It kept war out of central Europe from 1945 until 2022 (I'm not 100% sure we shouldn't count Georgia/Bosnia/Chechnia/Kosovo, so I'll say "central Europe").
I don't think two nuclear armed powers have ever declared war on each other - despite two nuclear armed powers currently being in active conflict (India and China) and another few being incredibly geopolitically unfriendly (India/Pakistan and Israel/Iran).
The whole idea behind MAD initially was that if Russia decided to get ideas in Europe, the Western powers would stop them with a nuclear curtain. That's why France has a "warning shot" nuclear doctrine, and the US hasn't ruled out Nuclear First Strike.
IMO, for what it was trying to stop, it worked. Ask people in China and India - it seems to be working for them as well.
EDIT: as an amendment to this: would Russia have been so bold as to invade Ukraine if the 1994 surrender of Ukraine's nuclear arsenal hadn't happened?
Like I said. A lack of war will be taken as direct evidence that it works (not any other causes). And the only way to disprove it conclusively is if we all wipe each other out.
I guess my issue with your statement is that it seems almost impossible to disprove short of someone doing the unthinkable. We have history to suggest (note: not prove) that MAD works.
It’s kinda like economics. We can’t really prove anything in economics works the way we think it does, but we have a bunch of REALLY GOOD suggestions to support our hypotheses.
MAD isn’t a natural law - it’s a social construct, very much like economics.
Ping ID is "SAML" - they actually don't comply with the spec. If you remove the Bearer element from the SAMLRequest, you should be on your way. Ask me how I know.
I'm curious - what is the issue with XMLDSig? I think XML is kind of a mess with the whole "billion laughs" attack, but other than that, are there problems with DSig that I don't know about?
In addition to reasons shared by other commenters, my main concern is XML Signature Wrapping.
XMLDSig APIs are not well designed. They check whether signatures in a document are valid, but signatures are not required to cover the entire document. XMLDSig APIs do not make it easy to confirm that signatures cover a specific element of interest, like saml:Subject.
An adversary can stuff a valid assertion within a forged one, and many popular SAML implementations would accept the forged assertion. This is mostly fixed now, but it's still one of those things that I must validate for myself in all new SAML service providers that I can influence.
Try implementing XMLDsig yourself and you'll quickly learn how awful it is. Aside from the other comments mentioned in these replies, one of the horrible things about XMLDsig is that it requires you to mutate ("canonicalize") the XML that is to be signed. Then, the signature is injected into the document that was signed ... to be removed by the verifier before it has to canonicalize the document, etc, etc
There's a wealth of issues, some generic and some specific to the (not so well thought out...) choices made by the SAML spec.
For starters, the XML signature spec requires canonicalization of the message (which is XML). But the message itself need not be the canonicalized message. So the SAML implementer, if they follow the spec, must process the untrusted input and canonicalize it prior to verifying the signature.
Add in that you can override just about every aspect of the signature algorithm, canonicalization details, and even what parts of the message are actually signed, and you get huge number of places where things can either go wrong or may be overlooked.
Then throw in "XML Encryption" (again with canonicalization) which could be done on the whole message or just the assertions.
Then throw in that you can sign the encrypted portion, or the unencrypted portion, or just the assertions, or encrypt the signatures, or ...
So in short, there's too many ways to do too many thing.
Which leads to a massive surface area of code if you actually follow the spec. Which leads to libraries that either do not follow the spec (e.g., ignoring encryption and just checking signatures in a known location), or think that they follow the spec but will happily ignore missing assertions or out of date certificates.
SAML sucks. But hey, it's still better than having your own passwords!
There's also detached signatures and flexible tag matching, which lead to implementations that have provide rigid schemas with semantic passes to make sure there's no place to smuggle either additional signed content to confuse verifiers, or content that will get signed that changes the message semantics. The whole thing is deeply unsound. OIDC is no great shakes, but even 10 years ago nobody would ever design a signed message scheme that looked like SAML.
Outdated certificates are actually fine with regards to SAML, oddly enough; the logic being that the trust is handled out of band at metadata level, and the certificate is just a public-key distribution method. (That applies to Shibboleth at least; other implementations may disagree.) This does of course assume that you have a means of safely keeping metadata for the other end of the trust relationship up to date. In an eduGAIN/local federation setting, that's easy enough to do with signed XML metadata feeds and daily fetches, but far less so for bilateral trust.
