The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated
Not surprised at all if this is true, but how can they be sure? Access log? They have extraordinary security team? Or some help from three letter agencies?
My question is: how do they know they're from China and not some other country and just appear to be in China? It seems a good way to distract from the real source and to cause division between your adversaries.
That's a whole area called "attribution". There's usually lots of breadcrumbs and people taking to each other about their findings. It goes down to silly things like many state sponsored hackers working 9-5. And having the right keyboard layout. And using the same version of something as another known group. And accidentally once including a file path that reveals a tiny bit of information. And using the same key in two places that connects them. And...
Or course a lot of that can be spoofed, but you may still slip up. That's why they talk about high confidence.
If it's a known avenue of identification, one would think a state-sponsored group would have policies in place to combat that sort of fingerprinting. All of that would also be trivial to spoof/plant so as to distract from the real source.
> That's why they talk about high confidence.
I don't think "Just trust us" is good enough, not when there are various groups - the companies reporting these hacks included - with incentives to blame China.
> If it's a known avenue of identification, one would think a state-sponsored group would have policies in place to combat that sort of fingerprinting.
It relies on people not being perfect and not caring that much. So far, it's working pretty well and the identification leaks are consistent for years.
Anthropic probably doesn't have the independent capabilities to perform a full definitive attribution of sophisticated cyberattacks. They likely detected misuse of their tools and then worked with/provided information to the intelligence community (who are familiar with the modus operandi of Chinese APTs) who then did the attribution.
Short version: they can’t. Just like with a lot of “CIA-style” espionage claims, the “evidence” is usually an IP that resolves to somewhere in China. That’s it. No magic, and not exactly convincing.
Well to be fair, I have read analyses that includes operational details like, for example, when the threat actors were active lining up with working hours in China. Stuff like that is at least slightly more convincing than just an IP
But of course, that doesn't prove anything either.
I imagine Anthropic employs a lot of talent from China. Beyond the political, they should be fairly certain to publish these claims to avoid an internal shit storm.
I really hope your product fly.
I'm easily distracted and generally like simple websites.
I want to know what plugins or scripts other Hacker News users use to block annoying segments. Beside uBlock Origin, I use kill-sticky[1] to hide sticky items like dialogs or headers (though sometimes it's wrong), SponsorBlock to skip sponsor segments, DeArrow to change YouTube thumbnails and titles to be less clickbaity.
And I use Firefox's Reader View sometime too.
I used to despise AIs' ass-kissing responses.
It doesn't add any value, and it's so cheap it's almost sarcastic.
But now, I feel sad because Codex doesn't praise me even though I come up with a super-clever implementation.
I think the part of my brain for feeling flattered when someone praises me didn't exist because no one complimented me.
But after ChatGPT and Claude flattered me again and again, I finally developed the circuit for feeling accepted, respected, and loved...
It reminds me of when I started stretching after my 30s.
First it was nothing but a torture, but after a while I began to feel good and comfortable when my muscles were stretched, and now I feel like shit when I skip the morning stretching.
It's sad that many nihilists think like that life is meaningless, there's no point in trying.
Nihilism suggests our lives don't have inherent purposes defined by religion or culture.
That means we can define our own purposes and values of lives, not by following a god packaged with harmful commandments.
Many people feel fulfilled when they notice small improvements or helping others for tiny things, and they're grateful for that.
You can simply appreciate those feelings instead of being sarcastic.
Younger people tend to have nihilistic ideas like this.
And it's understandable, because it's true that the reward for being hard working, loyal, or honest is decreasing, so we think why bother trying?
But the decrease of those values is just a small amount at a time.
It doesn't suddenly change life from are full of joy and meaning to a complete waste of air.
You can still improve a lot of things by taking small effort.
Not much as it was in many ways, and yes, definitely there are someone who are born lucky or can improve a lot with far less effort than you put in. But it's still possible.
I spent a lot of time thinking like this, but slowly realized I can make my life better just by trying.
