead of regulators and law enforcement dgellow 114
2021-01-22 14:39:19 Ask HN: Why aren't micropayments a thing? wppick 106
2021-01-21 18:34:43 Elon Musk announces $100M carbon capture prize tito 11
2021-01-11 08:20:39 Tim Berners-Lee wants to put people in control of their personal data IvanSologub 238
2021-01-11 07:08:49 Governments spurred the rise of solar power jakozaur 133
2021-01-05 07:50:03 Termux no longer updated on Google Play martinlaz 362
2021-01-01 16:57:02 Ask HN: What should go in an Excel-to-Python equivalent of a couch-to-5k? etothepii 9
2020-12-28 08:06:01 Scientists turn CO2 into jet fuel vanburen 61
2020-12-27 14:16:01 Show HN: Stork: A customizable, WASM-powered full-text search plugin for the web jil 137
2020-12-27 14:14:42 Upptime – GitHub-powered open-source uptime monitor and status page fahrradflucht 301
2020-12-26 11:31:47 Show HN: Simple-graph – a graph database in SQLite dpapathanasiou 236
2020-12-24 10:54:18 In CPython, types implemented in C are part of the type tree todsacerdoti 108
2020-12-16 08:15:03 Experiments on a $50 DIY air purifier that takes 30s to assemble dyno-might 292
2020-12-13 06:07:56 Goodreads plans to retire API access, disables existing API keys buttscicles 869
2020-12-11 16:33:14 Turing Tumble Simulator tobias2014 2
2020-11-30 07:53:34 Python Pip 20.3 Released with new resolver groodt 224
2020-11-23 14:39:50 Convolution Is Fancy Multiplication ubac 397
2020-11-18 10:09:55 How to better ventilate your home arunbahl 101
2020-11-06 13:01:34 Quantum-computing pioneer Peter Shor warns of complacency over Internet security headalgorithm 2
2020-11-05 01:11:47 CERN Online introductory lectures on quantum computing from 6 November limist 277
2020-11-03 19:31:07 A Manim Code Template HaoZeke 2
2020-10-21 20:28:21 Startup Financial Modeling: What is a Financial Model? (2016) aaronbski 229
2020-10-16 18:23:29 At what grade level do presidential candidates debate? the_afonseca 51
2020-10-11 14:30:27 ElectricityMap – Live CO₂ emissions of electricity production and consumption jka 221
2020-10-09 02:53:03 Bash Error Handling sohkamyung 287
2020-10-09 18:37:09 A Customer Acquisition Playbook for Consumer Startups jcs87 129
2020-10-06 02:34:07 Gathering all open and sustainable technology projects protontypes 3
2020-10-05 11:50:57 Jupyter Notebooks Gallery jeffnotebook 101
2020-10-03 16:33:30 NestedText, a nice alternative to JSON, YAML, TOML nestedtext 302
2020-10-04 12:21:50 Algorithm discovers how six molecules could evolve into life’s building blocks gmays 390
2020-10-02 14:16:05 Physicists build circuit that generates clean, limitless power from graphene westurner 42
2020-09-29 17:37:53 Mozilla shuts project Iodide: Datascience documents in browsers ritwiksaikia 46
2020-09-27 07:18:50 Ask HN: What are good life skills for people to learn? smarri 254
2020-09-23 22:04:25 Four Keys Project metrics for DevOps team performance westurner 3
2020-09-19 09:13:45 Ask HN: Resources to encourage teen on becoming computer engineer? tomrod 111
2020-09-18 14:10:34 CadQuery: A Python parametric CAD scripting framework based on OCCT OJFord 134
2020-09-17 01:31:25 Array Programming with NumPy hardmaru 289
2020-09-17 16:38:37 Do you like the browser bookmark manager? andyware 6
2020-09-17 12:58:46 NIST Samate – Source Code Security Analyzers animationwill 71
2020-09-17 04:19:49 A Handwritten Math Parser in 100 lines of Python gnebehay 64
2020-09-15 06:25:51 PEP – An open source PDF editor for Mac threcius 191
2020-09-12 10:49:38 The Unix timestamp will begin with 16 this Sunday dezmou 452
2020-09-11 07:36:54 Redox: Unix-Like Operating System in Rust bpierre 242
2020-09-11 09:31:37 Ask HN: How are online communities established? jayshua 127
2020-09-10 20:19:41 Python Documentation Using Sphinx keyboardman 1
2020-09-10 07:18:54 Traits of good remote leaders sfg 356
2020-09-09 22:07:59 Show HN: Eiten – open-source tool for portfolio optimization hydershykh 200
2020-09-08 09:51:43 Ask HN: Any well funded tech companies tackling big, meaningful problems? digitalmaster 97
2020-09-07 17:50:02 Column Names as Contracts MaysonL 55
2020-09-06 00:49:07 Graph Representations for Higher-Order Logic and Theorem Proving (2019) brzozowski 104
2020-09-04 22:37:14 Show HN: Linux sysadmin course, eight years on snori74 780
2020-09-03 05:12:02 Software supply chain security mayakacz 82
2020-09-01 13:53:23 Mind Emulation Foundation gk1 93
2020-08-31 22:41:41 13 Beautiful Tools to Enhance Online Teaching and Learning Skills alikayaspor 15
2020-08-28 06:34:50 How close are computers to automating mathematical reasoning? auggierose 100
2020-08-29 11:06:54 New framework for natural capital approach to transform policy decisions westurner 2
2020-08-24 09:19:08 Challenge to scientists: does your ten-year-old code still run? sohkamyung 305
2020-08-19 14:54:09 A deep dive into the official Docker image for Python itamarst 189
2020-08-18 19:01:49 The Consortium for Python Data API Standards BerislavLopac 102
2020-08-07 15:02:57 Tech giants let the Web's metadata schemas and infrastructure languish timhigins 301
2020-08-10 10:39:15 Time-reversal of an unknown quantum state samizdis 23
2020-08-08 12:48:07 Electric cooker an easy, efficient way to sanitize N95 masks, study finds johnny313 201
2020-08-09 19:13:33 Fed announces details of new interbank service to support instant payments tigerlily 682
2020-08-08 21:17:02 Shrinking deep learning’s carbon footprint dsavant 4
2020-08-02 10:44:33 Show HN: Starboard – Fully in-browser literate notebooks like Jupyter Notebook protoduction 369
2020-07-23 16:11:55 Ask HN: Learning about distributed systems? shahrk 35
2020-08-01 22:13:32 Ask HN: How can I “work-out” critical thinking skills as I age? treyfitty 87
2020-07-29 17:21:42 The tragedy of FireWire: Collaborative tech torpedoed by corporations segfaultbuserr 3
2020-07-29 17:17:29 The Developer’s Guide to Audit Logs / SIEM endingwithali 9
2020-07-29 04:26:06 Del.icio.us kome 1649
2020-07-24 19:37:41 Ask HN: Recommendations for Books on Writing? wwright 5
2020-07-23 14:10:29 Ask HN: How did you learn x86-64 assembly? spacechild1 48
2020-07-22 09:39:11 Brain connectivity levels are equal in all mammals, including humans: study hhs 197
2020-07-22 04:21:32 Ask HN: Resources to start learning about quantum computing? edu 185
2020-07-21 11:58:25 Launch HN: Charityvest (YC S20) – Employee charitable funds and gift matching Leonidas243 64
2020-07-20 16:52:03 We Need a Yelp for Doctoral Programs etattva 180
2020-07-20 01:21:29 All of the World’s Money and Markets in One Visualization hippich 135
2020-07-18 21:06:28 Why companies lose their best innovators (2019) hhs 190
2020-07-17 16:48:58 Powerful AI Can Now Be Trained on a Single Computer MindGods 282
2020-07-10 12:30:36 Ask HN: Something like Khan Academy but full curriculum for grade schoolers? jmspring 283
2020-07-09 13:35:44 AutoML-Zero: Evolving Code That Learns theafh 34
2020-07-06 08:25:22 SymPy - a Python library for symbolic mathematics ogogmad 209
2020-07-03 17:05:31 Ask HN: Are there any messaging apps supporting Markdown? 5986043handy 19
2020-06-24 12:36:53 What vertical farming and ag startups don't understand about agriculture kickout 348
2020-06-15 05:26:29 Ask HN: What are your go to SaaS products for startups/MVPs? lbj 169
2020-06-13 08:31:58 Ask HN: Do you read aloud or silently in your minds? Onceagain 6
2020-06-08 08:42:33 Ask HN: How do you deploy a Django app in 2020? eptakilo 3
2020-06-04 21:35:38 Containers from first principles setheron 102
2020-05-27 17:16:56 How many people did it take to build the Great Pyramid? samizdis 136
2020-05-14 16:44:28 Solar’s Future is Insanely Cheap epistasis 152
2020-05-20 14:52:29 Demo of an OpenAI language model applied to code generation [video] cjlovett 281
2020-05-04 18:51:16 Future of the human climate niche origgm 96
2020-05-15 06:25:43 Ask HN: Best resources for non-technical founders to understand hacker mindset? jamiecollinson 114
2020-05-11 10:08:31 Dissecting the code responsible for the Bitcoin halving Mojah 39
2020-04-30 13:06:53 Ask HN: Does mounting servers parallel with the temperature gradient trap heat? westurner 2
2020-04-26 16:33:13 Psychological techniques to practice Stoicism hoanhan101 173
2020-04-25 10:00:05 What does the 'rc' in `.bashrc`, etc. mean? janvdberg 297
2020-04-23 16:19:24 Google ditched tipping feature for donating money to sites caution 2
2020-04-23 15:58:23 Innovating on Web Monetization: Coil and Firefox Reality stareatgoats 2
2020-04-19 22:24:07 Ask HN: Recommendations for online essay grading systems? westurner 1
2020-04-19 22:28:00 Ask HN: Systems for supporting Evidence-Based Policy? westurner 1
2020-04-19 14:54:31 Facebook, Google to be forced to share ad revenue with Australian media docdeek 148
2020-04-11 12:36:55 France rules Google must pay news firms for content us0r 134
2020-04-05 03:00:45 Adafruit Thermal Camera Imager for Fever Screening jonbaer 2
2020-03-31 18:08:57 The end of an Era – changing every single instance of a 32-bit time_t in Linux zdw 165
2020-04-01 01:16:29 Ask HN: What's the ROI of Y Combinator investments? longtermd 4
2020-04-01 00:41:15 Microsoft announces Money in Excel powered by Plaid chirau 3
2020-03-30 02:02:12 Lora-based device-to-device smartphone communication for crisis scenarios [pdf] oliver2213 90
2020-03-27 17:56:01 LoRa+WiFi ClusterDuck Protocol by Project OWL for Disaster Relief westurner 3
2020-03-26 02:53:34 A Visual Debugger for Jupyter sandGorgon 197
2020-03-27 18:45:26 Ask HN: What's the Equivalent of 'Hello, World' for a Quantum Computer? simonblack 2
2020-03-27 18:43:58 Ask HN: Communication platforms for intermittent disaster relief? westurner 1
2020-03-27 18:06:49 DroneAid: A Symbol Language and ML model for indicating needs to drones, planes westurner 2
2020-03-26 06:52:53 Ask HN: Computer Science/History Books? jackofalltrades 327
2020-03-26 06:07:26 Open-source security tools for cloud and container applications alexellisuk 53
2020-03-25 14:26:44 YC Companies Responding to Covid-19 no_gravity 144
2020-03-23 18:21:18 Show HN: Neh – Execute any script or program from Nginx location directives oap_bram 27
2020-03-21 15:39:25 Ask HN: How can a intermediate-beginner learn Unix/Linux and programming? learnTemp229462 146
2020-03-20 09:40:37 Math Symbols Explained with Python amitness 130
2020-03-20 00:16:15 Ask HN: Is there way you can covert smartphone to a no contact thermometer? shreyshrey 9
2020-03-15 05:47:35 Employee Scheduling weitzj 641
2020-03-14 07:01:16 Show HN: Simulation-based high school physics course notes lilgreenland 295
2020-03-15 04:58:04 WebAssembly brings extensibility to network proxies pjmlp 132
2020-03-14 00:29:09 Pandemic Ventilator Project mhb 318
2020-03-14 02:53:51 Low-cost ventilator wins Sloan health care prize (2019) tomcam 99
2020-03-13 19:22:55 AI can detect coronavirus from CT scans in twenty seconds laurex 109
2020-03-10 16:08:03 AutoML-Zero: Evolving machine learning algorithms from scratch lainon 260
2020-03-10 16:48:16 Options for giving math talks and lectures online chmaynard 143
2020-03-04 06:29:43 Aerogel from fruit biowaste produces ultracapacitors dalf 152
2020-03-03 05:09:35 Ask HN: How to Take Good Notes? romes 293
2020-03-03 06:36:58 Ask HN: STEM toy for a 3 years old? spapas82 117
2020-02-29 14:17:55 OpenAPI v3.1 and JSON Schema 2019-09 BerislavLopac 88
2020-02-26 03:06:01 Git for Node.js and the browser using libgit2 compiled to WebAssembly mstade 16
2020-02-20 21:02:47 Scientists use ML to find an antibiotic able to kill superbugs in mice adventured 438
2020-02-11 17:35:48 Shit – An implementation of Git using POSIX shell kick 814
2020-02-01 19:01:19 HTTP 402: Payment Required jpomykala 224
2020-01-16 15:28:07 Salesforce Sustainability Cloud Becomes Generally Available westurner 1
2020-01-09 07:07:33 Httpx: A next-generation HTTP client for Python tomchristie 462
2020-01-14 06:07:53 BlackRock CEO: Climate Crisis Will Reshape Finance vo2maxer 13
2019-12-29 13:32:58 A lot of complex “scalable” systems can be done with a simple, single C++ server Impossible 398
2019-12-31 10:19:32 Warren Buffett is spending billions to make Iowa 'the Saudi Arabia of wind' corporate_shi11 52
2019-12-27 07:08:54 Scientists Likely Found Way to Grow New Teeth for Patients elorant 243
2019-12-26 13:32:34 Announcing the New PubMed vo2maxer 119
2019-12-25 08:16:17 Ask HN: Is it worth it to learn C in 2020? zabana 11
2019-12-21 07:55:04 Free and Open-Source Mathematics Textbooks vo2maxer 321
2019-12-18 09:24:05 Make CPython segfault in 5 lines of code coolreader18 130
2019-12-10 12:05:36 Applications Are Now Open for YC Startup School – Starts in January erohead 48
2019-12-10 14:37:28 ‘Adulting’ is hard. UC Berkeley has a class for that incomplete 2
2019-12-10 13:55:50 Founder came back after 8 years to rewrite flash photoshop in canvas/WebGL poniko 9
2019-12-09 09:56:35 Five cities account for vast majority of growth in U.S. tech jobs: study Bostonian 93
2019-12-01 12:45:50 Don’t Blame Tech Bros for the Housing Crisis mistersquid 30
2019-11-25 09:07:30 Docker is just static linking for millenials DyslexicAtheist 38
2019-11-14 04:01:54 Show HN: Bamboolib – A GUI for Pandas (Python Data Science) __tobals__ 119
2019-11-25 01:39:22 Battery-Electric Heavy-Duty Equipment: It's Sort of Like a Cybertruck duck 3
2019-11-09 09:26:55 Tools for turning descriptions into diagrams: text-to-picture resources ingve 61
2019-10-16 00:42:33 CSR: Corporate Social Responsibility westurner 2
2019-10-19 08:28:01 GTD Tickler file – a proposal for text file format vivekv 3
2019-10-20 02:07:48 Ask HN: Any suggestion on how to test CLI applications? pdappollonio 3
2019-10-16 00:34:32 The Golden Butterfly and the All Weather Portfolio westurner 1
2019-10-12 07:19:23 Canada's Decision To Make Public More Clinical Trial Data Puts Pressure On FDA pseudolus 192
2019-10-10 23:35:35 Python Alternative to Docker gilad 3
2019-10-09 00:17:45 $6B United Nations Agency Launches Bitcoin, Ethereum Crypto Fund zed88 8
2019-10-08 16:03:02 Timsort, the Python sorting algorithm alexchamberlain 407
2019-10-07 22:29:21 Supreme Court allows blind people to sue retailers if websites aren't accessible justadudeama 743
2019-10-04 11:15:12 Streamlit: Turn a Python script into an interactive data analysis tool danicgross 467
2019-09-23 16:43:51 Scott’s Supreme Quantum Supremacy FAQ xmmrm 600
2019-09-23 18:31:40 Ask HN: How do you handle/maintain local Python environments? PascLeRasc 103
2019-09-23 12:35:51 Is the era of the $100 graphing calculator coming to an end? prostoalex 361
2019-09-23 03:17:17 Reinventing Home Directories Schiphol 118
2019-09-23 03:00:38 Serverless: slower and more expensive kiyanwang 1787
2019-09-22 17:32:04 Entropy can be used to understand systems acgan 3
2019-09-18 07:24:36 New Query Language for Graph Databases to Become International Standard Anon84 290
2019-09-21 13:21:03 A Python Interpreter Written in Python nnnmnten 2
2019-09-21 11:51:00 Reinventing Home Directories – systemd-homed [pdf] signa11 3
2019-09-21 13:08:28 Weld: Accelerating numpy, scikit and pandas as much as 100x with Rust and LLVM unbalancedparen 585
2019-09-19 20:00:14 Craftsmanship–The Alternative to the 4 Hour Work Week oglowo3 4
2019-09-19 09:31:43 Solar and Wind Power So Cheap They’re Outgrowing Subsidies ph0rque 623
2019-09-18 06:52:46 Show HN: Python Tests That Write Themselves timothycrosley 131
2019-09-09 10:52:49 Most Americans see catastrophic weather events worsening elorant 102
2019-09-17 12:00:54 Emergent Tool Use from Multi-Agent Interaction gdb 332
2019-09-17 22:32:25 Inkscape 1.0 Beta 1 nkoren 603
2019-09-08 13:45:57 Where Dollar Bills Come From danso 69
2019-09-05 07:13:24 Monetary Policy Is the Root Cause of the Millennials’ Struggle joshuafkon 52
2019-08-30 15:42:12 Non-root containers, Kubernetes CVE-2019-11245 and why you should care zelivans 8
2019-08-25 23:49:46 How do black holes destroy information and why is that a problem? sohkamyung 195
2019-08-25 09:48:11 Banned C standard library functions in Git source code susam 502
2019-08-25 10:01:30 Ask HN: What's the hardest thing to secure in a web-app? juansgaitan 7
2019-08-22 01:29:43 Crystal growers who sparked a revolution in graphene electronics sohkamyung 85
2019-08-22 16:27:43 Things to Know About GNU Readline matt_d 204
2019-08-22 16:16:41 Show HN: Termpage – Build a webpage that behaves like a terminal brisky 5
2019-08-21 22:49:19 Vimer - Avoid multiple instances of GVim with gvim –remote[-tab]-silent wrapper grepgeek 6
2019-08-22 16:06:27 Electric Dump Truck Produces More Energy Than It Uses mreome 3
2019-08-21 17:34:53 Ask HN: Let's make an open source/free SaaS platform to tackle school forms busymichael 12
2019-08-21 14:18:17 Ask HN: Is there a CRUD front end for databases (especially SQLite)? Tomte 2
2019-08-20 06:43:31 California approves solar-powered EV charging network and electric school buses elorant 15
2019-08-17 10:58:03 You May Be Better Off Picking Stocks at Random, Study Finds Vaslo 146
2019-08-12 08:15:23 Root: CERN's scientific data analysis framework for C++ z3phyr 137
2019-08-13 02:09:30 MesaPy: A Memory-Safe Python Implementation based on PyPy (2018) ospider 119
2019-08-11 16:22:30 Ask HN: Configuration Management for Personal Computer? jacquesm 197
2019-08-08 13:11:06 GitHub Actions now supports CI/CD, free for public repositories dstaheli 680
2019-08-05 17:19:30 The Fed is getting into the Real-Time payments business apo 96
2019-07-08 15:26:38 A Giant Asteroid of Gold Won’t Make Us Richer pseudolus 92
2019-07-08 10:52:06 Abusing the PHP Query String Parser to Bypass IDS, IPS, and WAF lelf 92
2019-06-28 14:23:33 Ask HN: Scripts/commands for extracting URL article text? (links -dump but) WCityMike 1
2019-07-02 11:02:08 NPR's Guide to Hypothesis-Driven Design for Editorial Projects danso 101
2019-06-20 14:56:56 Gryphon: An open-source framework for algorithmic trading in cryptocurrency reso 236
2019-06-21 00:18:36 Wind-Powered Car Travels Downwind Faster Than the Wind J253 5
2019-06-13 19:39:58 NOAA upgrades the U.S. global weather forecast model mehrdadn 214
2019-06-12 08:16:17 A plan to change how Harvard teaches economics carlosgg 116
2019-06-12 17:41:58 The New York Times course to teach its reporters data skills is now open-source espeed 423
2019-06-11 10:21:59 No Kings: How Do You Make Good Decisions Efficiently in a Flat Organization? eugenegamma 743
2019-06-01 23:13:28 4 Years of College, $0 in Debt: How Some Countries Make Education Affordable pseudolus 2
2019-05-26 10:16:10 Ask HN: What jobs can a software engineer take to tackle climate change? envfriendly 67
2019-05-23 12:59:05 YC's request for startups: Government 2.0 simonebrunozzi 194
2019-05-23 13:52:23 Almost 40% of Americans Would Struggle to Cover a $400 Emergency Geeek 112
2019-05-19 16:01:51 Congress should grow the Digital Services budget, it more than pays for itself rmason 68
2019-05-20 01:20:05 The Trillion-Dollar Annual Interest Payment westurner 2
2019-05-15 07:09:29 Oak, a Free and Open Certificate Transparency Log dankohn1 143
2019-05-14 09:36:21 Death rates from energy production per TWh peter_retief 122
2019-05-11 22:37:32 Use links not keys to represent relationships in APIs sarego 342
2019-05-09 23:49:28 No Python in Red Hat Linux 8? jandeboevrie 19
2019-05-06 09:16:47 JMAP: A modern, open email protocol okket 307
2019-05-09 14:51:33 Grid Optimization Competition zeristor 2
2019-05-02 16:11:54 Blockchain's present opportunity: data interchange standardization ivoras 2
2019-04-30 12:45:38 Ask HN: Value of “Shares of Stock options” when joining a startup cdeveloper 5
2019-04-28 13:46:48 CMU Computer Systems: Self-Grading Lab Assignments (2018) georgecmu 205
2019-04-28 14:50:29 Show HN: Debugging-Friendly Tracebacks for Python cknd 121
2019-04-28 07:41:27 Why isn't 1 a prime number? gpvos 273
2019-04-28 07:26:37 How do we know when we’ve fallen in love? (2016) rohmanhakim 157
2019-04-27 21:50:58 Rare and strange ICD-10 codes zdw 68
2019-04-20 15:10:14 Python Requests III maximilianroos 19
2019-04-17 09:43:04 Post-surgical deaths in Scotland drop by a third, attributed to a checklist fanf2 1036
2019-04-17 16:06:09 Apply to Y Combinator dlhntestuser 3
2019-04-02 03:51:50 Trunk-Based Development vs. Git Flow kiyanwang 4
2019-04-01 17:25:58 Ask HN: Anyone else write the commit message before they start coding? xkapastel 25
2019-03-27 03:29:30 Ask HN: Datalog as the only language for web programming, logic and database truth_seeker 21
2019-03-24 19:46:33 The cortex is a neural network of neural networks curtis 297
2019-03-22 21:51:49 Is there a program like codeacademy but for learning sysadmin? tayvz 7
2019-03-22 17:18:44 Maybe You Don't Need Kubernetes ra7 500
2019-03-21 08:04:34 Quantum Machine Appears to Defy Universe’s Push for Disorder biofox 78
2019-03-21 12:45:42 Pytype checks and infers types for your Python code mkesper 4
2019-03-20 21:56:26 How I'm able to take notes in mathematics lectures using LaTeX and Vim tambourine_man 674
2019-03-21 05:18:51 LHCb discovers matter-antimatter asymmetry in charm quarks rbanffy 269
2019-03-21 00:22:37 React Router v5 jsdev93 153
2019-03-15 18:23:21 Experimental rejection of observer-independence in the quantum world lisper 186
2019-03-15 08:14:22 Show HN: A simple Prolog Interpreter written in a few lines of Python 3 photon_lines 148
2019-03-07 17:57:28 How to earn your macroeconomics and finance white belt as a software developer andrenth 307
2019-03-02 14:24:35 Ask HN: Relationship between set theory and category theory fmihaila 4
2019-02-26 11:24:41 The most popular docker images each contain at least 30 vulnerabilities vinnyglennon 562
2019-02-24 22:39:39 Tinycoin: A small, horrible cryptocurrency in Python for educational purposes MrXOR 4
2019-02-20 14:08:47 When does the concept of equilibrium work in economics? dnetesn 54
2019-02-20 22:53:23 Simdjson – Parsing Gigabytes of JSON per Second cmsimike 597
2019-02-18 10:13:02 A faster, more efficient cryptocurrency salvadormon 583
2019-02-17 05:52:11 Git-signatures – Multiple PGP signatures for your commits Couto 75
2019-02-16 06:55:28 Running an LED in reverse could cool future computers ChrisGranger 46
2019-02-06 07:15:56 Compounding Knowledge golyi 481
2019-02-16 14:49:30 Why CISA Issued Our First Emergency Directive ca98am79 211
2019-02-14 23:22:11 Chrome will Soon Let You Share Links to a Specific Word or Sentence on a Page kumaranvpl 359
2019-02-09 12:21:30 Guidelines for keeping a laboratory notebook Tomte 87
2019-02-07 12:03:47 Superalgos and the Trading Singularity ciencias 2
2019-02-07 12:23:44 Crunching 200 years of stock, bond, currency and commodity data chollida1 308
2019-02-06 14:50:35 Show HN: React-Schemaorg: Strongly-Typed Schema.org JSON-LD for React Eyas 16
2019-02-06 16:15:33 Consumer Protection Bureau Aims to Roll Back Rules for Payday Lending pseudolus 197
2019-02-05 01:56:30 Lectures in Quantitative Economics as Python and Julia Notebooks westurner 355
2019-02-04 11:55:50 If Software Is Funded from a Public Source, Its Code Should Be Open Source jrepinc 1138
2019-02-04 23:55:48 Apache Arrow 0.12.0 westurner 1
2019-02-04 23:51:34 Statement on Status of the Consolidated Audit Trail (2018) westurner 1
2019-02-04 20:03:28 U.S. Federal District Court Declared Bitcoin as Legal Money obilgic 12
2019-01-30 12:42:06 Post Quantum Crypto Standardization Process – Second Round Candidates Announced dlgeek 2
2019-01-30 13:59:56 Ask HN: How do you evaluate security of OSS before importing? riyakhanna1983 5
2019-01-30 09:35:47 Ask HN: How can I use my programming skills to support nonprofit organizations? theneck 3
2019-01-29 19:43:16 Ask HN: Steps to forming a company? jxr006 4
2019-01-29 13:48:48 A Self-Learning, Modern Computer Science Curriculum hacknrk 394
2019-01-24 00:34:14 MVP Spec hyperpallium 2
2019-01-21 12:10:37 Can we merge Certificate Transparency with blockchain? fedotovcorp 3
2019-01-21 20:38:23 Why Don't People Use Formal Methods? pplonski86 419
2019-01-20 20:29:25 Steps to a clean dataset with Pandas NicoJuicy 4
2019-01-19 19:38:48 Reahl – A Python-only web framework kim0 165
2019-01-12 19:56:20 Ask HN: How can you save money while living on poverty level? ccdev 8
2019-01-11 14:46:52 A DNS hijacking wave is targeting companies at an almost unprecedented scale Elof 112
2019-01-09 23:09:59 Show HN: Generate dank mnemonic seed phrases in the terminal mofle 3
2019-01-08 15:28:29 Can you sign a quantum state? zdw 3
2019-01-09 18:04:41 Lattice Attacks Against Weak ECDSA Signatures in Cryptocurrencies [pdf] soohyung 11
2019-01-09 12:00:44 REMME – A blockchain-based protocol for issuing X.509 client certificates fedotovcorp 33
2019-01-08 09:51:20 California grid data is live – solar developers take note Osiris30 2
2019-01-05 12:30:30 Why attend predatory colleges in the US? azhenley 3
2018-12-31 15:43:54 Ask HN: Data analysis workflow? tucaz 1
2018-12-28 16:25:15 The U.S. is spending millions to solve mystery sonic attacks on diplomats johnshades 5
2018-12-27 10:00:38 Ask HN: What is your favorite open-source job scheduler bohinjc 6
2018-12-22 06:53:46 How to Version-Control Jupyter Notebooks tosh 164
2018-12-04 10:25:47 Teaching and Learning with Jupyter (A book by Jupyter for Education) westurner 5
2018-11-27 17:48:54 Margin Notes: Automatic code documentation with recorded examples from runtime mpweiher 67
2018-11-24 15:33:08 Time to break academic publishing's stranglehold on research joeyespo 692
2018-11-22 10:32:27 Ask HN: How can I learn to read mathematical notation? cursorial 211
2018-10-18 18:07:59 New law lets you defer capital gains taxes by investing in opportunity zones rmason 88
2018-10-15 19:55:06 How to Write a Technical Paper [pdf] boricensis 360
2018-10-15 15:19:40 JSON-LD 1.0: A JSON-Based Serialization for Linked Data geezerjay 2
2018-10-14 15:30:29 Jeff Hawkins Is Finally Ready to Explain His Brain Research tysone 489
2018-10-12 03:02:01 Interstellar Visitor Found to Be Unlike a Comet or an Asteroid Bootvis 204
2018-10-12 02:15:03 Publishing more data behind our reporting gballan 146
2018-10-10 22:23:44 CSV 1.1 – CSV Evolved (for Humans) polm23 84
2018-10-11 06:42:34 Ask HN: Which plants can be planted indoors and easily maintained? gymshoes 123
2018-10-08 10:23:38 Graduate Student Solves Quantum Verification Problem digital55 267
2018-10-05 07:53:30 The down side to wind power todd8 63
2018-10-05 05:47:19 Thermodynamics of Computation Wiki westurner 2
2018-10-04 09:27:48 Why Do Computers Use So Much Energy? tshannon 220
2018-09-30 22:11:07 Justice Department Sues to Stop California Net Neutrality Law jonburs 201
2018-09-22 10:52:45 White House Drafts Order to Probe Google, Facebook Practices Jerry2 105
2018-09-19 20:37:52 Ask HN: Books about applying the open source model to society kennu 1
2018-09-12 16:02:35 Today, Europe Lost The Internet. Now, We Fight Back DiabloD3 433
2018-09-01 14:13:52 Consumer science (a.k.a. home economics) as a college major guard0g 4
2018-08-28 11:18:26 Facebook vows to run on 100 percent renewable energy by 2020 TamoC 2
2018-08-30 12:51:10 California Moves to Require 100% Clean Electricity by 2045 dsr12 407
2018-08-29 11:15:59 Miami Will Be Underwater Soon. Its Drinking Water Could Go First hourislate 264
2018-08-29 22:50:51 Free hosting VPS for NGO project? vikramjb 1
2018-08-29 12:18:35 The Burden: Fossil Fuel, the Military and National Security westurner 3
2018-08-29 02:27:58 Scientists Warn the UN of Capitalism's Imminent Demise westurner 1
2018-08-28 14:41:52 Firefox Nightly Secure DNS Experimental Results Vinnl 40
2018-08-28 08:31:48 Long-sought decay of Higgs boson observed at CERN chmaynard 243
2018-08-28 09:00:54 Sen. Wyden Confirms Cell-Site Simulators Disrupt Emergency Calls DiabloD3 518
2018-08-23 00:01:34 Building a Model for Retirement Savings in Python koblenski 3
2018-08-20 21:38:10 New E.P.A. Rollback of Coal Pollution Regulations Takes a Major Step Forward yaseen-rob 3
2018-08-20 14:21:22 Researchers Build Room-Temp Quantum Transistor Using a Single Atom jonbaer 3
2018-08-20 10:55:17 New “Turning Tables” Technique Bypasses All Windows Kernel Mitigations yaseen-rob 2
2018-08-19 22:27:20 Um – Create your own man pages so you can remember how to do stuff quickthrower2 646
2018-08-15 04:52:10 Leverage Points: Places to Intervene in a System pjc50 113
2018-08-15 03:46:23 SQLite Release 3.25.0 adds support for window functions MarkusWinand 333
2018-08-15 19:53:03 Update on the Distrust of Symantec TLS Certificates dumpsterkid 3
2018-08-11 07:57:44 The Transport Layer Security (TLS) Protocol Version 1.3 dochtman 255
2018-08-12 08:56:52 Academic Torrents – Making 27TB of research data available jacquesm 1081
2018-08-10 15:19:24 1/0 = 0 ingve 650
2018-08-07 15:43:05 Power Worth Less Than Zero Spreads as Green Energy Floods the Grid bumholio 537
2018-08-05 15:27:39 Kernels, a free hosted Jupyter notebook environment with GPUs benhamner 95
2018-07-22 14:16:25 Solar and wind are coming. And the power sector isn’t ready spenrose 174
2018-07-11 13:15:47 Solar Just Hit a Record Low Price in the U.S toomuchtodo 456
2018-07-10 23:53:58 Causal Inference Book luu 104
2018-07-02 10:18:14 Tim Berners-Lee is working a platform designed to re-decentralize the web rapnie 36
2018-07-01 06:49:08 More States Opting to 'Robo-Grade' Student Essays by Computer happy-go-lucky 44
2018-07-02 07:26:28 Ask HN: Looking for a simple solution for building an online course r4victor 57
2018-06-30 15:45:56 There is now a backprop principle for deep learning on quantum computers GVQ 3
2018-06-30 21:03:36 New research a ‘breakthrough for large-scale discrete optimization’ new_guy 96
2018-06-29 23:17:31 Wind, solar farms produce 10% of US power in the first four months of 2018 toomuchtodo 85
2018-06-25 16:57:46 FDA approves first marijuana-derived drug and it may spark DEA rescheduling mikece 150
2018-06-21 10:22:43 States Can Require Internet Tax Collection, Supreme Court Rules uptown 541
2018-06-18 08:26:23 William Jennings Bryan’s “Cross of Gold” Speech zjacobi 71
2018-06-17 18:13:13 Ask HN: Do you consider yourself to be a good programmer? type0 27
2018-06-17 11:00:59 Handles are the better pointers ingve 194
2018-06-14 14:13:13 Neural scene representation and rendering johnmoberg 540
2018-06-17 20:19:20 New US Solar Record – 2.155 Cents per KWh prostoalex 4
2018-06-10 18:04:07 Ask HN: Is there a taxonomy of machine learning types? ljw1001 3
2018-05-22 16:22:43 Senator requests better https compliance at US Department of Defense [pdf] anigbrowl 168
2018-05-22 23:15:18 Banks Adopt Military-Style Tactics to Fight Cybercrime petethomas 3
2018-04-12 13:13:10 No, Section 230 Does Not Require Platforms to Be “Neutral” panarky 6
2018-04-11 14:28:06 Ask HN: Do battery costs justify “buy all sell all” over “net metering”? westurner 1
2018-04-09 21:17:43 Portugal electricity generation temporarily reaches 100% renewable mgdo 234
2018-04-06 19:16:25 GPU Prices Drop ~25% in March as Supply Normalizes merqurio 2
2018-04-09 23:51:08 Apple says it’s now powered by renewable energy worldwide iamspoilt 272
2018-03-18 13:13:15 Hackers Are So Fed Up with Twitter Bots They’re Hunting Them Down Themselves CrankyBear 271
2018-03-02 08:21:41 “We’re committing Twitter to increase the health and civility of conversation” dankohn1 147
2018-03-01 02:06:42 Gitflow – Animated in React v33ra 3
2018-02-28 22:06:35 Ask HN: How feasible is it to become proficient in several disciplines? diehunde 4
2018-02-27 09:47:40 After rising for 100 years, electricity demand is flat aaronbrethorst 629
2018-02-27 10:37:54 A framework for evaluating data scientist competency schaunwheeler 3
2018-02-27 18:28:01 Levi Strauss to use lasers instead of people to finish jeans e2e4 3
2018-02-27 18:24:45 Chaos Engineering: the history, principles, and practice austingunter 2
2018-02-27 09:52:39 Scientists use an atomic clock to measure the height of a mountain montrose 45
2018-02-27 18:10:10 Resources to learn project management best practices? chuie 1
2018-02-22 15:35:51 Ask HN: Thoughts on a website-embeddable, credential validating service? estroz 28
2018-02-21 05:03:58 Ask HN: What's the best algorithms and data structures online course? zabana 272
2018-02-20 15:14:40 Using Go as a scripting language in Linux neoasterisk 8
2018-02-18 12:09:07 Guidelines for enquiries regarding the regulatory framework for ICOs [pdf] paulsutter 23
2018-02-16 00:16:09 The Benjamin Franklin method for learning more from programming books nancyhua 566
2018-02-10 20:41:21 Avoiding blackouts with 100% renewable energy ramonvillasante 2
2018-02-10 11:25:54 Ask HN: What are some common abbreviations you use as a developer? yagamidev 3
2018-02-09 19:42:21 There Might Be No Way to Live Comfortably Without Also Ruining the Planet SirLJ 43
2018-02-08 22:52:44 Multiple GWAS finds 187 intelligence genes and role for neurogenesis/myelination gwern 2
2018-02-08 20:33:49 Could we solve blockchain scaling with terabyte-sized blocks? gwern 4
2018-02-07 20:50:24 Ask HN: Do you have ADD/ADHD? How do you manage it? vumgl 4
2018-02-03 14:36:02 Ask HN: How to understand the large codebase of an open-source project? maqbool 186
2018-02-03 13:56:30 What is the best way to learn to code from absolute scratch? eliotpeper 8
2018-02-02 04:35:58 Tesla racing series: Electric cars get the green light – Roadshow rbanffy 77
2018-02-02 13:40:19 What happens if you have too many jupyter notebooks? tvorogme 4
2018-02-01 00:49:46 Cancer ‘vaccine’ eliminates tumors in mice jv22222 942
2018-02-01 12:23:08 Boosting teeth’s healing ability by mobilizing stem cells in dental pulp digital55 306
2018-01-29 17:11:55 This Biodegradable Paper Donut Could Let Us Reforest the Planet westurner 2
2018-01-29 16:44:35 Drones that can plant 100k trees a day artsandsci 147
2018-01-27 22:21:28 What are some YouTube channels to progress into advanced levels of programming? altsyset 41
2018-01-25 17:41:24 Multiple issue and pull request templates clarkbw 17
2018-01-25 17:38:38 Five myths about Bitcoin’s energy use nvk 10
2018-01-23 18:41:16 Ask HN: Which programming language has the best documentation? siquick 3
2018-01-18 06:36:07 Ask HN: Recommended course/website/book to learn data structure and algorithms strikeX 3
2018-01-19 17:06:07 Why is quicksort better than other sorting algorithms in practice? isp 5
2018-01-18 16:16:16 ORDO: a modern alternative to X.509 juancampa 1
2018-01-18 11:47:03 Wine 3.0 Released etiam 724
2018-01-18 19:51:30 Kimbal Musk is leading a $25M mission to fix food in US schools rmason 2
2018-01-13 21:42:47 Spinzero – A Minimal Jupyter Notebook Theme neilpanchal 5
2018-01-11 13:27:17 What does the publishing industry bring to the Web? mpweiher 2
2018-01-10 14:02:09 Git is a blockchain Swizec 13
2018-01-07 12:06:03 Show HN: Convert Matlab/NumPy matrices to LaTeX tables tpaschalis 4
2018-01-02 10:48:10 A Year of Spaced Repetition Software in the Classroom misiti3780 4
2017-12-27 08:32:39 NIST Post-Quantum Cryptography Round 1 Submissions sohkamyung 130
2018-01-01 21:38:58 What are some good resources to learn about Quantum Computing? nmehta21 3
2017-12-29 15:53:06 Gridcoin: Rewarding Scientific Distributed Computing trueduke 134
2017-12-26 12:37:07 Power Prices Go Negative in Germany kwindla 485
2017-12-21 14:30:35 Mathematicians Find Wrinkle in Famed Fluid Equations digital55 240
2017-12-20 10:43:31 Bitcoin is an energy arbitrage js4 51
2017-12-19 17:03:30 There are now more than 200k pending Bitcoin transactions OyoKooN 192
2017-12-17 22:16:06 What ORMs have taught me: just learn SQL (2014) ausjke 540
2017-12-17 07:32:06 Show HN: An educational blockchain implementation in Python jre 412
2017-12-16 08:12:44 MSU Scholars Find $21T in Unauthorized Government Spending sillypuddy 137
2017-12-13 04:59:42 Universities spend millions on accessing results of publicly funded research versteegen 624
2017-12-11 19:49:44 An Interactive Introduction to Quantum Computing kevlened 254
2017-12-12 12:34:46 Quantum attacks on Bitcoin, and how to protect against them (ECDSA, SHA256) westurner 2
2017-12-10 17:50:44 Project Euler vinchuco 792
2017-12-12 10:17:39 Who’s Afraid of Bitcoin? The Futures Traders Going Short thisisit 54
2017-12-11 19:21:38 Statement on Cryptocurrencies and Initial Coin Offerings corbinpage 811
2017-12-11 15:02:04 Ask HN: How do you stay focused while programming/working? flipfloppity 83
2017-12-08 10:53:49 A Hacker Writes a Children's Book arthurjj 171
2017-12-11 18:17:52 Ask HN: Do ISPs have a legal obligation to not sell minors' web history anymore? westurner 2
2017-12-11 11:58:38 Tech luminaries call net neutrality vote an 'imminent threat' kjhughes 279
2017-12-06 18:55:25 Ask HN: Can hashes be replaced with optimization problems in blockchain? pacavaca 3
2017-12-01 01:19:43 Ask HN: What could we do with all the mining power of Bitcoin? Fold Protein? sova 3
2017-12-03 20:14:58 No CEO needed: These blockchain platforms will let ‘the crowd’ run startups maxwellnardi 4
2017-12-04 04:59:08 How much energy does Bitcoin mining really use? trueduke 3
2017-12-02 00:27:40 The Actual FCC Net Neutrality Repeal Document. TLDR: Read Pages 82-87 [pdf] croatoan 3
2017-12-01 21:55:26 The 5 most ridiculous things the FCC says in its new net neutrality propaganda pulisse 164
2017-12-01 13:15:47 FCC's Pai, addressing net neutrality rules, calls Twitter biased joeyespo 13
2017-12-01 05:49:25 A curated list of Chaos Engineering resources dastergon 51
2017-12-01 11:24:06 Technology behind Bitcoin could aid science, report says digital55 13
2017-11-30 15:07:26 Git hash function transition plan vszakats 215
2017-11-30 22:04:20 Vintage Cray Supercomputer Rolls Up to Auction ohjeez 3
2017-11-30 21:21:09 Google is officially 100% sun and wind powered – 3.0 gigawatts worth rippsu 163
2017-11-29 12:29:30 Interactive workflows for C++ with Jupyter SylvainCorlay 292
2017-11-28 16:01:32 Vanguard Founder Jack Bogle Says ‘Avoid Bitcoin Like the Plague’ dionmanu 105
2017-11-29 11:22:54 Nasdaq Plans to Introduce Bitcoin Futures knwang 416
2017-11-28 17:49:07 Ask HN: Where do you think Bitcoin will be by 2020? rblion 10
2017-11-28 18:03:11 Ask HN: Why would anyone share trading algorithms and compare by performance? westurner 1
2017-11-25 06:28:39 Ask HN: CS papers for software architecture and design? avrmav 513
2017-11-15 10:24:27 Keeping a Lab Notebook [pdf] Tomte 327
2017-10-28 08:12:53 How to teach technical concepts with cartoons Tomte 170
2017-10-22 16:43:03 Fact Checks fanf2 126
2017-10-19 05:51:13 DHS orders agencies to adopt DMARC email security puppetmaster30 2
2017-10-18 21:20:00 The electricity for 1BTC trade could power a house for a month niyikiza 25
2017-10-19 05:20:26 PAC Fundraising with Ethereum Contracts? westurner 1
2017-10-19 05:16:25 SolarWindow Completes Financing ($2.5m) westurner 2
2017-10-16 12:48:08 Here’s what you can do to protect yourself from the KRACK WiFi vulnerability tdrnd 2
2017-10-14 12:41:29 The Solar Garage Door – A Possible Alternative to the Emergency Generator curtis 2
2017-10-14 07:34:07 Using the Web Audio API to Make a Modem maaaats 307
2017-10-11 18:25:17 Ask HN: How to introduce someone to programming concepts during 12-hour drive? nkkollaw 9
2017-09-27 01:24:13 American Red Cross Asks for Ham Radio Operators for Puerto Rico Relief Effort kw71 346
2017-09-26 14:58:38 Technical and non-technical tips for rocking your coding interview duck 259
2017-09-23 12:12:36 Django 2.0 alpha orf 156
2017-09-24 00:15:28 Ask HN: What is the best way to spend my time as a 17-year-old who can code? jmeyer2k 161
2017-09-21 14:18:33 Democrats fight FCC's plans to redefine “broadband” from 25+ to 10+ Mbps gnicholas 18
2017-09-17 12:49:37 Ask HN: Any detailed explanation of computer science smithmayowa 2
2017-09-16 18:40:33 Ask HN: What algorithms should I research to code a conference scheduling app viertaxa 55
2017-09-15 05:51:45 What have been the greatest intellectual achievements? Gormisdomai 42
2017-09-15 23:22:02 Ask HN: What can't you do in Excel? (2017) danso 37
2017-09-08 20:04:36 Open Source Ruling Confirms Enforceability of Dual-Licensing and Breach of GPL t3f 116
2017-09-01 11:27:30 Elon Musk Describes What Great Communication Looks Like endswapper 90
2017-09-01 04:05:12 Great Ideas in Theoretical Computer Science tu7001 290
2017-08-28 16:06:24 Ask HN: How do you, as a developer, set measurable and actionable goals? humaninstrument 24
2017-08-26 16:06:24 Bitcoin Energy Consumption Index schwabacher 256
2017-08-26 09:59:19 Dancing can reverse the signs of aging in the brain brahmwg 71
2017-08-26 09:03:19 Rumours swell over new kind of gravitational-wave sighting indescions_2017 258
2017-08-20 12:56:37 New Discovery Simplifies Quantum Physics wolfgke 2
2017-08-23 03:22:00 OpenAI has developed new baseline tool for improving deep reinforcement learning grey_shirts 3
2017-08-24 23:19:03 The prior can generally only be understood in the context of the likelihood selimthegrim 94
2017-08-22 04:13:00 Ask HN: How to find/compare trading algorithms with Quantopian? westurner 3
2017-08-22 04:09:17 Ask HN: How do IPOs and ICOs help a business raise capital? westurner 2
2017-08-22 04:02:04 Solar Window coatings “outperform rooftop solar by 50-fold” westurner 4
2017-08-21 23:30:16 MS: Bitcoin mining uses as much electricity as 1M US homes pulisse 79
2017-08-15 15:45:47 Ask HN: What are your favorite entrepreneurship resources brianbreslin 13
2017-05-09 12:59:38 CPU Utilization is Wrong dmit 624
2017-05-06 17:13:03 Ask HN: Can I use convolutional neural networks to clasify videos on a CPU Faizann20 1
2017-05-01 10:17:36 Esoteric programming paradigms SlyShy 397
2017-04-27 04:41:09 gRPC-Web: Moving past REST+JSON towards type-safe Web APIs bestan 329
2017-04-16 03:59:55 Reasons blog posts can be of higher scientific quality than journal articles vixen99 233
2017-04-07 12:50:38 Fact Check now available in Google Search and News fouadmatin 302
2017-04-07 20:07:05 Ask HN: Is anyone working on CRISPR for happiness? arikr 4
2017-03-26 14:58:59 Roadmap to becoming a web developer in 2017 miguelarauj1o 4
2017-03-20 19:14:10 Beautiful Online SICP Dangeranger 762
2017-03-19 11:52:48 Ask HN: How do you keep track/save your learnings?(so that you can revisit them) mezod 4
2017-03-11 13:26:30 Ask HN: Criticisms of Bayesian statistics? muraiki 1
2017-01-16 18:53:09 80,000 Hours career plan worksheet BreakoutList 230
2017-01-07 18:27:31 World's first smartphone with a molecular sensor is coming in 2017 walterbell 19
2016-12-31 12:11:14 Ask HN: How would one build a business that only develops free software? anondon 12
2016-12-29 00:40:11 Ask HN: If your job involves continually importing CSVs, what industry is it? iamwil 12
2016-12-09 17:21:13 Ask HN: Maybe I kind of suck as a programmer – how do I supercharge my work? tastyface 328
2016-11-20 06:33:34 Ask HN: Anything Like Carl Sagan's Cosmos for Computer Science? leksak 32
2016-11-20 10:32:00 Learn X in Y minutes anonu 161
2016-11-03 05:46:50 Org mode 9.0 released Philipp__ 285
2016-11-13 00:23:33 Ask HN: Best Git workflow for small teams tmaly 166
2016-11-10 15:46:57 TDD Doesn't Work narfz 153
2016-11-07 14:13:48 C for Python programmers (2011) bogomipz 314
2016-10-26 02:19:06 Ask HN: How do you organise/integrate all the information in your life? tonteldoos 323
2016-10-23 14:06:00 Ask HN: What are the best web tools to build basic web apps as of October 2016? arikr 114
2016-10-16 10:55:18 Harvard and M.I.T. Are Sued Over Lack of Closed Captions lsh123 45
2016-10-06 11:15:16 Jack Dorsey Is Losing Control of Twitter miraj 283
2016-09-18 09:09:04 Schema.org: Mission, Project, Goal, Objective, Task westurner 49
2016-09-18 08:59:41 This week is #GlobalGoals week (and week of The World's Largest Lesson) westurner 1
2016-08-19 08:12:25 The Open Source Data Science Masters nns 95
2016-07-29 06:08:29 We Should Not Accept Scientific Results That Have Not Been Repeated dnetesn 910
2016-05-30 07:39:05 The SQL filter clause: selective aggregates MarkusWinand 138
2016-05-29 23:36:23 Ask HN: What do you think about the current education system? alejandrohacks 36
2016-05-10 08:55:01 A Reboot of the Legendary Physics Site ArXiv Could Shape Open Science tonybeltramelli 174
2014-03-23 14:27:04 Principles of good data analysis gjreda 108
2014-03-11 08:16:38 Why Puppet, Chef, Ansible aren't good enough iElectric2 362
2014-03-11 20:12:16 Python vs Julia – an example from machine learning ajtulloch 170
2014-02-17 10:23:21 Free static page hosting on Google App Engine in minutes fizerkhan 95
2014-02-03 09:15:30 “Don’t Reinvent the Wheel, Use a Framework” They All Say mogosselin 79
2013-09-09 10:20:50 IPython in Excel vj44 73
2013-08-11 01:56:12 PEP 450: Adding A Statistics Module To The Standard Library petsos 185
2013-08-02 21:03:51 Functional Programming with Python llambda 107
2013-08-01 10:59:55 PEP 8 Modernisation tristaneuan 213
2013-07-15 12:40:04 Useful Unix commands for data science gjreda 221
2013-07-13 11:35:40 The data visualization community needs its own Hacker News ejfox 11
2013-07-06 08:59:22 Ask HN: Intermediate Python learning resources? jesusx 113
2013-07-03 08:00:50 Ansible Simply Kicks Ass hunvreus 185
2013-06-29 05:44:08 Python-Based Tools for the Space Science Community neokya 76
2013-05-04 21:21:29 Debian 7.0 "Wheezy" released sciurus 428
2013-05-04 10:40:20 Big-O Algorithm Complexity Cheat Sheet ashleyblackmore 520
2013-05-03 22:32:14 JSON API steveklabnik 227
2013-05-04 14:04:39 Norton Ghost discontinued ruchirablog 42

