One of the lessons learned in the modern era is that you just can't get away with this kind of stuff - everything comes back to bite you in the end.
I don't know which government officials in the communist party thinks this kind of investment will be successful - and it may be short term successful - but you end up paying for it in the long run.
Maybe said gov't official ran a business selling chinese goods on Amazon and used fake reviews to successfully grow the business by pawning off really poorly made products into consumer hands. He/she witnessed the success and applied that theory everywhere - you can always buy your way to a good impression.
Well, it works (kinda) on Amazon because the blame and outrage still gets created, its just that there's no entity to ascribe the blame onto. The store is usually brandless, or can rebrand itself in an instant if things go south.
BUT the blame just doesn't dissipate into thin air. No, it gets assigned to the first thing that does have a permanent brand - Chinese goods. And then, chinese culture.
The US tried to use covert tactics in the 70s - 90s during the cold war era, in many places including the middle east. It was a time of naivety where "I can get away with doing illegal and immoral stuff" was an infectious attitude. Fast forward 30 years, and the winners are the people who immediately benefitted from those actions, but the losers (the AMERICAN GOV'T AND PUBLIC) are still paying the price via terrorism in the form of extra defense costs, safety concerns, tragedies and more.
Again - blame and resentment doesn't disappear into thin air. It collects, like pollution, and you pay a price a long way down the road.
China, you're not an anonymous store on Amazon. You're one of the strongest brands in the world with 5000 years of history. Your brand is larger than Amazon, Twitter, Facebook, and Google combined. This is just not worth it.
The view is being overhauled, slowly. I scantly believed myself the school presentation I did on Menwith Hill in 1999. My classmates' blank stares were removed by degrees from any understanding of the subject. Today children in school here are being taught to be suspicious of what they read on the internet, and not bully each other through the medium, yet said institution is not willing to relinquish their illusion of authority and demand that the kids think for themselves even though what remains is such a small step.
The TV series Max Headroom explored the subject over 30 years ago in quite some detail. It too was way ahead of its time. It's idea of TV viewership democracy is almost benign, compared to the reality of manufactured public opinion that we are waking up to.
Another easily accessible but rage-teasing production is a three-part documentary called The Century of The Self. I recommend it warmly.
I had access to Encarta on my grandparents' computer when it came bundled with their Windows 95 computer, but in my home I had Undersea Adventure, which came bundled with our Win 3.1 machine. Man, I learned a lot about sharks and nudibranchs.
Plato talked about this in Phaedrus about the allegory of the Chariot [0,1]. I think it's a useful lens to view the desires we humans have, though not a perfect lens:
>First the charioteer of the human soul drives a pair, and secondly one of the horses is noble and of noble breed, but the other quite the opposite in breed and character. Therefore in our case the driving is necessarily difficult and troublesome. The Charioteer represents intellect, reason, or the part of the soul that must guide the soul to truth; one horse represents rational or moral impulse or the positive part of passionate nature (e.g., righteous indignation); while the other represents the soul's irrational passions, appetites, or concupiscent nature. The Charioteer directs the entire chariot/soul, trying to stop the horses from going different ways, and to proceed towards enlightenment.
In the modern west, we have an idea of 'Pious vs. Evil' that each of us tries to balance (super broad strokes here). However, I think the ideas of Plato are interesting because of the tripartite idea of Logos, Eros, and Thumos. Mostly, I think that Thumos[2] is a great way to look at things and categorize issues that we feel. Quickly:
> Thumos: a Greek word expressing the concept of "spiritedness" (as in "spirited stallion" or "spirited debate"). The word indicates a physical association with breath or blood and is also used to express the human desire for recognition. [2]
Thumos is neither good nor evil, but is something that can get away from you and needs to be controlled (by the Logos). For example: Achilles was overly thumotic and was thus killed by his desire for glory, blood, and honor; all thumotic traits. However, it was the thumos of Achilles drove him to be such a great warrior that we remember to this day. Also, the author Jack London was a thumotic person. He was always moving about, getting into scraps, trying to improve his writing, becoming famous. But that desire for greatness is what killed him as he literally worked himself to an early death while writing.
So, the energy that we have as men can be seen in this tripartite way of Logos, Eros, and Thumos, not just destructive or constructive. Having outlets that are 'base' (Eros) are as needed as having outlets that are 'spirited/honorable' (Thumos) and 'intellectual'(Logos).
You make decent points but are missing the bigger picture: vast majority of problems with security, esp code injection, are caused by mechanisms or design patterns that create insecurity by default. It takes insane amounts of effort to use the basic, building blocks on complex applications without creating problems. The building blocks themselves are often simple or can be made that way. That you say the robust methods only work on the simplest stuff is actually an endorsement of my approach if we focus them on building blocks. That's what I mainly push it for so let's test my theory with a real-world example.
We'll only use techniques from production systems made before the 80's, that were commercially successful, and that exist today in some form. Should make it easy to argue practicality. Gives us Burroughs B5500 (1963) and IBM System/38 (1979). Pointers are tagged for protection, actual value inaccessible by apps, and created by program loader only. Memory is tagged as code or data during load time with all input from I/O tagged as data by default by hardware. Any input can't be executed unless administrator explicitly allows it and it's actually the compiler that does that anyway since apps come as source in type-safe, HLL in Burroughs model. Interfaces are checked during compilation, too. Processor checks these on every instruction. Also does bounds checking, overflow checking, type-checking of function call arguments, and stack protection. Checks and processor run in parallel for performance with final state not written unless check passes. So, you can't smash pointers, arrays, buffers, stacks, or individual data with overflow: all just generates exceptions which are recovered from or freeze app with admin notification.
So, you want to hijack the app via a corrupted PDF or network packet. Assume, as you said, that the simple mechanisms above were implemented at EAL6-7 and apps just used them. Where would you start with a software attack (no rowhammer lol) with input to an app if you only got exceptions when hitting pointers, data fields, memory management, stacks, and arrays/buffers? What's left? If you're claim is true, then these simple modifications provide no meaningful increase to the reliability or security of our systems. There's other security risks but I'm focusing on code injection via attacking software with input. I predict attacker's job is so difficult in this model that most would go for social engineering or sabotaging executables to attack compiler/installer/loader. Those are also protected by these mechanisms and ruggedly built (eg Ada or SPARK w/ all checks on). You're actually more knowledgeable and skilled than me at the many implementation attack methods. How many are left at this point? Seriously, so I can counter them too.
Funny you mentioned hardware. It certainly does have errata here and there. Yet, that's despite tens of millions to billions of transistors running concurrently. Its error rate is actually incredible. I wonder why. Let's look at design flow for Intel, IBM, etc.: specs to RTL to gates with equivalence checking at each layer; lots of testing; formal verification (Intel) and falsification (IBM) of stuff at various layers; synthesis tools with validation approaches to that; generic components with interfaces and timing analysis; gate-level testing to see where tools were lying; comparisons of instrumented chip to the models after a fab run. The difficulties were overcome by constantly investing in tools for various problems and heuristics that made them work better. Guess what? Those methods look very similar to the B3, A1, EAL6, and other assurance activities. They also worked: quality in terms of errata varied from staying steady to improving over time despite exponential increases in complexity.
Believe it or not, you don't need to verify a whole system at highest levels. I'm not even promising absolute security from the effort: just saying systems designed this way have had incredible resilience to pentests, faults, and external attacks. I say invest the effort into mechanisms like above, languages immune to what we can, analysis tools catching what we can, compilers, most-used parts of kernels, interfaces (esp glue), parsers, and so on. These have already been built rather than theory: really just re-applying existing work to new system. Less than 1% of code and design done right knocks out 99% of routes for code-injection and many other issues in the rest of the system. The rest we catch with security research and reviews. Or recover from after monitoring detects problems.