The XMLDSig stuff is definitely a mess though. There were definitely issues with comments in signed content allowing values to be truncated to the start of the comment, along with some similar weirdness with XML entities. And that's before any of your (entirely valid!) complaints...
After my (virtual) TB interview (which I barely passed), I had onsites at 5 places. After the five on-site interviews, I had 2 job offers, one of which was a company I wanted to work for since graduating college. I took the other offer.
This was preceded by a four or five month job search. I had received two offers in that time, but nothing seemed great.
I think TB's process kinda worked, but I understand your skepticism.
I'm actually not all that skeptical of TB's approach. They built a real business around it, way more targetted than eg Karat. Even though ultimately unsuccessful, that is surely more due to PMF and various missteps, than to lack of advantage for individual applicants vs spray and pray approach. (When taken as an average across all applicants.)
I'm just highlighting that GP's specific anecdote doesn't really demonstrate that advantage. Your example seems much more clear.
Somewhat OT for this specific sub-thread but I wonder how much "OA" tools that are part of coderpad etc, contributed to TB's demise. These are meant to be fizzbuzz kind of pre-screens. I know TB's approach was more than that, but from the hiring side, was the value not there since you'd always (?) have your own coding exercise after the TB screening.
I think these sentences sum up most of the article:
> The [...] blackout [the day before the bridge collision] was caused by the mechanical blocking of the online generator’s exhaust gas stack. The second blackout in port [the day before the collision] was related to insufficient fuel pressure for the online generator.
So it sounds like there was an inexperienced crew and some mechanical issues.
I heard that there was some speculation around poor fuel quality, but this paragraph seems to argue against that:
> Fuel-sample analysis results indicated that the [...] fuel [...] complied with international standards and regulations. The test results did not identify any concerns related to the quality of the fuel.
NTSB is the source, which I feel is appropriate to put in the title. It gives more weight to the report.
The initial title of the article is "Contact of Containership Dali with the Francis Scott Key Bridge and Subsequent Bridge Collapse" which is too long for HN. I felt that the outcome (collapse) was not important to include in the title, and the rest was just shortening in order to make the title more approachable.
The low end of the market is taken - but (from an outsider perspective) the high end appears free.
The people who want to buy a Honda aren't the same people who want to buy an Acura, even though it's (essentially) the same parts.
Let's say that, tomorrow, Gucci or Dolce and Gabanna (or however you spell that) want to make a VR headset (why? who knows?). They don't have the tech acumen to compete with Facebook on experience, but they have the brand to compete on "people who want to be seen in Gucci."
Is there a market for that? I don't know. But this opens Facebook up to the possibility of making that deal.
Don’t agree with this take. I’m sure Meta would be fine with other vendors taking over the low-end, if that meant there was a vibrant platform they controlled (ie the OS). They will lead with flagship models to push the boundaries of what the OS/tech can do.
Why would they want to sell at/below cost forever? The reason they do this now is to make the platform viable.
The only reason they are focusing on cheaper devices now is to build the platform and try to get more users, to in turn get more data on what the killer usecases will be.
Think of this as a play like Android. Google doesn’t care what goes on in the commodified end of the spectrum, as long as there is one. Google does ship flagship phones (in competition with eg Samsung) and that is fine.
They want their own platform so they can do whatever they want on their apps. They are playing the long game. Read zuck's VR vision letter. He lays it all out:
Meta is the last company in the world that I would allow to have direct access to my gaze tracking data.
The only thing that I can imagine that would be more privacy invasive would be a device that directly reads your brain waves while you are exposed to different stimuli.
I feel exactly the same, but I think we’re very much in the minority with that perspective compared to most consumers, so they could still sell like gangbusters.
And on that note I can’t wait to see Meta’s answer to Neuralink!
My point is that there is more to "VR Headset Market" than just "low end" - low end is one part of the market, but (right now) Facebook has that part locked up.
It may be that there are more places to compete in the VR Headset Market that people on HN don't know about.
Like you said, this is probably something like an Android play. Everyone was talking about the Apple Vision Pro as the VR Market's "iPhone moment" when it came out - maybe Meta Vision OS (or whatever they're calling it) is Facebook's Android moment.
And yeah, Facebook would probably be ok with others taking the low end of the market if they do it well. Right now, Facebook is the only company willing to take a loss on their own platform. So they do.
It is a wonderful indispensable device for a very special market.