Items^

[-]

Is college worth it? A return-on-investment analysis

[+]
[+]
[+]
[+]
[+]

Magnitude certainly is relevant to vector comparisons; but, if we define ROI as nominal rate of return, gross returns are not relevant to a comparison by that metric.

Return on Investment: https://en.wikipedia.org/wiki/Return_on_investment

From https://en.wikipedia.org/wiki/Vector_(mathematics_and_physic... :

> A Euclidean vector is thus an equivalence class of directed segments with the same magnitude (e.g., the length of the line segment (A, B)) and same direction (e.g., the direction from A to B).[3] In physics, Euclidean vectors are used to represent physical quantities that have both magnitude and direction, but are not located at a specific place, in contrast to scalars, which have no direction.[4] For example, velocity, forces and acceleration are represented by vectors

Quantitatively and Qualitatively quantify the direct and external benefits of {college, other alternatives} with criteria in additional to real monetary ROI?

From https://en.wikipedia.org/wiki/Welfare_economics

> Welfare economics also provides the theoretical foundations for particular instruments of public economics, including cost–benefit analysis,

From https://news.ycombinator.com/item?id=18833730 :

>> Why would people make an investment with insufficient ROI (Return on Investment)?

> Insufficient information.

> College Scorecard [1] is a database with a web interface for finding and comparing schools according to a number of objective criteria. CollegeScorecard launched in 2015. It lists "Average Annual Cost", "Graduation Rate", and "Salary After Attending" on the search results pages. When you review a detail page for an institution, there are many additional statistics; things like: "Typical Total Debt After Graduation" and "Typical Monthly Loan Payment".

> The raw data behind CollegeScorecard can be downloaded from [2]. The "data_dictionary" tab of the "Data Dictionary" spreadsheet describes the data schema.

> [1] https://collegescorecard.ed.gov/

> [2] https://collegescorecard.ed.gov/data/

> Khan Academy > "College, careers, and more" [3] may be a helpful supplement for funding a full-time college admissions counselor in a secondary education institution

> [3] https://www.khanacademy.org/college-careers-more

https://www.khanacademy.org/college-careers-more/college-adm... :

- [ ] Video & exercise / Jupyter notebook under Exploring college options for Return on Investment (according to e.g. CollegeScorecard data)

[-]

Show HN: OtterTune – Automated Database Tuning Service for RDS MySQL/Postgres

Yo. OtterTune is a database optimization service. It uses machine learning to automatically tune your MySQL and Postgres configuration (i.e., RDS parameter groups) to improve performance and reduce costs. It does this by only looking at your database's runtime metrics (e.g., INNODB_METRICS, pg_stat_database, CloudWatch). We don't need to examine sensitive queries or user tables. We spun this project out of my research group at Carnegie Mellon University in 2020.

This week we've announced that OtterTune is now available to the public. We are offering everyone a starter account to try it out on their Postgres RDS or MySQL RDS databases (all versions, AWS US AZs only). We have seen OtterTune achieve 2-4x performance improvements and 50% cost reductions for these databases compared to using Amazon's default RDS configuration.

I am happy to answer any questions that you may have about how OtterTune works here.

-- Andy

================

More Info:

* 5min Demo Video: https://ottertune.com/blog/ottertune-explained-in-five-minutes

* Free Account Sign-up: https://ottertune.com/try

[+]
[+]

What about OpenStack Trove DBaaS? OpenStack Trove is like an open source self-hosted Amazon RDS or Google CloudSQL. https://docs.openstack.org/trove/latest/

FWIU, Trove supports 10+ databases including MySQL and PostgreSQL.

AFAIU, there are sound reasons to host containers with e.g. OpenStack VMs instead of a k8s scheduler with a proper SAN and just figure out how to redundantly and resiliently sync - replicate, synchronize, primary/secondary, nodeprocd - and tune given the CAP theorem and the given DB implementation(s)?

Here's the official Ansible role for Trove, which provisions various e.g. SQL databases on an OpenStack cloud: https://github.com/openstack/openstack-ansible-os_trove

[-]

Despite having just 5.8% sales, over 38% of bug reports come from Linux

[+]
[+]

From "Post-surgical deaths in Scotland drop by a third, attributed to a checklist" https://westurner.github.io/hnlog/#comment-19684376 https://news.ycombinator.com/item?id=19686470 :

> GitHub and GitLab support task checklists in Markdown and also project boards [...]

> GitHub and GitLab support (multiple) Issue and Pull Request templates:

> Default: /.github/ISSUE_TEMPLATE.md || Configure in web interface

> /.github/ISSUE_TEMPLATE/Name.md || /.gitlab/issue_templates/Name.md

> Default: /.github/PULL_REQUEST_TEMPLATE.md || Configure in web interface

> /.github/PULL_REQUEST_TEMPLATE/Name.md || /.gitlab/merge_request_templates/Name.md

> There are template templates in awesome-github-templates [1] and checklist template templates in github-issue-templates [2].

> [1] https://github.com/devspace/awesome-github-templates

> [2] https://github.com/stevemao/github-issue-templates

Arrow DataFusion includes Ballista, which does SIMD and GPU vectorized ops

From the Ballista README:

> How does this compare to Apache Spark? Ballista implements a similar design to Apache Spark, but there are some key differences.

> - The choice of Rust as the main execution language means that memory usage is deterministic and avoids the overhead of GC pauses.

> - Ballista is designed from the ground up to use columnar data, enabling a number of efficiencies such as vectorized processing (SIMD and GPU) and efficient compression. Although Spark does have some columnar support, it is still largely row-based today.

> - The combination of Rust and Arrow provides excellent memory efficiency and memory usage can be 5x - 10x lower than Apache Spark in some cases, which means that more processing can fit on a single node, reducing the overhead of distributed compute.

> - The use of Apache Arrow as the memory model and network protocol means that data can be exchanged between executors in any programming language with minimal serialization overhead.