So, Thomas, would you trust an x86-style processor with a monolithic kernel coded in C? Or a system like EROS running on my above CPU that only uses safe mechanisms (hardware-enforced), safe languages, and robust tools for making one properly use the other? Even if COTS-style implementation, the amount of vulnerabilities and their severity should nose dive. Your current position is that 400 kernel and thousands of user-level vulnerabilities resulting in malware execution are better than thousands of user-mode exceptions, a few kernel-exceptions, and maybe a few injects from what we didn't see coming. I disagree and think we can do better. Friggin 1960's-1970's tech had better security & reliability than current architectures! Academics (see crash-safe.org or CHERI) have with way less time and money than Intel, IBM, etc. So, why do you speculate? Methods that got results against problems before will get results against same kinds of problems again. Just need to apply them and in most cost-effective way. All I preach.
TL;DR if a person doesn't have the technical background to judge someones skills, which in a lot of cases they don't otherwise they wouldn't be hiring you, it's very hard for a person to know whether someone is good at what he does or just full of shit.
What you're saying is a lot of ideologically great stuff but that's a bit disconnected from how the real world of high growth tech works.
The reality is that people can talk about vision and passion all they want but the US is a place where everything is a sales transaction. In a place where everything is a business transaction whoever can sell their work best wins and whoever can make an impression on perceived impact always wins over the people that think their impact will eventually be recognized. In fact listening to advice like that is what gave me a quick severance package despite being one of the most impactful engineers in the company at the time.
In one place I improved their entire performance by 38% and saved them a couple millions on licensing fees. The 38% was claimed by my manager the very same day i got my severance package even though I had to make a gif to convince them of the impact and defied them by fixing this issue, which was deemed a failed project at the time.
Most managers in the SV late startups are early employees that kept getting promoted and at some point were sent to Berkeley for a weekend management certificate. Very few of them stop and think about the things that they do, how they would want to be treated themselves and what they can do to improve transparency of performance.
I was recently responsible for the hire of someone I initially intended as my replacement as an CTO for hire/architect. I got blinded by the resume and the vetting procedure/recruiter and his ability to smooth talk about things he knows nothing about. It didn't take me long to realize he was useless, but the problem was that the guy spending the money actually believed it for 6 months and poured money into it. He massively regretted it. I basically had to let him ruin a bunch of stuff, waiting in the background to clean up after him.
Bottom line is he was a better politician that he was an engineer. And for most people it doesn't matter.
A more wild and outlandish thought experiment: would you become infinitely indebted for infinite reward? Imagining some cyberpunk wasteland where every commodity, pastime, medication, and media content is wildly expensive but offset by huge subsidies from complicated conglomeration of other corporations and government entities. Every action you take in your life adds wild positives and negatives to a fantastically complex and intractable balance sheet of funny money, credits, discounts, loopholes, taxes, rebates, free services, restrictions, obligations.
Watch Spider-Man 87 for $1,340,233 but receive free Chex-mix for life, $3000 off each gas purchase at qualifying locations, in-home massages, the ability to use highway 37 from 11:30-3:30 without charge from Nov 23rd 2043 to Oct 18 2067, increased inspections from police, tutoring for your next born child, and 34 trees are planted in your name in Nigeria.
This obviously grows necessarily from an economy focused on increasing GDP and maximizing the effectiveness of financial instruments :)
For those not aware of the background, the author is a wizard from a secretive underground society of wizards known as the Familia Toledo; he and his family (it is a family) have been designing and building their own computers (and ancillary equipment like reflow ovens) and writing their own operating systems and web browsers for some 40 years now. Unfortunately, they live on the outskirts of Mexico City, not Sunnyvale or Boston, so the public accounts of their achievements have been mostly written by vulgar journalists without even rudimentary knowledge of programming or electronics.
