Unless you know all the terms the valuation is pretty meaningless. For example if I invest $500 for 1 share of your startup with an extra clause saying that I get the first $500 if you ever sell the company at any price then you could claim I valued you at $500 a share but since I make a profit if you sell the entire company for over $500 you could also I valued you at $0
Readit Newsfemto113 commented on Ask HN: How is Cognition able to raise at $10B? · Posted by u/thereitgoes456
I am appalled and delighted by this.
It feels like an AI cousin to the Python error steamroller (https://github.com/ajalt/fuckitpy).
Whenever I see this sort of thing I think that there might be a non-evil application for it. But then I think ... where's the fun in that?
I share your feelings. What it most brings to mind for me is the infamous StackSort from the image alt text on XKCD comic 1185 (https://xkcd.com/1185/)
femto113 commented on Why do we have both CSRF protection and CORS? smagin.fyi/posts/cross-si... · Posted by u/smagin
To add to that:
CORS is implemented by browsers based on standardized HTTP headers. It’s a web-standard browser-level mechanism.
CSRF protection is implemented server-side (plus parts of the client-side code) based on tokens and/or custom headers. It’s an application-specific mechanism that the browser is agnostic about.
Some additional color:
CORS today is just an annoying artifact of a poorly conceived idea about domain names somehow being a meaningful security boundary. It never amounted to anything more than a server asking the client not to do something with no mechanism to force the client to comply and no direct way for the server to tell if the client is complying. It has never offered any security value, workarounds were developed before it even became a settled standard. It's so much more likely to prevent legitimate use than protect against illegitimate use that browsers typically include a way to turn it off.
With CSRF the idea is that the server wants to be able verify that a request from a client is one it invited (most commonly that a POST comes from a form that it served in an earlier GET). It's entirely up to the server to design the mechanism for that, the client typically has no idea its happening (it's just feeding back to the server on a later request something it got from the server on a previous request). Also notable is despite the "cross-site" part of the name it doesn't really have any direct relationship to "sites" or domains, servers can and do use the exact same mechanisms to detect or prevent issues like accidentally submitting the same form twice.
femto113 commented on AWS S3 SDK breaks its compatible services xuanwo.io/links/2025/02/a... · Posted by u/ulrischa
> the AWS team has implemented it poorly by enforcing it
This is whiny and just wrong. Best behavior by default is always the right choice for an SDK. Libraries/tools/clients/SDKs break backwards compatibility all the time. That's exactly what semver version pinning is for, and that's a fundamental feature of every dependency management system.
AWS handled this exactly right IMO. Change was introduced in Python SDK version 1.36.0 which clearly indicatesbreaking API changes, and their changelog also explicitly mentions this new default
api-change:``s3``: [``botocore``] This change enhances integrity protections for new SDK requests to S3. S3 SDKs now support the CRC64NVME checksum algorithm, full object checksums for multipart S3 objects, and new default integrity protections for S3 requests.
femto113 commented on Mazda's $10 Subscription for Remote Start Sparks Backlash carscoops.com/2024/09/maz... · Posted by u/thunderbong
Potentially unpopular take but I don't think free services linked to physical goods are a good idea in practice. Maintaining such services costs money forever, companies can't sustain that as a business model, so the market is littered with hardware that is now useless because the services it required has gone offline. If there's something to gripe about here it's that Mazda removed the fob-based remote start, or that $10/month is too high, but it should not be that they're charging a maintenance fee for something they have to maintain.
femto113 commented on AI can diagnose childhood autism from retinal photos petapixel.com/2023/12/20/... · Posted by u/bookofjoe
Another potential issue:
> The photography sessions for patients with ASD took place in a space dedicated to their needs, distinct from a general ophthalmology examination room. This space was designed to be warm and welcoming, thus creating a familiar environment for patients. Retinal photographs of typically developing (TD) individuals were obtained in a general ophthalmology examination room. Each eye required an average of 10–30 s for photography, although some cases involved longer periods to help the patient calm down, sometimes exceeding 5–10 min. All images were captured in a dark room to optimize their quality. Retinal photographs of both patients with ASD and TD were obtained using non-mydriatic fundus cameras, including EIDON (iCare), Nonmyd 7 (Kowa), TRC-NW8 (Topcon), and Visucam NM/FA (Carl Zeiss Meditec).
