Scanning the google results for “nyt subscribers” I see them reporting 5 million in Feb and 4.7 million in Aug 2019, so it looks to me like subscriptions have been accelerating in recent months.
Can you please share the information you have regarding mass subscription cancellations due to this op-ed? I would like to see it.
Blues exist along a range of brightness values and blues work great in dark terminals and editors all day every day for many many people. I'm typing into a browser window surrounded by probably about 4 or 5 terminal and editor windows peeking out of the background with somewhere between 5 and 10 different shades of blue on dark grey backgrounds and they look clear, bright, and amazing. The dark background makes the blues pop.
or green like the Hombebrew default scheme in Terminal. non-techy people I used to work with called me the matrix because my screen was stacked with multiple terminal windows with the green text on dark background color scheme
You’re not just helping MS, you’re helping millions (billions?) of their users - people who cannot afford the time (Linux) or luxury (Apple) of alternatives.
This is standard practice, it's not your email address, you are just using it for work, and your employer needs access for a variety of very obvious reasons. This should not be news to any technology professional and it's mind-blowing seeing these comments on HN.
The question is fair. Capability does not guarantee legality, and there are plenty of cases where an individual who can access an email is not legally entitled to:
1. My ISP provides me internet access, but they are not entitled to collect my bank information when I access my bank account.
2. Depending on the nature of the corporation, it may not be legal for an individual to forward emails in the manner described. Consider: what if the email account belonged to a lawyer or doctor? Client confidentiality probably trumps many other legal concerns here.
3. Is said manager part of the IT/InfoSec department within this organization? If not, they may be circumventing organizational controls, which in itself may not be legal.
Then consider that it's mindblowing to you because you're not used to any of the many jurisdictions where there is a legal expectation of (some) privacy at work.
Under European data protection laws, for example, many countries have considered the privacy restrictions to extend to employee e-mail addresses.
This includes Norway, for example, where employees have extensive rights to prevent employers from accessing their corporate e-mail accounts without substantial safeguards to prevent them from accessing personal information, and including rights to be notified where possible, be present, be able to respond and challenge the access etc.
You can find a lengthy (in Norwegian, though Google translate ought to do a decent job) walkthrough of the rules here [1].
Unsecured Elasticsearch servers have been implicated in multiple breaches in recent months [1][2]. Since this post is an "In depth guide to running Elasticsearch in production,” it should prominently include information related to security and configuration. With tools like these where there is a learning curve for new users, security can end up treated as an afterthought, leading to these kinds of breaches.
This guide is clearly intended to focus on the ops-side of ElasticSearch. No one is being irresponsible, you're basically just complaining that the article was written about one topic instead of another.
Notice how it also doesn't talk about system architecture, load balancers, disaster recovery, etc? It's because the author chose to focus the post on cluster configuration. The topic of security could be its own standalone writeup and I highly doubt that its omission is an endorsement for running an ES cluster totally exposed and unsecured.
The argument is that you can't have an in-depth production guide to Elasticsearch without a section on security. "Production" should be "secure". A better title would be "optimizing Elasticsearch performance in production" or something of the sort.
To be honest I think if you're responsible for running production systems, it would be a no-brainer to run everything as closed up as it gets, with only access from servers which actually need it.
Yet we see security breaches caused by trivial misconfigurations and bad (or no) firewall setups. Chances are, people building these systems aren't accustomed to security-first deployment and will use and bookmark a guide like this to properly set up instances, rarely if ever going back to the docs or looking at other guides.
Chances are, people building these systems aren't accustomed to security-first deployment and will use and bookmark a guide like this to properly set up instances
Or they aren't given the time, running on ASAP-brand project management and/or pushing the POC to prod.
I can't answer for cloakandswagger, but GPs comment sounded to me like this blog post is missing something essential because it doesn't talk about security.
This isn't an expensive course on setting up the perfect ES cluster in production.
As someone who is currently planning to set up a substantial ES cluster, I'm very grateful for someone to write up their learnings in such a compact overview.