And they have maintained their achievements mostly private, perhaps because whenever they've talked about their details publicly, the commentary has mostly been of the form "This isn't possible" and "This is obviously a fraud" from the sorts of ignorant people who make a living installing virus scanners and pirate copies of Windows and thus imagine themselves to be computer experts. (All of this happened entirely in Spanish, except I think for a small amount which happened in Zapotec, which I don't speak; the family counts the authorship of a Zapotec dictionary among their public achievements.) In particular, they've never published the source or even binary code of their operating systems and web browsers, as far as I know.
This changed a few years back when Óscar Toledo G., the son of the founder (Óscar Toledo E.), won the IOCCC with his Nanochess program: https://en.wikipedia.org/wiki/International_Obfuscated_C_Cod... and four more times as well. His obvious achievements put to rest — at least for me — the uncertainty about whether they were underground genius hackers or merely running some kind of con job. Clearly Óscar Toledo G. is a hacker of the first rank, and we can take his word about the abilities of the rest of his family, even if they do not want to publish their code for public criticism.
I look forward to grokking BootOS in fullness and learning the brilliant tricks contained within! Getting a full CLI and minimalist filesystem into a 512-byte floppy-disk boot sector is no small achievement.
It's unfortunate that, unlike the IOCCC entries, BootOS is not open source.
hey God here, just a note that I did put a small radio in everyone's brain for communicating with higher dimensions that mere physics can never touch. When this radio gets damaged, it falls back to 802.11n, and this slower connectivity is what causes the changes in behavior and personality. It's basically a connectivity issue. No, the processing isn't going on in the brain, but you still need a good, fast connection to the soul realm and at the moment the only way to do that is with the consciousness organ I designed. the brain is basically a thin client and the soul organ is the network card. hope this heps.
--
okay so now what are the chances that I'm God and really just said that? If you said anything over 0.00000000% you're totally wrong. There is no chance of that because it's stupid. the above paragraph is obviously satire, because it's stupid.
Part of my job is designing software that is resistant to amplification once the hacker is already in, so maybe I can help here.
When you plan your security, step 1 is making it hard to get in, step 2 is making it hard to persist, i.e. plant a command and control process somewhere inside the perimeter, and to move laterally in the system, i.e. get from one service into a more important service.
There's some basic stuff, such as firewall rules that prevent outbound traffic from ports/processes you aren't expecting. That makes it harder for the hacker's command and control systems to get instructions. There's other stuff like using separate credentials for low sensitivity vs high sensitivity systems, two-stage approval processes for especially sensitive operations to prevent a single compromised user from being able to get to the good stuff, automatic password rotation so that exfiltrated tokens aren't valuable, and more.
Those are just single things though. I think the more interesting part is an exercise like this: assume that the hackers have compromised a developer's computer. In that case, what does a system look like that would prevent that developer from exfiltrating payment info? I would argue that the developer doesn't normally need access to real payment info, so maybe the network should be configured so that the developer is unable to SSH into that set of database servers without first requesting a special short-lived SSH keypair. That at least means the developer has to explicitly ask for access. That doesn't make the hacker's job impossible, it just makes it harder. Also makes things less convenient for the developer, so is it worth the trade-off? For especially sensitive data, it probably is. With this setup, maybe the hacker gets to the account information, but they're stopped short of account numbers long enough to notice the breach.
This is all on the theoretical side, but that's the thought exercise once you go "let's pretend someone compromised ____ system."
Publish (on your) Own Site, Syndicate Elsewhere (POSSE) is a much more flexible idea IMO. You ultimately own your content, and it's the source of truth, but it gets automatically syndicated out and linked back to whatever proprietary or open platforms you think people will see it on.
