moeris (u/moeris) - Readit News

moeris commented on Knightmare: A DevOps Cautionary Tale (2014) dougseven.com/2014/04/17/... · Posted by u/sathishmanohar

lopkeny12ko · 2 years ago

I'm not sure how automated deployments would have solved this problem. In fact, if anything, it would have magnified the impact and fallout of the problem.

Substitute "a developer forgot to upload the code to one of the servers" for "the deployment agent errored while downloading the new binary/code onto the server and a bug in the agent prevented the error from being surfaced." Now you have the same failure mode, and the impact happens even faster.

The blame here lies squarely with the developers--the code was written in a non-backwards-compatible way.

moeris · 2 years ago

Automated deployments would have allowed you to review the deployment before it happened. A failed deployment could be configured to allow automatic rollbacks. Automated deployments should also handle experiment flags, which could have been toggled to reduce impact. There are a bunch of places where it could have intervened and mitigated/prevented this whole situation.

moeris commented on 3 Republicans just saved California’s magic mushroom bill sfgate.com/cannabis/artic... · Posted by u/c420

deviantbit · 2 years ago

Someone explain to me how legalizing more drugs is the answer to helping the already massive drug problem in California. My last trip to SF just recently was an eye opening experience.

moeris · 2 years ago

Well, if someone goes to prison for a relatively harmless drug, they're more likely to turn to hard drugs.

For hard drugs it can probably help centers do things like safe injection sites. Legalization also means you can regulate. That can help in a lot of ways: making drugs safer, mandating that done portion of proceeds gives towards prevention, etc. Addicts will be less afraid of seeking medical treatment if they know they won't be in legal trouble. (They wouldn't anyway, but I've heard a lot of people are paranoid about this.)

Anyway, I don't have any facts or figures. But it seems reasonable to me that legalization could, in some cases, help.

moeris commented on Becoming a contractor ochagavia.nl/blog/becomin... · Posted by u/wofo

gigatexal · 2 years ago

I just started a 5-hour a week gig and I am addicted. Imagine being paid for the hours you put in. Imagine not being yelled at or ridiculed or told to figure it out if what you're asked to do is ambiguous or makes no sense. Imagine being able to bill time adding questions to tickets to train ticket writers to write better tasks. And the kicker for me: imagine all the time you'd spend working on your craft in your own free time to better yourself and learn new skills now imagine using that time to do all those things and learn all those things but being able to get paid for it while working on jobs/tasks for a client.

Contracting is amazing.

moeris · 2 years ago

> Imagine not being yelled at or ridiculed or told to figure it out if what you're asked to do is ambiguous or makes no sense.

I think maybe you just worked at a terrible business. You experience contacting sounds more like my experience at my current job.

moeris commented on Owner of hydrogen-powered Hyundai quoted $175,000 to replace fuel cell drive.com.au/news/hyundai... · Posted by u/belter

ajsnigrutin · 2 years ago

This is just bad journalism.

WHat is so expensive? Cost of labour? Cost of the part? If you literally have to take apart most of the car, than can end with hundreds of human-hours of labour and depending on the price per hour, can get very very expensive.

On the other hand, I agree that parts costs should be regulated, where a sum of all parts should not exceed eg. 3x the cost of a new car (some overhead is of course needed in selling separate parts). But we don't know that either.

moeris · 2 years ago

> This is just bad journalism.

It's possible you just have poor taste. Personally, I think the reasons for the repair cost aren't relevant, same is pretty obvious. It's an unconventional car that had limited production. I'm sure they're adding in the cost of parts (they'll likely have to buy another insurance of this car to rip the parts out of, or they'll have to fabricate it themselves. Which could require hiring an engineer to make sure they don't get sued if the car bursts into flames) and labor that comes with learning how to repair a complete unknown for them, plus a good helping of uncertainty.

The most relevant part of this story is that there's a guy who bought into a new tech, and who is being unreasonable when it didn't work for as long as he had hoped. And that comes through fine in the article.

moeris commented on On the link between Lyme disease and bioweapons (2019) lithub.com/on-the-link-be... · Posted by u/johntfella

moeris · 2 years ago

> While most Lyme disease patients who are diagnosed and treated early can fully recover, 10 to 20 percent suffer from persistent symptoms, some seriously disabling.