Previous article from when Ballista was a separate repo from arrow-datafusion: "Ballista: Distributed compute platform implemented in Rust using Apache Arrow" https://news.ycombinator.com/item?id=25824399

[-]

Parsing gigabytes of JSON per second

[+]

Source: https://github.com/simdjson/simdjson

PyPI: https://pypi.org/project/pysimdjson/

There's a rust port: https://github.com/simd-lite/simd-json

... From ijson https://pypi.org/project/ijson/#id3 which supports streaming JSON:

> Ijson provides several implementations of the actual parsing in the form of backends located in ijson/backends: [yajl2_c, yajl2_cffi, yajl2, yajl, python]

[-]

Fed to ban policymakers from owning individual stocks

awb | 2021-10-21 15:14:23 | 576 | # | ^
[+]
[+]
[+]
[+]

"Blind Trust" > "Use by US government officials to avoid conflicts of interest" https://en.wikipedia.org/wiki/Blind_trust

https://www.oge.gov/

... If you want to help, you must throw all of your startup equity away.

... No, you may not co-brand with that company (which is not complicit with your agenda).

... Besides, I'm not even eligible for duty: you can't hire me.

... Maybe I could be more helpful from competitive private industry.

... How can a government hire prima donna talent like Iron Man?

... Is it criminal to start a solvent, sustainable business to solve government problems, for that one customer?

... Which operations can a government - operating with or without competition - solve most energy-efficiently and thus cost-effectively? Looks like single-payer healthcare and IDK what else?

(Edit)

US Digital Services Playbook: https://github.com/usds/playbook

From https://www.nist.gov/itl/applied-cybersecurity/nice/nice-fra... :

> "NIST Special Publication 800-181 revision 1, the Workforce Framework for Cybersecurity (NICE Framework), provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills.

From "NIST Special Publication 800-181 Revision 1: Workforce Framework for Cybersecurity (NICE Framework)" (2020) https://doi.org/10.6028/NIST.SP.800-181r1:

> 3.1 Using Existing Task, Knowledge, and Skill (TKS) Statements

(Edit) FedNOW should - like mCBDC - really consider implementing Interledger Protocol (ILP) for RTGS "Real-Time Gross Settlement" https://interledger.org/developer-tools/get-started/overview...

From https://interledger.org/rfcs/0032-peering-clearing-settlemen... :

> Peering, Clearing and Settling; The Interledger network is a graph of nodes (connectors) that have peered with one another by establishing a means of exchanging ILP packets and a means of paying one another for the successful forwarding and delivery of the packets.

Fed or no, wouldn't you think there'd be money in solving for the https://performance.gov Goals ( https://www.usaspending.gov/ ) and the #GlobalGoals (UN Sustainable Development Goals) -aligned GRI Corporate Sustainability Report? #CSR #ESG #SustyReporting

[-]

Hardened wood as a renewable alternative to steel and plastic

From "Hemp Wood: A Comprehensive Guide" https://www.buildwithrise.com/stories/hempwood-the-sustainab... :

> HempWood is priced competitively to similar cuts of black walnut. You can purchase 72" HempWood boards for between $13 and $40 as of the date of publishing. HempWood also sells carving blocks, cabinets, and kits to make your own table. Prices for table kits range from $175 to $300. Jul 5, 2021 […]

> Is Hemp Wood Healthy? Due to its organic roots and soy-based adhesive, hemp wood is naturally non-toxic and doesn't contain VOCs, making it a healthier choice for interior building.

> Hemp wood has also been tested to have a decreased likelihood of warping and twisting. Its design is free of any of the knots common in other hardwoods to reduce wood waste.

https://hempwood.com/

FWIU, hempcrete - hemp hurds and sustainable limestone - must be framed; possibly with Hemp Wood, which is stronger than spec lumber of the same dimensions.

FWIU, Hemp batting insulation is soaked in sodium to meet code.

Hopefully the production and distribution processes for these carbon sinks keeps net negative carbon in the black.

[+]

What are the limits? Input costs, current economy of scale?

[+]

What an excellent video overview!

That does look like there's still a lot of manual labor in the depicted production process... Automation and clean energy.

[-]

Investors use AI to analyse CEOs’ language patterns and tone

This might be the best NewsArticle headline on HN I've ever seen.

Why, what does it say? Can you log that in a reproducible Notebook with Docs and Test assertions please?

Or are we talking about maybe a ScholarlyArticle CreativeWork with a https://schema.org/funder property or just name and url.

[-]

Graph of Keybase commits pre and post Zoom acquisition

0des | 2021-10-09 19:15:34 | 348 | # | ^
[+]
[+]
[+]
[+]

FWIU, Cyph does Open Source E2E chat, files, and unlimited length social posts to circles or to public; but doesn't yet do encrypted git repos that can be solved with something like git-crypt. https://github.com/cyph/cyph

It would be wasteful to throw away the Web of Trust (people with handles to keys) that everyone entered into Keybase. Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?

From https://news.ycombinator.com/item?id=19185998 https://westurner.github.io/hnlog/#comment-19185998 :

> There's also "Web Key Directory"; which hosts GPG keys over HTTPS from a .well-known URL for a given user@domain identifier: https://wiki.gnupg.org/WKD

> GPG presumes secure key distribution

> Compared to existing PGP/GPG keyservers [HKP], WKD does rely upon HTTPS.

Blockcerts can be signed when granted to a particular identity entity:

> Here are the open sources of blockchain-certificates/cert-issuer and blockchain-certificates/cert-verifier-js: https://github.com/blockchain-certificates

CT Certificate Transparency logs for key grants and revocations may depend upon a centralized or a decentralized Merkleized datastore: https://en.wikipedia.org/wiki/Certificate_Transparency

How do I specify the correct attributes of my schema.org/Person record (maybe on my JAMstack site) in order to approximate the list of identities that e.g. Keybase lets one register and refer to a cryptographic proof of?

Do I generate a W3C DID and claim my identities by listing them in a JSON-LD document signed with W3C ld-proofs (ld-signatures)? Which of the key directory and Web of Trust features of Keybase are covered by existing W3C spec Use Cases?

From https://news.ycombinator.com/item?id=28701355:

> "Use Cases and Requirements for Decentralized Identifiers" https://www.w3.org/TR/did-use-cases/

>> 2. Use Cases: Online shopper, Vehicle assemblies, Confidential Customer Engagement, Accessing Master Data of Entities, Transferable Skills Credentials, Cross-platform User-driven Sharing, Pseudonymous Work, Pseudonymity within a supply chain, Digital Permanent Resident Card, Importing retro toys, Public authority identity credentials (eIDAS), Correlation-controlled Services

> And then, IIUC W3C Verifiable Credentials / ld-proofs can be signed with W3C DID keys - that can also be generated or registered centrally, like hosted wallets or custody services. There are many Use Cases for Verifiable Credentials: https://www.w3.org/TR/vc-use-cases/ :

>> 3. User Needs: Education, Retail, Finance, Healthcare, Professional Credentials, Legal Identity, Devices

>> 4. User Tasks: Issue Claim, Assert Claim, Verify Claim, Store / Move Claim, Retrieve Claim, Revoke Claim

>> 5. Focal Use Cases: Citizenship by Parentage, Expert Dive Instructor, International Travel with Minor and Upgrade

>> 6. User Sequences: How a Verifiable Credential Might Be Created, How a Verifiable Credential Might Be Used

Is there an ACME-like thing to verify online identity control like Keybase still does?

Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?

> Is there an ACME-like thing to verify online identity control like Keybase still does?

From https://news.ycombinator.com/item?id=28926739 :

> NIST SP 800-63 https://pages.nist.gov/800-63-3/ :

> SP 800-63-3: Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3

> SP 800-63A: Enrollment and Identity Proofing https://doi.org/10.6028/NIST.SP.800-63a

FWIU, NIST SP 800-63A Enrollment and Identity Proofing specifies a spec sort of like ACME but for offline identity.

"Key server (cryptographic)" https://en.wikipedia.org/wiki/Key_server_(cryptographic)

> The last IETF draft for HKP also defines a distributed key server network, based on DNS SRV records: to find the key of someone@example.com, one can ask it by requesting example.com's key server.

> Keyserver examples: These are some keyservers that are often used for looking up keys with `gpg --recv-keys`.[6] These can be queried via https:// (HTTPS) or hkps:// (HKP over TLS) respectively: keys.openpgp.org , pgp.mit.edu , keyring.debian.org , keyserver.ubuntu.com ,

"Linked Data Signatures for GPG" https://gpg.jsld.org/

  npm i @transmute/lds-gpg2020 -g
  gpg2020 sign -u "3BCAC9A882DEFE703FD52079E9CB06E71794A713" $(pwd)/docs/example/doc.json did:btcr:xxcl-lzpq-q83a-0d5#yubikey
From https://gpg.jsld.org/contexts/#GpgSignature2020 :

> GpgSignature2020: A JSON-LD Document has been signed with GpgSignature2020, when it contains a proof field with type GpgSignature2020. The proof must contain a key signatureValue with value defined by the signing algorithm described here. Example:

  {
  "@context": [
    "https://gpg.jsld.org/contexts/lds-gpg2020-v0.0.jsonld",
    {
      "schema": "http://schema.org/",
      "name": "schema:name",
      "homepage": "schema:url",
      "image": "schema:image"
    }
  ],
  "name": "Manu Sporny",
  "homepage": "https://manu.sporny.org/",
  "image": "https://manu.sporny.org/images/manu.png",
  "proof": {
    "type": "GpgSignature2020",
    "created": "2020-02-16T18:21:26Z",
    "verificationMethod": "did:web:did.or13.io#20a968a458342f6b1a822c5bfddb584bdf141f95",
    "proofPurpose": "assertionMethod",
    "signatureValue": "-----BEGIN PGP SIGNATURE-----\n\niQEzBAABCAAdFiEEIKlopFg0L2sagixb/dtYS98UH5UFAl5JiCYACgkQ/dtYS98U\nH5U8TQf/WS92hXkdkdBQ0xJcaSkoTsGspshZ+lT98N2Dqu6I1Q01VKm+UMniv5s/\n3z4VX83KuO5xtepFjs4S95S4gLmr227H7veUdlmPrQtkGpvRG0Ks5mX7tPmJo2TN\nDwm1imm+zvJ+MXr3Ld24qaRJA9dI+AoZ5HXqNp96Yncj3oWD+DtVIZmC/ZiUw43a\nLpMYy94Hie7Ad86hEoqsdRxrwq7O6KZ29TAKi5T/taemayyXY7papU28mGjVEcvO\na7M3XNBflMcMEB+g6gjrANsgFNO6tOuvOQ2+4v6yMfpJ0ji4ta7q2d4QKqGi5YhE\nsRUORN+7HJrkmSTaT7gBpFQ+YUnyLA==\n=Uzp1\n-----END PGP SIGNATURE-----\n"
    }
  }

[-]

Single sign-on: What we learned during our identity alpha

[+]
[+]
[+]

Thx. NIST SP 800-63* https://pages.nist.gov/800-63-3/ :

> SP 800-63-3: Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3

> SP 800-63A: Enrollment and Identity Proofing https://doi.org/10.6028/NIST.SP.800-63a

> SP 800-63B: Authentication and Lifecycle Management https://doi.org/10.6028/NIST.SP.800-63b

> SP 800-63C: Federation and Assertions https://doi.org/10.6028/NIST.SP.800-63c

[-]

Five things we still don’t know about water

[+]

But where did the water come from? Neptune? Europa? Comet(s)? Is it just the distance to our nearest star in our habitable zone here that results in liquid water being likely?

From the article:

> But the exact mechanism for how water evaporates isn’t completely understood. The evaporation rate is traditionally represented in terms of a rate of collision between molecules, multiplied by a fudge factor called the evaporation coefficient, which varies between zero and one. Experimental determination of this coefficient, spanning several decades, has varied over three orders of magnitude.

From https://en.wikipedia.org/wiki/Evaporation :

> Evaporation is a type of vaporization that occurs on the surface of a liquid as it changes into the gas phase.[1] The surrounding gas must not be saturated with the evaporating substance. When the molecules of the liquid collide, they transfer energy to each other based on how they collide with each other. When a molecule near the surface absorbs enough energy to overcome the vapor pressure, it will escape and enter the surrounding air as a gas.[2] When evaporation occurs, the energy removed from the vaporized liquid will reduce the temperature of the liquid, resulting in evaporative cooling.[3]

[-]

New Optical Switch Up to 1000x Faster Than Transistors

ofou | 2021-10-19 19:45:09 | 267 | # | ^
[+]
[+]
[+]
[+]

Are they polarized photons though?

[-]

Show HN: I built a sonar into my surfboard

[+]

FWIU, EM backscatter can be used for e.g. gesture recognition, heartbeat detection, and metal detection. https://en.wikipedia.org/wiki/Backscatter

Entropy of wave noises may or may not be the issue.

Edit: (NASA spinoff) "Radar Device Detects Heartbeats Trapped under Wreckage" https://spinoff.nasa.gov/Spinoff2018/ps_1.html

> The Edgewood, Maryland-based company is developing a line of such remote sensing devices to aid search and rescue teams, based on advanced radar technologies developed by NASA and refined for this purpose at the Agency’s Jet Propulsion Laboratory (JPL).

> NASA has long analyzed weak radio signals to identify slight physical movements, such as seismic activity seen from low-Earth orbit or minor alterations in a satellite’s path around another planet that might indicate gravity fluctuations, explains Jim Lux, JPL’s task manager for the FINDER project. However, to pick out such faint patterns in the data, these devices must cancel out huge amounts of noise. “The core technology here is measuring a small signal in the context of another larger signal that’s confusing you,” Lux says.

(FWIW, some branches may have helicopters with infrared that they can cost over for disaster relief.)

[-]

Cortical Column Networks

Hey, Cortical Columns!

From "Jeff Hawkins Is Finally Ready to Explain His Brain Research" https://news.ycombinator.com/item?id=18214707 https://westurner.github.io/hnlog/#comment-18218504

What does (parallel) spreading activation have to do with Cortical Column Networks maybe and redundancy? https://en.wikipedia.org/wiki/Spreading_activation

[+]

From https://medium.com/syncedreview/google-replaces-bert-self-at... :

> New research from a Google team proposes replacing the self-attention sublayers with simple linear transformations that “mix” input tokens to significantly speed up the transformer encoder with limited accuracy cost. Even more surprisingly, the team discovers that replacing the self-attention sublayer with a standard, unparameterized Fourier Transform achieves 92 percent of the accuracy of BERT on the GLUE benchmark, with training times that are seven times faster on GPUs and twice as fast on TPUs."

Would Transformers (with self-attention) make what things better? Maybe QFT? There are quantum chemical interactions in the brain. Are they necessary or relevant for what fidelity of emulation of a non-discrete brain?

https://en.wikipedia.org/wiki/Quantum_Fourier_transform

[-]

Startup Ideas

luu | 2021-10-05 07:30:30 | 223 | # | ^
[+]

IIUC, in 2021, you can dock a PineTab or a PinePhone with a USB-C PD hub that has HDMI, USB, and Ethernet and use any of a number of Linux Desktop operating systems on a larger screen with full size keyboard and mouse.

The PineTab has a backlit keyboard and IIUC the PinePhone has a keyboard & aux battery case that doesn't yet also include the fingerprint sensor or wireless charging. https://www.pine64.org/blog/

[-]

It is easier to educate a Do-er than to motivate the educated

tosh | 2021-10-05 13:15:42 | 448 | # | ^

~ "Imagine that one could give you a copy of all of their knowledge. If you do not choose to apply and learn on your own, you can never."

This is about regimen, this is about stamina, this is about sticktoitiveness; and if you don't want it, you don't need it, you'll never. And I mean never.

The Grit article on Wikipedia mentions persistence and tenacity and stick-to-it-tiveness as roughly synonymous; and that grit may not be that distinct from other Big Five personality traits, but we're not about to listen to that, we're not going with that, because Grit is predictor of success. https://en.wikipedia.org/wiki/Grit_(personality_trait)

To the original point,

> In psychology, grit is a positive, non-cognitive trait based on an individual's perseverance of effort combined with the passion for a particular long-term goal or end state (a powerful motivation to achieve an objective). This perseverance of effort promotes the overcoming of obstacles or challenges that lie on the path to accomplishment and serves as a driving force in achievement realization. Distinct but commonly associated concepts within the field of psychology include "perseverance", "hardiness", "resilience", "ambition", "need for achievement" and "conscientiousness". These constructs can be conceptualized as individual differences related to the accomplishment of work rather than talent or ability.

[-]

Are software engineering “best practices” just developer preferences?

[+]
[+]

Critical systems: https://en.wikipedia.org/wiki/Critical_system :

> There are four types of critical systems: safety critical, mission critical, business critical and security critical.

Safety-critical systems > "Software engineering for safety-critical systems" https://en.wikipedia.org/wiki/Safety-critical_system#Softwar... :

> By setting a standard for which a system is required to be developed under, it forces the designers to stick to the requirements. The avionics industry has succeeded in producing standard methods for producing life-critical avionics software. Similar standards exist for industry, in general, (IEC 61508) and automotive (ISO 26262), medical (IEC 62304) and nuclear (IEC 61513) industries specifically. The standard approach is to carefully code, inspect, document, test, verify and analyze the system. Another approach is to certify a production system, a compiler, and then generate the system's code from specifications. Another approach uses formal methods to generate proofs that the code meets requirements.[11] All of these approaches improve the software quality in safety-critical systems by testing or eliminating manual steps in the development process, because people make mistakes, and these mistakes are the most common cause of potential life-threatening errors.

awesome-safety-critical lists very many resources for safety critical systems: https://awesome-safety-critical.readthedocs.io/en/latest/

There are many ['Engineering'] certification programs for software and other STEM fields. One test to qualify applicants does not qualify as a sufficient set of controls for safety critical systems that must be resilient, fault-tolerant, and redundant.

A real Engineer knows that there are insufficient process controls from review of very little documentation; it's just process wisdom from experience. An engineer starts with this premise: "There are insufficient controls to do this safely" because [test scenario parameter set n] would result in the system state - the output of probably actually a complex nonlinear dynamic system - being unacceptable: outside of acceptable parameters for safe operation.

Are there [formal] Engineering methods that should be requisite to "Computer Science" degrees? What about "Applied Secure Coding Practices in [Language]"? Is that sufficient to teach theory and formal methods?

From "How We Proved the Eth2 Deposit Contract Is Free of Runtime Errors" https://news.ycombinator.com/item?id=28513922 :

>> From "Discover and Prevent Linux Kernel Zero-Day Exploit Using Formal Verification" https://news.ycombinator.com/item?id=27442273 :

>> [Coq, VST, CompCert]

>> Formal methods: https://en.wikipedia.org/wiki/Formal_methods

>> Formal specification: https://en.wikipedia.org/wiki/Formal_specification

>> Implementation of formal specification: https://en.wikipedia.org/wiki/Anti-pattern#Software_engineer...

>> Formal verification: https://en.wikipedia.org/wiki/Formal_verification

>> From "Why Don't People Use Formal Methods?" https://news.ycombinator.com/item?id=18965964 :

>>> Which universities teach formal methods?

>>> - q=formal+verification https://www.class-central.com/search?q=formal+verification

>>> - q=formal+methods https://www.class-central.com/search?q=formal+methods

>>> Is formal verification a required course or curriculum competency for any Computer Science or Software Engineering / Computer Engineering degree programs? https://news.ycombinator.com/item?id=28513922

From "Ask HN: Is it worth it to learn C in 2020?" https://news.ycombinator.com/item?id=21878372 :

> There are a number of coding guidelines e.g. for safety-critical systems where bounded running time and resource consumption are essential. These coding guidelines and standards are basically only available for C, C++, and Ada.

awesome-safety-critical > Software safety standards: https://awesome-safety-critical.readthedocs.io/en/latest/#so...

awesome-safety-critical > Coding Guidelines: https://awesome-safety-critical.readthedocs.io/en/latest/#co...

[-]

Major Quantum Computing Strategy Suffers Serious Setbacks

[+]
[+]
[+]

"Quantized Majorana conductance not actually observed within indium antimonide nanowires"

"Quantum qubit substrate found to be apparently insufficient" (Given the given methods and probably available resources)

And then - in an attempt to use terminology from Constructor Theory https://en.m.wikipedia.org/wiki/Constructor_theory :

> In constructor theory, a transformation or change is described as a task. A constructor is a physical entity which is able to carry out a given task repeatedly. A task is only possible if a constructor capable of carrying it out exists, otherwise it is impossible. To work with constructor theory everything is expressed in terms of tasks. The properties of information are then expressed as relationships between possible- and impossible tasks. Counterfactuals are thus fundamental statements and the properties of information may be described by physical laws.[4] If a system has a set of attributes, the set of permutations of these attributes is seen as a set of tasks. A computation medium is a system whose attributes permute to always produce a possible task. The set of permutations, and hence of tasks, is a computation set. If it is possible to copy the attributes in the computation set, the computation medium is also an information medium.

> Information, or a given task, does not rely on a specific constructor. Any suitable constructor will serve. This ability of information to be carried on different physical systems or media is described as interoperability, and arises as the principle that the combination of two information media is also an information medium.[4] Media capable of carrying out quantum computations are called superinformation media, and are characterised by specific properties. Broadly, certain copying tasks on their states are impossible tasks. This is claimed to give rise to all the known differences between quantum and classical information.[4]

"Subsequent attempts to reproduce [Quantized Majorana conductance (topological qubits of arranged electrons) within indium antimonide nanowires] eventually as a (quantum) computation medium for the given tasks failed"

"Quantum computation by Majorana zero-mode (MZM) quasiparticles in indium antimonide nanowires not actually apparently possible"

... "But what about in DDR5?" Which leads us to a more generally interesting: "Rowhammer for qubits", which is already an actual Quantum on Silicon (QoS) thing.

[-]

Attempts to scientifically “rationalize” policy may be damaging democracy

First, not having read the article:

#EvidenceBasedPolicy is a worthwhile objective even if only because the alternative is to just blow money without measuring ROI at all [because government expenditures are the actual key to feeding the beast, the economic beast, the...].

What are some examples of policy failures where Systematic review and Meta-analysis could have averted loss, harms, waste, catastrophe, long-term costs? Is that cherry picking? The other times we can just throw a dart and that's better than, ahem, these idiots we afford trying to do science?

Wouldn't it be fair to require that constituent ScholarlyArticles (and other CreativeWorks) be kept on file with e.g. the Library of Congress?

Non-federal governments usually have very similar IT and science policy review needs. Should adapting one system for non-federal governments be more complex than specifying a different String or URL in the token_name field in a transaction?

When experts review ScholarlyArticles on our behalf, they should share their structured and unstructured annotations in such a way that their cryptographically signed reviews - and highlights to identify and extract structured facts like summary statistics like sample size and IRB-reviewed study controls - become part of a team-focused collaborative systematic meta-analysis that is kept on file and regularly reviewed in regards to e.g. retractions, typical cognitive biases, failures in experimental design and implementation, and general insufficiencies that should cause us to re-evaluate our beliefs given all available information which meets our established inclusion criteria.

We have a process for peer review of PDFs - and hopefully datasets with locality for reproducibility and unitarity which purportedly helps us work through something like this sequence:

Data / Information / Knowledge / Experience / Wisdom

We often have gaps in our processes to support such progress in developing wisdom from knowledge that should be predicated upon sound information and data and then experience, bias, creeps in.

Basic principles restricting the powers of the government should prevent the government - us, we - from specifically violating the protected rights of persons; but we have allowed "Science" to cloud our judgement in application of our most basic principles of justice - i.e. Life, Liberty, and the pursuit of Happiness; and Equality and Equitability - and should we chalk the unintended consequences up to ignorance or malice?

More science all around: more Data Literacy - awareness of how many bad statistical claims are made all day around the world everywhere - is good and necessary and essential to Media Literacy, which is how we would be forming our opinions if we didn't have better tools for truth and belief for science.

"What does it mean to know?" etc.

Logic, Inference, Reasoning and Statistics probably predicated upon classical statistical mechanics are supposed to bring us closer to knowing: to bring our beliefs closer to the most widely observed truths.

Which Verifiable Claims do we trust? What studies do we admit into our personal and community meta-analyses according to our shared inclusion criteria?

"Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA)" is one standard for meta-analyses, for example. http://www.prisma-statement.org/ . Could the bad guys or the dumb good guys lie with that control in place, too? Can knowing our rights - and upholding oaths to uphold values - protect us from meta-analytical group failure?

Perhaps STEM (Science, Technology, Engineering, art, and Medicine/Math) majors and other interested parties can help develop solutions for #EvidenceBasedPolicy?

This one fell flat. Maybe it was the time of day? The question should be asked every year, at least, eh? "Ask HN: Systems for supporting Evidence-Based Policy?" https://news.ycombinator.com/item?id=22920613

>> What tools and services would you recommend for evidence-based policy tasks like meta-analysis, solution criteria development, and planned evaluations according to the given criteria?

>> Are they open source? Do they work with linked open data?

> I suppose I should clarify that citizens, consumers, voters, and journalists are not acceptable answers

"#LinkedMetaAnalyses", "#StructuredPremises"; Ctrl-F "linkedmeta", "linkedrep", "#LinkedResearch": https://westurner.github.io/hnlog/

Alright, my fair biases disclosed, on to the reading the actual article: /1

[-]

Response to 'Call for Review: Decentralized Identifiers (DIDs) v1.0'

[+]
[+]
[+]

> Somebody introduces a new technology to address these concerns every couple years and it doesn't go anywhere. These aren't actually problems to a lot of users.

"Use Cases and Requirements for Decentralized Identifiers" https://www.w3.org/TR/did-use-cases/

> 2. Use Cases: Online shopper, Vehicle assemblies, Confidential Customer Engagement, Accessing Master Data of Entities, Transferable Skills Credentials, Cross-platform User-driven Sharing, Pseudonymous Work, Pseudonymity within a supply chain, Digital Permanent Resident Card, Importing retro toys, Public authority identity credentials (eIDAS), Correlation-controlled Services

And then, IIUC W3C Verifiable Credentials / ld-proofs can be signed with W3C DID keys - that can also be generated or registered centrally, like hosted wallets or custody services. There are many Use Cases for Verifiable Credentials: https://www.w3.org/TR/vc-use-cases/ :

> 3. User Needs: Education, Retail, Finance, Healthcare, Professional Credentials, Legal Identity, Devices

> 4. User Tasks: Issue Claim, Assert Claim, Verify Claim, Store / Move Claim, Retrieve Claim, Revoke Claim

> 5. Focal Use Cases: Citizenship by Parentage, Expert Dive Instructor, International Travel with Minor and Upgrade

> 6. User Sequences: How a Verifiable Credential Might Be Created, How a Verifiable Credential Might Be Used

IIRC DHS funded some of the W3C DID and Verified Credentials specification efforts. See also: https://news.ycombinator.com/item?id=26758099

There's probably already a good way to bridge between sub-SKU GS1 schema.org/identifier on barcodes and QR codes and with DIDs. For GS1, you must register a ~namespace prefix and then you can use the rest of the available address space within the barcode or QR code IIUC.

DIDs can replace ORCIDs - which you can also just generate a new one of - for academics seeking to group their ScholarlyArticles by a better identifier than a transient university email address.

The new UUID formats may or may not be optionally useful in conjunction with W3C DID, VC, and Verifiable News, etc. https://news.ycombinator.com/item?id=28088213

When would a DID be a better choice than a UUID?

[-]

Apple didn't revolutionize power supplies; new transistors did (2012)

[+]
[+]

All brands should put USB-A and USB-C ports on the power brick.

[-]

What does my engineering manager do all day?

[+]
[+]

> - many meetings can be replaced by an update email

Highlights from the feed(s); GitLab has the better activity view IMHO but I haven't tried the new GitHub Issues beta yet.

3 questions from 5 minute Stand-Up Meetings (because everyone's actually standing there trying to leave) for Digital Stand Up Meetings: Since, Before, Obstacles:

  ## 2021-09-28
  ### @teammembername
  #### Since
  #### Before
  #### Obstacles
Since: What have you done since last reporting back? Before: What do you plan to do before our next meeting? Obstacles: What needs which other team resources in order to solve the obstacles?

You can do cool video backgrounds for any video conferencing app with pipewire.

You can ask team members to prep a .txt with their 3 questions and drop it in the chat such that the team can reply to individual #fragments of your brief status report / continued employment justification argument

> - decisions often work better through docs + feedback than big meetings

SO, ah, asynchronous communication doesn't require transcripting for the "Leader Assistant" that does the Mando quarterly minutes from the team chat logs, at least

6 Patterns of Collaboration: GRCOEB: Generate, Reduce, Clarify, Organize, Evaluate, Build Consensus [Six Patterns]; voting on specific Issues, and ideally Chat - [x] lineitems, and https://schema.org/SocialMediaPosting with emoji reactions

[Six Patterns]: http://wrdrd.github.io/docs/consulting/team-building#six-pat... , Text Templates, Collaboration Checklist: Weighted Criteria, Ranked-choice Voting.

Docs and posts with URLs and in-text pull-quotes do better than another list of citations at the end.

> - you don't need frequent contact with the team if the goals and constraints are communicated very clearly

Metrics: OKRs, KPIs, #GlobalGoals Goals Targets and Indicators

Tools / Methods; Data / Information / Knowledge / Experience / Wisdom:

- Issues: Title, - [ ] Description, Labels, Assignee, - [ ] Comments, Emoji Reactions;

- Pull Requests, - [ ] [Optional] [Formal] Reviews, Labels & "Codelabels", label:SkipPreflight, CI Build Logs, and Signed Deployed Documented Applications; code talks, the tests win again, docs sell

- Find and Choose - with Consensus - a sufficiently mature Component that already testably does: unified Email notifications (with inbound replies,) and notifications on each and every Chat API and the web standard thing finally, thanks: W3C Web Notifications.