The early issues of Make Magazine were filled with articles about repairing devices, building needed things instead of buying them, cobbling stuff together from scrap. It had a very distinct anti-consumerist vibe, which made it appealing to a lot folks including myself. The Faires were filled with like-minded folks who were there only to enjoy the process of building stuff. What do you sell this group of customers? In my mind, inspiration and a venue to share their projects with each other. Over time, though the maker movement became more focused on commerce, including tools that people needed to buy to become makers, and also startups founded by makers with the goal of selling stuff to the public. I'm surprised that I'm being critical on this point, since I really like business, and was a small business owner myself for years. What I'm trying to say is that Make lost sight of their original target customer profile (maybe due to pressure from investors), which is not an uncommon mistake. Smaller venues will crop up to support folks who like building things, which is a relatively niche group, and there may not be enough of us to support a the size business that the investors desired.
You might be interested in https://response.pagerduty.com/, PagerDuty's major incident response process documentation - a good starting point for that red binder.
Having been in the ringmasters seat for major incidents ranging from "relatively routine" to "it's all on fire", and had a ringside seat for a cloud provider outage of comparable magnitude to this one - it still fascinates me how creative solutions can get dreamed up under high pressure, and how effective someone to keep the response calm and _feel like it's in control_ is.
Yes I use it all the time especially when I'm learning a new thing or researching a strange behaviour of a program. I prefer much better the freedom to ask/discuss anything and the fast ask/reply/clarify cycle of IRC than fe stackoverflow with its strict rules.
Freenode has channels with people that are very helpful and friendly. Some channels I am frequent and would recommend: #django, #elixir-lang, #kotlin, #android-dev. I also visit (and get help) #mysql and #postgresql.
Actually I wanted to write a blog post to urge people to learn about and visit IRC, but I hope that this HN thread will suffice...
I’ve noticed general nonfiction books tend to be way longer than they need to be. I’m not the first to make this observation, and won’t be the last. Most (including from often recommended authors, like Cal Newport[1]) have a single core idea stretched to fill a book. If you can find a talk by the author on the topic, it will be a better use of your time.
But on to some practical tips. Every person is different and without knowing you personally some of these might miss the mark, but I’ll give them as they apply to me; hopefully some will be useful to you.
You will forget most of what you read, including entire books you enjoyed and left an impression on you, but the core ideas will stay. A good nonfiction book has the potential to update your mental model of the world. That stays with you even after you forget all the individual arguments that provoked the change. In sum, don’t fret about “engaging deeply” and making annotations you will never read. Consume the book. If you found it has potential to be relevant in your life, make a note of it and come back to it at a later point in life. You might find some of the ideas that were novel to you when you first read it now feel like common sense and are part of your personality. That book has done its job. You may tag it again for future reconsumption, or discard it.
Keep a digital copy of the book in your phone while you listen to the audiobook. If there is an idea you really want to save for later, pause the audiobook and search the written version for a string of three or four words you just heard. An exact short phrase is typically enough to find the right spot. Annotate it there.
Listen at over 1x speed. The exact speed will depend on both your practice and the book. I get distracted by other thoughts both when I read and when I listen, but when I listen I can tell the software to make it more challenging. The trick is to set the audiobook playback speed slow enough that you can still comprehend it, but fast enough that it takes effort to do so. That will leave no space for stray thoughts, increasing the attention you give the content.
Programming books aren’t a good fit for audio, so they don’t tend to be produced as audiobooks, but there is still value in audiobooks with charts and graphs. Those tend to bundle a PDF with the required images and the narrator will tell you where to look. Even so you may not need to check, as what matters in a graph aren’t the lines, but the conclusions. If you trust the author’s honesty and competence, you may eschew looking at the pictures and accept their interpretation of the data.
Nice to see folks rethinking files, as they're a scourge on the planet and an antiquated anti-pattern that has been holding back the industry pretty much since its inception. I don't know how anyone could take a look at /etc for example, and consider it anything but archaic. The adduser command is some 1130 lines long, and all it does is do CRUD on files, to name just one example. Then there are countless config files that just have to be edited by hand and happily accept syntax errors and logical errors. No modern system would tolerate this.
The root of the problem with files is that they lack an information model, beyond just a sequence of bytes. They are unopinionated to a fault. All files have structure. Even if that structure is a "non-structure" like "all these files are just a random sequence of meaningless bytes", then that is their structure. But this information isn't present in the system, nor can it be enforced or constrained when that is desirable.
To me, the obvious alternative is the database, aka "everything is a row". We have used the database (relational or otherwise, but mostly relation) to successfully model many many domains, and bring coherence and clarity to them. The cool thing about the relational database is that it's based on an underlying relational algebra. The syntax of data in an RDBMS is really just one manifestation of a deeper layer of structure that is syntax-free, and these abstract structures can be (and are) manifested in multiple coexisting syntaxes.
I think it depends on the website you're wanting to run..
I was part of a now-dead "threaded message board", which had a somewhat cliquey view of what should/shouldn't be posted. In the evening when the moderators were away, the discussion became more interesting as it strayed off-topic.
Eventually the community wanted 'to fork' so I decided to build something myself. I'm not IT trained, so first version was PL/SQL on Oracle - all I knew. v2 was the product of me buying an O'Reilly PHP/MySQL book (I still have 'platypus' somewhere).
People came.
First few years were a mess. The more technically literate people used to hack me for fun - but then would confess and provide security tips.
As the mood took me I'd add features, and then if they became troublesome fixed/killed them.
The odd person would arrive and cause trouble, and I'd have fun working out how to make them stop.
(correlate logins with emails, password, IPs, browser fingerprints etc). Then maybe experiment with hiding troll-posts from the other users, whilst displaying it to the troll, who thought they'd been ignored - etc etc.
Or maybe auto-embed some very dodgy zero-sized images in their feed, if I know they were going through a company/university proxy.
After a while it just all got quiet and relatively happy, and it's been puttering along since 2003.
It's currently got over 9 Million posts, a load of marriages and children - and a few deaths with some 'best-of posts' for the departed.
I'm fully aware this isn't impressive as a potential unicorn, but I feel there's a bazillion other little sites, like mine, happily puttering along out there that are overlooked.
#standardSQL
SELECT id, title, url, score
FROM `bigquery-public-data.hacker_news.full`
WHERE timestamp > '2019-01-01'
AND REGEXP_CONTAINS(url, '.pdf|arxiv.org')
ORDER BY score desc
"grounded", which is the US usage, derives from the phrase "tied to earth ground". This derived from the fact that an "earth ground" is literally connected to "the ground" ("ground" as in "the surface of the Earth" [1]) because an "earth ground" is a six foot copper pole sunk underground to which the "ground" buss bar in an electrical distribution panel is tied.
So in the US, it seems we shortened "tied to earth ground" to "grounded" for common usage while in the UK the shortened version became "earthed" [2].
> You need to think more carefully about your position. Your statement makes it seem like you are ignorant of history. People have been imprisoned and killed for their correspondence. It is still happening in the world today.
I am aware that people have been imprisoned and killed for their correspondence. I think we should blame the perpetrators, not the free flow of information.
> Brin doesn't agree that it's a good idea for everyone to see your letters, bank balance, and other personal secrets. It seems like you got the wrong idea about his book.
That's possible. I didn't read the book.
> The problem with your concept of absolute zero privacy is competition. As long as privacy can be exploited, as long as a lack of privacy can be used against you in any way, the need for privacy will exist.
All knowledge can be exploited. All knowledge can be used against people. I don't think that's a problem, and I don't think that can be changed.
> The idea you have that privacy could go away can only happen if all humans are cooperative, and economic systems based on competition are eliminated. We can't have absolute transparency and Capitalism at the same time. We can't have politics or business either. Absolute transparency works for fictional races like the Borg on Star Trek. What you're talking about seems like a theoretical concept that is divorced from reality.
I don't claim that we could switch to full transparency tomorrow. I suggest that we accept the limitations of privacy, and work toward a society that's compatible with more transparency. I think less competition and politics would be welcome.
> Current trends are in the opposite direction, so what makes you think we're on the way? Business is getting more competetive, not less. Societies are getting more political, not less. In some countries, government and human rights abuses have been regressing. The need for privacy is going up, not down.
