Hacker Newsnew | past | comments | ask | show | jobs | submit | more herendin2's commentslogin

I don't know. Though FYI your title should say 12 AI startups, not startup. You may edit it now.


if the judge releases him from custody, "Will SBF do more interviews?"

Because he has such a great tendency to shoot himself in the foot in the legal sense, it sounds as if encouraging the judge to grant his release so he can carry on incriminating himself in interviews would be a smart strategy from the prosecutor's POV

Maybe his own lawyer will be arguing against release


When you afford SD img2img influence with a high strength parameter, so it can change the colors of a photo, you also are letting it have enough influence to redesign the room at random and not just changing the colors

Dreambooth trained on the ground truth photos might help a bit


I’d love for there to be a form of frequency separation, where we could keep the details but mess with the colors/less major details.

Photographers have been attempting to emulate various films in different ways forever. Stable diffusion could do it absolutely perfectly.


The gold layer may have been on the inside


It's possible that the most useful data you can provide are your human observations, especially those about people you encounter. Maybe most of the statistical and numerical measurements that you have suggested might not be really useful, because there could already be good sources for them


You can provide a more helpful error message by explicitly informing the user that the username they typed exists but they haven't offered the correct password for it.

Unless the site searches to find out which username the entered password actually corresponds to (which is a whole new, terribly dangerous, can of worms), it can't do better than that

Because any malicious player can easily check whether usernames exist, so hiding that data point is not much good for security.


> You can provide a more helpful error message by explicitly informing the user that the username they typed exists but they haven't offered the correct password for it.

The parent poster already addressed that though:

If you mistype your username, you might have entered another, existing username. Just telling the user 'wrong password' will mean they are less likely to check that the username was correct.

If you inform the user the username they typed exists, the chance of them not thinking about double-checking they didn’t mistype their own username increases.


>The parent poster already addressed that

Thank you for your comment, but I don't agree

"telling the user that the username they typed exists, but they haven't offered the correct password for it" - is extremely different from Just telling the user 'wrong password'. It's different because it provides more information

>If you inform the user the username they typed exists, the chance of them not thinking about double-checking they didn’t mistype their own username increases.

That seems to be a user problem first of all, because it's based on the user's mistaken belief about the uniqueness of usernames. If possible, it would be best to help the user understand this.


It doesn't seem like the author is arguing that just because you can instead validate if the email exists on a platform via the signup page instead of the login page, the vague message can be removed, but rather that the signup page should remove the information leakage as well, so there is no leakage anywhere.


Depending on your particular service, there's a better alternative for not leaking the existing account. A service I worked on previously was super sensitive and we didn't want to leak the existence of an existing account. What we did instead was asked for the email on the first page of signup, we verified the email was active by sending an email and a link to continue signup. If they already have an account we'd inform them in that email that they already have an account.

This way, the attacker actually has to have access to the email in question to know that an existing account is present on the service.

If you do the whole signup process on a single page and validate the email there then yea, you're gonna have a rough time.


I think that the author is saying that it is very difficult not to disclose that a user exists, and so there is not much point obfuscating it. Validating an email address on signup is only one way to 'leak' usernames.

If you can obtain a user account on a system, then preventing checks for the existence of other users becomes much harder. e.g. if you have a login on a unix box, there are countless ways of discovering other usernames. Or a pathological case like reddit, where users have distinct URLs that are publicly visible.

Or a messaging system where you can 'friend' other users - if you allow friend requests, what do you do if someone tries to contact a mis-typed username? Do you inform them that the user doesn't exist, or silently pretend that their request is awaiting a response that will never come? That paranoia will lead to a worse user experience.

I think you can only really lock down the known user list on a very closed system, with few, trusted users, e.g. an admin control panel where you don't want to divulge who might have access to it in the first place. But that's a very different scenario to a service open to the public.


That was presented as an option, but explicitly not recommended.

> …you can make the signup process email based.…I don't recommend this, because of the context switches, though you can implement it.


practically all website that use an email as username nowadays require email confirmation, so already include the context switch. Because in the end, sending an email is the only way to verify that the email address is correct and you don't want an incorrect email address in your database if you rely on that communication channel.

Now, if you have accounts in places where email addresses are not required and usernames take the place, the calculus may change. But using the context switch as an argument here is just weak.


Perservance doesn't have solar panels. It's powered by a radioisotope thermoelectric generator

I assume there are also worries about letting the helicopter fly near it, in case of damage


How about a data center onsite?


Hi! I'm the product lead for [Crusoe Energy's](https://crusoeenergy.com/) cloud product, which is building a climate aligned data center powered by stranded energy (e.g. flared natural gas). Can confirm it's definitely possible, though definitely a non-trivial problem :)

If you're interested in using our cloud or joining the team to help scale our data center deployments or software, feel free to reach out (mike at crusoecloud dot com).


It's been done with methane reclamation at landfills, and is still being experimented with.

https://www.datacenterdynamics.com/en/news/microsoft-opens-p...


Typical data center workloads need great communications (bandwidth, latency, redundancy) and very high power uptime, which is challenging to achieve at remote sites. Some IT workloads with less stringent communication needs are better for remote data centers.


Google's machine translation was terrible years ago, I agree. But it is now much better. Although it's still far from perfect, it has improved lots. Therefore I disagree that Google has failed at that


This pandemic literally started with local politicians and bureaucrats, in Wuhan, lying to their central government and to the media about its effects, and grossly under-reporting deaths. This accelerated the spread, or may even mean they missed a window of opportunity to stop the spread.

It's obvious that officials have many incentives to downplay the impact, and dodge and shift blame. When local officials lie, their national government will probably repeat the lies, perhaps unknowingly


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: