Over the past few years, the increase in zero-effort contributions have all but destroyed the quality of discussions on HN. And you aren't doing anything about it. HN is looking more indistinguishable from Reddit and I'll be damned if I let that happen.
Civility should be reserved for people who are looking to argue and discuss in good faith.
As HN has gained increasing prominence in mainstream media and the wider tech community over recent years, it has attracted a vocal and sizable mass of users that think it is fine to display a lazy and wilfully ignorant attitude.
The existing HN mechanisms to discourage such low quality content are no longer effective, because this mass of new users is now self-reinforcing.
I interpret low-effort comments as the output of individuals who are disrespectful towards the goals of a good faith discussion community, because they willfully or carelessly contribute noise and dilute the signal.
Because I interpret this behavior as antisocial and disrespectful and an act of initiating incivility, I have grown increasingly hostile towards such users, and have started attacking them openly "in response".
We're going to have to part ways here. Because I don't think I am going to back down on this principle. I believe it's fair and just to punish this bad behavior by making these people feel bad for harming the commons.
I know if I continue doing this, it is not going to be acceptable, and I know I will no longer be welcome here.
It doesnt really matter whether you opted in or out. In the end, all that matters is whether the projected profits from abusing your data exceed the projected legal costs of doing do.
go back to the top level of this discussion and ctrl-f for "runc" then it becomes more clear. Docker is more than we usually think it is, because it makes all the stuff around containers so easy to use.
Agree. I'm working through the rubber docker lab now. The fact that docker (a) handles all the details of cgroups, overlays, namespaces; (b) is super easy to use; and (c) runs cross-platform is impressive.
What is often overlooked and misunderstood is that the bulbs were not only valued for their beauty, but more importantly for their use as commercial breeding stock.
Since it was not possible to reproduce the best bulbs through seed propagation, the already rare buds themselves were the only source of producing future varieties exhibiting the same beautiful patterns. This goes a great way to explaining the high prices paid, and debunking the myth of irrationality.
"The tulip market involved only bulbs affected by a mosaic virus which had the effect of creating beautiful, feathered patterns in the flowers. Only diseased bulbs were valued by traders, because a particular pattern could not be reproduced through seed propagation. Only through budding of the mother bulb would a pattern breed true." - Garber, Famous First Bubbles https://www.aeaweb.org/articles?id=10.1257/jep.4.2.35
Just because something is limited in supply and capable of reproducing doesn't mean it inherently has value in the context of the greater economy. I don't think this "debunks" the irrationality of tulips. When the price crashed, they weren't left with a tulip they could continue to breed and make a living with, they were left with a worthless tulip.
I'll admit irrationality is hard to define. One could argue the entire art in industry is irrational, but given how low it's been around, it's safe to assume it ties into some fundamental irrationality in us that in turn makes it rational.
Yes, but the discounted present value of that tulip's reproductive capacity into the future is much more justifiable to value so highly. It turned out not to be a good investment, but that doesn't make it irrational. Had a moderately good tulip market persisted, it may have justified paying such a high price for uniquely high quality bulbs, because you could turn them into a productive asset by breeding them.
This seems like bad advice because it doesn't address the legitimate need for keeping your browsing history private from overzealous, data-mining ISP's [1].
And even in the case of a known-hostile ISP that engages in invasive practices like supercookies or ad injection, it's unrealistic to ask users to set up and maintain their own VPS servers.
For the average internet user, a "glorified proxy" service that is hassle-free to set up is a simple and effective means of protection against such a menace.
It seems like bad advice because it is, frankly, just bad advice. Nearly all of his arguments fall down, even within his own post.
He says that VPN providers don't provide more security. They do, and he mentions this himself when it comes to the public wifi argument.
He says that VPN providers don't provide more encryption. They do. Another layer of transport encryption is another layer of transport encryption.[1]
He says that VPN providers don't provide more privacy. They do. Turns out a lot of networks do things like log DNS, which a decent VPN client can tunnel.[2]
He says there are two use cases for VPNs: There are a lot more.
He says that tunneling all of your traffic is a worse case for obfuscating your identity to a third party service. It's not, or at least I can't imagine how it would be.
He says that instead of a VPN, you can use a VPS with a VPN: That's just a VPN. It does all of the same things, including being outsourced to a third-party provider, except you lose a ton of the functionality of a real VPN service like geographical redundancy and spread.
He asks why VPN services exist, if for any other purpose than stealing traffic or data, but fails to understand any way in which a VPN service could be useful.