The world is getting worse in some ways, and I think that privacy enables that. Privacy is a self fulfilling need. The more we expect and rely on it, the more dangerous it becomes, the more we need. That's not good.
> You didn't explain why. Why is it a good idea? Do you want to post all that information here and now? Why aren't you publishing it already if it's a good idea?
Again, society is not ready yet. It won't be ready until we all put a lot of work into changing things. The first step is to convince idealists that total transparency is more desirable than total privacy.
> Your purchase history is just one of many examples of something that is being used against you. There are insurance companies buying personal data like purchase history in order to gather evidence for denials on claims.
If your purchase history is evidence that you violated the terms of the contract, I think it's fair. Likewise, if it makes it possible to give discounts to people who take care of whatever is insured, that's great.
> Do you understand why the right to privacy currently exists?
Yes, I understand why it exists.
> The fact that there are problems with privacy doesn’t mean it makes any sense whatsoever to just get rid of privacy. Should we get rid of water because some people have drowned? Should we eliminate math because it’s hard and people sometimes make mistakes?
"The fact that there are problems with [transparency] doesn’t mean it makes any sense whatsoever to just get rid of [transparency]."
> When privacy leaks and abuses cause people suffering or damage, the answer isn’t less privacy, it’s more. Plug the leak, don’t open the floodgate.
It's like increasing the dosage of medication as your body gets used to it. I'd rather not have to take medication if possible.
I want people to change their diet to prevent or reverse diabetes. You want to create more artificial insulin. I don't think artificial insulin is bad, as it clearly helps a lot of people today (and more people every year), but I don't think the discussion should only be about creating more artificial insulin and making sure everyone can have some. We should think about fixing the root cause, and lessen our reliance on artificial insulin.
It is a common joke construct in english to use the one is a X, the other is Y to confound user expectation. (although X and Y can be reversed for purposes of making the joke more funny)
The Joke starts with a question in the format what is the difference between A & B where one of these A is to be the Butt of the joke. The answer then says one is X where X is a number of qualities, probably laudable, obviously describing A, then the punchline is the description the other is Y with all negative qualities in such a way that you realize that the previous description of X which you thought was referring to A was actually referring to B and the negative Y is a particularly mean spirited description of A. One common variant if you have the negative Y values described first you will just say
'Well one is Y (all negative values) and the other one is A (just repeating the name)'
The comment was written in such a way that it functioned like one of those jokes. I unfortunately cannot think of one of these jokes right now, but for an example of how the reversed version works you might have something like this:
What is the difference between X and Ted Bundy?
Well one is an insane Republican murdering abuser of women, and the other is Ted Bundy.
No particular person was thought of as being represented by X when this example joke was formulated.
Allegro argued that Jesus in the Gospels was in fact a code for a type of hallucinogen, the Amanita muscaria, and that Christianity was the product of an ancient "sex-and-mushroom" cult. Critical reaction was swift and harsh: fourteen British scholars (including Allegro's mentor at Oxford, Godfrey Driver) denounced it. Sidnie White Crawford wrote of the publication of Sacred Mushroom, "Rightly or wrongly, Allegro would never be taken seriously as a scholar again."
Those 10 rivers are all in the developing world and China: the Hai, Nile, Meghna, Brahmaputra, Ganges, Pearl, Amur, Niger, Mekong, Indus, Yellow, and Yangtze. In terms of countries that's: China, India, Pakistan, Bangladesh, Thailand, Vietnam, Egypt, Nigeria.
The reason a bridge is so constrained is because we have scaled the difficulty of the problem upwards until it is near the limits of our budget and ability.
Many software projects are profitable without being anywhere near physical limits. Other software projects are not, if you are working for an HFT, then you're counting microseconds and measure distances by how long it takes light to travel. If you're storing 10^10 bits of data you don't need to even think about it, at 10^15 bits of data you can go to the store and buy a bunch of hard drives, and at 10^20 bits of data you need a team of experts to make it even possible, never mind cost-effective.