- Contribute Tests for [open source] Components.

- [ ] Create a workflow document with URLs and Text Templates

- [ ] Create a daily running document with my 3 questions and headings and indented markdown checkbox lists; possibly also with todotxt/todo.txt / TaskWarrior & BugWarrior -style lineitem markup.

What does an engineering manager do all day?

A polite answer would be, continuously reevaluate the tests of the product and probably also the business model if anyone knew what they were up to in there

[-]

Using two keyboards at once for pain relief

[+]
[+]

The MS Natural split keyboards are easy to find but aren't satisfyingly clicky mechanical keys just like olden times.

How long do these last?

Edit: "Ergonomic keyboard" https://en.wikipedia.org/wiki/Ergonomic_keyboard > #Split_keyboard:

> Split keyboards group keys into two or more sections. Ergonomic split keyboards can be fixed, where you cannot change the positions of the sections, or adjustable. Split keyboards typically change the angle of each section, and the distance between them. On an adjustable split keyboard, this can be tailored exactly to the user. People with a broad chest will benefit from an adjustable split keyboard's ability to customize the distance between the two halves of the board. This ensures the elbows are not too close together when typing. [2]

[-]

Waydroid – Run Android containers on Ubuntu

[+]
[+]
[+]

> binfmt_misc

https://en.wikipedia.org/wiki/Binfmt_misc

> binfmt_misc can also be combined with QEMU to execute programs for other processor architectures as if they were native binaries.[9]

QEMU supported [ARM guest] machines: https://wiki.qemu.org/Documentation/Platforms/ARM#Supported_...

Edit: from "Running and Building ARM Docker Containers on x86" (which also describes how to get CUDA working) https://www.stereolabs.com/docs/docker/building-arm-containe... :

  sudo apt-get install qemu binfmt-support qemu-user-static # Install the qemu packages
  docker run --rm --privileged multiarch/qemu-user-static --reset -p yes # Execute the registering scripts

  docker run --rm -t arm64v8/ubuntu uname -m # Test the emulation environment
https://github.com/multiarch/qemu-user-static :

> multiarch/qemu-user-static is to enable an execution of different multi-architecture containers by QEMU [1] and binfmt_misc [2]. Here are examples with Docker [3].

Why the heck isn't there just an official Android container and/or a LineageOS container?

It's not a certified device, so.

There are a number of ways to build "multi-arch docker images" e.g. for both x86 and ARM: OCI, docker build, podman build, buildx, buildah.

Containers are testable.

Here's this re: whether the official OpenWRT container should run /sbin/init in order to run procd, ubusd,: https://github.com/docker-library/official-images/pull/7975#...

AFAIU, from a termux issue thread re: repackaging everything individually, latest Android requires binaries to be installed from APKs to get the SELinux context label necessary to run?

[-]

Biologists Rethink the Logic Behind Cells’ Molecular Signals

[+]
[+]

Most cells or matter in the body?

From https://www.nature.com/articles/nature.2016.19136 :

> A 'reference man' (one who is 70 kilograms, 20–30 years old and 1.7 metres tall) contains on average about 30 trillion human cells and 39 trillion bacteria, […] Those numbers are approximate — another person might have half as many or twice as many bacteria, for example — but far from the 10:1 ratio commonly assumed.

Symbiosis https://en.wikipedia.org/wiki/Symbiosis :

> Symbiosis […] is any type of a close and long-term biological interaction between two different biological organisms, be it mutualistic, commensalistic, or parasitic. […]

> Symbiosis can be obligatory, which means that one or more of the symbionts depend on each other for survival, or facultative (optional), when they can generally live independently. […]

> Symbiosis is also classified by physical attachment. When symbionts form a single body it is called conjunctive symbiosis, while all other arrangements are called disjunctive symbiosis.[3] When one organism lives on the surface of another, such as head lice on humans, it is called ectosymbiosis; when one partner lives inside the tissues of another, such as Symbiodinium within coral, it is termed endosymbiosis.

Endosymbiont: https://en.wikipedia.org/wiki/Endosymbiont :

> Two major types of organelle in eukaryotic cells, mitochondria and plastids such as chloroplasts, are considered to be bacterial endosymbionts.[6] This process is commonly referred to as symbiogenesis.

Symbiogenesis: https://en.wikipedia.org/wiki/Symbiogenesis #Secondary_endosymbiosis ... Viral eukaryogenesis: https://en.wikipedia.org/wiki/Viral_eukaryogenesis :

> A number of precepts in the theory are possible. For instance, a helical virus with a bilipid envelope bears a distinct resemblance to a highly simplified cellular nucleus (i.e., a DNA chromosome encapsulated within a lipid membrane). In theory, a large DNA virus could take control of a bacterial or archaeal cell. Instead of replicating and destroying the host cell, it would remain within the cell, thus overcoming the tradeoff dilemma typically faced by viruses. With the virus in control of the host cell's molecular machinery, it would effectively become a functional nucleus. Through the processes of mitosis and cytokinesis, the virus would thus recruit the entire cell as a symbiont—a new way to survive and proliferate.

T-Cell # Activation: https://en.wikipedia.org/wiki/T_cell#Activation

> Both are required for production of an effective immune response; in the absence of co-stimulation, T cell receptor signalling alone results in anergy. […]

> Once a T cell has been appropriately activated (i.e. has received signal one and signal two) it alters its cell surface expression of a variety of proteins.

T-cell receptor § Signaling pathway: https://en.wikipedia.org/wiki/T-cell_receptor#Signaling_path...

Co-stimulation : https://en.wikipedia.org/wiki/Co-stimulation :

> Co-stimulation is a secondary signal which immune cells rely on to activate an immune response in the presence of an antigen-presenting cell.[1] In the case of T cells, two stimuli are required to fully activate their immune response. During the activation of lymphocytes, co-stimulation is often crucial to the development of an effective immune response. Co-stimulation is required in addition to the antigen-specific signal from their antigen receptors.

Anergy: https://en.wikipedia.org/wiki/Clonal_anergy :

> [Clonal] Anergy is a term in immunobiology that describes a lack of reaction by the body's defense mechanisms to foreign substances, and consists of a direct induction of peripheral lymphocyte tolerance. An individual in a state of anergy often indicates that the immune system is unable to mount a normal immune response against a specific antigen, usually a self-antigen. Lymphocytes are said to be anergic when they fail to respond to their specific antigen. Anergy is one of three processes that induce tolerance, modifying the immune system to prevent self-destruction (the others being clonal deletion and immunoregulation ).[1]

Clonal deletion: https://en.wikipedia.org/wiki/Clonal_deletion :

> There are millions of B and T cells inside the body, both created within the bone marrow and the latter matures in the thymus, hence the T. Each of these lymphocytes express specificity to a particular epitope, or the part of an antigen to which B cell and T cell receptors recognize and bind. There is a large diversity of epitopes recognized and, as a result, it is possible for some B and T lymphocytes to develop with the ability to recognize self.[4] B and T cells are presented with self antigen after developing receptors while they are still in the primary lymphoid organs.[3][4] Those cells that demonstrate a high affinity for this self antigen are often subsequently deleted so they cannot create progeny, which helps protect the host against autoimmunity.[2][3] Thus, the host develops a tolerance for this antigen, or a self tolerance.[3]

"DNA threads released by activated CD4+ T lymphocytes provide autocrine costimulation" (2019) https://www.pnas.org/content/116/18/8985

> A growing body of literature has shown that, aside from carrying genetic information, both nuclear and mitochondrial DNA can be released by innate immune cells and promote inflammatory responses. Here we show that when CD4+ T lymphocytes, key orchestrators of adaptive immunity, are activated, they form a complex extracellular architecture composed of oxidized threads of DNA that provide autocrine costimulatory signals to T cells. We named these DNA extrusions “T helper-released extracellular DNA” (THREDs).

FWIU, there's also a gut-brain pathway? Or is that also this "signaling method" for feedback in symbiotic complex dynamic systems?

From https://en.wikipedia.org/wiki/Complex_system :

> Complex systems are systems whose behavior is intrinsically difficult to model due to the dependencies, competitions, relationships, or other types of interactions between their parts or between a given system and its environment. Systems that are "complex" have distinct properties that arise from these relationships, such as nonlinearity, emergence, spontaneous order, adaptation, and feedback loops, among others. Because such systems appear in a wide variety of fields, the commonalities among them have become the topic of their independent area of research. In many cases, it is useful to represent such a system as a network where the nodes represent the components and links to their interactions.

Graph, Hypergraph, Property graph, Linked Data, AtomSpace, RDF* + SPARQL*, ONNX, {...}

> The term complex systems often refers to the study of complex systems, which is an approach to science that investigates how relationships between a system's parts give rise to its collective behaviors and how the system interacts and forms relationships with its environment.[1] The study of complex systems regards collective, or system-wide, behaviors as the fundamental object of study; for this reason, complex systems can be understood as an alternative paradigm to reductionism, which attempts to explain systems in terms of their constituent parts and the individual interactions between them.

A multi-digraph of probably nonlinear relations may not be the best way to describe the fields of even just a few electroweak magnets?

> As an interdisciplinary domain, complex systems draws contributions from many different fields, such as the study of self-organization and critical phenomena from physics, that of spontaneous order from the social sciences, chaos from mathematics, adaptation from biology, and many others. Complex systems is therefore often used as a broad term encompassing a research approach to problems in many diverse disciplines, including statistical physics, information theory, nonlinear dynamics, anthropology, computer science, meteorology, sociology, economics, psychology, and biology.

... Glossary of Systems Theory: https://en.wikipedia.org/wiki/Glossary_of_systems_theory

The Shunting-yard algorithm converts infix notation to RPN

RosettaCode has examples of the Shunting-Yard algorithm for parsing infix notation ((1+2)*3)^4 to an AST or just a stack of data and operators such as RPN: [ ]

Parsing/Shunting-yard algorithm: https://rosettacode.org/wiki/Parsing/Shunting-yard_algorithm

Parsing/RPN to infix conversion: https://rosettacode.org/wiki/Parsing/RPN_to_infix_conversion...

Applications: testing all combinations of operators with and without term grouping; parentheses; such as evolutionary algorithms or universal function approximaters that explore the space.

For example: https://github.com/westurner/notebooks/blob/gh-pages/maths/b... :

> This still isn't the complete set of possible solutions

[-]

[deleted]

[-]

How should logarithms be taught?

As one shape of a curve; in a notebook that demonstrates multiple methods of curve fitting with and without a logarithmic transform.

Logarithm: https://simple.wikipedia.org/wiki/Logarithm ; https://en.wikipedia.org/wiki/Logarithm :

> In mathematics, the logarithm is the inverse function to exponentiation. That means the logarithm of a given number x is the exponent to which another fixed number, the base b, must be raised, to produce that number x.

List of logarithmic identities: https://en.wikipedia.org/wiki/List_of_logarithmic_identities

List of integrals of logarithmic functions: https://en.wikipedia.org/wiki/List_of_integrals_of_logarithm...

As functions in a math library or a CAS that should implement the correct axioms correctly:

Sympy Docs > Functions > Contents: https://docs.sympy.org/latest/modules/functions/index.html#c...

sympy.functions.elementary.exponential. log(x, base=e) == log(x)/log(e), exp(), LambertW(), exp_polar() https://docs.sympy.org/latest/modules/functions/elementary.h...

"Exponential, Logarithmic and Trigonometric Integrals" sympy.functions.special.error_functions. Ei: exponential integral, li: logarithmic integral, Li: offset logarithmic integral https://docs.sympy.org/latest/modules/functions/special.html...

numpy.log. log() base e, log2(), log10(), log1p(x) == log(1 + x) https://numpy.org/doc/stable/reference/generated/numpy.log.h...

numpy.exp. exp(), expm1(x) == exp(x) - 1, exp2(x) == 2*x https://numpy.org/doc/stable/reference/generated/numpy.exp.h...

Khan Academy > Algebra 2 > Unit: Logarithms: https://www.khanacademy.org/math/algebra2/x2ec2f6f830c9fb89:...

Khan Academy > Algebra (all content) > Unit: Exponential & logarithmic functions https://www.khanacademy.org/math/algebra-home/alg-exp-and-lo...

3blue1brown: "Logarithm Fundamentals | Lockdown math ep. 6", "What makes the natural log "natural"? | Lockdown math ep. 7" https://www.youtube.com/playlist?list=PLZHQObOWTQDP5CVelJJ1b...

Feynmann Lectures 22-6: Algebra > Imaginary Exponents: https://www.feynmanlectures.caltech.edu/I_22.html#Ch22-S6

Power law functions: https://en.wikipedia.org/wiki/Power_law#Power-law_functions

In a two-body problem, of the 4-5 fundamental interactions: Gravity, Electroweak interaction, Strong interaction, Higgs interaction, a fifth force; which have constant exponential terms in their symbolic field descriptions? https://en.wikipedia.org/wiki/Fundamental_interaction#The_in...

Natural logs in natural systems:

Growth curve (biology) > Exponential growth: https://en.wikipedia.org/wiki/Growth_curve_(biology)#Exponen...

Basic reproduction number: https://en.wikipedia.org/wiki/Basic_reproduction_number

(... Growth hacking; awesome-grwoth-hacking: https://github.com/bekatom/awesome-growth-hacking )

Metcalf's law: https://en.wikipedia.org/wiki/Metcalfe%27s_law

Moore's law; doubling time: https://en.wikipedia.org/wiki/Moore's_law

A block reward halving is a doubling of difficulty. What block reward difficulty schedule would be a sufficient inverse of Moore's law?

A few queries:

logarithm cheatsheet https://www.google.com/search?q=logarithm+cheatsheet

logarithm on pinterest https://www.pinterest.com/search/pins/?q=logarithm

logarithm common core worksheet https://www.google.com/search?q=logarithm+common+core+worksh...

logarithm common core autograded exercise (... Khan Academy randomizes from a parametrized (?) test bank for unlimited retakes for Mastery Learning) https://www.google.com/search?q=logarithm+common+core+autogr...

If only I had started my math career with a binder of notebooks or at least 3-hole-punched notes.

- [ ] Create a git repo with an environment.yml that contains e.g. `mamba install -y jupyter-book jupytext jupyter_contrib_extensions jupyterlab-git nbdime jupyter_console pandas matplotlib sympy altair requests-html`, build a container from said repo with repo2docker, and git commit and push changes made from within the JupyterLab instance that repo2docker layers on top of your reproducible software dependency requirement specification ("REES"). {bash/zsh, git, docker, repo2docker, jupyter, [MyST] markdown and $$ mathTeX $$; Google Colab, Kaggle Kernels, ml-workspace, JupyterLite}

"How I'm able to take notes in mathematics lectures using LaTeX and Vim" https://news.ycombinator.com/item?id=19448678

Here's something like MyST Markdown or Rmarkdown for Jupyter-Book and/or jupytext:

## Log functions

Log functions in the {PyData} community

### LaTeX

#### sympy2latex

What e.g. sympy2latex parses that LaTeX into, in terms of symbolic objects in an expression tree:

### numpy

see above

### scipy

### sympy

see above

### sagemath

### statsmodels

### TensorFlow

### PyTorch

## Logarithmic and exponential computational complexity

- Docs: https://www.bigocheatsheet.com/

- [ ] DOC: Rank these with O(1) first: O(n log n), O(log n), O(1), O(n), O(n*2) +growthcurve +exponential

## Combinatorics, log, exp, and Shannon classical entropy and classical Boolean bits

https://www.google.com/search?q=formula+for+entropy :

  S=k_{b}\ln\Omega
Entropy > Statistical mechanics: https://en.wikipedia.org/wiki/Entropy#Statistical_mechanics

SI unit for [ ] entropy: joules per kelvin (J*K*-1)

*****

In terms of specifying tasks for myself in order to learn {Logarithms,} I could use e.g. todo.txt markup to specify tasks with [project and concept] labels and contexts; but todo.txt doesn't support nested lists like markdown checkboxes with todo.txt markup and/or codelabels (if it's software math)

  - [ ] Read the Logarithms wikipedia page <url> and take +notes +math +logarithms @workstation
    - [o] Read
    - [x] BLD: mathrepo: generate from cookiecutter or nbdev
    - [ ] DOC: mathrepo: logarithm notes
    - [ ] DOC,ART: mathrepo: create exponential and logarithmic charts +logarithms @workstation
    - [ ] ENH,TST,DOC: mathrepo: logarithms with stdlib math, numpy, sympy (and *pytest* or at least `assert` assertion expressions)
    - [ ] ENH,TST,DOC: mathrepo: logarithms and exponents with NN libraries (and *pytest*)
Math (and logic; ultimately thermodynamics) transcend disciplines. To bikeshed - to worry about a name that can be sed-replaced later - but choose a good variable name now, Is 'mathrepo' the best scope for this project? Smaller dependency sets (i.e. simpler environment.yml) seem to result in less version conflicts. `conda env export --from-history; mamba env export --from-history; pip freeze; pipenv -h; poetry -h`

### LaTeX

  $$ \log_{b} x = (b^? = x) $$
  $$ 2^3 = 8 $$
  $$ \log_{2} 8 = 3 $$
  $$ \ln e = 1 $$
  $$ \log_b(xy)=\log_b(x)+\log_b(y) $$

  $ \begin{align}
  \textit{(1) } \log_b(xy) & = \log_b(x)+\log_b(y)
  \end{align} $
Sources: https://en.wikipedia.org/w/index.php?title=List_of_logarithm... ,

#### sympy2latex

What e.g. sympy2latex parses that LaTeX into, in terms of symbolic objects in an expression tree:

  # install
  #!python -m pip install antlr4-python3-runtime sympy
  #!mamba install -y -q antlr-python-runtime sympy
  
  import sympy
  from sympy.parsing.latex import parse_latex
  
  def displaylatexexpr(latex):
      expr = parse_latex(latex)
      display(str(expr))
      display(expr)
      return expr
    
  displaylatexexpr('\log_{2} 8'))
  # 'log(8, 2)'
  displaylatexexpr('\log_{2} 8 = 3'))
  # 'Eq(log(8, 2), 3)'
  displaylatexexpr('\log_b(xy) = \log_b(x)+\log_b(y)'))
  # 'Eq(log(x*y, b), log(x, b) + log(y, b))'
  displaylatexexpr('\log_{b} (xy) = \log_{b}(x)+\log_{b}(y)')
  # 'Eq(log(x*y, b), log(x, b) + log(y, b))'
  displaylatexexpr('\log_{2} (xy) = \log_{2}(x)+\log_{2}(y)')
  # 'Eq(log(x*y, 2), log(x, 2) + log(y, 2))'

### python standard library

https://docs.python.org/3/library/operator.html#operator.pow

https://docs.python.org/3/library/math.html#power-and-logari...

math. exp(x), expm1(), log(x, base=e), log1p(x), log2(x), log10(x), pow(x, y) : float, assert sqrt() == pow(x, 1/2)

## scipy

https://docs.scipy.org/doc/scipy/reference/generated/scipy.s... scipy.special. xlog1py()

https://docs.scipy.org/doc/scipy/reference/generated/scipy.s...

### sagemath

https://doc.sagemath.org/html/en/reference/functions/sage/fu...

### statsmodels

### TensorFlow https://www.tensorflow.org/api_docs/python/tf/math tf.math. log(), log1P(), log_sigmoid(), exp(), expm1()

https://keras.io/api/layers/activations/

SmoothReLU ("softplus") adds ln to the ReLU activation function, for example: https://en.wikipedia.org/wiki/Rectifier_(neural_networks)#So...

E.g. Softmax & LogSumExp also include natural logarithms in their definitions: https://en.wikipedia.org/wiki/Softmax_function

### PyTorch

https://pytorch.org/docs/stable/generated/torch.log.html torch. log(), log10(), log1p(), log2(), exp(), exp2(), expm1(); logaddexp() , logaddexp2(), logsumexp(), torch.special.xlog1py()

***

Regarding this learning process and these tools, Now I have a few replies to myself (!) in not-quite-markdown and with various headings: I should consolidate this information into a [MyST] markdown Jupyter Notebook and re-lead the whole thing. If this was decent markdown from the start, I'd have less markup work to do to create a ScholarlyArticle / Notebook.

[-]

Automatic cipher suite ordering in Go’s crypto/tls

[+]
[+]

From "Go Crypto and Kubernetes — FIPS 140–2 and FedRAMP Compliance" (2021) https://gokulchandrapr.medium.com/go-crypto-and-kubernetes-f... :

> If a vendor wants to supply cloud-based services to the US Federal Government, then they have to get FedRAMP approval. This certification process covers a whole host of security issues, but is very specific about its requirements on cryptography: usage of FIPS 140–2 validated modules wherever cryptography is needed, these encryption standards protect the cryptographic module from being cracked, altered, or otherwise tampered with. FIPS 140–2 validated encryption is a prerequisite for FedRAMP. [...]

> [...] Go Cryptography and Kubernetes — FIPS 140–2 Kubernetes is a Go project, as are most of the Kubernetes subcomponents and ecosystem. Golang has a crypto standard library, Golang Crypto which fulfills almost all the application crypto needs (TLS stack implementation for HTTPS servers and clients all the way to HMAC or any other primitive that are needed to make signatures to verify hashes, encrypt messages.). Go has made a different choice compared to most languages, which usually come with links or wrappers for OpenSSL or simply don’t provide any cryptography in the standard library (Rust doesn’t have standard library cryptography, JavaScript only has web crypto, Python doesn’t come with a crypto standard library). [...]

> The native go crypto is not FIPS compliant and there are few open proposals to facilitate Go code to meet FIPS requirements. Users can use prominent go compilers/toolsets backed by FIPS validated SSL libraries provided by Google or Redhat which enables Go to bypass the standard library cryptographic routines and instead call into a FIPS 140–2 validated cryptographic library. These toolsets are available as container images, where users can use the same to compile any Go based applications. [...]

> When a RHEL system is booted in FIPS mode, Go will instead call into OpenSSL via a new package that bridges between Go and OpenSSL. This also can be manually enabled by setting `GOLANG_FIPS=1`. The Go Toolset is available as a container image that can be downloaded from Red Hat Container Registry. Red Hat mentions that this as a new feature built on top of existing upstream work (BoringSSL). [...]

> To be FIPS 140–2 compliant, the module must use FIPS 140–2 complaint algorithms, ciphers, key establishment methods, and other protection profiles.

> FIPS-approved algorithms do change at times; not extremely frequently, but more often than they come out with a new version of FIPS 140. [...]

> Some of the fundamental requirements (not limited to) are as follows:

> [...] Support for TLS 1.0 and TLS 1.1 is now deprecated (only allowed in certain cases). TLS 1.3 is the preferred option, while TLS 1.2 is only tolerated.

> [...] DSA/RSA/ECDSA are only approved for key generation/signature.

> [...] The 0-RTT option in TLS 1.3 should be avoided.

Was there lag between the release of TLS 1.3 and an updated release of FIPS 140? @18f @DefenseDigital Can those systems be upgraded as easily?

[+]
[-]

Scikit-Learn Version 1.0

m3at | 2021-09-14 04:50:14 | 260 | # | ^
[+]

There are scikit-learn (sklearn) API-compatible wrappers for e.g. PyTorch and TensorFlow.

Skorch: https://github.com/skorch-dev/skorch

tf.keras.wrappers.scikit_learn: https://www.tensorflow.org/api_docs/python/tf/keras/wrappers...

AFAIU, there are not Yellowbrick visualizers for PyTorch or TensorFlow; though PyTorch abd TensorFlow work with TensorBoard for visualizing CFG execution.

> Many machine learning libraries implement the scikit-learn `estimator API` to easily integrate alternative optimization or decision methods into a data science workflow. Because of this, it seems like it should be simple to drop in a non-scikit-learn estimator into a Yellowbrick visualizer, and in principle, it is. However, the reality is a bit more complicated.

> Yellowbrick visualizers often utilize more than just the method interface of estimators (e.g. `fit()` and `predict()`), relying on the learned attributes (object properties with a single underscore suffix, e.g. `coef_`). The issue is that when a third-party estimator does not expose these attributes, truly gnarly exceptions and tracebacks occur. Yellowbrick is meant to aid machine learning diagnostics reasoning, therefore instead of just allowing drop-in functionality that may cause confusion, we’ve created a wrapper functionality that is a bit kinder with it’s messaging.

Looks like there are Yellowbrick wrappers for XGBoost, CatBoost, CuML, and Spark MLib; but not for NNs yet. https://www.scikit-yb.org/en/latest/api/contrib/wrapper.html...

From the RAPIDS.ai CuML team: https://docs.rapids.ai/api/cuml/stable/ :

> cuML is a suite of fast, GPU-accelerated machine learning algorithms designed for data science and analytical tasks. Our API mirrors Sklearn’s, and we provide practitioners with the easy fit-predict-transform paradigm without ever having to program on a GPU.

> As data gets larger, algorithms running on a CPU becomes slow and cumbersome. RAPIDS provides users a streamlined approach where data is intially loaded in the GPU, and compute tasks can be performed on it directly.

CuML is not an NN library; but there are likely performance optimizations from CuDF and CuML that would accelerate performance of NNs as well.

Dask ML works with models with sklearn interfaces, XGBoost, LightGBM, PyTorch, and TensorFlow: https://ml.dask.org/ :

> Scikit-Learn API

> In all cases Dask-ML endeavors to provide a single unified interface around the familiar NumPy, Pandas, and Scikit-Learn APIs. Users familiar with Scikit-Learn should feel at home with Dask-ML.

dask-labextension for JupyterLab helps to visualize Dask ML CFGs which call predictors and classifiers with sklearn interfaces: https://github.com/dask/dask-labextension

[+]

Ctrl-F automl https://westurner.github.io/hnlog/

> /? hierarchical automl "sklearn" site:github.com : https://www.google.com/search?q=hierarchical+automl+%22sklea...

https://westurner.github.io/hnlog/#comment-18798244

> Dask-ML works with {scikit-learn, xgboost, tensorflow, TPOT,}. ETL is your responsibility. Loading things into parquet format affords a lot of flexibility in terms of (non-SQL) datastores or just efficiently packed files on disk that need to be paged into/over in RAM. (Edit)

scale-scikit-learn https://examples.dask.org/machine-learning/scale-scikit-lear... -> dask.distributed parallel predication: https://examples.dask.org/machine-learning/parallel-predicti...

"Hyperparameter optimization with Dask" https://examples.dask.org/machine-learning/hyperparam-opt.ht...