An ES stack is fairly easy to get up and running in a development environment with docker-compose. But, not so much with a secure production installation. After going down the path of trying to get production up and running with security, I found Open Distro for Elasticsearch [1] to be very helpful. https://opendistro.github.io/for-elasticsearch/
I tried reaching out on forums and was assured they’d get to it. I’m used to things going slow in OpenSource so not too worried at this point.
Would be lovely to upstream it though, as I’ve patched 2 versions now and not looking forward to continue doing so ;) Plus I’d be glad to contribute more things based on our experience running ODFE, I’m very intrigued by other upcoming plugins in ODFE repos as well.
Hi Dmitry - Thanks for flagging the PR that needs review. I've pinged our engineers to review. Ping me @alolita on the PR whenever you contribute. Greatly appreciate your patience and your contributions to Open Distro :-)
I am one of the PMs and we discussed this PR internally. Our engineer will connect with you soon. Apologize for the delay but our team was working on getting the release out.
There's a huge difference between an HTTP server listening on a port with no obvious "map" of what's available, an ES server that can quickly be explored and its contents exfiltrated with no prior knowledge of the content.
This is not even close to paranoid. Conflicts of interest are an important issue for nonprofits because it can cause them to lose tax exempt status, and the IRS makes a whole todo about it, and therefore so do competent boards. Trying to brush this under the rug because of politics is disgusting and would not be tolerated at ethical and competent organizations.
There is a very small pool of engineers who work full-time in politics because it is a small and highly cyclical industry with extraordinarily small margins. I have personally worked with many competing campaigns and nearly all vendors in the space do. Many organizations grapple with these conflicts of interest in and outside of politics, and do so successfully. From my perspective, it is quite paranoid.
It makes me proud of the Hacker News community that there have been so many climate change articles posted at an increasing rate. This is a very important issue, more important than technology since technology won't exist when the climate collapses and destroys civilization. We need to make a serious effort educating the public about climate change, so we need to work together to ensure that, at minimum, the top article on Hacker News is always a climate change story. It would be even better if we keep multiple climate change articles on the front page at all times.
While I agree with you that it's nice that climate change related topics are discussed, this is hyperbole:
>more important than technology since technology won't exist when the climate collapses and destroys civilization.
The type of climate collapse you're talking about here would have to be something so extreme that most disaster movies would pale in comparison. The defining trait of our species is tool (technology) use. As long as there are humans around, our technology will matter. In fact, improvements in technology are likely our only way out of the mess of climate change.
I think that hyperbole about climate charge hurts the cause. Some people will believe you, but once they learn that you were wrong (or lying) they won't trust you or anyone else on the matter anymore.
There was an HN comment a while back about how hard it is for most creatures to evaluate exponential growth. About how a petri dish colony took 2 weeks to get to 50% full but then they all died off in the next 2 hours because their growth was exponential and the environment static.
Once the climate starts worsening visibly, it will get much worse quicker.
The world is literally on fire now (california, australia, the arctic) - guess what's lined up for the next decade.
There should be a user option similar to “show dead”: “show climate stuff”. If it’s enabled (make it the default if you want) then N stories get included on the front page (make N configurable if you want).
Then I can turn it off and go back to ignoring this stuff, along with maybe 30% of the people here.
The Blackrock letter did not state that they are divesting from fossil fuels in 2020. It stated that they are planning to remove companies that generate more than 25% of their revenue from thermal coal production (i.e., thermal coal producers that are not diversified, meaning the large diversified thermal coal producers are not affected) from their discretionary active investment portfolios, which only accounts for a minority of their assets. Note that thermal coal is already declining in the US and other markets due to increased competition primarily from natural gas, a fossil fuel which, like oil, the letter says nothing about.
https://www.nytimes.com/2020/05/06/business/media/new-york-t...
Scanning the google results for “nyt subscribers” I see them reporting 5 million in Feb and 4.7 million in Aug 2019, so it looks to me like subscriptions have been accelerating in recent months.
Can you please share the information you have regarding mass subscription cancellations due to this op-ed? I would like to see it.