If civil engineering looked like software engineering, a big chunk of our civil engineers would be building popsicle-stick bridges to carry occasional featherweight loads across 1-inch gaps, but there would still be some real bridges out there.
One of the first things I remember about moving to a rich country was the absence of knockoff products sold in retail stores. It seemed amazing to me that companies would deal only with authorized distributors.
These days, I feel like I'm in a twilight zone where 'wealth creation' is happening by putting a fresh face on 3rd-world country business models.
First it was Uber with the "hire a random guy off the street to be my driver". Next it was Fiverr/Upwork/ etc, the digital equivalent of rounding up day labourers in the Home Depot parking lot.
Now it's Amazon selling bootleg crap at scale. What's their excuse? Some variant of "move fast, break things", no doubt.
TLDR; Michael Norton did the survey of people with networth > $1M and most said they need 2 or 3 times more. People with networth > $100M also don't feel satisfied because they tend to answer the question "Am I better off than last year?" by comparing to other folks who did even better than them.
It looks to me that if you are in $3M to $10M bucket, you have financial freedom to live low key upper-middle class life. This is what Tim Ferris refers to as "New Rich".
However when you are above $10M, something else happens. While you have financial freedom, you are also just starting to taste freedom of will. Sooner or later it might get annoying that you must wake up at 5 AM because that's the only flight available OR that you can't get the penthouse suit because someone more wealthier decided to book it out for entire year. You still depend on publicly available utilities fiercely competed upon. Unlike your peers with $100M you can't own GulfStreams or have $25M Malibu mentions overlooking Pacific with infinity pools.
When you get to $100M, things change again. Now you do have little gulfstream but it's far cry from private 747 with king size bedroom, office, bar and a chef. Sure, you got that mention in Malibu but that large paradise estate in Hawaii with its own beach and waterfalls is out of your reach. When you meet your billionaire friends in blue waters of Greek island of Creet, your little yatch looks like baby's first toy missing things like its own sub and helipad. Life is good but not that good because resources at your disposal have still limitations to achieve maximum possible freedom of will. People tell you how awesome you are but you keep finding new limiting ways you are restricted to act by your will every single day.
I think its only above $3B that you are in realm of pure score keeping, the quality of material possessions cannot be improved further and freedom of will is pretty much maximized. Now you are truly limited by time, and much less by ideas. So until you get in to that top 1000 individuals, it's going to sting one way or another.
I don't know which government officials in the communist party thinks this kind of investment will be successful - and it may be short term successful - but you end up paying for it in the long run.
Maybe said gov't official ran a business selling chinese goods on Amazon and used fake reviews to successfully grow the business by pawning off really poorly made products into consumer hands. He/she witnessed the success and applied that theory everywhere - you can always buy your way to a good impression.
Well, it works (kinda) on Amazon because the blame and outrage still gets created, its just that there's no entity to ascribe the blame onto. The store is usually brandless, or can rebrand itself in an instant if things go south.
BUT the blame just doesn't dissipate into thin air. No, it gets assigned to the first thing that does have a permanent brand - Chinese goods. And then, chinese culture.
The US tried to use covert tactics in the 70s - 90s during the cold war era, in many places including the middle east. It was a time of naivety where "I can get away with doing illegal and immoral stuff" was an infectious attitude. Fast forward 30 years, and the winners are the people who immediately benefitted from those actions, but the losers (the AMERICAN GOV'T AND PUBLIC) are still paying the price via terrorism in the form of extra defense costs, safety concerns, tragedies and more.
Again - blame and resentment doesn't disappear into thin air. It collects, like pollution, and you pay a price a long way down the road.
China, you're not an anonymous store on Amazon. You're one of the strongest brands in the world with 5000 years of history. Your brand is larger than Amazon, Twitter, Facebook, and Google combined. This is just not worth it.