That time wasn't a waste cause it made me a little bit more sympathetic to others, but some people spend their entire lives in that way.
It hurts them, and it's sad they miss the chance to improve a bit.
It accumulates over years and decades, and ending in an unhappy and regretful life.
We can't be the full potential version of ourselves without huge effort, but can still be much happier by a small, consistent effort over time.
The obvious problem with nihilism is that ultimately everything is ungrounded and there are no moral truths. Some people are naturally altruistic and feel fulfilled when helping others, others are naturally sadistic and feel fulfilled when torturing others. Nihilism means these are fundamentally equal impulses.
This is why humans invented various religious systems and philosophies to provide grounding for absolute moral beliefs. There's also probably an evolutionary factor at work, where nihilistic societies imploded or were outcompeted by confident cultures which believed absolute moralities. This is being seen today in Europe, with nihilistic progressives having few children, supporting mass migration, resulting in being demographically replaced by absolutist muslims.
Yes, there are people who are sadistic but still fear divine punishment like karma or hell.
And religion may be the best way to force them to stop harming others.
But our society prioritise freedom.
We don't arrest suspicious people without warrants, allow people secret and secure communication on the Internet (I mean I'm not sure those things will continue but still), and even freedom of religion itself.
We should accept the risk of increased immoral activities due to not forcing people religious restriction just because they are born in such family or culture.
And I think society collectively can have morals, especially we are financially and socially fulfilled.
So we need to aim that direction, even though currently it's going to the opposite.
with nihilistic progressives having few children, supporting mass migration
While it makes sense to think that nihilists don't value culture and don't mind mass migration, AFAIK most nihilistic communities are often racist.
Actually most communities, including leftists, don't welcome immigrants.
The only group is the rich and corporations who just want cheap labor while don't need to face cultural conflicts and deterioration of security.
We can restrict migration and still treat current immigrants like humans by electing politicians who aren't sensationalists, greedy populists backed by corporations and continue mass migration after they grab the power.
This is why humans invented various religious systems
BTW, I personally think the biggest factor for religion exploding, especially after social orders were developed and the gap between social classes were polarized, is the anger against unfairness and those exploiting others, manipulating social structures for personal gain, being assholes just because they were born lucky, and facing no consequence.
It's almost impossible to see justice served, or be rewarded for living humble and honest life.
So we needed to invent "heaven and hell", which brings justice for "us" and "them" after death.
Moral truths are a lesser form of truth. There are truths that bind god itself in every possible universe (modally.)
There are grounded, binding falses/truths from which man cannot escape, things so wrong that to call them "value" wrongs is to try and reduce the universal wrongness of the action.
Actions that are wrong for everyone, even God, god or gods, for all time, in all possible universes.
Value wrongs are different than other kinds of wrongs, we make them for ourselves, they can also be true without a god, there is a lot written on this topic.
But man doesn't need god for absolute truths that govern their lives and weighs their actions to exist, doesn't need god for eschatological consequences, etc.
One of the strangest phenomena (to me) is the phenomenon of young people stealing cars, then driving them around in circles, in the middle of some city no less, until they burn out and catch fire. Apparently it's fun for some. They're called "street takeovers".
I tried to find a terminal which can shows images, videos, and other media. I know it's not a UNIX way, but sometimes it can help. There are multiple options, but they didn't click in me.
But just showing a browser like Jupyter would be very useful. It can handle a wide variety of media, can easily show JS heavy webpages unlike curl, and with text option to show text based result like w3m but can handle JS, it will be more useful.
browser google.com/maps # show google map and use interactively
browser google.com/search?q=cat&udm=2 # show google image result
browser --text jsheavy.com | grep -C 10 keyword # show content around keyword but can handle JS
vim =(browser --text news.ycombinator.com/item?id=45890186) # show Hacker News article and can edit text result directly)
I fear sharing code for a different reason.