> Sklearn.pipeline.Pipeline API: {fit(), transform(), predict(), score(),} https://scikit-learn.org/stable/modules/generated/sklearn.pi... : ```

decision_function(X) # Apply transforms, and decision_function of the final estimator

fit(X[, y]) # Fit the model

fit_predict(X[, y]) # Applies fit_predict of last step in pipeline after transforms.

fit_transform(X[, y]) # Fit the model and transform with the final estimator

get_params([deep]) # Get parameters for this estimator.

predict(X, *predict_params) # Apply transforms to the data, and predict with the final estimator

predict_log_proba(X) # Apply transforms, and predict_log_proba of the final estimator

predict_proba(X) # Apply transforms, and predict_proba of the final estimator

score(X[, y, sample_weight]) # Apply transforms, and score with the final estimator

score_samples(X) # Apply transforms, and score_samples of the final estimator.

set_params(**kwargs) # Set the parameters of this estimator

```

> https://docs.featuretools.com can also minimize ad-hoc boilerplate ETL / feature engineering :

>> Featuretools is a framework to perform automated feature engineering. It excels at transforming temporal and relational datasets into feature matrices for machine learning

From https://featuretools.alteryx.com/en/stable/guides/using_dask... :

> Creating a feature matrix from a very large dataset can be problematic if the underlying pandas dataframes that make up the entities cannot easily fit in memory. To help get around this issue, Featuretools supports creating Entity and EntitySet objects from Dask dataframes. A Dask EntitySet can then be passed to featuretools.dfs or featuretools.calculate_feature_matrix to create a feature matrix, which will be returned as a Dask dataframe. In addition to working on larger than memory datasets, this approach also allows users to take advantage of the parallel and distributed processing capabilities offered by Dask

[-]

Signed Exchanges on Google Search

From https://blog.cloudflare.com/automatic-signed-exchanges/ :

> The broader implication of SXGs is that they make content portable: content delivered via an SXG can be easily distributed by third parties while maintaining full assurance and attribution of its origin. Historically, the only way for a site to use a third party to distribute its content while maintaining attribution has been for the site to share its SSL certificates with the distributor. This has security drawbacks. Moreover, it is a far stretch from making content truly portable.

> In the long-term, truly portable content can be used to achieve use cases like fully offline experiences. In the immediate term, the primary use case of SXGs is the delivery of faster user experiences by providing content in an easily cacheable format. Specifically, Google Search will cache and sometimes prefetch SXGs. For sites that receive a large portion of their traffic from Google Search, SXGs can be an important tool for delivering faster page loads to users.

> It’s also possible that all sites could eventually support this standard. Every time a site is loaded, all the linked articles could be pre-loaded. Web speeds across the board would be dramatically increased.

"Signed HTTP Exchanges" draft-yasskin-http-origin-signed-responses https://wicg.github.io/webpackage/draft-yasskin-http-origin-...

"Bundled HTTP Exchanges" draft-yasskin-wpack-bundled-exchanges https://wicg.github.io/webpackage/draft-yasskin-wpack-bundle... :

> Web bundles provide a way to bundle up groups of HTTP responses, with the request URLs and content negotiation that produced them, to transmit or store together. They can include multiple top-level resources with one identified as the default by a primaryUrl metadata, provide random access to their component exchanges, and efficiently store 8-bit resources.

From https://web.dev/web-bundles/ :

> Introducing the Web Bundles API. A Web Bundle is a file format for encapsulating one or more HTTP resources in a single file. It can include one or more HTML files, JavaScript files, images, or stylesheets.

> Web Bundles, more formally known as Bundled HTTP Exchanges, are part of the Web Packaging proposal.

> HTTP resources in a Web Bundle are indexed by request URLs, and can optionally come with signatures that vouch for the resources. Signatures allow browsers to understand and verify where each resource came from, and treats each as coming from its true origin. This is similar to how Signed HTTP Exchanges, a feature for signing a single HTTP resource, are handled.

[-]

AlphaGo documentary (2020) [video]

rdli | 2021-09-11 17:43:17 | 248 | # | ^
[+]
[+]

AlphaFold 2 solved the CASP protein folding problem that AFAIU e.g. Folding@home et. al have been churning at for awhile FWIU. From November 2020: https://deepmind.com/blog/article/alphafold-a-solution-to-a-...

https://en.wikipedia.org/wiki/AlphaFold#SARS-CoV-2 :

> AlphaFold has been used to a predict structures of proteins of SARS-CoV-2, the causative agent of COVID-19 [...] The team acknowledged that though these protein structures might not be the subject of ongoing therapeutical research efforts, they will add to the community's understanding of the SARS-CoV-2 virus.[74] Specifically, AlphaFold 2's prediction of the structure of the ORF3a protein was very similar to the structure determined by researchers at University of California, Berkeley using cryo-electron microscopy. This specific protein is believed to assist the virus in breaking out of the host cell once it replicates. This protein is also believed to play a role in triggering the inflammatory response to the infection (... Berkeley ALS and SLAC beamlines ... S309 & Sotrovimab: https://scitechdaily.com/inescapable-covid-19-antibody-disco... )

Is there yet an open implementation of AlphaFold 2? edit: https://github.com/search?q=alphafold ... https://github.com/deepmind/alphafold

How do I reframe this problem in terms of fundamental algorithmic complexity classes (and thus the Quantum Algorithm Zoo thing that might optimize the currently fundamentally algorithmically computationally hard part of the hot loop that is the cost driver in this implementation)?

To cite in full from the MuZero blog post from December 2020: https://deepmind.com/blog/article/muzero-mastering-go-chess-... :

> Researchers have tried to tackle this major challenge in AI by using two main approaches: lookahead search or model-based planning.

> Systems that use lookahead search, such as AlphaZero, have achieved remarkable success in classic games such as checkers, chess and poker, but rely on being given knowledge of their environment’s dynamics, such as the rules of the game or an accurate simulator. This makes it difficult to apply them to messy real world problems, which are typically complex and hard to distill into simple rules.

> Model-based systems aim to address this issue by learning an accurate model of an environment’s dynamics, and then using it to plan. However, the complexity of modelling every aspect of an environment has meant these algorithms are unable to compete in visually rich domains, such as Atari. Until now, the best results on Atari are from model-free systems, such as DQN, R2D2 and Agent57. As the name suggests, model-free algorithms do not use a learned model and instead estimate what is the best action to take next.

> MuZero uses a different approach to overcome the limitations of previous approaches. Instead of trying to model the entire environment, MuZero just models aspects that are important to the agent’s decision-making process. After all, knowing an umbrella will keep you dry is more useful to know than modelling the pattern of raindrops in the air.

> Specifically, MuZero models three elements of the environment that are critical to planning:

> * The value: how good is the current position?

> * The policy: which action is the best to take?

> * The reward: how good was the last action?

> These are all learned using a deep neural network and are all that is needed for MuZero to understand what happens when it takes a certain action and to plan accordingly.

> Illustration of how Monte Carlo Tree Search can be used to plan with the MuZero neural networks. Starting at the current position in the game (schematic Go board at the top of the animation), MuZero uses the representation function (h) to map from the observation to an embedding used by the neural network (s0). Using the dynamics function (g) and the prediction function (f), MuZero can then consider possible future sequences of actions (a), and choose the best action.

> MuZero uses the experience it collects when interacting with the environment to train its neural network. This experience includes both observations and rewards from the environment, as well as the results of searches performed when deciding on the best action.

> During training, the model is unrolled alongside the collected experience, at each step predicting the previously saved information: the value function v predicts the sum of observed rewards (u), the policy estimate (p) predicts the previous search outcome (π), the reward estimate r predicts the last observed reward (u). This approach comes with another major benefit: MuZero can repeatedly use its learned model to improve its planning, rather than collecting new data from the environment. For example, in tests on the Atari suite, this variant - known as MuZero Reanalyze - used the learned model 90% of the time to re-plan what should have been done in past episodes.

FWIU, from what's going on over there:

AlphaGo => AlphaGo {Fan, Lee, Master, Zero} => AlphaGoZero => AlphaZero => MuZero

AlphaGo: https://en.wikipedia.org/wiki/AlphaGo_Zero

AlphaZero: https://en.wikipedia.org/wiki/AlphaZero

MuZero: https://en.wikipedia.org/wiki/MuZero

AlphaFold {1,2}: https://en.wikipedia.org/wiki/AlphaFold

IIRC, there is not an official implementation of e.g. AlphaZero or MuZero with e.g. openai/gym (and openai/retro) for comparing reinforcement learning algorithms? https://github.com/openai/gym

What are the benchmarks for Applied RL?

From https://news.ycombinator.com/item?id=28499001 :

> AFAIU, while there are DLTs that cost CPU, RAM, and Data storage between points in spacetime, none yet incentivize energy efficiency by varying costs depending upon whether the instructions execute on a FPGA, ASIC, CPU, GPU, TPU, or QPU? [...]

> To be 200% green - to put a 200% green footer with search-discoverable RDFa on your site - I think you need PPAs and all directly sourced clean energy.

> (Energy efficiency is very relevant to ML/AI/AGI, because while it may be the case that the dumb universal function approximator will eventually find a better solution, "just leave it on all night/month/K12+postdoc" in parallel is a very expensive proposition with no apparent oracle; and then to ethically filter solutions still costs at least one human)

[+]

Libraries.io indexes software dependencies; but no Dependent packages or Dependent repositories are yet listed for the pypi:alphafold package: https://libraries.io/pypi/alphafold

The GitHub network/dependents view currently lists one repo that depends upon deepmind/alphafold: https://github.com/deepmind/alphafold/network/dependents

(Linked citations for science: How to cite a schema:SoftwareApplication in a schema:ScholarlyArticle , How to cite a software dependency in a dependency specification parsed by e.g. Libraries.io and/or GitHub. e.g. FigShare and Zenodo offer DOIs for tags of git repos, that work with BinderHub and repo2docker and hopefully someday repo2jupyterlite. https://westurner.github.io/hnlog/#comment-24513808 )

/?gscholar alphafold: https://scholar.google.com/scholar?q=alphafold

On a Google Scholar search result page, you can click "Cited by [ ]" to check which documents contain textual and/or URL citations gscholar has parsed and identified as indicating a relation to a given ScholarlyArticle.

/?sscholar alphafold: https://www.semanticscholar.org/search?q=alphafold

On a Semantic Scholar search result page, you can click the "“" to check which documents contain textual and/or URL citations Semantic Scholar has parsed and identified as indicating a relation to a given ScholarlyArticle.

/?smeta alphafold: https://www.meta.org/search?q=t---alphafold

On a Meta.org search result page, you can click the article title and scroll down to "Citations" to check which documents contain textual and/or URL citations Meta has parsed and identified as indicating a relation to a given ScholarlyArticle.

Do any of these use structured data like https://schema.org/ScholarlyArticle ? (... https://westurner.github.io/hnlog/#comment-28495597 )

[-]

Interpretable Model-Based Hierarchical RL Using Inductive Logic Programming

[+]
[+]

AutoML is RL? The entire exercise of publishing and peer review is an exercise in cybernetics?

https://en.wikipedia.org/wiki/Probabilistic_logic_network :

> The basic goal of PLN is to provide reasonably accurate probabilistic inference in a way that is compatible with both term logic and predicate logic, and scales up to operate in real time on large dynamic knowledge bases.

> The goal underlying the theoretical development of PLN has been the creation of practical software systems carrying out complex, useful inferences based on uncertain knowledge and drawing uncertain conclusions. PLN has been designed to allow basic probabilistic inference to interact with other kinds of inference such as intensional inference, fuzzy inference, and higher-order inference using quantifiers, variables, and combinators, and be a more convenient approach than Bayesian networks (or other conventional approaches) for the purpose of interfacing basic probabilistic inference with these other sorts of inference. In addition, the inference rules are formulated in such a way as to avoid the paradoxes of Dempster–Shafer theory.

Has anybody already taught / reinforced an OpenCog [PLN, MOSES] AtomSpace hypergraph agent to do Linked Data prep and also convex optimization with AutoML and better than grid search so gradients?

Perhaps teaching users to bias analyses with e.g. Yellowbrick and the sklearn APIs would be a good curriculum traversal?

opening/baselines "Logging and vizualizing learning curves and other training metrics" https://github.com/openai/baselines#logging-and-vizualizing-...

https://en.wikipedia.org/wiki/AlphaZero

There's probably an awesome-automl by now? Again, the sklearn interfaces.

TIL that SymPy supports NumPy, PyTorch, and TensorFlow [Quantum; TFQ?]; and with a Computer Algebra System something for mutating the AST may not be necessary for symbolic expression trees without human-readable comments or symbol names? Lean mathlib: https://github.com/leanprover-community/mathlib , and then reasoning about concurrent / distributed systems (with side channels in actual physical component space) with e.g. TLA+.

There are new UUID formats that are timestamp-sortable; for when blockchain cryptographic hashes aren't enough entropy. "New UUID Formats – IETF Draft" https://news.ycombinator.com/item?id=28088213

... You can host online ML algos through SingularityNet, which also does PayPal now for the RL.

Our visual / auditory biological neural networks do appear to be hierarchical and relatively highly plastic as well.

If you're planning to mutate, crossover, and select expression trees, you'll need a survival function (~cost function) in order to reinforce; RL.

Blockchains cost immutable data storage with data integrity protections by the byte.

Smart contracts cost CPU usage with costed opcodes. eWASM (Ethereum WebAssembly) has costed opcodes for redundantly-executed smart contracts (that execute on n nodes of a shard) https://ewasm.readthedocs.io/en/mkdocs/determining_wasm_gas_...

AFAIU, while there are DLTs that cost CPU, RAM, and Data storage between points in spacetime, none yet incentivize energy efficiency by varying costs depending upon whether the instructions execute on a FPGA, ASIC, CPU, GPU, TPU, or QPU?

To be 200% green - to put a 200% green footer with search-discoverable RDFa on your site - I think you need PPAs and all directly sourced clean energy.

(Energy efficiency is very relevant to ML/AI/AGI, because while it may be the case that the dumb universal function approximator will eventually find a better solution, "just leave it on all night/month/K12+postdoc" in parallel is a very expensive proposition with no apparent oracle; and then to ethically filter solutions still costs at least one human)

> Perhaps teaching users to bias analyses with e.g. Yellowbrick and the sklearn APIs would be a good curriculum traversal?

Yellowbrick > Third Party Estimaters: (yellowbrick.contrib.wrapper: https://www.scikit-yb.org/en/latest/api/contrib/wrapper.html

From https://www.scikit-yb.org/en/latest/quickstart.html#using-ye... :

> The Yellowbrick API is specifically designed to play nicely with scikit-learn. The primary interface is therefore a Visualizer – an object that learns from data to produce a visualization. Visualizers are scikit-learn Estimator objects and have a similar interface along with methods for drawing. In order to use visualizers, you simply use the same workflow as with a scikit-learn model, import the visualizer, instantiate it, call the visualizer’s fit() method, then in order to render the visualization, call the visualizer’s show() method.

> For example, there are several visualizers that act as transformers, used to perform feature analysis prior to fitting a model. The following example visualizes a high-dimensional data set with parallel coordinates:

  from yellowbrick.features import ParallelCoordinates
  
  visualizer = ParallelCoordinates()
  visualizer.fit_transform(X, y)
  visualizer.show()
> As you can see, the workflow is very similar to using a scikit-learn transformer, and visualizers are intended to be integrated along with scikit-learn utilities. Arguments that change how the visualization is drawn can be passed into the visualizer upon instantiation, similarly to how hyperparameters are included with scikit-learn models.

IIRC, some automl tools - which test various combinations of, stacks of, ensembles of e.g. Estimators - do test hierarchical ensembles? Are those 'piecewise' and ultimately not the unified theory we were looking for here either (but often a good enough, fast enough, sufficient approximate solution with a sufficiently low error term)?

/? hierarchical automl "sklearn" site:github.com : https://www.google.com/search?q=hierarchical+automl+%22sklea...

[-]

Ship / Show / Ask: A modern branching strategy

[+]
[+]
[+]

> Where I currently work, we have "skip review" and "skip preflight" labels for this. The mergers have the power to merge anything anyway, the labels are only to make it an official request.

From the OP:

> Changes are categorized as either Ship (merge into mainline without review), Show (open a pull request for review, but merge into mainline immediately), or Ask (open a pull request for discussion before merging).

[+]

Checklists are often a good thing; and an opportunity to optimize processes with team feedback!

"Post-surgical deaths in Scotland drop by a third, attributed to a checklist" https://news.ycombinator.com/item?id=19684376 https://westurner.github.io/hnlog/#comment-19684376

[-]

Show HN: TweeView – A Tree Visualisation of Twitter Conversations

[+]
[+]

The 4D view looks a bit like Gource with the wawa aura and all.

Is there anything that finds cycles in the tweet graph (quote tweet "edges")? And unshortened link frequencies, maybe

[-]

Wireless Charging Power Side-Channel Attacks

[+]

> assume the mentality that all consumer devices connected to the internet should be treated as insecure by default.

"Zero trust security model" https://en.wikipedia.org/wiki/Zero_trust_security_model :

> The main concept behind zero trust is that devices should not be trusted by default, even if they are connected to a managed corporate network such as the corporate LAN and even if they were previously verified.

[+]

From https://planetfriendlyweb.org/mental-model :

> When you think about how a digital product or website creates an environmental impact, you can think of it creating it in three main ways - through the Packets of data it sends to users, the Platform the product runs on, and the Process used to make the product itself.

From https://sustainableux.com/talks/2018/how-to-build-a-planet-f... :

> SustainableUX: design vs. climate change. Online, Worldwide, Free. The online event for UX, front-end, and product people who want to make a positive impact—on climate-change, social equality, and inclusion

[-]

How We Proved the Eth2 Deposit Contract Is Free of Runtime Errors

[+]

From "Discover and Prevent Linux Kernel Zero-Day Exploit Using Formal Verification" https://news.ycombinator.com/item?id=27442273 :

> [Coq, VST, CompCert]

> Formal methods: https://en.wikipedia.org/wiki/Formal_methods

> Formal specification: https://en.wikipedia.org/wiki/Formal_specification

> Implementation of formal specification: https://en.wikipedia.org/wiki/Anti-pattern#Software_engineer...

> Formal verification: https://en.wikipedia.org/wiki/Formal_verification

> From "Why Don't People Use Formal Methods?" https://news.ycombinator.com/item?id=18965964 :

>> Which universities teach formal methods?

>> - q=formal+verification https://www.class-central.com/search?q=formal+verification

>> - q=formal+methods https://www.class-central.com/search?q=formal+methods

>> Is formal verification a required course or curriculum competency for any Computer Science or Software Engineering / Computer Engineering degree programs?

[+]
[-]

Physics-Based Deep Learning Book

[+]
[+]
[+]

"Physics-informed neural networks" https://en.wikipedia.org/wiki/Physics-informed_neural_networ...

But what about statistical thermodynamics and information theory? What about thin film?

What are some applications for PINNs and for {DL, RL,} in physics?

[-]

Ask HN: Books that teach you programming languages via systems projects?

Foe | 2021-09-10 03:38:41 | 204 | # | ^

Looking for a book/textbook that teaches you a programming language through systems (or vice versa). For example, a book that teaches modern C++ by showing you how to program a compiler; a book that teaches operating systems and the language of choice in the book is Rust; a book that teaches database internals through Golang; etc. Basically, looking for a fun project-based book that I can walk through and spend my free time working through.

Any recommendations?

From "Ask HN: What are some books where the reader learns by building projects?" https://news.ycombinator.com/item?id=26042447 :

> "Agile Web Development with Rails [6]" (2020) teaches TDD and agile in conjunction with a DRY, CoC, RAD web application framework: https://g.co/kgs/GNqnWV

And:

> "ugit – Learn Git Internals by Building Git in Python" https://www.leshenko.net/p/ugit/

[-]

How you can track your personal finances using Python

> We take the output of the previous step, pipe everything over to our .beancount file, and "balance" transactions.

> Recall that the flow of money in double-entry accounting is represented using transactions involving at least two accounts. When you download CSVs from your bank, each line in that CSV represents money that's either incoming or outgoing. That's only one leg of a transaction (credit or debit). It's up to us to provide the other leg.

> This act is called "balancing".

Balance (accounting) https://en.wikipedia.org/wiki/Balance_(accounting)

Are unique record IDs necessary for this [financial] application? FWICS, https://plaintextaccounting.org/ just throws away the (probably per-institution) transaction IDs; like a non-reflexive logic that eschews Law of identity? Just grep and wc?

> What does the ledger look like?

> I wrote earlier that one of the main things that Beancount provides is a language specification for defining financial transactions in a plain-text format.

> What does this format look like? Here's a quick example:

  option "title" "Alice"
  option "operating_currency" "EUR"

  ; Accounts
  2021-01-01 open Assets:MyBank:Checking
  2021-01-01 open Expenses:Rent

  2021-01-01 * "Landlord" "Thanks for the rent"
      Assets:MyBank:Checking     -1000.00 EUR
      Expenses:Rent               1000.00 EUR
What does the `*` do?

[+]
[+]
[+]

From https://news.ycombinator.com/item?id=28203393 :

> No, your personal data is not sold or rented or given away or bartered to parties that are not Plaid, your bank, or the connected app. We talk about all of this in our privacy policy, including ways that data could be used — for example, with data processors/service providers (like AWS which hosts our services) for the purposes of running Plaid’s services or for a user’s connected app to provide their services.

>> I saw that. Thank you for your patience and persistence in responding to so many pointed questions.

>> For any interested, here is a link to relevant section of the referenced privacy policy: https://plaid.com/legal/#consumers

>> I am also impressed by the Legal Changelog on the same page that clearly lays out a log of changes made to privacy & other published legal documents.

[+]

Are you making claims without evidence? Settling is not admission of guilt.

Banks should implement read-only OAuth APIs, so that users are not required to store their u/p/sqa answers.

From "Canada calls screen scraping ‘unsecure,’ sets Open Banking target for 2023" https://news.ycombinator.com/item?id=28229957 :

> AFAIU, there are still zero (0) consumer banking APIs with Read-Only e.g. OAuth APIs in the US as well?

Looks like there may be less than 3 so far.

> Banks could save themselves CPU, RAM, bandwidth, and liability by implementing read-only API tokens and methods that need only return JSON - instead of HTML or worse, monthly PDF tables for a fee - possibly similar to the Plaid API: https://plaid.com/docs/api/

> There is competition in consumer/retail banking, but still the only way to do e.g. budget and fraud analysis with third party apps is to give away all authentication factors: u/p/sqa; and TBH that's unacceptable.

> Traditional and distributed ledger service providers might also consider W3C ILP: Interledger Protocol (in starting their move to quantum-resistant ledgers by 2022 in order to have a 5 year refresh cycle before QC is a real risk by 2027, optimistically, for science) when reviewing the entropy of username+password_hash+security_question_answer strings in comparison to the entropy of cryptoasset account public key hash strings: https://interledger.org/developer-tools/get-started/overview...

[+]

How did their policies change before and after said settlement?

From https://my.plaid.com/help/360043065354-does-plaid-have-acces... :

> Does Plaid have access to my credentials?

> The type of connection Plaid has to your financial institution determines whether or not we have access to the login credentials for your financial account: your username and password.

> In many cases, when you link a financial institution to an app via Plaid, you provide your login credentials to us and we securely store them. We use those credentials to access and obtain information from your financial institution in order to provide that information, at your direction, to the apps and services you want to use. For more information on how we use your data, please refer to our End User Privacy Policy.

> In other cases, after you request that we link your financial institution to an app or service you want to use, you will be prompted to provide your login credentials directly to your financial institution––not to Plaid––and, upon successful authentication, your financial institution will then return your data to Plaid. In these cases, Plaid does not access or store your account credentials. Instead, your financial institution provides Plaid with a type of security identifier, which permits Plaid to securely reconnect to your financial institution at regularly scheduled intervals to keep your apps and services up-to-date.

> Regardless of which type of connection is made, we do not share your credentials with the apps or services you’ve linked to your financial institution via Plaid. You can read more about how Plaid handles data here.

What do you think this should say instead?

Do you think they use the same key to securely store all accounts, like ACH? Or no key, like the bank ledger that you're downloading a window of as CSV through hopefully a read-only SQL account, hopefully with data encrypted at rest and in motion.

When you download a CSV or a OFX to a local file, is the data then still encrypted at rest?

Again, US Banks can eliminate the need for {Plaid, Mint, } as the account data access middlemen by providing a read-only OAuth API. Because banks do not have a way to allow users to grant read-only access to their account ledgers, the only solution is to securely store the u/p/sqa. If you write a script to fetch your data and call it from cron, how can you decrypt the account credentials after an unattended reboot? When must a human enter key material to decrypt the stored u/p/sqa?

Here, we realize that banks should really have people that do infosec - that comprehend symmetric and assymetric cryptography - audits to point out these sorts of vulnerabilities and risks. And if they had kept current with the times, we would have a very different banking and finance information system architecture with fewer single points of failure.

[+]

Wow! Great work on an alternative.

[-]

CISA Lays Out Security Rules for Zero Trust Clouds

"Cloud Security Technical Reference Architecture (TRA)" (2021) https://cisa.gov/publication/cloud-security-technical-refere...

> The Cloud Security TRA provides agencies with guidance on the shared risk model for cloud service adoption (authored by FedRAMP), how to build a cloud environment (authored by USDS), and how to monitor such an environment through robust cloud security posture management (authored by CISA).

> Public Comment Period - NOW OPEN! CISA is releasing the Cloud Security TRA for public comment to collect critical feedback from agencies, industry, and academia to ensure the guidance fully addresses considerations for secure cloud migration. The public comment period begins Tuesday, September 7, 2021 and concludes on Friday, October 1, 2021. CISA is interested in gathering feedback focused on the following key questions: […]

"Zero Trust Maturity Model" (2021) https://cisa.gov/publication/zero-trust-maturity-model

> CISA’s Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture. The goal of the maturity model is to assist agencies in the development of their zero trust strategies and implementation plans and present ways in which various CISA services can support zero trust solutions across agencies.

> The maturity model, which include five pillars and three cross-cutting capabilities, is based on the foundations of zero trust. Within each pillar, the maturity model provides agencies with specific examples of a traditional, advanced, and optimal zero trust architecture.

> Public Comment Period – NOW OPEN! CISA drafted the Zero Trust Maturity Model in June to assist agencies in complying with the Executive Order. While the distribution was originally limited to agencies, CISA is excited to release the maturity model for public comment.

> CISA is releasing the Zero Trust Maturity Model for public comment beginning Tuesday, September 7, 2021 and concludes on Friday, October 1, 2021. CISA is interested in gathering feedback focused on the following key questions: […]

[-]

Show HN: Heroku Alternative for Python/Django apps

[+]
[+]

dokku-scheduler-kubernetes https://github.com/dokku/dokku-scheduler-kubernetes#function...

> The following functionality has been implemented: Deployment and Service annotations, Domain proxy support via the Nginx Ingress Controller, Environment variables, Letsencrypt SSL Certificate integration via CertManager, Pod Disruption Budgets, Resource limits and reservations (reservations == kubernetes requests), Zero-downtime deploys via Deployment healthchecks, Traffic to non-web containers (via a configurable list)

[-]

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

From OP:

> Between eighty and ninety percent (80%-90%) of a modern application is assembled from open source software components. An SBOM accounts for the software components contained in an application — open source, proprietary, or third-party — and details their provenance, license, and security attributes. SBOMs are used as a part of a foundational practice to track and trace components across software supply chains. SBOMs also help to proactively identify software issues and risks and establish a starting point for their remediation.

> SPDX results from ten years of collaboration from representatives across industries, including the leading Software Composition Analysis (SCA) vendors – making it the most robust, mature, and adopted SBOM standard.

https://en.wikipedia.org/wiki/Software_Package_Data_Exchange

[-]

Show HN: Arxiv.org on IPFS

[+]

"Help compare Comment and Annotation services: moderation, spam, notifications, configurability" executablebooks/meta#102 https://github.com/executablebooks/meta/discussions/102 :

> jupyter-comment supports a number of commenting services [...]. In helping users decide which commenting and annotation services to include on their pages and commit to maintaining, could we discuss criteria for assessment and current features of services?

> Possible features for comparison:

> * Content author can delete / hide

> * Content author can report / block

> * Comments / annotations are screened by spam-fighting service

> * Content / author can label as e.g. toxic

> * Content author receives notification of new comments

> * Content author can require approval before user-contributed content is publicly-visible

> * Content author may allow comments for a limited amount of time (probably more relevant to BlogPostings)

> * Content author may simultaneously denounce censorship in all it's forms while allowing previously-published works to languish

#ForScience

FWIW, archiving repo2docker-compatible git repos with a DOI attached to a git tag, is possible with JupyterLite:

> JupyterLite is a JupyterLab distribution that runs entirely in the browser built from the ground-up using JupyterLab components and extensions

With JupyterLite, you can build a static archive of a repo2docker-like environment so that the ScholarlyArticle notebook or computer modern latex css, its SoftwareRelease dependencies, and possibly also the Datasets can be run in a browser tab with WASM. HTML + JS + WASM

[-]

New Texas Abortion Law Likely to Unleash a Torrent of Lawsuits Against Education

[+]
[+]
[+]
[+]

IDK, what do we say here? We're going to start needing to be making some changes?

Roman society context on this one:

Vestal virgins: https://en.wikipedia.org/wiki/Vestal_Virgin

Baiae: https://en.wikipedia.org/wiki/Baiae

https://pbsinternational.org/programs/underwater-pompeii/ :

> Baiae: an ancient Roman city lost to the same volcanoes that entombed Pompeii. But unlike Pompeii, Baiae sits under water, in the Bay of Naples. Nearly 2,000 years ago, the city was an escape for Rome’s rich and powerful elite, a place where they were free of the social restrictions of Roman society. But then the city sank into the ocean, to be forgotten in the annals of history. Now, a team of archaeologists is mapping the underwater ruins and piecing together what life was like in this playground for the rich. What made Baiae such a special place? And what happened to it?

Woe! Woe unto the obviously promiscuous.

[-]

DARPA grant to work on sensing and stimulating the brain noninvasively [video]

[+]
[+]
[+]

What about with realtime NIRS with an (inverse?) scattering matrix? From https://www.openwater.cc/technology :

> Below are examples of the image quality we have achieved with our breakthrough scanning systems that use just red and near-infrared light and ultrasound pings.

https://en.wikipedia.org/wiki/Near-infrared_spectroscopy

Another question: is it possible to do ah molecular identification similar to idk quantum crystallography with photons of any wavelength, such as NIRS? Could that count things in samples?

https://twitter.com/westurner/status/1239012387367387138 :

> ... quantum crystallography: https://en.wikipedia.org/wiki/Quantum_crystallography There's probably some limit to infrared crystallography that anyone who knows anything about particles and lattices would know about ?

[+]
[+]

Which other strong and weak forces could [photonic,] sensors detect?

IIUC, they're shooting for realtime MRI resolution with NIRS; to be used during surgery to assist surgery in realtime.

edit: https://en.wikipedia.org/wiki/Neural_oscillation#Overview says brainwaves are 1-150 Hz? IIRC compassion is acheivable on a bass guitar.

[+]

> Table with resolution differences between different techniques:

Looks like MEG has the best temporal and spatial resolutions.

[+]

You mentioned "time-domain", and I recalled "time-polarization".

From https://twitter.com/westurner/status/1049860034899927040 :

https://web.archive.org/web/20171003175149/https://www.omnis...

"Mind Control and EM Wave Polarization Transductions" (1999)

> To engineer the mind and its operations directly, one must perform electrodynamic engineering in the time * domain, not in the 3-space EM energy density domain.*

Could be something there.

Topological Axion antiferromagnet https://phys.org/news/2021-07-layer-hall-effect-2d-topologic... :

> Researchers believe that when it is fully understood, TAI can be used to make semiconductors with potential applications in electronic devices, Ma said. The highly unusual properties of Axions will support a new electromagnetic response called the topological magneto-electric effect, paving the way for realizing ultra-sensitive, ultrafast, and dissipationless sensors, detectors and memory devices.

Optical topological antennas https://engineering.berkeley.edu/news/2021/02/light-unbound-... :

> The new work, reported in a paper published Feb. 25 in the journal Nature Physics, throws wide open the amount of information that can be multiplexed, or simultaneously transmitted, by a coherent light source. A common example of multiplexing is the transmission of multiple telephone calls over a single wire, but there had been fundamental limits to the number of coherent twisted light waves that could be directly multiplexed.

Rydberg sensor https://phys.org/news/2021-02-quantum-entire-radio-frequency... :

> Army researchers built the quantum sensor, which can sample the radio-frequency spectrum—from zero frequency up to 20 GHz—and detect AM and FM radio, Bluetooth, Wi-Fi and other communication signals.

> The Rydberg sensor uses laser beams to create highly-excited Rydberg atoms directly above a microwave circuit, to boost and hone in on the portion of the spectrum being measured. The Rydberg atoms are sensitive to the circuit's voltage, enabling the device to be used as a sensitive probe for the wide range of signals in the RF spectrum.

> "All previous demonstrations of Rydberg atomic sensors have only been able to sense small and specific regions of the RF spectrum, but our sensor now operates continuously over a wide frequency range for the first time,"

Sometimes people make posters or presentations for new tech, in medicine.

The xMed Exponential Medicine conference / program is in November this year: https://twitter.com/ExponentialMed

Space medicine also presents unique constraints that more rigorously select from possible solutions: https://en.wikipedia.org/wiki/Space_medicine

There is no progress in medicine without volunteers for clinical research trials. https://en.wikipedia.org/wiki/Phases_of_clinical_research

https://clinicaltrials.gov/

[-]

New Ways to Be Told That Your Python Code Is Bad

[+]

As I recall, object? and object?? are and work in IPython because the Python mailing list said that the ternary operator was not reserved. (IIRC there was yet no formal grammar or collections.abc or maybe even datetime or json yet at the time).

Ternary expressions on one line require branch coverage to be enabled in your e.g. pytest; otherwise it'll look like the whole line is covered by tests when each branch on said line hasn't actually been tested.

  .get() -> Union[None, T]

[-]

Web-based editor

[+]
[+]
[+]

The ml-workspace docker image includes Git, Jupyter, VS Code, SSH, and "many popular data science libraries & tools" https://github.com/ml-tooling/ml-workspace

  docker run -p 8080:8080 -v "${PWD}:/workspace" mltooling/ml-workspace 
Cocalc-docker also includes Git, Jupyter, SSH, a collaborative LaTeX editor, a time slider, but no code-server or VScode out of the box: https://github.com/sagemathinc/cocalc-docker