There's no evidence that chronic Lyme exists:

> There is no evidence to suggest that “chronic Lyme” exists, or that long-term antibiotics are required to treat it.

(https://sciencebasedmedicine.org/avoid-prolonged-antibiotics...)

It's pseudoscientific and pretty dangerous nonsense at that.

moeris commented on Paperlike Color: Color E-Ink Monitor indiegogo.com/projects/pa... · Posted by u/jahfer

blizdiddy · 2 years ago

My unsolicited advice: turn on a lamp in your workspace, and turn down your monitor brightness. An app like twinkle tray makes adjusting screen brightness as easy as adjusting speaker volume. Your eyes really don't care about emissive or reflected light.

moeris · 2 years ago

One advantage here is for well-lit areas, like if you have a window seat. More light makes the kaleido display sharper, rather than making it frustrating. It can change how you lay out your office, and make things like adjusting blinds less necessary.

moeris commented on Man found UC Berkeley skeleton in 2021 berkeleyscanner.com/2023/... · Posted by u/yawnxyz

MarceColl · 2 years ago

What are the things you can think of?

moeris · 2 years ago

Just to add to other things people have mentioned, reports of ghosts could very easily be the result of false memories, as well. Finding a dead body in a creepy location, then sitting on it for two years is plenty of time and fuel for false memories. (Which are notoriously easy to form.)

Another thing I think is the most likely is [pareidolia](https://en.wikipedia.org/wiki/Pareidolia). Our minds evolved to be sensitive to seeing faces/hearing voices, and so we tend to see these things where they don't actually exist. (Think faces in toast, or listening for satanic messages when playing music backwards.)

moeris commented on Introducing 'Trusted Publishers' blog.pypi.org/posts/2023-... · Posted by u/BerislavLopac

woodruffw · 2 years ago

Sure, I'm happy to!

Trusted publishers are a mechanism for automatically publishing packages to PyPI, without manually maintaining or configuring any credentials on your local system or CI. They work by building on top of OpenID Connect[1], as mentioned in the post: supported ecosystems (like GitHub Actions) present an identity token to PyPI that can then be exchanged for a short-lived publishing token.

The relevance for package trust: trusted publishing creates a strong relationship between a machine identity (the OIDC identity token) and a package published to PyPI, with the former in turn containing a strong binding to a source code repository's state (slug, `git` ref, etc.). When using trusted publishing, you have proof that the only machine, repository state, CI configuration, etc. being used to produce the package is the one you intended.

The relevance for security: trusted publishing eliminates the need to configure and manage long-lived project- or used-scoped PyPI tokens by replacing them with short-lived tokens. This reduces the "blast radius" of CI or developer machine compromise. Trusted publishers also allow for finer-grained publishing controls: they can be restricted to individual GitHub Actions environments, which in turn can be limited to specific subsets of users on a GitHub repo (e.g. one set for beta publishing, and another set for release publishing).

[1]: https://openid.net/connect/

moeris · 2 years ago

It seems like "artifact provenance" or something would have been a better term. Is this related to SLSA?

moeris commented on Helix 23.03 helix-editor.com/news/rel... · Posted by u/emerongi

jeremyjh · 2 years ago

I find this baffling. Who is even going to try a new modal editor if they are not already a vim (bindings) user?

moeris · 2 years ago

Users of kakoune, like myself. What I don't understand is why this is seem as such a big deal. You spend most of your workday in your editor of choice. It's not that big a deal to spend a day or two getting used to the (IMO better) keybindings. I still up using vim for some things, like vimdiff, and I don't find it difficult to move between the two. Then again, I also use Dvorak, so maybe I'm just used to changing between layouts.

moeris commented on Labeling of Plant-Based Milk Alternatives fda.gov/regulatory-inform... · Posted by u/Jimmc414

realce · 3 years ago

https://www.fda.gov/media/165420/download

Is there any actual logic in this document that supports why producers of fortified almond juice can call their product Milk other than "some people call it milk already?"

moeris · 3 years ago

Why wouldn't they be able to? A milk is just a consumable suspension. Look to milk of magnesia, milk of the poppy, etc. It has a long history of being used in a general sense.