Except they only won because UK was too busy spending money on a way to stop the French.
Like 1812 when the Brits weren't busy with the French they easily came in and burnt the US capital as punishment for burning the Canadian one. It's not that the British army suddenly got a lot stronger; they just weren't busy fighting on two continents.
That said, civil disobedience is largely pointless. We're in a capitalistic society so money is the name of the game. Rosa Parks did shit-all; it was the boycott of the bus system for 9 months that made the buses cave.
There is a super interesting and complicated discussion to have about the pragmatics and morality of concerted military action versus stochastic civil violence. Unfortunately, thread conditions on HN aren't conducive to it; the discussion will instantly devolve (via people joining in) to valence arguments about the cause of this or that campaign of violence. I genuinely think you'd need a moderation regime designed from the ground up to support a productive conversation about this topic, which, for good reasons, HN doesn't provide.
Honestly, it's not really that complicated. Americans (at least Pennsylvanians) born before, say 2000 were explicitly taught that violence is ok if it's against tyranny. Apparently, they stopped teaching that after 2010, so we're now in a post-natural-rights era.
While I typically avoid touching non-technical topics, I have the opportunity to chime in as another PA highschooler from the 90's, we absolutely were taught that, down to details in AP courses such as the impact of individuals like John Brown. While I'm not sure I'd have worded it precisely like the parent, the concept of "the four boxes of liberty" and the progression thereof was certainly understood and conveyed. (There was substantial study of the labor rights movements and conflicts/resistance therein as well)
I went to Jesuit high school in Chicago in the early 1990s. There's a lot more to say about all of this stuff and nothing wrong with what you just said, but to hash it out any further, we'd have to attempt a philosophical discussion about violence in a forum that (unavoidably, and to the consternation of its moderators) has reward circuits wired around hyping up action.
Since your point seems to be that not all the founding fathers parent was referring to were actually slave owners do you have a claim for a rough ratio? I think that would be interesting and would be a more informative thing regardless of where on the scale it lands from "everybody but Adams" all the way up to "only a big names like Washington, Jefferson".
To a first order approximation half the founders were from New England (no slavery) and the other half were from Virginia (no realistic chance of being important/rich enough to be a signatory without owning slaves). So call it 50-50
Eh, the only way to secure your Rust programs it the technique not described in the article.
Vendor your dependencies. Download the source and serve it via your own repository (ex. [1]). For dependencies that you feel should be part of the "Standard Library" (i.e. crates developed by the Rust team but not included into std) don't bother to audit them. For the other sources, read the code and decide if it's safe.
I'm honestly starting to regret not starting a company like 7 years ago where all I do is read OSS code and host libraries I've audited (for a fee to the end-user of course). This was more relevant for USG type work where using code sourced from an American is materially different than code sourced from non-American.
If you host your own internal crates.io mirror, I see two ways to stay on top of security issues that have been fixed upstream. Both involving the use of
Alternative A) would be to redirect the DNS for crates.io in your company internal DNS server to point at your own mirror, and to have your company servers and laptops/workstations all use your company internal DNS server only. And have the servers and laptops/workstations trust a company controlled CA certificate that issues TLS certificates for “crates.io”. Then cargo and cargo audit would work transparently assuming they use the host CA trust store when validating the TLS certificates when they connect to crates.io. The RustSec DB you use directly from upstream, not even mirroring it and hosting an internal copy. Drawback is if you accidentally leave some servers or laptops/workstations using external DNS, and connections are made to the real crates.io instead. Because then developers end up pulling in versions of deps that have not been audited by the company itself and added to the internal mirror.
Alternative B) that I see is to set up the crates host to use a DNS name under your own control. E.g. crates dot your company internal network DNS name. And then set up cargo audit to use an internally hosted copy of the advisory DB that is always automatically kept up to date but has replaced the cargo registry they are referring to to be your own cargo crates mirror registry. I think that should work. It is already very easy to set up your own crates mirror registry, cargo has excellent support built right into it for using crates registries other than or in addition to crates.io. And then you have a company policy that crates.io is never to be used and you enforce it with automatic scanning of all company repos that checks that no entries in Cargo.toml and Cargo.lock files use crates.io.
It would probably be a good idea even to have separate internal crate registries for crates that are from crates.io and crates that are internal to the company itself. To avoid any name collisions and the likes.
Regardless if going with A) or B), you’d then be able to run cargo audit and see security advisories for all your dependencies, while the dependencies themselves are downloaded from your internal mirror of crates.io crates, and where you audit every package source code before adding it in your internal mirror registry.
You are getting distracted by domain names, your Cargo.lock files already cryptographically address the source code. Either make sure all your Cargo.lock files contain no known-bad hashes, or make sure all your Cargo.lock files contain only known-good hashes. Maybe also mirror the .crate files for the absolute worst case scenario of crates.io going offline.
A large number of security issues in the supply chain are found in the weeks or months after library version bumps. Simply waiting six months to update dependency versions can skip these. It allows time to pass and for the dependency changes to receive more eyeballs.
Vendoring buys and additional layer of security.
When everyone has Claude Mythos, we can self-audit our supply chain in an automated fashion.
You don't need vendoring for this, Cargo.lock already gives you locked-dependencies until you run `cargo update`. There is an ongoing RFC to support having cargo intentionally only use library versions that are least X days old:
No because the title is using the word "new jobs".
If there's 100 men and 100 women employed and 100 women get fired then you have an equal number of "newly" employed people (0).
If there's 100 men and 50 working women and you fire 100 men and hire 50 women then 100% of the new jobs went to Women. Same is if you didn't fire anybody and just hired 50 women.
If there's 100 men and a 100 women, you hire 50 men and 50 women, and separately 50 men are fired, total is +50 growth all women, despite the fact that non absolute job creation was balanced. I'm wondering if the author is missing this effect.
The net result is the same, but in the case in my example there is no barrier to men getting jobs.
In fact, if you start with a male dominated economy and it gets progressively balanced, you would see years of absolute female job creation, and that would not imply men are blocked from entering the workforce, just that the male dominated generations are exiting the market as they age and being replaced by a more balanced mix.
Well yeah but the real problem is a lot of jobs that go to women are not considered high status jobs. That’s the source of all of the gendering and gender imbalance of those jobs. Even computer programming was low status, which coincided with it being women-dominated once upon a time. We could fix the whole problem if we just convinced people to treat the people holding nursing, teaching, and childcare positions as if they we’re important members of society. And I mean this would fix the pay gap too.
It's not a question of marketing, it's a question of progressivism.
We expanded job opportunities for women by telling them they can do anything, be anything, and he just as good as men at it. That they're built for anything, and that they aren't naturally forced to do anything one thing.
There are infinite ways to be a woman. There is one way to be a man. That's the problem. We should not be trying to convince men that nursing fits into that one way. Rather, we should be telling men that it's okay to have traditionally feminine jobs.
We've never had a progressive movement for men. We really require that if we're gonna get men, as a whole, to take these jobs seriously.
There have been some studies that show once female participation in a field/career gets past about 40%, males tend to leave (or at a minimum, fail to enter) that field/career. Historically, school teachers and secretaries were male fields. Then in WW1, there weren't enough men available, so women were encouraged to enter those jobs. After WW1, those same jobs weren't seen as "manly" enough and male participation never recovered.
The article is pretty clear, Women are getting most of the new jobs because they're in fields that Men largely don't try to enter (ex. Teaching).
Like whats the big initiative to increase the amount of Women with a Masters of Education? I've heard of a bunch for STEM but Men still dominate that field but that field is growing slower than other Women dominated ones so it's a non-sequitor.
IIUC, the difference (for USG) of Medicare vs Medicare Advantage is that Medicare subsidizes the cost of a procedure done by a provider while Medicare Advantage (MA) pays a fixed rate per treatment to an insurer.
So if the MA rate is less than the provider changes then the insurer is highly incentivized to deny you coverage. While for Medicare you'd have a higher co-pay.
This also leads to scenarios where MA insurers upcode patients so that the treatment is at a higher rate [1]. (ex. Marking patients as recovering drug addicts when prescribing opioids to get both money from both counseling and the opioid treatment).
Most likely not. I've seen Iranian sources claim that the 10 point plan is violated[1]. However I (1) do not know about Iran's government structure and (2) I can only trust other sources that I believe are trustworthy.
However I think assuming that Israel violating the ceasefire (as they have done multiple times in the past) is more reasonable than assuming a country with a ~400B GDP (similar to Hong Kong, Portugal) has leaders that "can't read".
> Or you can put code in different package and guard internal package cohesiveness and coupling a bit and use well defined interfaces to call a functions through.
While I do think actual microservices are over-kill. I don't think I've seen code anywhere that survives multiple years where somebody doesn't use internal state of another package. Like if you don't force people to use a hard barrier (i.e. HTTP) then there's going to be workarounds.
Like 1812 when the Brits weren't busy with the French they easily came in and burnt the US capital as punishment for burning the Canadian one. It's not that the British army suddenly got a lot stronger; they just weren't busy fighting on two continents.
That said, civil disobedience is largely pointless. We're in a capitalistic society so money is the name of the game. Rosa Parks did shit-all; it was the boycott of the bus system for 9 months that made the buses cave.
reply