  docker run --name=cocalc -d -v ~/cocalc:/projects -p 443:443 sagemathinc/cocalc

[-]

GitHub Copilot Generated Insecure Code in 40% of Circumstances During Experiment

[+]

> For comparison, what percentage of human-generated code is secure?

Yeah how did they measure? Did static and dynamic analysis find design bugs too?

Maybe - as part of a Copilot-assisted DevSecOps workflow involving static and dynamic analysis run by GitHub Actions CI - create Issues with CWE "Common Weakness Enumeration" URLs from e.g. the CWE Top 25 in order to train the team, and Pull Requests to fix each issue?: https://cwe.mitre.org/top25/

Which bots send PRs?

[-]

AAS Journals Will Switch to Open Access

[+]

> JOSS (Journal of Open Source Software) has managed to get articles indexed by Google Scholar [rescience_gscholar]. They publish their costs [joss_costs]: $275 Crossref membership, DOIs: $1/paper:

>> Assuming a publication rate of 200 papers per year this works out at ~$4.75 per paper

> [joss_costs]: https://joss.theoj.org/about#costs

^^ from https://news.ycombinator.com/item?id=24517711 & this log of my non- markdown non- W3C Web Annotation threaded comments with URIs: https://westurner.github.io/hnlog/#comment-24517711

[+]
[+]

[Scholarly] Code review tools; criteria and implementations?

Does JOSS specify e.g. ReviewBoard, GitHub Pull Request reviews, or Gerrit for code reviews?

[+]

Thanks for the citations. Looks like Wikipedia has "software review" and "software peer review":

https://en.wikipedia.org/wiki/Software_review

https://en.wikipedia.org/wiki/Software_peer_review

I'd add "Antipatterns" > "Software" https://en.wikipedia.org/wiki/Anti-pattern#Software_design

and "Code smells" > "Common code smells" https://en.wikipedia.org/wiki/Code_smell#Common_code_smells

and "Design smells" for advanced reviewers: https://en.wikipedia.org/wiki/Design_smell

and the CWE "Common Weakness Enumeration" numbers and thus URLs for Issues from the CWE Top 25 and beyond: https://cwe.mitre.org/top25/

FWIW, many or most scientists are not even trying to be software engineers: they just write slow code without reusing already-tested components and expect someone else to review Pull Requests after their PDF is considered impactful. They know enough coding to push the bar for their domain a bit higher each time.

Are there points for at least in-writing planing for the complete lifecycle and governance of an ongoing thesis defense of open source software for science; after we publish, what becomes of this code?

From https://joss.theoj.org/about#costs :

> Income: JOSS has an experimental collaboration with AAS publishing where authors submitting to one of the AAS journals can also publish a companion software paper in JOSS, thereby receiving a review of their software. For this service, JOSS receives a small donation from AAS publishing. In 2019, JOSS received $200 as a result of this collaboration.

[+]

Moderation costs money, too.

Additional ScholarlaryArticle "Journal" costs: moderation, BinderHub / JupyterLite white label SaaS?, hosting data and archived reproducible container images on IPFS and academictorrents and Git LFS, hosting {SQL, SPARQL, GraphQL,} queries and/or a SOLID HTTPS REST API and/or RSS feeds with dynamic content but static feed item URIs and/or ActivityStreams and/or https://schema.org/Action & InteractAction & https://schema.org/ReviewAction & ClaimReview fact check reviews, W3C Web Notifications, CRM + emailing list, keeping a legit cohort of impactful peer reviewers,

#LinkedData for #LinkedResearch: Dokieli, parsing https://schema.org/ScholarlyArticle citation styles,

> keeping a legit cohort of impactful peer reviewers, [who are time-constrained and unpaid, as well]

"Ask HN: How are online communities established?" https://news.ycombinator.com/item?id=24443965 re: building community, MCOS Marginal Cost of Service, CLV Customer Lifetime Value, etc

[-]

White House Launches US Digital Corps

[+]

> I've worked with state government as a volunteer advisor. They're still developing everything with waterfall. Only contracting out to big firms, even if it's a small project. Lawmakers and aides sit in a room and write down what is to be done.

The US Digital Services Playbook likely needs few modifications for use at state and local levels? https://github.com/usds/playbook#readme

"PLAY 1: Understand what people need" https://playbook.cio.gov/#play1

"PLAY 4: Build the service using agile and iterative practices" https://playbook.cio.gov/#play4

Do [lawmakers and aides] make good "Product Owners", stakeholders, [incentivized, gamified] app feedback capability utilizers? GitLab has Service Desk: you can email into the service desk email without having an account as necessary to create and follow up on [software] issues in GitHub/BitBucket/GitLab/Gitea project management sytems.

> That's changing at the federal level. They know they've got a problem. Why shouldn't federal software be as easy to use as the best web software? If you've ever tried to use it you will quickly learn that isn't the case.

"PLAY 3: Make it simple and intuitive" https://playbook.cio.gov/#play3

> Some sites will only work with IE and no other browser. Developers in two years can make a huge difference for making the government be more agile and operate better.

US Web Design Standards https://designsystem.digital.gov/

From https://github.com/uswds/uswds#browser-support :

>> We’ve designed the design system to support older and newer browsers through progressive enhancement. The current major version of the design system (2.0) follows the 2% rule: we officially support any browser above 2% usage as observed by analytics.usa.gov. Currently, this means that the design system version 2.0 supports the newest versions of Chrome, Firefox, Safari, and Internet Explorer 11 and up.

> I always suggest joining a local Code For America brigade. Work on a local project and see if it is for you. If you find yourself drawn to it then consider applying for a two year stint with the federal government. You can really make a difference!

From https://en.wikipedia.org/wiki/Code_for_America :

>> [...] described Code for America as "the technology world's equivalent of the Peace Corps or Teach for America". The article goes on to say, "They bring fresh blood to the solution process, deliver agile coding and software development skills, and frequently offer new perspectives on the latest technology—something that is often sorely lacking from municipal government IT programs. This is a win-win for cities that need help and for technologists that want to give back and contribute to lower government costs and the delivery of improved government service."

[-]

Launch HN: Litnerd (YC S21) – Teaching kids to read with the help of live actors

Hi HN, my name is Anisa and I am the founder of Litnerd (https://litnerd.com/), an online reading program designed to teach elementary school students in America how to read.

There are 37M elementary school students in America. Schools spend $20B on reading and supplemental education programs. Yet 42% of 4th grade students are reading at a 1st or 2nd grade proficiency level! The #1 reason students aren’t reading? They say it’s boring. We change that by bringing books to life. Think your favorite book turned into a tv-show style episode-by-episode reenactment, coupled with a complete curriculum and lesson plans.

1 in 8 Americans is functionally illiterate. Like any skill, reading is a habit. If you grew up in a household where you did not see your parents reading, you likely do not develop the habit. This correlates to the socio-economic divide. Two thirds of American students who lack reading skills by the end of fourth grade will rely on welfare as adults. To impact this, research suggests that we need to start at the earliest years.

I am passionate about the research in support of art and theatre as well as story-telling to improve childhood learning. Litnerd is the marriage of these interests. The inspiration comes from Sesame Street and Hamilton The Musical. In the late 60s, Joan Cooney decided to produce a children’s TV show that would influence children across America to learn to read—it became Sesame Street. Cooney researched her idea extensively, consulting with sociologists and scientists, and found that TV’s stickiness can be an important tool for education. Lin-Manuel Miranda took the story of Alexander Hamilton and brought it to life as a musical. Kids have learned more about Hamilton’s history thanks to Hamilton the Musical than any of their textbooks. In fact, this was the case so much that a program called EduHam is used to teach history in middle schools across the nation. When I heard that, the lightbulb went off and I decided to go all in on starting Litnerd.

We hire art and theatre professionals to recreate scenes directly from books in episode style format to bring the book to life, in a similar fashion to watching your favorite TV shows. We literally lead 'read out loud' in the classroom while the teacher/actor is acting out the main character in the book. We have a weekly designated Litnerd period in the schools/classes we serve and we live-stream in our teachers/actors for an interactive session (the students participate and read live with the actor as well as complete written lesson plans, phonetic exercises etc). We are currently serving 14,000 students in this manner.

The format of our program is such that if you don't complete the assigned reading and worksheets, you will feel like you are missing out on what is happening in later episodes. In this way, reading is layered in as a fundamental core to the program. Our program is part of scheduled classroom time.

A big part of our business involves curating content and materials that capture the interest and coolness-factor for elementary school students. We’ve found that students love choose-your-own-adventure style stories, especially ones involving mythical creatures—something about being able to have autonomy on the outcomes. So far, it seems to be working. We've even received fan mail from students! But we are obsessed with staying cool/relevant in our content.

Teachers like our product because it eases the burden placed on them. US teachers typically spend 4 to 10 hours a week (unpaid) planning their curriculum and $400-800 of their own money for classroom supplies. That's outrageous! When designing Litnerd, we wanted to ensure our product was not adding more work to their plate. Our programs are led by our own Resident Teaching Artists, who are live streamed into the classroom and remain in character to the episode as they teach the Litnerd curriculum built on top of the books. Our programs come with lesson plans, activity packets, curriculum correlations, educator resources, and complete ebooks.

Traditional K-12 education has extremely long sale cycles and is hard to break into. It can take years to become a contracted vendor, especially with large districts like NYC Department of Education. Because of my experience with my first YC backed startup that sold to government and nonprofits, coupled with my experience working at a large edtech company that built content for Higher Ed, I understand this sector and how to navigate the budget line item process.

Since launching in January, we have become contracted vendors with the New York City Department of Education (the largest education district in America). As a result, we’ve been growing at 60% MoM, are currently used by over 14k students in their classrooms and hit $110K in ARR. Our program is part of scheduled classroom time for elementary schools—not homework, and not extracurricular. Here’s a walkthrough video from a teacher’s perspective: https://www.loom.com/share/9ffc59f0d7ed4a66964003703bba7b94.

I am so grateful for the opportunity to share our story and mission with you. If you loved or struggled with reading as a kid, what factors do you think contributed? Also, if you have experience teachIng Elementary School or if you are a parent, I would love to hear your thoughts and ideas on how you foster reading amongst your students/children! I am excited to hear your feedback and ideas to help us inspire the next generation of readers.

[+]
[+]

TIL a new acronym word symbol lexeme: SEL: Social and Emotional Learning

> Social Emotional Learning (SEL) is an education practice that integrates social emotional skills into school curriculum. SEL is otherwise referred to as "socio-emotional learning" or "social-emotional literacy." When in practice, social emotional learning has equal emphasis on social and emotional skills to other subjects such as math, science, and reading.[1] The five main components of social emotional learning are self-awareness, self management, social awareness, responsible decision making, and relationship skills.

https://en.wikipedia.org/wiki/Social_and_Emotional_Learning

For good measure, Common Core English Language Arts standards: https://en.wikipedia.org/wiki/Common_Core_State_Standards_In...

Khan Academy has 2nd-9th Grade ELA exercises: English & Language Arts: https://www.khanacademy.org/ela

Unfortunately AFAIU there's not a good way to explore the Khan Academy Kids curriculum graph; which definitely does include reading: https://learn.khanacademy.org/khan-academy-kids/

> The app engages kids in core subjects like early literacy, reading, writing, language, and math, while encouraging creativity and building social-emotional skills

In terms of Phonemic awareness and Phonological awareness, is there a good a survey of US and World reading programs and their evidence-based basis, if any??

From https://en.wikipedia.org/wiki/Phonemic_awareness :

> Phonemic awareness is a subset of phonological awareness in which listeners are able to hear, identify and manipulate phonemes, the smallest mental units of sound that help to differentiate units of meaning (morphemes). Separating the spoken word "cat" into three distinct phonemes, /k/, /æ/, and /t/, requires phonemic awareness. The National Reading Panel has found that phonemic awareness improves children's word reading and reading comprehension and helps children learn to spell.[1] Phonemic awareness is the basis for learning phonics.[2]

> Phonemic awareness and phonological awareness are often confused since they are interdependent. Phonemic awareness is the ability to hear and manipulate individual phonemes. *Phonological awareness includes this ability, but it also includes the ability to hear and manipulate larger units of sound, such as onsets and rimes and syllables.*

What are some of the more evidence-based (?) (early literacy,) reading curricula? OTOH: LETRS, Heggerty, PAL: https://www.google.com/search?q=site%3Aen.wikipedia.org+%22l...

Looks like Cambium acquired e.g. Kurzweil Education in 2005?

More context:

Reading readiness in the United States: https://en.wikipedia.org/wiki/Reading_readiness_in_the_Unite...

Emergent literacies: https://en.wikipedia.org/wiki/Emergent_literacies

An interactive IPA chart with videos and readings linked with RDF (e.g. ~WordNet RDF) would be great. From "Duolingo's language notes all on one page" https://westurner.github.io/hnlog/#comment-26430146 :

> An IPA (International Phonetic Alphabet) reference would be helpful, too. After taking linguistics in college, I found these Sozo videos of US english IPA consonants and vowels that simultaneously show {the ipa symbol, example words, someone visually and auditorily producing the phoneme from 2 angles, and the spectrogram of the waveform} but a few or a configurable number of [spaced] repetitions would be helpful: https://youtu.be/Sw36F_UcIn8

> IDK how cartoonish or 3d of an "articulatory phonetic" model would reach the widest audience. https://en.wikipedia.org/wiki/Articulatory_phonetics

> IPA chart: https://en.wikipedia.org/wiki/International_Phonetic_Alphabe...

> IPA chart with audio: https://en.wikipedia.org/wiki/IPA_vowel_chart_with_audio

> All of the IPA consonant chart played as a video: "International Phonetic Alphabet Consonant sounds (Pulmonic)- From Wikipedia.org" https://youtu.be/yFAITaBr6Tw

> I'll have to find the link of the site where they playback youtube videos with multiple languages' subtitles highlighted side-by-side along with the video.

>> [...] Found it: https://www.captionpop.com/

>> It looks like there are a few browser extensions for displaying multiple subtitles as well; e.g. "YouTube Dual Subtitles", "Two Captions for YouTube and Netflix"

Phonics programs really could reference IPA from the start: there are different sounds for the same letters; IPA is the most standard way to indicate how to pronounce words: it's in the old school dictionary, and now it's in the Google "define:" or just "define word" dictionary.

UN Sustainable Development Goal 4: Quality Education: https://www.globalgoals.org/4-quality-education

> Target 4.6: Universal Literacy and Numeracy

> By 2030, ensure that all youth and a substantial proportion of adults, both men and women, achieve literacy and numeracy.

https://sdgs.un.org/goals/goal4 :

> Indicator 4.6.1: Percentage of population in a given age group achieving at least a fixed level of proficiency in functional (a) literacy and (b) numeracy skills, by sex

... Goals, Targets, and Indicators.

Which traversals of a curriculum graph are optimal or sufficient?

You can add https://schema.org/about and https://schema.org/educationalAlignment Linked Data to your [#OER] curriculum resources to increase discoverability, reusability.

Arne-Thompson-Uther Index code URN URIs could be helpful: https://en.wikipedia.org/wiki/Aarne%E2%80%93Thompson%E2%80%9...

> The Aarne–Thompson–Uther Index (ATU Index) is a catalogue of folktale types used in folklore studies.

Are there competencies linked to maybe a nested outline that we typically traverse in depth-first order? https://github.com/todotxt/todo.txt : Todo.txt format has +succinct @context labels. Some way to record and score our own paths objectively would be great.

There exist books about raising a read-aloud family; promoting a culture of randomly reading aloud. To whoever, for example.

Writing letters, too.

> What are some of the more evidence-based (?) (early literacy,) reading curricula? OTOH: LETRS, Heggerty, PAL

Looks like there are only 21 search results for: "LETRS" "Fundation" "Heggerty": https://www.google.com/search?q="LETRS"+"fundation"+"heggert...

What is the name for this category of curricula?

Perhaps the US Department of Education or similar could compare early reading programs in a wiki[pedia] page, according to criteria to include measures of evidence-basedness? Just like https://collegescorecard.ed.gov/data/ has "aggregate data for each institution [&] Includes information on institutional characteristics, enrollment, student aid, costs, and student outcomes."

From YouTube, it looks like there are cool hand motions for Heggerty.

[-]

An Opinionated Guide to Xargs

Wanting verbose logging from xargs, years ago I wrote a script called `el` (edit lines) that basically does `xargs -0` with logging. https://github.com/westurner/dotfiles/blob/develop/scripts/e...

It turns out that e.g. -print0 and -0 are the only safe way: line endings aren't escaped:

    find . -type f -print0 | el -0 --each -x echo
GNU Parallel is a much better tool: https://en.wikipedia.org/wiki/GNU_parallel

[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[-]

Enhanced Support for Citations on GitHub

> CITATION.cff files are plain text files with human- and machine-readable citation information. When we detect a CITATION.cff file in a repository, we use this information to create convenient APA or BibTeX style citation links that can be referenced by others.

https://schema.org/ScholarlyArticle RDFa and JSON-LD can be parsed with a standard Linked Data parser. Looks like YAML-LD requires quoting e.g. "@context": and "@id":

From https://docs.github.com/en/github/creating-cloning-and-archi... ; in your repo's /CITATION.cff:

  cff-version: 1.2.0
  message: "If you use this software, please cite it as below."
  authors:
  - family-names: "Lisa"
    given-names: "Mona"
    orcid: "https://orcid.org/0000-0000-0000-0000"
  - family-names: "Bot"
    given-names: "Hew"
    orcid: "https://orcid.org/0000-0000-0000-0000"
  title: "My Research Software"
  version: 2.0.4
  doi: 10.5281/zenodo.1234
  date-released: 2017-12-18
  url: "https://github.com/github/linguist"
https://citation-file-format.github.io/

[-]

Canada calls screen scraping ‘unsecure,’ sets Open Banking target for 2023

[+]
[+]
[+]
[+]
[+]
[+]

AFAIU, there are still zero (0) consumer banking APIs with Read-Only e.g. OAuth APIs in the US as well?

Banks could save themselves CPU, RAM, bandwidth, and liability by implementing read-only API tokens and methods that need only return JSON - instead of HTML or worse, monthly PDF tables for a fee - possibly similar to the Plaid API: https://plaid.com/docs/api/

There is competition in consumer/retail banking, but still the only way to do e.g. budget and fraud analysis with third party apps is to give away all authentication factors: u/p/sqa; and TBH that's unacceptable.

Traditional and distributed ledger service providers might also consider W3C ILP: Interledger Protocol (in starting their move to quantum-resistant ledgers by 2022 in order to have a 5 year refresh cycle before QC is a real risk by 2027, optimistically, for science) when reviewing the entropy of username+password_hash+security_question_answer strings in comparison to the entropy of cryptoasset account public key hash strings: https://interledger.org/developer-tools/get-started/overview...

> Sender – Initiates a value transfer.

> Router (Connector) – Applies currency exchange and forwards packets of value. This is an intermediary node between the sender and the receiver. {MSB: KYC, AML, 10k reporting requirement, etc}

> Receiver – Receives the value

Multifactor authentication: Something you have, something you know, something you are

Multisig: n-of-m keys required to approve a transaction

Edit: from "Fed announces details of new interbank service to support instant payments" https://news.ycombinator.com/item?id=24109576 :

> For purposes of Interledger, we call all settlement systems ledgers. These can include banks, blockchains, peer-to-peer payment schemes, automated clearing house (ACH), mobile money institutions, central-bank operated real-time gross settlement (RTGS) systems, and even more. […]

> You can envision the Interledger as a graph where the points are individual nodes and the edges are accounts between two parties. Parties with only one account can send or receive through the party on the other side of that account. Parties with two or more accounts are connectors, who can facilitate payments to or from anyone they're connected to.

> Connectors [AKA routers] provide a service of forwarding packets and relaying money, and they take on some risk when they do so. In exchange, connectors can charge fees and derive a profit from these services. In the open network of the Interledger, connectors are expected to compete among one another to offer the best balance of speed, reliability, coverage, and cost.

W3C ILP: Interledger Protocol > Peering, Clearing and Settling: https://interledger.org/rfcs/0032-peering-clearing-settlemen...

> Hopefully individuals will be able to use the Open Banking APIs to access their own data directly, but it looks like accreditation will be required, so probably not.

When you loan your money to a bank by depositing ledger dollars or cash - and they, since GLBA in 1999, invest it and offer less than a 1% checking interest rate - and they won't even give you the record of all of your transactions as CSV/OFX `SELECT * FROM transactions WHERE account_id=?`, you have to pay $20/mo per autogenerated PDF containing a table of transactions to scrape with e.g. PDFminer (because they don't keep all account history data online)?

Seemingly OT, but not. APIs for comparison here:

FinTS / HBCI: Home Banking Computer Information protocol https://en.wikipedia.org/wiki/FinTS

E.g. GNUcash (open source double-entry accounting software) supports HBCI (and QIF (Quicken format), and OFX (Open Financial Exchange)). https://www.gnucash.org/features.phtml

HBCI/FinTS has been around in Germany for quite awhile but nowhere else has comparable banking standards? I.e. Plaid may (unfortunately, due to lack of read-only tokens across the entire US consumer banking industry) be the most viable option for implementing HBCI-like support in GNUcash

OpenBanking API Specifications: https://standards.openbanking.org.uk/api-specifications/

Web3 (Ethereum,) APIs: https://web3py.readthedocs.io/en/stable/web3.main.html#rpc-a...

ISO20022 is "A single standardisation approach (methodology, process, repository) to be used by all financial standards initiatives" https://www.iso20022.org/

Brazil's PIX is one of the first real implementers of ISO20022. A note regarding such challenges: https://news.ycombinator.com/item?id=24104351

What data format does the FTC CAT Consolidated Audit Trail expect to receive mandatory financial reporting information in? Could ILP simplify banking and financial reporting at all?

FWIU, RippleNet (?) is the only network that supports attachments of e.g. line-item invoices (that we'd all like to see in the interest of transparency and accountability in government spending).

W3C ILP: Interledger Protocol. See links above.

Of the specs in this loose category, only cryptoledgers do not depend upon (DNS or) TLS/SSL - at the protocol layer, at least - and every CA in the kept-up-to-date trusted CA cert bundle (that could be built from a CT Certificate Transparency log of cert issuance and revocation events kept in a blockchain or e.g. centralized google/trillian, which they have the trusted sole root and backup responsibilities for).

Though, the DNS dependency has probably crept back into e.g. the bitcoind software by now (which used to bootstrap its list of peer nodes (~UNL) from an IRC IP address instead of a DNS domain).

FWIU, each trusted ACH (US 'Direct Deposit') party has a (one) GPG key that they use to sign transaction documents sent over now (S)FTP on scout's honor - on behalf of all of their customers' accounts.

[-]

Interactive Linear Algebra (2019)

[+]

https://github.com/topics/linear-algebra?l=jupyter+notebook lists "Computational Linear Algebra for Coders" https://github.com/fastai/numerical-linear-algebra

"site:GitHub.com inurl:awesome linear algebra jupyter" lists a few awesome lists with interactive linear algebra resources: https://www.google.com/search?q=site%3Agithub.com+inurl%3Aaw...

3blue1brown's "Essence of linear algebra" playlist has some excellent tutorials with intuition-building visualizations built with manim: https://youtube.com/playlist?list=PLZHQObOWTQDPD3MizzM2xVFit...

https://github.com/ManimCommunity/manim

[-]

Git password authentication is shutting down

[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]

`git pull --rebase` usually is what I need to do. To save local changes and rebase to the git remote's branch:

  # git branch -av;
  # git remote -v;
  # git reflog; git help reflog; man git-reflog
  # git show HEAD@{0}
  # git log -n5 --graph;
  git add -A; git status;
  git stash; git stash list;
  git pull --rebase;
  #git pull --rebase origin develop
  # git fetch origin develop
  # git rebase origin/develop
  git stash pop;
  git stash list;
  git status;
  # git commit
  # git rebase -i HEAD~5 # squash
  # git push
HubFlow does branch merging correctly because I never can. Even when it's just me and I don't remember how I was handling tags of releases on which branch, I just reach for HubFlow now and it's pretty much good.

There's a way to default to --rebase for pulls: is there a reason not to set that in a global gitconfig? Edit: From https://stackoverflow.com/questions/13846300/how-to-make-git... :

> There are now 3 different levels of configuration for default pull behaviour. From most general to most fine grained they are: […]

  git config --global pull.rebase true

[-]

A future for SQL on the web

[+]
[+]

TIL, about Graph "Protocol for building decentralized applications quickly on Ethereum" https://github.com/graphprotocol

https://thegraph.com/docs/indexing

> Indexers are node operators in The Graph Network that stake Graph Tokens (GRT) in order to provide indexing and query processing services. Indexers earn query fees and indexing rewards for their services. They also earn from a Rebate Pool that is shared with all network contributors proportional to their work, following the Cobbs-Douglas Rebate Function.

> GRT that is staked in the protocol is subject to a thawing period and can be slashed if Indexers are malicious and serve incorrect data to applications or if they index incorrectly. Indexers can also be delegated stake from Delegators, to contribute to the network.

> Indexers select subgraphs to index based on the subgraph’s curation signal, where Curators stake GRT in order to indicate which subgraphs are high-quality and should be prioritized. Consumers (eg. applications) can also set parameters for which Indexers process queries for their subgraphs and set preferences for query fee pricing.

It's Ethereum though, so it's LevelDB, not SQLite on IndexedDB on SQLite.

[-]

Show HN: Python Source Code Refactoring Toolkit via AST

[+]
[+]
[+]

Did you consider PyCQA/RedBaron (which is based upon PyCQA/baron, an AST implementation which preserves comments and whitespace)? https://redbaron.readthedocs.io/en/latest/

[+]

Rog. I think CodeQL (GitHub acquired Semmle and QL in 2019) supports those types of queries; probably atop lib2to3 as well. https://codeql.github.com/docs/writing-codeql-queries/introd...

From https://news.ycombinator.com/item?id=24511280 :

> Additional lists of static analysis, dynamic analysis, SAST, DAST, and other source code analysis tools […]

[-]

Emacs' org-mode gets citation support

FWIW, Jupyter-book handles Citations and bibliographies with sphinxcontrib-bibtex: https://jupyterbook.org/content/citations.html

Some notes about Zotero and Schema.org RDFa for publishing [CSL with citeproc] citations: references of Linked Data resources in a graph, with URIs all: https://wrdrd.github.io/docs/tools/index#zotero-and-schema-o...

Compared to trying to parse beautifully typeset bibliographies in PDFs built from LaTeX with a Computer Modern font, search engines can more easily index e.g. https://schema.org/ScholarlyArticle linked data as RDFa, Microdata, or JSON-LD.

Scholarly search engines: Google Scholar, Semantic Scholar, Meta.org,

[-]

NSA Kubernetes Hardening Guidance [pdf]

[+]
[+]
[+]
[+]
[+]
[+]

Looks like there's actually a "summary of the key recommendations from each section" on page 2.

> Works cited:

> [1] Center for Internet Security, "Kubernetes," 2021. [Online]. Available: https://cisecurity.org/resources/?type=benchmark&search=kube... .

> [2] DISA, "Kubernetes STIG," 2021. [Online]. Available: https://dl.dod.cyber.mil.wp- content/uploads/stigs/zip/U_Kubernetes_V1R1_STIG.zip. [Accessed 8 July 2021]

> [3] The Linux Foundation, "Kubernetes Documentation," 2021. [Online]. Available: https://kubernetes.io/docs/home/ . [Accessed 8 July 2021].

> [4] The Linux Foundation, "11 Ways (Not) to Get Hacked," 18 07 2018. [Online]. Available: https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hac... . [Accessed 8 July 2021].

> [5] MITRE, "Unsecured Credentials: Cloud Instance Metadata API." MITRE ATT&CK, 2021. [Online]. Available: https://attack.mitre.org/techniques/T1552/005/. [Accessed 8 July 2021].

> [6] CISA, "Analysis Report (AR21-013A): Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services." Cybersecurity and Infrastructure Security Agency, 14 January 2021. [Online]. Available:https://us- cert.cisa.gov/ncas/analysis-reports/ar21-013a [Accessed 8 July 2021].

How can k8s and zero-trust cooccur?

> CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services.

"Embracing a Zero Trust Security Model" (2021, as well) https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI...

In addition to "zero [trust]", I also looked for the term "SBOM". From p.32//39:

> As updates are deployed, administrators should also keep up with removing any old components that are no longer needed from the environment. Using a managed Kubernetes service can help to automate upgrades and patches for Kubernetes, operating systems, and networking protocols. *However, administrators must still patch and upgrade their containerized applications.*

"Existing artifact vuln scanners, databases, and specs?" https://github.com/google/osv/issues/55

[-]

Hosting SQLite Databases on GitHub Pages

[+]
[+]

> Methods for remotely accessing/paging data in from a client when a complete download of the dataset is unnecessary:

> - Query e.g. parquet on e.g. GitHub with DuckDB: duckdb/test_parquet_remote.test https://github.com/duckdb/duckdb/blob/6c7c9805fdf1604039ebed...

> - Query sqlite on e.g. GitHub with SQLite: [Hosting SQLite databases on Github Pages - (or any static file hoster) - phiresky's blog](...)

>> The above query should do 10-20 GET requests, fetching a total of 130 - 270KiB, depending on if you ran the above demos as well. Note that it only has to do 20 requests and not 270 (as would be expected when fetching 270 KiB with 1 KiB at a time). That’s because I implemented a pre-fetching system that tries to detect access patterns through three separate virtual read heads and exponentially increases the request size for sequential reads. This means that index scans or table scans reading more than a few KiB of data will only cause a number of requests that is logarithmic in the total byte length of the scan. You can see the effect of this by looking at the “Access pattern” column in the page read log above.

> - bittorrent/sqltorrent https://github.com/bittorrent/sqltorrent

>> Sqltorrent is a custom VFS for sqlite which allows applications to query an sqlite database contained within a torrent. Queries can be processed immediately after the database has been opened, even though the database file is still being downloaded. Pieces of the file which are required to complete a query are prioritized so that queries complete reasonably quickly even if only a small fraction of the whole database has been downloaded.

>> […] Creating torrents: Sqltorrent currently only supports torrents containing a single sqlite database file. For efficiency the piece size of the torrent should be kept fairly small, around 32KB. It is also recommended to set the page size equal to the piece size when creating the sqlite database

Would BitTorrent be faster over HTTP/3 (UDP) or is that already a thing for web seeding?

> - https://web.dev/file-system-access/

> The File System Access API: simplifying access to local files: The File System Access API allows web apps to read or save changes directly to files and folders on the user’s device

Hadn't seen wilsonzlin/edgesearch, thx:

> Serverless full-text search with Cloudflare Workers, WebAssembly, and Roaring Bitmaps https://github.com/wilsonzlin/edgesearch

>> How it works: Edgesearch builds a reverse index by mapping terms to a compressed bit set (using Roaring Bitmaps) of IDs of documents containing the term, and creates a custom worker script and data to upload to Cloudflare Workers

[+]

Thanks. There likely are relative advantages to HTTP/3 QUIC. Here's this from Wikipedia:

> Both HTTP/1.1 and HTTP/2 use TCP as their transport. HTTP/3 uses QUIC, a transport layer network protocol which uses user space congestion control over the User Datagram Protocol (UDP). The switch to QUIC aims to fix a major problem of HTTP/2 called "head-of-line blocking": because the parallel nature of HTTP/2's multiplexing is not visible to TCP's loss recovery mechanisms, a lost or reordered packet causes all active transactions to experience a stall regardless of whether that transaction was impacted by the lost packet. Because QUIC provides native multiplexing, lost packets only impact the streams where data has been lost.

And HTTP Pipelining / Multiplexing isn't specified by just UDP or QUIC:

> HTTP/1.1 specification requires servers to respond to pipelined requests correctly, sending back non-pipelined but valid responses even if server does not support HTTP pipelining. Despite this requirement, many legacy HTTP/1.1 servers do not support pipelining correctly, forcing most HTTP clients to not use HTTP pipelining in practice.

> Time diagram of non-pipelined vs. pipelined connection The technique was superseded by multiplexing via HTTP/2,[2] which is supported by most modern browsers.[3]

> In HTTP/3, the multiplexing is accomplished through the new underlying QUIC transport protocol, which replaces TCP. This further reduces loading time, as there is no head-of-line blocking anymore https://en.wikipedia.org/wiki/HTTP_pipelining

[-]

Ask HN: Any good resources on how to be a great technical advisor to startups?

Bumping up https://news.ycombinator.com/item?id=27600539

## Codelabels: Component: title

### ENH,UBY: HN: linkify URIs in descriptions

## User Stories

Users {__, __, } can ___ in order to ___.

Given-When-Then

~ Who-What-Wow

~ {Marketing, Training, Support, Service} Curriculum Competencies

### Users can click on links in descriptions in order to review referenced off-site resources.

Costs/Benefits: Linkspam?

The URL from this {item,} description: https://news.ycombinator.com/item?id=27600539

[-]

Teaching other teachers how to teach CS better

https://code.org/teach

git and HTML and Linked Data should be requisite: https://learngitbranching.js.org/

Pedagogy#Modern_pedagogy: https://en.wikipedia.org/wiki/Pedagogy#Modern_pedagogy

Evidence-based_education: https://en.wikipedia.org/wiki/Evidence-based_education

Computational_thinking#Characteristics: https://en.wikipedia.org/wiki/Computational_thinking#Charact... (Abstraction, Automation, Analysis)

Learning: https://en.wikipedia.org/wiki/Learning

Autodidacticism: https://en.wikipedia.org/wiki/Autodidacticism

Design of Experiments; Hypotheses, troubleshooting, debugging, automated testing, Formal Methods, actual Root Cause Analysis: https://en.wikipedia.org/wiki/Design_of_experiments

Critical Thinking; definitions, Logic and Rationality, Logical Reasoning: Deduction, Abduction and Induction: https://en.wikipedia.org/wiki/Critical_thinking#Logic_and_ra...

Doesn't this all derive from [Quantum] Information Theory? It's actually fascinating to start at Information Theory; who knows what that curriculum would look like without reinforcement and [3D] videos: https://en.wikipedia.org/wiki/Information_theory

Stone, James V. "Information theory: a tutorial introduction." (2015). https://scholar.google.com/scholar?q=%22Information+Theory:+...

It used to be that we had to start engines with a turn of a crank: that initial energy to overcome inertia was enough for the system to feed-forward without additional reinforcement. Effective CS instruction may motivate the unmotivated to care about learning the way folks who are receiving reinforcement do: intrinsically.

[-]

Ask HN: Best online speech / public speaking course?

Hi HN - Has anyone taken an online course to help them with public speaking, speech and voice skills that they’d highly recommend? Thanks!

"TED Talks: The Official TED Guide to Public Speaking" https://smile.amazon.com/TED-Talks-Official-Public-Speaking-...

TED Masterclass: https://masterclass.ted.com/

"Power Talk: Using Language to Build Authority and Influence" https://smile.amazon.com/Power-Talk-Language-Authority-Influ...

Re: Clean Language and Symbolic Modeling; listening to metaphors and asking clean questions may be a more effective way to facilitate change: https://westurner.github.io/hnlog/#comment-15471868

/? greatest speeches: https://m.youtube.com/results?sp=mAEA&search_query=Greatest+...

"Lend Me Your Ears: Great Speeches in History" by William Safire. https://a.co/8svyoUw

E.g. "The Prosperity Bible: The Greatest Writings of All Time on the Secrets to Wealth and Prosperity" (Napoleon Hill, PT Barnum, Dale Carnegie, Gibran, Benjamin Franklin; 5000+ pages). https://a.co/b8Ej6o7

Talking points: Peaceful coexistence, #GlobalGoals 1-17 (UN SDGs), "Limits to Growth: The 30-Year Update" by Donella H. Meadows. https://a.co/7MgO0bv

[-]

Google sunsets the APK format for new Android apps

I was just trying to explain this the other day. Not sure whether to be disappointed in is this a regression? No, bros, you may not just `repack it` and re-sign the package for me. That's not how it should work unless I trust their build server to sign for me; and I don't and we shouldn't. I'll just CC this here from https://westurner.github.io/hnlog/#comment-27410978 :