So two questions:
1. Are we positive that the difference in rooms does not effect these images?
2. If we are in a dark room, and ASD patients are in it for 5-10 minutes longer, are we sure this doesn't effect the retina?
3. Were all cameras used for both ASD and TD images?
Want to make sure the AI is being trained to detect autism, and wasn't accidentally trained to identify camera models, length-in-dark-room or room-welcomingness.
Hopefully not, but I assume you have to be so careful with these sort of things when the model is entirely black-box and you can't actually validate what it's actually doing inside.
This is definitely worthy of concern. There's an infamous case where an AI was trained to detect cancer from imaging but all the positive examples included a ruler (to measure the tumor) so it turned out it just was good at detecting rulers.
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9674813/#:~:tex....
What would the creditors get from the liquidation of a company that leases its spaces? The value of second hand office furniture? Doubt they’ll vote for this.
Definitely agree liquidation is non-starter here. They don't sign long term deals with their own customers so WeWork's only real asset is the brand. What the creditors will do is take over ownership from the equity-hodlers, then try to milk the brand for any remaining value. It's conceivable many of the building owners might actually do ok directly operating WeWork branded spaces and keeping the margin that used to go to WeWork for themselves.
femto113 commented on The FTC sues to break up Amazon over an economy-wide “hidden tax” thebignewsletter.com/p/th... · Posted by u/PaulHoule
>It will be hard for the court to argue that amazon should start recommending more expensive items to consumers, just to push consumers into looking for a cheaper platform.
Yes, 100% this. That's why I said that this lawsuit has a major remedy problem. Even if the court agrees this is anticompetitive, how do you fix it?
The insurmountable problem is that the practical interests of "consumers shopping on Amazon" don't actually align with the abstract interests of "consumers in general" that the government is purporting to defend. On Amazon we want to find the right item (search, description, reviews), have strong confidence in the inventory and shipping promises (fulfilled by Amazon) and have reasonable confidence we're not getting screwed on price including shipping (Buybox, Prime eligible etc). If you chop those things apart it becomes essentially impossible to offer the overall experience that consumers clearly prefer.
Since I haven't seen it mentioned I'll throw out the Rails/Merb split in the late 00s as a significant momentum killer for Rails (and, by extension, Ruby). Rails 3 reunified them but I don't feel like it ever fully recovered it's developer mindshare, and the timing was such that it really opened the door for rivals like Express (Node) and Django (Python) to gain traction.
femto113 commented on BlazingMQ: High-performance open source message queuing system bloomberg.github.io/blazi... · Posted by u/carride
Thanks! That is the sort of stuff I was asking about.
It looks like it's an after thought but at least on their mind now, which is very fair with respect to Bloomberg's wants/needs. It'd be nice if they had a bit of a warning about using this until it has some basic auth(n) and TLS since they're releasing it to the public. I think it is, relativley speaking, rude to release insecure networked software without giving users a notice as to what sorts of insecurity is at least known/expected.
Adding a veneer of security isn't necessarily superior to leaving it out altogether. Systems of this sort are best secured at the network level, i.e. only trusted hosts should be able to connect to it. Redis is a good example of where this has been tried: it does support password based log in, but the password is stored and transmitted in plaintext, and a redis server will happily accept thousands of auth attempts per second making brute forcing a viable attack. Rather than improve the auth system Redis has instead doubled down on encouraging appropriate network level security by defaulting to only being accessible to the local host, so admins have to go through an explicit step (with warnings) before they can just expose it to the internet.