The entire piece is just the opinions of someone who is failing to see that other people have significantly different use-cases and threat models than he does.
-
[1] Especially if you think of "local -> internet" as easier to intercept than "somewhere internet -> otherwhere internet". Which it usually is. One involves something dumb simple like ARP poisoning. Another involves compromising a telco or the VPN provider itself, which is a teensy bit harder. All of this is even sillier if you consider the hostile-network scenario as well.
[2] Yes, you are offloading 'trust' that the VPN provider doesn't also log your DNS. There's more chance that they don't when they say they don't, than your corporate network doesn't when they say they do.
A VPN tunnel in the abstract provides the benefits you mentioned, but a VPN service is a slightly different beast. It doesn't solve the problem with your untrusted ISP, it just gives you effectively a different untrusted ISP.
Imagine if, in response to the question, "how do I protect myself from snooping ISPs" someone provided the answer, "Just use an ISP that specializes in providing anonymity." You'd probably object on the following grounds:
* Saying you provide anonymity doesn't mean that you actually do. And track records tend to demonstrate otherwise.
* Your ISP still knows exactly who you are, even if they promise not to tell.
* ISPs who specialize in shady customers are more likely to be under surveillance themselves, meaning you're now more likely to be under surveillance rather than less.
* You're solving the wrong problem: you need end-to-end privacy, not just customer-to-ISP
You'd be right. But more importantly, these same objections apply to VPN providers. They more-or-less ALL specialize in aggregating known-suspicious traffic, which is not the bundle you want to be tied in with.
In fact, any argument you could make against using a Cloud VPN endpoint can also be made against a VPN service provider. Because, and this should be painfully obvious already, VPN providers just terminate their traffic through Cloud and/or Colo hosting providers as well; usually optimized on bandwidth cost over all else. So by setting up your on VM, you're just cutting out one of the middle men. There's nothing they can do that you can't do just as well without them.
It gives me a different untrusted ISP and transport layer encryption between my machine and the VPN endpoint. Which, y'know, you admit to later in your comment, so you clearly know what's up, but that's not exactly a minor thing. There's a couple of parties between myself and my content, and this just eliminates the bit players. Y'know, the nerds on public wifi.
And, yeah, I could set up my own VPN on a VPS I rent. They're only $5 a month. I'd just need a couple in the USA, a couple in the UK, a couple in a few different EU countries, a couple in Australia...
The service I pay for from a VPN provider is not ultra secure. It's not even above average secure. It is, however, somewhat secure. And yeah, sometime it lumps me with "known-suspicious traffic", but that's okay: What I'm doing is completely irrelevant to that fact.
There is less of a chance that the Colo or shell account you are using to run psybouncer will hand over anything to anyone before you wipe the machine than there would be directly connecting to a VPN service. I think this is addressed to average Joe Americana who clicks the protect button in Facebook.
Your argument for VPN tunnels in general makes sense, especially if you're on a hostile network, and that includes hostile ISPs you feel you can't trust.
Your argument for VPN services completely forgets that a VPN service in this regard is just another ISP.
How do you know you can trust this ISP any more than the one you're already using?
A VPN service provider is not an ISP in the single way that is most important to me: In a "my government mandates that ISPs perform metadata collection" kind of way.
My ISP tells me that they do, indeed, operate legally and collect metadata. They tell me that they do, indeed, inject JS sometimes. They tell me that they do, indeed, reserve the right to resell my anonymised data for marketing purposes.
My VPN service provider tells me that they do none of these things, and in fact have been reported in the tech media for telling courts to kindly go fuck themselves when it comes to logging.
Who do I trust collects less data? Well, to be honest, I'm 100% certain that the ISP is doing the things it tells me it's doing. I'm not 100% certain that the VPN provider isn't doing things it tells me it's not, but it's a damn sight sure less than 100%.
And, y'know, despite all that rhetoric: The main thing I use my VPN provider for is to watch the US version of Netflix.
"How do you know you can trust this ISP any more than the one you're already using?"
Simple. For example, you live in a country where ISP's are allowed to do whatever they want (or forced to do what government/letter agencies wants), so if you value your privacy and data, you use VPN company that's based on a country where private data is respected and protected by law.
Your ISP has strong laws that require a court order for anyone to take a peek or identify you. Your VPN provider does not but can legally do whatever they want with your data. Mining, providing/selling personal information etc. (and they are equally forced to reveal everything asked for when faced with a court order).