```

> Unfortunately all packages aren't necessarily signed either; "Which package managers require packages to be cryptographically signed?" is similar to "Which DNS clients can operate DNS resolvers that require DNSSEC signatures on DNS records to validate against the distributed trust anchors?".

> FWIW, `delv pkg.mirror.server.org` is how you can check DNSSEC:

  man systemd-resolved # nmcli
  man delv
  man dnssec-trust-anchors.d

  delv pkg.mirror.server.org
> Sigstore is a free and open Linux Foundation service for asset signatures: https://sigstore.dev/what_is_sigstore/

> The TUF Overview explains some of the risks of asset signature systems; key compromise, there's one key for everything that we all share and can't log the revocation of in a CT (Certificate Transparency) log distributed like a DLT, https://theupdateframework.io/overview/

> Certificate Transparency: https://en.wikipedia.org/wiki/Certificate_Transparency

> Yeah, there's a channel to secure there at that layer of the software supply chain as well.

> "PEP 480 -- Surviving a Compromise of PyPI: End-to-end signing of packages" (2014-) https://www.python.org/dev/peps/pep-0480/

>> Proposed is an extension to PEP 458 that adds support for end-to-end signing and the maximum security model. End-to-end signing allows both PyPI and developers to sign for the distributions that are downloaded by clients. The minimum security model proposed by PEP 458 supports continuous delivery of distributions (because they are signed by online keys), but that model does not protect distributions in the event that PyPI is compromised. In the minimum security model, attackers who have compromised the signing keys stored on PyPI Infrastructure may sign for malicious distributions. The maximum security model, described in this PEP, retains the benefits of PEP 458 (e.g., immediate availability of distributions that are uploaded to PyPI), but additionally ensures that end-users are not at risk of installing forged software if PyPI is compromised.

> One W3C Linked Data way to handle https://schema.org/SoftwareApplication ( https://codemeta.github.io/user-guide/ ) cryptographic signatures of a JSON-LD manifest with per-file and whole package hashes would be with e.g. W3C ld-signatures/ld-proofs and W3C DID (Decentralized Identifiers) or x.509 certs in a CT log.

```

FWIU, the Fuschia team is building package signing on top of TUF.

[-]

A from-scratch tour of Bitcoin in Python

[+]

> The 'dumbcoin' jupyter notebook is also a good reference: "Dumbcoin - An educational python implementation of a bitcoin-like blockchain" https://nbviewer.jupyter.org/github/julienr/ipynb_playground...

https://github.com/yjjnls/awesome-blockchain#implementation-... and https://github.com/openblockchains/awesome-blockchains#pytho... list a few more ~"blockchain from scratch" [in Python] examples.

... FWIU, Ethereum has the better Python story. There was a reference implementation of Ethereum in Python? https://ethereum.org/en/developers/docs/programming-language...

[-]

An Omega-3 that’s poison for cancer tumors

[+]
[+]

Fish don't synthesize Omega PUFAs, they eat algae (which unfortunately and inopportunely stains teeth)

From "Warning: Combination of Omega-3s in Popular Supplements May Blunt Heart Benefits" https://scitechdaily.com/warning-combination-of-omega-3s-in-... :

> Now, new research from the Intermountain Healthcare Heart Institute in Salt Lake City finds that higher EPA blood levels alone lowered the risk of major cardiac events and death in patients, while DHA blunted the cardiovascular benefits of EPA. Higher DHA levels at any level of EPA, worsened health outcomes.

> Results of the Intermountain study, which examined nearly 1,000 patients over a 10-year-period,

> “Based on these and other findings, we can still tell our patients to eat Omega-3 rich foods, but we should not be recommending them in pill form as supplements or even as combined (EPA + DHA) prescription products,” he said. “Our data adds further strength to the findings of the recent REDUCE-IT (2018) study that EPA-only prescription products reduce heart disease events.”

Now they're sayin'; so I go look for an EPA-only supplement, and TIL about re-esterified triglyceride and it says it's molecularly distilled anchovies in blister packages. Which early land mammals probably ate, so.

[+]
[+]
[-]

Discover and Prevent Linux Kernel Zero-Day Exploit Using Formal Verification

[Coq, VST, CompCert]

Formal methods: https://en.wikipedia.org/wiki/Formal_methods

Formal specification: https://en.wikipedia.org/wiki/Formal_specification

Implementation of formal specification: https://en.wikipedia.org/wiki/Anti-pattern#Software_engineer...

Formal verification: https://en.wikipedia.org/wiki/Formal_verification

From "Why Don't People Use Formal Methods?" https://news.ycombinator.com/item?id=18965964 :

> Which universities teach formal methods?

> - q=formal+verification https://www.class-central.com/search?q=formal+verification

> - q=formal+methods https://www.class-central.com/search?q=formal+methods

> Is formal verification a required course or curriculum competency for any Computer Science or Software Engineering / Computer Engineering degree programs?

Can there still be side channel attacks in formally verified systems? Can e.g. TLA+ help with that at all?

[+]
[-]

Anatomy of a Linux DNS Lookup

[+]
[+]

Is there a good example of a Linux package that does this correctly?

[+]
[+]

Yeah, but if you regress to 'legacy DNS' by removing systemd-resolved then there's no good way to do per-interface DNS (~client-split DNS), or (optionally) validate DNSSEC, or do DoH/DoT; and then nothing respawns and logs consistently-timestamped process events of substitute network service processes.

FWIU, per-user DNS configs are still elusive. Per-user DNS would make it easier to use family-safe DNS (that redirects to family-safe e.g. SafeSearch domains) by default; some forums are essential for system administration.

[+]

Your system may also depend upon one or more package managers that do all depend upon DNS (and hopefully e.g. DNSSEC and DoH/DoT)

[+]

Unfortunately all packages aren't necessarily signed either; "Which package managers require packages to be cryptographically signed?" is similar to "Which DNS clients can operate DNS resolvers that require DNSSEC signatures on DNS records to validate against the distributed trust anchors?".

FWIW, `delv pkg.mirror.server.org` is how you can check DNSSEC:

  man systemd-resolved # nmcli
  man delv
  man dnssec-trust-anchors.d

  delv pkg.mirror.server.org
Sigstore is a free and open Linux Foundation service for asset signatures: https://sigstore.dev/what_is_sigstore/

The TUF Overview explains some of the risks of asset signature systems; key compromise, there's one key for everything that we all share and can't log the revocation of in a CT (Certificate Transparency) log distributed like a DLT, https://theupdateframework.io/overview/

Certificate Transparency: https://en.wikipedia.org/wiki/Certificate_Transparency

Yeah, there's a channel to secure there at that layer of the software supply chain as well.

"PEP 480 -- Surviving a Compromise of PyPI: End-to-end signing of packages" (2014-) https://www.python.org/dev/peps/pep-0480/

> Proposed is an extension to PEP 458 that adds support for end-to-end signing and the maximum security model. End-to-end signing allows both PyPI and developers to sign for the distributions that are downloaded by clients. The minimum security model proposed by PEP 458 supports continuous delivery of distributions (because they are signed by online keys), but that model does not protect distributions in the event that PyPI is compromised. In the minimum security model, attackers who have compromised the signing keys stored on PyPI Infrastructure may sign for malicious distributions. The maximum security model, described in this PEP, retains the benefits of PEP 458 (e.g., immediate availability of distributions that are uploaded to PyPI), but additionally ensures that end-users are not at risk of installing forged software if PyPI is compromised.

One W3C Linked Data way to handle https://schema.org/SoftwareApplication ( https://codemeta.github.io/user-guide/ ) cryptographic signatures of a JSON-LD manifest with per-file and whole package hashes would be with e.g. W3C ld-signatures/ld-proofs and W3C DID (Decentralized Identifiers) or x.509 certs in a CT log.

[-]

JupyterLite – WASM-powered Jupyter running in the browser

[+]
[+]
[+]
[+]

From https://news.ycombinator.com/item?id=24052393 re: Starboard:

> https://developer.mozilla.org/en-US/docs/Web/Security/Subres... : "Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match."

> There's a new Native Filesystem API: "The new Native File System API allows web apps to read or save changes directly to files and folders on the user's device." https://web.dev/native-file-system/

> We'll need a way to grant specific URLs specific, limited amounts of storage.

[...]

> https://github.com/deathbeds/jyve/issues/46 :

> Would [Micromamba] and conda-forge build a WASM architecture target?

[-]

Accenture, GitHub, Microsoft and ThoughtWorks Launch the GSF

> With data centers around the world accounting for 1% of global electricity demand, and projections to consume 3-8% in the next decade, it’s imperative we address this as an industry.

> To help in that endeavor, we’re excited to announce the formation of The Green Software Foundation – a nonprofit founded by Accenture, GitHub, Microsoft and ThoughtWorks established with the Linux Foundation and the Joint Development Foundation Projects LLC to build a trusted ecosystem of people, standards, tooling and leading practices for building green software. The Green Software Foundation was born out of a mutual desire and need to collaborate across the software industry. Organizations with a shared commitment to sustainability and an interest in green software development principles are encouraged to join the foundation to help grow the field of green software engineering, contribute to standards for the industry, and work together to reduce the carbon emissions of software. The foundation aims to help the software industry contribute to the information and communications technology sector’s broader targets for reducing greenhouse gas emissions by 45% by 2030, in line with the Paris Climate Agreement.

Here's to now hand-optimized efficient EC, SHA-256, SHA-3, and Scrypt routines due to incentives. See also The Crypto Climate Accord, which is also inspired by the Paris Agreement: https://cryptoclimate.org/

... "Thermodynamics of Computation Wiki" https://news.ycombinator.com/item?id=18146854

Is 100% offset by PPAs always 200% Green?

From "Ask HN: What jobs can a software engineer take to tackle climate change?" https://news.ycombinator.com/item?id=20015801 :

> [ ] We should create some sort of a badge and structured data (JSONLD, RDFa, Microdata) for site headers and/or footers that lets consumers know that we're working toward '200% green' so that we can vote with our money.

[+]

No, under the Paris Agreement, countries set voluntary targets for themselves and regularly reassess.

[+]

TBF, the glut of [Chinese,] solar panels has significantly helped lower the cost of renewables; which is in everyone's interest.

[+]

"What are you doing to help solve that problem?"

[-]

Rocky Linux releases its first release candidate

[+]
[+]
[+]
[+]

Would Rocky Linux be an option for CERN?

I'm assuming the Centos 8 install instructions for e.g. GitLab also work with Rocky Linux? Conda/Micromamba definitely should.

[-]

USB-C is about to go from 100W to 240W, enough to power beefier laptops

What are the costs to add a USB PD module to an electronic device? https://hackaday.com/2021/04/21/easy-usb‑c-power-for-all-you...

- [ ] Create an industry standard interface for charging and using [power tool,] battery packs; and adapters

[-]

Half-Double: New hammering technique for DRAM Rowhammer bug

From "Rowhammer for qubits: is it possible?" https://amp.reddit.com/r/quantum/comments/7osud4/rowhammer_f... :

> Sometimes bits just flip due to "cosmic rays"; or, logically, also due to e.g. neutron beams and magnetic fields.

> With rowhammer, there are read/write (?) access patterns which cause predictable-enough information "leakage" to be useful for data exfiltration and privilege escalation.

> With the objective of modeling qubit interactions using quantum-mechanical properties of fields of electrons in e.g. DRAM, Is there a way to use DRAM electron "soft errors" to model quantum interactions; to build a quantum computer from what we currently see as errors in DRAM?

> If not with current DRAM, could one apply a magnetic field to DRAM in order to exploit quantum properties of electrons moving in a magnetic field?

https://en.wikipedia.org/wiki/DRAM

https://en.wikipedia.org/wiki/Row_hammer

https://en.wikipedia.org/wiki/Soft_error

https://en.wikipedia.org/wiki/Crosstalk

> [...] are there DRAM read/write patterns which cause errors due to interference which approximate quantum logic gates? Probably not, but maybe; especially with an applied magnetic field (which then isn't the DRAM sitting on our desks, it's then DRAM + a constant or variable field).

> I suppose to test this longshot theory, one would need to fuzz low-level RAM loads and search for outputs that look like quantum gate outputs. Or, monitor normal workloads which result in RAM faults which approximate quantum logic gate outputs and train a network to recognize the features.

> I am reminded of a recent approach to in-RAM computing that's not memristors.

> Soft errors caused by cosmic rays are obviously more frequent at higher altitudes (and outside of the Van Allen radiation belt).

Thought I'd ask this here as well.

Quantum tunneling was the perceived barrier at like DDR5 and higher densities FWIU? Barring new non-electron-based tech, how can we prevent adjacent electrons from just flipping at that gate grid gap size?

Other Quantum-on-Silicon approaches have coherence issues, too

[-]

Setting up a Raspberry Pi with 2 Network Interfaces as a simple router

[+]
[+]
[+]

> This page shows devices which have a LTE modem built in and are supported by OpenWrt.

https://openwrt.org/toh/views/toh_lte_modem_supported

It looks like this table is neither current nor complete though. And there's a different table of OpenWRT compatible devices that have a battery as well.

> [The Amarok (GL-X1200) Industrial IoT Gateway has] 2x SIM card slots for 2x 4G LTE modems (probably miniPCI-E so maybe upgradeable to 5G later), external antenna connectors for the LTE modems, MicroSD, #OpenWRT: https://store.gl-inet.com/collections/4g-smart-router/produc...

The Turris Omnia also has 4G LTE SIM card support (and LXC in their OpenWRT build). https://openwrt.org/toh/turris/turris_omnia

There's also a [Dockerized] x86 build of OpenWRT that probably also supports Mini PCI-E modules for 4G LTE, LoRa, and 5G. Route metrics determine which [gateway] route is tried first.

From "How much total throughput can your wi-fi router really provide?" https://news.ycombinator.com/item?id=26596395 :

> In 2021, most routers - even with OpenWRT and hardware-offloading - cannot actually push 1 Gigabit over wired Ethernet, though the port spec does say 1000 Mbps

[-]

What to do about GPU packages on PyPI?

[+]
[+]

[Huge GPU] packages can be cached locally: persist ~/.cache/pip between builds with e.g. Docker, run a PyPI caching proxy,

"[Discussions on Python.org] [Packaging] Draft PEP: PyPI cost solutions: CI, mirrors, containers, and caching to scale" https://discuss.python.org/t/draft-pep-pypi-cost-solutions-c...

> Continuous Integration automated build and testing services can help reduce the costs of hosting PyPI by running local mirrors and advising clients in regards to how to efficiently re-build software hundreds or thousands of times a month without re-downloading everything from PyPI every time.

[...]

> Request from and advisory for CI Services and CI Implementors:

> Dear CI Service,

> - Please consider running local package mirrors and enabling use of local package mirrors by default for clients’ CI builds.

> - Please advise clients regarding more efficient containerized software build and test strategies.

> Running local package mirrors will save PyPI (the Python Package Index, a service maintained by PyPA, a group within the non-profit Python Software Foundation) generously donated resources. (At present (March 2020), PyPI costs ~ $800,000 USD a month to operate; even with generously donated resources).

Looks like the current figure is significantly higher than $800K/mo for science.

How to persist ~/.cache/pip between builds with e.g. Docker in order to minimize unnecessary GPU package re-downloads:

  RUN --mount=type=cache,target=/root/.cache/pip

  RUN --mount=type=cache,target=/home/appuser/.cache/pip

[+]
[-]

Markdown Notes VS Code extension: Navigate notes with [[wiki-links]]

> Syntax highlighting for #tags.

What's the best way to search for #tags with VS Code? Are #tags indexed into an e.g. ctags file within a project or a directory?

> @bibtex-citations: Use pandoc-style citations in your notes (eg @author_title_year) to get syntax highlighting, autocompletion and go to definition, if you setup a global BibTeX file with your references.

[+]

Thanks, yeah. Is there anything that does stemming or at least depluralization of the word around the cursor or the full selection before brute searching for it?

[-]

Ask HN: Choosing a language to learn for the heck of it

I'm a technical manager, which means I do a lot of administrative stuff and a little coding. The coding has become a nice distraction when I need to take a break.

For "real work" I write mostly Python, a lot of SQL, a little bit of Go, and some shell scripting to glue it together. I'd like to learn something I have no need of for work. If it becomes useful later, that is OK, but not a goal. The goal is in creating something just for fun. That something is undefined, so general purpose languages are the population.

I have become curious lately in Nim, Crystal, and Zig. Small, modern, high performance languages. Curiousity comes from the cases when they are mentioned here, sometime for similar reasons I list above.

Nim is on top of the list: Sort of Python like, supported on Windows (I use Win/Mac/Linux), appears to have libraries for the things I do: Process text for insights, play projects would use interesting data instead of business data.

Crystal does not support Windows (yet), but appears to closer to Ruby. Its performance may be a bit better.

Zig came on my radar recently, I know less about it, compared to the little I know of the others.

Suggestions on choosing one as a hobby language?

> Suggestions on choosing one as a hobby language?

IDK how much of a hobby it'd remain, but: Rust compiles to WASM, C++ now has auto and coroutines (and real live memory management)

"Ask HN: Is it worth it to learn C in 2020?" https://news.ycombinator.com/item?id=21878664

[-]

Show HN: Django SQL Dashboard

[+]

This launches the web-based Werkzeug debugger on Exception:

  pip install django-extensions
  python manage.py runserver_plus
https://django-extensions.readthedocs.io/en/latest/runserver...

This should run IPython Notebook with database models already imported :

  python manage.py shell_plus --notebook
But writing fixtures, tests and (celery / dask-labextension) tasks is probably the better way to do things. Django-rest-assured is one way to get a tested REST API with DRF and e.g. factory_boy for generating test data.

[-]

Interactive IPA Chart

Jeud | 2021-05-06 13:33:00 | 243 | # | ^

Is there a [Linked Data] resource with the information in this interactive IPA chart (which is from Wikipedia FWICS) in addition to?:

- phoneme, ns:"US English letter combinations", []

- phoneme, ns:"schema.org/CreativeWorks which feature said phoneme", []

AFAIU, WordNet RDF doesn't have links to any IPA RDFS/OWL vocabulary/ontology yet.

[-]

Google Dataset Search

[+]

Use cases for such [LD: Linked Data] metadata:

1. #StructuredPremises:

> (How do I indicate that this is a https://schema.org/ScholarlyArticle predicated upon premises including this Dataset and these logical propositions?)

2. #LinkedMetaAnalyses; #LinkedResearch "#StudyGraph"

3. [CSVW (Tabular Data Model),] schema.org/Dataset(s) with per column (per-feature) physical quantity and unit URIs with e.g. QUDT and/or https://schema.org/StructuredValue metadata for maximum data reusability.

4. JupyterLab notebooks:

4a. JupyterLab Metadata Service extension: https://github.com/jupyterlab/jupyterlab-metadata-service :

> - displays linked data about the resources you are interacting with in JuyterLab.

> - enables other extensions to register as linked data providers to expose JSON LD about an entity given the entity's URL.

> - exposes linked data to the user as a Linked Data viewer in the Data Browser pane.

4b. JupyterLab Data Explorer: https://github.com/jupyterlab/jupyterlab-data-explorer :

> - Data changing on you? Use RxJS observables to represent data over time.

> - Have a new way to look at your data? Create React or lumino components to view a certain type.

> - Built-in data explorer UI to find and use available datasets.

[-]

Ask HN: Cap Table Service Recommendations

Recent founders, do you have any recommendations for services for managing a cap table? Or do you do it yourself? Any suggestions for how to choose?

[-]

Hosting SQLite databases on GitHub Pages or any static file hoster

[+]
[+]
[+]

This looks pretty efficient. Some chains can be interacted with without e.g. web3.js? LevelDB indexes aren't SQLite.

Datasette is one application for views of read-only SQLite dbs with out-of-band replication. https://github.com/simonw/datasette

There are a bunch of *-to-sqlite utilities in corresponding dogsheep project.

Arrow JS for 'paged' browser client access to DuckDB might be possible and faster but without full SQLite SQL compatibility and the SQLite test suite. https://arrow.apache.org/docs/js/

https://duckdb.org/ :

> Direct Parquet & CSV querying

In-browser notebooks like Pyodide and Jyve have local filesystem access with the new "Filesystem Access API", but downloading/copying all data to the browser for every run of a browser-hosted notebook may not be necessary. https://web.dev/file-system-access/

[+]
[-]

Wasm3 compiles itself (using LLVM/Clang compiled to WASM)

Self-hosting (compilers) https://en.wikipedia.org/wiki/Self-hosting_(compilers) :

> In computer programming, self-hosting is the use of a program as part of the toolchain or operating system that produces new versions of that same program—for example, a compiler that can compile its own source code

[+]

The wikipedia article lists quite a few languages for which there are self-hosting compilers.

JS can already write more JS. Are there advantages and risks introduced by this new capability for browser-hosted (?) WASM LLVM to compile WASM?

[-]

Semgrep: Semantic grep for code

Is there a more complete example of how to call semgrep from pre-commit (which gets called before every git commit) in order to prevent e.g. Python print calls (print(), print \\n(), etc.) from being checked in?

https://semgrep.dev/docs/extensions/ describes how to do pre-commit.

Nvm, here's semgrep's own .pre-commit-config.yml for semgrep itself: https://github.com/returntocorp/semgrep/blob/develop/.pre-co...

[+]

Yeah but that githook will only be installed on that one repo on that one machine. And they may have no or a different version of bash installed (on e.g. MacOS or Windows). IMHO, POSIX-compatible portable shell scripts are more trouble than portable Python scripts.

Pre-commit requires Python and pre-commit to be installed (and then it downloads every hook function).

This fetches the latest version of every hook defined in the .pre-commit-config.yml:

  pre-commit autoupdate
https://pre-commit.com/#pre-commit-autoupdate

A person could easily `ln -s repo/.hooks/hook*.sh repo/.git/hooks/` after every git clone.

[+]
[+]
[+]

IDE plugins are not at all consistent from one IDE to another. Pre-commit is great for teams with different IDEs because all everyone needs to do is:

  [pip,] install pre-commit
  pre-commit install
  # git commit
  #   pre-commit run --all-files

  # pre-commit autoupdate
https://pre-commit.com/

[-]

Ask HN: What to use instead of Bash / Sh for scripting?

I'm at the point where I feel a certain fatigue writing Bash scripts, but I am just not sure of what the alternative is for medium sized (say, ~150-500 LOC) scripts.

The common refrain of "use Python" hasn't really worked fantastically: I don't know what version of Python I'm going to have on the system, installing dependencies is not fun, shelling out when needed is not pleasant, and the size of program always seemingly doubles.

I'm willing to accept something that's not on the system as long as it's one smallish binary that's available in multiple architectures. Right now, I've settled on (ab)using jq, using it whenever tasks get too complex, but I'm wondering if anyone else has found a better way that should also hopefully not be completely a black box to my colleagues?

A configuration management system may have you write e.g. YAML with Jinja2 so that you don't reinvent the idempotent wheel.

It's really easy to write dangerous shell scripts ("${@}" vs ${@} for example) and also easy to write dangerous Python scripts (cmd="{}; {}").

Sarge is one way to use subprocess in Python. https://sarge.readthedocs.io/en/latest/

If you're doing installation and configuration, the most team-maintainable thing is to avoid custom code and work with a configuration management system test runner.

When you "A shell script will be fine, all I have to do is [...]" and then you realize that you need a portable POSIX shell script and to be merged it must have actual automated tests of things that are supposed to run as root - now in a fresh vm/container for testing - and manual verification of `set +xev` output isn't an automated assertion.

> avoid custom code and work with a configuration management system test runner

ansible-molecule is a test runner for Ansible playbooks that can create VMs or containers on local or remote resources.

You can definitely just call shell scripts from Ansible, but the (parallel) script output is only logged after the script returns a return code unless you pipe the script output somewhere and tail that .

> manual verification of `set +xev` output isn't an automated assertion.

From "Bash Error Handling" https://news.ycombinator.com/item?id=24745833 : you can display the line number in `set -x` output by setting $PS4:

  export PS4='+(${BASH_SOURCE}:${LINENO}) '
  set -x
But that's no substitute for automated tests and a test runner that produces e.g. TAP output from test runner results: http://testanything.org/producers.html#shell

[-]

Estonian Electronic Identity Card and Its Security Challenges [pdf]

[+]
[+]
[+]
[+]
[+]
[+]

FWIU, DHS has funded [1] development of e.g W3C DID Decentralized Identifiers [2] and W3C Verifiable Credentials [3]:

[1] https://www.google.com/search?q=site%3Aw3.org+%22funded+by+t...

[2] https://www.w3.org/TR/did-core/

[3] https://www.w3.org/TR/vc-data-model/

Additional notes regarding credentials (certificates, badges, degrees, honorarial degrees, then-evaluated competencies) and capabilities models: https://news.ycombinator.com/item?id=19813340

westurner/blockchain-credential-resources.md: https://gist.github.com/westurner/4345987bb29fca700f52163c33...

Value storage and transmission networks have developed standards and implementations for identity, authentication, and authorization. ILP (Interledger Protocol) RFC 15 specifies "ILP addresses" for [crypto] ledger account IDs: https://interledger.org/rfcs/0015-ilp-addresses/

From "Verifiable Credentials Use Cases" https://w3c.github.io/vc-use-cases/ :

> A verifiable claim is a qualification, achievement, quality, or piece of information about an entity's background such as a name, government ID, payment provider, home address, or university degree. Such a claim describes a quality or qualities, property or properties of an entity which establish its existence and uniqueness. The use cases outlined here are provided in order to make progress toward possible future standardization and interoperability of both low- and high-stakes claims with the goals of storing, transmitting, and receiving digitally verifiable proof of attributes such as qualifications and achievements. The use cases in this document focus on concrete scenarios that the technology defined by the group should address.

FWIU, the US Department of Education is studying or already working with https://blockcerts.org/ for educational credentials.

Here are the open sources of blockchain-certificates/cert-issuer and blockchain-certificates/cert-verifier-js: https://github.com/blockchain-certificates

Might a natural-born resident get a government ID card for passing a recycling and environmental sustainability quiz.

[-]

Systemd makes life miserable, again, this time by breaking DNS

So, I made the mistake of updating my laptop from Fedora 31 to Fedora 33 last night. Normally this is fairly painless, as my laptop is one of the last machines I perform distribution upgrades. Today while doing some pole survey work out in the field, I tethered my laptop to my phone as has been done hundreds of times before. To my surprise, DNS doesn't work anymore, but only in web browsers. Both Firefox and Chrome can't resolve names anymore. Command line tools like ping and host work normally. WTF?

Why are distributions continuing to allow systemd to extend its tentacles deeper and deeper into more parts of Linux userland with poorly tested subsystem replacements for parts of Linux that have been stable for decades? Does nobody else consider this repeating pattern of rewrite-replace-introduce-new-bugs a problem? Newer is not all that better if you break what is a pretty bog standard and common use-case.

As well, Firefox now defaults to DoH (DNS over HTTPS), which may be bypassing systemd-resolved by doing DNS resolution in the app instead of calling `gethostbyname()` (`man gethostbyname`) and/or `getaddrinfo()`.

`man systemd-resolved` describes why there is new DNS functionality: security; "caching and validating DNS/DNSSEC stub resolver, as well as an LLMR and MulticastDNS resolver and responder".

From `man systemd-resolved` https://man7.org/linux/man-pages/man8/systemd-resolved.servi... :

> To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a symlink to /run/systemd/resolve/stub-resolv.conf, /usr/lib/systemd/resolv.conf or /run/systemd/resolve/resolv.conf

> [...] Note that the selected mode of operation for this file is detected fully automatically, depending on whether /etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf or lists 127.0.0.53 as DNS server.

Is /etc/resolv.conf read on reload and or restart of the systemd-resolved service (`servicectl restart systemd-named`)?

Some examples of validating DNSSEC in `man delv` would be helpful.

NetworkManager (now with systemd-resolved) is one system for doing DNS configuration for zero or more transient interfaces:

  man nmcli

  nmcli connection help
  nmcli c help
  nmcli c h

  nmcli c show ssid_or_nm_profile | grep -i dns

  nmcli c modify help

  man systemd-resolved
  man delv
  man dnssec-trust-anchors.d

[+]

> manually syncing the clock via ntp usually gets my dns working again.

Why is this necessary?

[+]
[-]

Ask HN: How bad is proof-of-work blockchain energy consumption?

I'm not a blockchain/crypto expert by any means, but I've been hearing about how much energy the proof-of-work blockchains (Bitcoin, Ethereum, NFTs) consume. Unless I'm mistaken their whole design relies on cranking through more and more CPU cycles. Should we be more concerned about this? Are the concerns overblown? Are there ways to improve it without certain crypto currencies imploding?

A rational market would be choosing an asset that offers value storage and transmission (between points in spacetime) according to criteria: "security" (security theater, infosec, cryptologic competency assessment, software assurances), "future stability" (future switching costs), and "cost".

The externalities of energy production are what must be overcome if we are to be able to withstand wasteful overconsumption of electricity. Eventually, we could all have free clean energy and no lightsabers, right?

So, we do need to minimize wasteful overconsumption. Define wasteful in terms of USD/kWHr (irregardless of industry)? In terms of behavioral economics, why are they behaving that way when there are alternatives that cost <$0.01/tx and a fairly-aggregated comprehensive n kWhr of electricity?

TIL about these guys, who are deciding to somewhat-responsibly self-regulate in the interest of long-term environmental sustainability for all of the land: "Crypto Climate Accord". https://cryptoclimate.org/

"Crypto Climate Accord Launches to Decarbonize Cryptocurrency Industry Brings together the likes of CoinShares, ConsenSys, Ripple, and the UNFCCC Climate Champions to lead sustainability in blockchain and crypto" (2021) https://bit.ly/CryptoClimateAccord

> What are the objectives of the Crypto Climate Accord? The Accord’s overall objective is to decarbonize the global crypto industry. There are three provisional objectives to be finalized in partnership with Accord supporters:

> - Enable all of the world’s blockchains to be powered by 100% renewables by the 2025 UNFCCC COP Conference

> - Develop an open-source accounting standard for measuring emissions from the cryptocurrency industry

> - Achieve net-zero emissions for the entire crypto industry, including all business operations beyond blockchains and retroactive emissions, by 2040

Similar to the Paris Agreement (2015), stakeholders appear to be setting their own targets for sustainability in accordance with the Crypto Climate Accord (2021). https://cryptoclimate.org/accord/

Someone who's not in renewables could launch e.g. a "Satoshi Nakamoto Clean Energy Fund: SNCEF" to receive donations from e.g. hash pools and connect nonprofits with sustainability managed renewables. How many SNCEFs did you give this year and why?

#CleanEnergy

[+]
[+]
[+]

More transistors per unit area, but also more efficient please! There should be demand for more efficient chips (semiconductors,) that are fully-utilized while depreciating on your ma's electricity bill (which is not yet (?) really determined by a market-based economy with intraday speculation to smooth over differences in supply and demand in the US). Oversupply of the electrical grid results in damage costs; which is why the price sometimes falls so low where there are intraday prices and supply has been over-subsidized pending the additional load from developing economies and EVs: Electric Vehicles.

New grid renewables (#CleanEnergy) are now less expensive than existing baseload; which makes renewables long term environment-rational and short term price-rational.

"Thermodynamics of Computation Wiki" (2018) https://news.ycombinator.com/item?id=18146854

> No, all space heaters are equally efficient. They all have perfect 100% efficiency, because they turn electrical power into heat. When your work product is heat and the waste product is also heat, then there really is no waste.

This heat must be distributed throughout the room somehow (i.e. a batteryless woodstove fan or a sterling engine that does work with the difference in entropy when there is a difference in entropy)

> Technically in the case of cryptocurrency mining, some of the electrical power is turned into information rather than heat. In principle this reduces the amount of heat that you get, but in practice this isn’t even measurable. Most of the information is erased (discarded as useless), which turns it back into heat.

See "Thermodynamics of Computation Wiki" re: a possible way to delete known observer-entangled bits while reducing heat/entropy (thus bypassing Landauer's limit for classical computation?)?

> Only a few hundred bits of information will be kept after successfully mining a block of transactions, and the amount of heat that costs you is fantastically small. Far smaller than you can measure.

Each n-symbol sequence in the hash function output does appear to have nearly equal frequency/probability of occurrence. Indeed, is Proof-of-Work worth the heat if you're not reusing the waste heat?

[-]

What does a PGP signature on a Git commit prove?

[+]
[+]
[+]

That nonce value could be ±\0 or 5,621,964,321e100; though for well-designed cryptographic hash functions it's far less likely that - at maximum difficulty - a low nonce value will result in a hash collision.

[+]

Searching for the value to prepend or append that causes a hash collision is exactly the same as finding a nonce value at maximum difficulty (not less than the difficulty value, exactly equal to the target hash).

Mutate and check.

[+]

Brute forcing to find `hash(data_1+nonce) == hash(data_0)` differs very little from ``hash(data_1+nonce) < difficulty_level`. Write each and compare the cost/fitness/survival functions.

If the hash function is reversible - as may be discovered through e.g. mutation and selection - that would help find hashes that are equal and maybe also less than.

Practically, there are "rainbow tables" for very many combinations of primes and stacked transforms: it's not necessary to search the whole space for simple collisions and may not be necessary for preimages; we don't know and it's just a matter of time. "Collision attack" https://en.wikipedia.org/wiki/Collision_attack

Crytographic nonce > hashing: https://en.wikipedia.org/wiki/Cryptographic_nonce#Hashing

[+]

Practically, iff browsers still relied upon SHA-1 to fingerprint and pin and verify certificates instead of the actual chain, and there were no file size limits on x.509 certificates, some fields in a cert (e.g. CommonName and SAN) would be chosen and other fields would then potentially be nonce.

In context to finding a valid cert with a known good hash fingerprint, how many prime keypairs could there be to precompute and cache/memoize when brute forcing.

"SHA-1 > Cryptanalysis and validation " does list chosen prefix collision as one of many weaknesses now identified in SHA-1: https://en.wikipedia.org/wiki/SHA-1#Cryptanalysis_and_valida...

This from 2008 re: the 200 PS3s it took to generate a rogue CA cert with a considered-valid MD5 hash: https://hackaday.com/2008/12/30/25c3-hackers-completely-brea...

... Was just discussing e.g. frankencerts the other day: https://news.ycombinator.com/item?id=26605647

[-]

Breakthrough for ‘massless’ energy storage

[+]
[+]

> You can't make a car by building the chassis out of smartphone batteries

They're called Structural batteries (or [micro]structural super/ultracapacitors)

"Carmakers want to ditch battery packs, use auto bodies for energy storage" (2020,) https://arstechnica.com/cars/2020/11/carmakers-want-to-ditch...

[+]

The Ars article I linked has an overview and some history and specific industry applications; whereas OT is about a new approach discovered since the Ars article was written.

[-]

OpenSSL Security Advisory

[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]

https://project-everest.github.io/ :

> Focusing on the HTTPS ecosystem, including components such as the TLS protocol and its underlying cryptographic algorithms, Project Everest began in 2016 aiming to build and deploy formally verified implementations of several of these components in the F* proof assistant.

> […] Code from HACL*, ValeCrypt and EverCrypt is deployed in several production systems, including Mozilla Firefox, Azure Confidential Consortium Framework, the Wireguard VPN, the upcoming Zinc crypto library for the Linux kernel, the MirageOS unikernel, the ElectionGuard electronic voting SDK, and in the Tezos and Concordium blockchains.

S2n is Amazon's formally verified TLS library. https://en.wikipedia.org/wiki/S2n

IDK about a formally proven PKIX. https://www.google.com/search?q=formally+verified+pkix lists a few things.

A formally verified stack for Certificate Transparency would be a good way to secure key distribution (and revocation); where we currently depend upon a TLS library (typically OpenSSL), GPG + HKP (HTTP Key Protocol).

Fuzzing on an actual hardware - with stochastic things that persist bits between points in spacetime - is a different thing.

[+]

Both a gap and an opportunity; someone like an agency or a FAANG with a budget for something like this might do well to - invest in the formal methods talent pipeline and - very technically interface with e.g. Everest about PKIX as a core component in need of formal methods.

"The SSL landscape: a thorough analysis of the X.509 PKI using active and passive measurements" (2011) ... "Analysis of the HTTPS certificate ecosystem" (2013) https://scholar.google.com/scholar?oi=bibs&hl=en&cites=16545...

TIL about "Frankencerts": Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations (2014) https://scholar.google.com/scholar?cites=3525044230307445257... :

> Our first ingredient is "frankencerts," synthetic certificates that are randomly mutated from parts of real certificates and thus include unusual combinations of extensions and constraints. Our second ingredient is differential testing: if one SSL/TLS implementation accepts a certificate while another rejects the same certificate, we use the discrepancy as an oracle for finding flaws in individual implementations.

> Differential testing with frankencerts uncovered 208 discrepancies between popular SSL/TLS implementations such as OpenSSL, NSS, CyaSSL, GnuTLS, PolarSSL, MatrixSSL, etc.

W3C ld-signatures / Linked Data Proofs, and MerkleProof2017: https://w3c-ccg.github.io/lds-merkleproof2017/

"Linked Data Cryptographic Suite Registry" https://w3c-ccg.github.io/ld-cryptosuite-registry/

ld-proofs: https://w3c-ccg.github.io/ld-proofs/

W3C DID: Decentralized Identifiers don't solve for all of PKIX (x.509)?

"W3C DID x.509" https://www.google.com/search?q=w3c+did+x509

[+]
[-]

How much total throughput can your wi-fi router really provide?

[+]

netperf and iperf are utilities for measuring network throughput: https://en.wikipedia.org/wiki/Iperf

It's possible to approximate the https://dslreports.com/speedtest using the flent CLI or QT GUI (which calls e.g. fping and netperf) and isolate out ISP variance by running a netperf server on a decent router and/or a workstation with a sufficient NIC (at least 1Gbps). https://flent.org/tests.html

`dslreports_8dn`: https://github.com/tohojo/flent/blob/master/flent/tests/dslr...

From https://flent.org/ :

> RRUL: Create the standard graphic image used by the Bufferbloat project to show the down/upload speeds plus latency in three separate charts:

> `flent rrul -p all_scaled -l 60 -H address-of-netserver -t text-to-be-included-in-plot -o filename.png`

In 2021, most routers - even with OpenWRT and hardware-offloading - cannot actually push 1 Gigabit over wired Ethernet, though the port spec does say 1000 Mbps.

[-]

The Most Important Scarce Resource Is Legitimacy

ve55 | 2021-03-23 17:28:53 | 119 | # | ^
[+]
[+]

Public goods ... Welfare economics ... Social choice theory, Arrow's, Indifference curve: https://en.wikipedia.org/wiki/Indifference_curve

People do collectibles; commemorative plates.

[-]

A few notes on message passing

[+]
[+]

> Luckily, global orders are rarely needed and are easy to impose yourself (outside distributed cases): just let all involved parties synchronize with a common process.

When there are multiple agents/actors in a distributed system, and the timestamp resolution is datetime64, and clock synchronization and network latency are variable, and non-centralized resilience is necessary to eliminate single points of failure, global ordering is impractical to impossible because there is no natural unique key with which to impose a [partial] preorder [1][2]: there are key collisions when you try and merge the streams.

Just don't cross the streams.

[1] https://en.wikipedia.org/wiki/Preorder_(disambiguation)

[2] https://en.wikipedia.org/wiki/Partially_ordered_set

The C in CAP theorem is for Consistency [3][4]. Sequential consistency is elusive because something probably has to block/lock somewhere unless you've optimally distributed the components of the CFG control flow graph.

[3] https://en.wikipedia.org/wiki/Consistency_model

[4] https://en.wikipedia.org/wiki/CAP_theorem

FWIU, TLA+ can help find such issues. [5]

[5] https://en.wikipedia.org/wiki/TLA%2B

[+]
[+]
[+]

The Lamport timestamp: https://en.wikipedia.org/wiki/Lamport_timestamp :

> The Lamport timestamp algorithm is a simple logical clock algorithm used to determine the order of events in a distributed computer system. As different nodes or processes will typically not be perfectly synchronized, this algorithm is used to provide a partial ordering of events with minimal overhead, and conceptually provide a starting point for the more advanced vector clock method.

[-]

Duolingo's language notes all on one page

Succinct. What a useful reference.

An IPA (International Phonetic Alphabet) reference would be helpful, too. After taking linguistics in college, I found these Sozo videos of US english IPA consonants and vowels that simultaneously show {the ipa symbol, example words, someone visually and auditorily producing the phoneme from 2 angles, and the spectrogram of the waveform} but a few or a configurable number of [spaced] repetitions would be helpful: https://youtu.be/Sw36F_UcIn8

IDK how cartoonish or 3d of an "articulatory phonetic" model would reach the widest audience. https://en.wikipedia.org/wiki/Articulatory_phonetics

IPA chart: https://en.wikipedia.org/wiki/International_Phonetic_Alphabe...

IPA chart with audio: https://en.wikipedia.org/wiki/IPA_vowel_chart_with_audio

All of the IPA consonant chart played as a video: "International Phonetic Alphabet Consonant sounds (Pulmonic)- From Wikipedia.org" https://youtu.be/yFAITaBr6Tw

I'll have to find the link of the site where they playback youtube videos with multiple languages' subtitles highlighted side-by-side along with the video.

Found it: https://www.captionpop.com/

It looks like there are a few browser extensions for displaying multiple subtitles as well; e.g. "YouTube Dual Subtitles", "Two Captions for YouTube and Netflix"

[-]

Ask HN: The easiest programming language for teaching programming to young kids?

Hi,

I want to start a small community pilot project to help young kids, 8 and above, get interested in programming. We will use video games and robotics projects. We want to keep our tech stack as simple as possible. Here are some of the choices:

Godot + Aurdino: We can use C in Godot and Aurdino. Aurdino might be more interesting for kids as opposed neatly packaged Lego Kits.

Apple SpriteKit + Lego Mindstorm: We can use Swift with Legos. But cost will be higher.

Some of the projects we are thinking are:

Game-ish:

1. Sound visualizer like how Winamp and old school visualization were. Use speakers. And various other ideas around these concepts.

2. AR project that shows the world around you in cartoonish style. Swap faces etc.

3. Of cousre, platform games.

Robotics projects:

I see a lot of tutorials for Arduino such as robots that follow sound or light, or stuff like lights display. We will use mostly those.

Some harder project ideas I have are for drones, boats, and other navigational vehicles. This is why I want to use Arduino. But is C going to be too hard for young kids to play with?

What do you recommend? If this works, I would like to expand it and start a company around it.

awesome-python-in-education > "Python suitability for education" lists a few justifications for Python: https://github.com/quobit/awesome-python-in-education#python...

There is a Scratch Jr for Android and iOS. You can view Scratch code as JS. JS does run in a browser, until it needs WASI.

awesome-robotics-libraries: https://github.com/jslee02/awesome-robotics-libraries

FWIU, ROS (Robot Operating System) is now installable with Conda/Mamba. There's a jupyter-ros and a jupyterlab-ros extension: https://github.com/RoboStack/jupyter-ros

I just found this: https://coderdojotc.readthedocs.io/projects/python-minecraft...

> This documentation supports the CoderDojo Twin Cities’ Build worlds in Minecraft with Python code group. This group intends to teach you how to use Python, a general purpose programming language, to mod the popular game called Minecraft. It is targeted at students aged 10 to 17 who have some programming experience in another language. For example, in Scratch.

K12CS Framework has your high-level CS curriculum: https://k12cs.org/ [PDF]: https://k12cs.org/wp-content/uploads/2016/09/K%E2%80%9312-Co...

Educational technology > See also links to e.g. "Evidence-based education" and "Instructional theory" https://en.wikipedia.org/wiki/Educational_technology https://en.wikipedia.org/wiki/Educational_technology

[+]

Yw. Np. So I just searched for "site: readthedocs.io kids python" https://www.google.com/search?q=site%3Areadthedocs.io+kids+p... and found a few new and old things:

SensorCraft (pyglet (Python + OpenGL)) from US AFRL Sensors Directorate has e.g. Gravity, Rocket Launch, and AI tutorials:

> Most people are familiar with Minecraft [...] for this project we are using a Minecraft type environment created in the Python programming language. The Air Force Research Laboratory (AFRL) Sensors Directorate located in Dayton, Ohio created this guide to inspire kids of all ages to learn to program and at the same time get an idea of what it is like to be a Scientist or Engineer for the Air Force. We created this YouTube video about SensorCraft

https://sensorcraft.readthedocs.io/en/latest/intro.html

`conda install -c conda-forge -y pyglet` should probably work. Miniforge on Win/Mac/Lin is an easy way to get Python installed on anything including ARM64 for a RPi or similar; `conda create -n scraft; conda install -c conda-forge -y python=3.8 jupyterlab jupytext jupyter-book pyglet` . If you're in a conda env, `pip install` should install things within that conda env. Here's the meta.yaml in the conda-forge pyglet-feedstock: https://github.com/conda-forge/pyglet-feedstock/blob/master/...

"BBC micro:bit MicroPython documentation" https://microbit-micropython.readthedocs.io/en/latest/

$25 for a single board-computer with a battery pack and a case (and curricula) is very reasonable: https://en.wikipedia.org/wiki/Micro_Bit

> The [micro:bit] is described as half the size of a credit card[10] and has an ARM Cortex-M0 processor, accelerometer and magnetometer sensors, Bluetooth and USB connectivity, a display consisting of 25 LEDs, two programmable buttons, and can be powered by either USB or an external battery pack.[2] The device inputs and outputs are through five ring connectors that form part of a larger 25-pin edge connector. (V2 adds a Mic and a Speaker)

[-]

Raspberry Pi for Kill Mosquitoes by Laser

[+]
[+]
[+]
[+]

Yeah, they already did sharks with lasers. IDK what the licensing terms are on that

[+]
[-]

Donate Unrestricted

[+]

Unbelievable.

Rather than diminishing the efforts of others, you could start helping by describing your own efforts to improve education (in order to qualify your ability to assess the mentioned and other efforts to improve education and learning)

In context to seed and series funding for a seat on a board of a for-profit venture, an NGO non-profit organization can choose whether to accept restricted donations and government organizations have elected public servant leaders who lead and find funding.

Works based on Faust: https://en.wikipedia.org/wiki/Works_based_on_Faust

[-]

Bitcoin Is Time

[+]
[+]

"Bitcoin scalability problem" could link to the Ethereum design docs: https://en.wikipedia.org/wiki/Bitcoin_scalability_problem

The Ethereum design docs could link to direct-listed premined [stable] coins as a solution for Proof of Work and TPS reports: https://github.com/flare-eng/coston#smart-contracts-with-xrp

(edit) re: n-layer solutions: The https://interledger.org/ RFCs and something like Transaction Permission Layer (TPL) will probably be helpful for interchain compliance.

> Interledger is not tied to a single company, blockchain, or currency.

From https://tplprotocol.org/ :

> The challenge: Current blockchain-based protocols lack an effective governance mechanism that ensures token transfers comply with requirements set by the project that issued the token.

> Projects need to set requirements for a variety of reasons. For instance, remaining compliant with securities laws, limiting transfer to beta testers, or limiting transfer to a particular geo-spatial location. Whatever your reason, if a requirement can be verified by a third-party, TPL will be able to help.

In the US, S-Corps can't have international or more than n shareholders, for example; so if firms even wanted to issue securities on a first-layer network, they'd need an extra-chain compliance mechanism to ensure that their issuance is legal pursuant to local, sovereign, necessary policies. Re-issuing stock certificates is something that has to be done sometimes. When is it possible to cancel outstanding tokens?

[-]

Foundational Distributed Systems Papers

From "Ask HN: Learning about distributed systems?" https://news.ycombinator.com/item?id=23932271 :

> Papers-we-love > Distributed Systems: https://github.com/papers-we-love/papers-we-love/tree/master...

> awesome-distributed-systems also has many links to theory: https://github.com/theanalyst/awesome-distributed-systems

And links to more lists of distributed systems papers under "Meta Lists": https://github.com/theanalyst/awesome-distributed-systems#me...

In reviewing this awesome list, today I learned about this playlist: "MIT 6.824 Distributed Systems (Spring 2020)" https://youtube.com/playlist?list=PLrw6a1wE39_tb2fErI4-WkMbs...

> awesome-bigdata lists a number of tools: https://github.com/onurakpolat/awesome-bigdata