I'm a perfectionist with tendency toward procrastination and anxiety, and sometimes I overestimate my abilities.
So when I submit a PR, I want to make sure the code is clean, well organized, and covers all corner cases and hidden feature details.
This works well most of the time.
I put effort to think about design, structure, and implementation more than coworkers.
And after a decade of experience I can code quickly for tedious tasks.
But sometimes, when implementing non-trivial features, I struggle to come up with good implementation.
This prevents submitting working code early.
And when I feel I'm delayed, my anxiety kicks in, and I have this urge to implement cleaner code and more features than expected even though all of my coworkers just want working code.
And I feel more pressure, more urge to implement well, more anxiety, but it makes me procrastinate (I'm working from home so I can just lie down on the bed when I'm depressed).
Sometimes I manage to implement, sometimes I give up and the feature is not implemented or assigned to a coworker.
But in few cases I end up with severe depression, stop functioning, and finally quit the job.
I can handle this better than before after making same mistakes again and again, but still happens sometimes.
Have you ever worked on a PHP codebase that’s 15 years old, has over a million LoC, provides business-critical functionality, has seen hundreds of developers come and go, and has absolutely nothing that could be interpreted as either being the result of design, or having actual software architecture, or even a consistent structure?
> implementing non-trivial features, I struggle to come up with good implementation
In my experience, the best solution for this is to just schedule a 30min call with your team's most senior dev and hammer out a solution together. You probably won't even have to pair program, just some bullet points.
Umm... I just discovered vibe-kanban[1] as a Kanban-based coding agent and superpowers[2] for brainstorming last week, and am planning to try it this weekend. And your product looks like the combination of both... It's interesting so I hope I'll have enough energy to try all of them, but my gut tells me I'll end up spending my weekend on my bed.
Love `TOTALLY RIGHT` and `COMPLETELY WRONG` as boolean, but `TRUTH` and `FAKE NEWS` sounds better. Too much social media consumption makes me feel that "truth" or "fact" are kinda sarcastic.
> Zig for ( 0..9 ) |i| { }
> C for (i = 0; i < 9; i++) { }
I know an open interval [0..9) makes sense in many cases, but it's counterintuitive and I often forget whether it includes the last value or not. It's the same for python's range(0, 9).
The better solution to forgetting whether an interval is closed or half-open is to always use only half-open intervals, without any exceptions.
In most cases half-open intervals result in the simplest program, so I agree with the choice of Zig, which is inherited from other languages well-designed from this point of view, e.g. Icon.
I find half-open intervals more intuitive than either closed intervals or open intervals, and much less prone to errors, for various reasons, e.g. the size of a half-open interval is equal to the difference between its limits, unlike for closed intervals or open intervals. Also when accessing the points in the interval backwards or circularly, there are simplifications in comparison with closed intervals.
By "..._MAX" I assume that you mean the maximum value of a given integer type.
In a language where half-open intervals are supported consistently in all the places, this would be solved trivially, e.g. for a signed byte the _MIN and the _MAX values would be defined as -128 and +128, more intuitively than when using closed intervals, where you must remember to subtract 1 from the negated minimum value.
Even the C language has some support for half-open intervals, because the index pointing after the last element of an array is a valid index value, not an out-of-range value (though obviously, attempting to access the array through that index value would be trapped as an out-of-range access, if that is enabled).
Applied consistently, the same method would ensure that the value immediately above the last representable value of an integer type is valid in ranges of that type, even if it would be invalid in an expression as an operand of that type.
Rust's solution to this is quite good, that's 0..9 and if you want to include 9 it's 0..=9, it looks a bit funny but knowing one with an = sign in it exists removes any doubt
I'm actually curious now how this is stored on `Range` in rust. I've certainly used ..= for exactly the reason you say, but as far as I'm aware `.end` on the range is the exclusive upper bound in all cases. What happens to `.end` in the overflowing case?
Edit: it doesn't use Range for ..=, but rather RangeInclusive, which works fine.