The combination of using a service such as a VPN (drawing attention to your activities) with less legal protection is in my opinion the biggest arguments against using a VPN.
Yes, but it's much easier to choose/change VPN than ISP, because because VPN providers usually are not geographically bound as opposed to ISP where it's not uncommon to be stuck with single ISP available. Furthermore, if you have a reputable ISP and your traffic is not being filtered/snooped, there aren't many reasons to use VPN service at all.
If you are such a high-level target that these agencies went out of their way to setup honeypot for you, no VPN will save you anyway. But in realistic case, nobody is going to setup honeypots just to capture your porn search history.
Well, an entire country that is behind a firewall that dynamically blocks huge swaths of content by randomly slowing it down and dropping packets... is a little different than an ISP that uses MITM. The problem is not that they are spying on you when you use https, it's that you can't even get your email, search using google, checkout your code, or get to your financial information at all.
You can forget Github, Facebook, Instagram, NYT, but I'm not even trying to use those... I want to get my damn work done. If all my contacts were on WeChat, I only wanted to use Weibo, and could search using pinyin, I might be fine.
Like most controversial technical advice, the point is not to educate but to pontificate. In addition to attention-seeking, the author's previous Github gists and associated twitter drama suggest a pathological need to be the "smartest" guy in the room.
"it's unrealistic to ask users to set up and maintain their own VPS servers."
I think that sshuttle[1] changes that calculus.
sshuttle allows you to make any ssh server a VPN endpoint. So you don't need to configure IPSEC or make an SSH tunnel or anything like that - you just need a login on an ssh server somewhere.
And (for some of us) even regular/non-malicious but law abiding ISP's - who're now required by law to keep logs of your "metadata" aka: which websites you visit...
VPN providers have just as much insight about your traffic as your ISP... it's just a matter of time before they monetize it... and they both know who you are (unless you are very very very careful, which is almost impossible).
Negative on that: all a VPN provider knows about me à priori is my IP (and all that comes with that, like ISP and rough location) and which monero payment ID I used to pay it with (which is entirely useless). In contrast an ISP knows everything: my address, name, bank account, contracted service, fiscal number, etc.
If either of them is going to use my traffic data against me, I'd rather it be the former, who I can easily replace within minutes and has less information about me.
It does not totally invalidate the benefits you mentioned but from what I've heard there are mature commercial services that map consumer IPs to meatspace IDs (name, phone number, address, household income, credit score, etc). The ad industry is both a consumer and a producer of these databases for obvious reasons. Highly likely that multiple levels of law enforcement have access to them as well.
This gist was also written in 2015, I think the knowledge of ISPs data-mining is more public now (even though it was likely going on then anyways in some format)
Yeah. M ISP has sold data on customers before which is why I uses VPN.
I chose one which seems moderately high profile (where a court case could ruin their reputation), and they are apparently planning on supporting wireguard later on. Seems I picked the right one :)
Have you ever considered it would be easier for the government to pay the VPN providers a large sum to hand over the data, avoid a big public lawsuit, and silently mine all the data without having to break the encryption?
The ISP an the VPN providers are already mandated by law to hand over my data at any goverment request, but a VPN provider is not required to store data for 6-24 months. That is not what I'm afraid of.
I just trust my VPN provider more than my ISP. The data policy of my VPN is much better: they cannot legally sell my data,whereas my ISP make no such promises.
Don't get me wrong - I pay for a VPN subscription too for when I'm travelling/public wifi, but it's much easier to quietly hand VPN providers a nice sum of money for them to just hand over the keys. Everyone leaves happy.
Based on that, I believe if you want an extra level of security for every day use, then go for a big VPN co. If you're doing highly sensitive style stuff, then there's probably better software and services out there. It's all about your threat model I suppose.
> doesn't address the legitimate need for keeping your browsing history private from overzealous, data-mining ISP's
I think the point of the article is that an arbitrary VPN provider is really no different than an overzealous, data-mining ISP. Unless people can trivially join some sort of anonymized, decentralized mesh network, they are going to be forced to trust a third party at some point.
It's also useful for older versions of software to gracefully handle newer configuration files. If the software really is backwards-compatible, then this should come for free. Just don't throw a fatal error when processing an unknown configuration key, and preserve any unrecognized configuration items when saving the configuration file.
https://en.wikipedia.org/wiki/Prediction_market
Your inane rant disguised as a question doesn't add anything to the discussion.