Particular Mac users who happen to particularly like the physical and mental ergonomics, and locational and furniture freedom, of arrangeable virtual screens and a beautiful visual isolation chamber on demand.
(And in my case, who have dramatically customized the light shield and straps to be super comfortable for long periods.
I would buy the next version at twice the price if it came out tomorrow. And give up a lot to do it.
But that is a VERY niche market. There are only three of us happy campers, after the return wave. It is definitely not an iPhone - yet.
Personally, I think they should lean into it as a MacBook Pro killer. Make it a first class pro computing device. That is a good rationale for keeping around a high end spec, high priced version.
Then have Air versions when it becomes possible to ship a cheap enough iOS-computing level version for the masses.
I agree. I’m reading this (and now typing this reply) from the Vision Pro, while doing a 2-hour low-and-medium-intensity cardio workout on my elliptical trainer. Hard to overstate how much better this is than the old MBP/iPad plus big-screen TV setup I had.
I would also buy another AVP immediately, if I broke this, or if a better one came out,
But that is… extremely niche. The OS is as bad as iOS 1.0 was — but without the obvious utility to a huge number of people. I’m not sure Apple can pull this off.
But, I have all the Meta headsets, too, and have used them for this purpose. That gives me the perspective to understand that, while on one hand it is indeed “just another VR headset”, there has never been one actually usable for this before. Apple has the lead along a dew different axes. The question is, do they have the stomach to lose money on it for 10 years like Meta has>
(Even if they don’t literally sell it below cost, like Meta, it won’t work out if they don’t keep iterating as hard as they can on the software side. Like the first iPhone, it is simultaneously amazing, unprecedented, and objectively awful in many ways.)
P.S.
I do easy work in here on the gym machines, too. Not just HN-reading. ;-)
BTW the key to getting work done in AVP while running on a machine (or any other active scenario, like housework or walking to the grocery store) is to enable some of the Accessibility features.
The normal dictation feature is so bad it is unusable for more than a sentence fragment. The one enabled via Accessibility is incredibly good, aside from a bit more latency than I’d like (but easy to get used to that), and enables mixed voice dictation and keyboard-typing, without switching modes.
And that's why Meta will fail. The company doesn't have the branding or the technical imagination to create either a mass-appeal or a high-end prestige product. Apple has both, and its best VR effort appeals to a few thousand people.
As long as VR is limited to facehuggers the market will remain niche. VR glasses are a good few years (decades?) off.
In the meantime Apple will eat the high end and probably some of the low end.
So where does that leave Meta?
It doesn't help that Meta is more of an annoyance than brand. I'm not sure anyone actually likes Meta or Meta's products. While they're tolerated to some extent, they're perceived as fundamentally boring or irritating in a way that is deadly for brands.
"Our overall vision for the space is that we will be completely ubiquitous in killer apps, have very strong coverage in platform services (like Google has with Android) and will be strong enough in hardware and systems to at a minimum support our platform services goals, and at best be a business itself"
- Zuckerberg's 2015 VR letter
That’s almost nine years ago. He may or may not have changed his mind.
It would help if Meta said something about that. Ideally for potential third party hardware manufacturers, they’d promise to leave the hardware market once a vibrant ecosystem exists.
Defining “vibrant” then would be hard to impossible, though. The edge cases are easy, but uninteresting. If none of the others are making money on hardware there is no vibrant system. If multiple other parties are making money, they probably wouldn’t care much whether Meta makes some money, too.
For in-between cases, where third parties make some money, Meta will have to choose between staying in the market because others don’t sell enough and Meta leaving the market so that others get more room to sell and thus become profitable.
While the pedantry is whatever to me, they're not misunderstanding the usage of "take" they're pointing out the missing subject of "I". Leaving out the "I" like this turns the sentence from describing a personal opinion to commanding someone else to have that opinion.
I put the pan on the stove.
Put the pan on the stove.
I talk to your brother.
Talk to your brother.
Leaving out the "I" changes the meaning of the sentence here. "I disagree with x" means something else entirely than "Disagree with x."
It feels less like low vs. high-end and more like specialized vs. general hardware.
For example, if you're selling VR headsets for the purposes of industrial training, you may not want the consumer-grade hardware Meta is selling. You may need weather-sealing to allow outdoor operation. You may need vastly higher-resolution screens for industrial applications. The list of specializations goes on.
The specialized businesses tend to have wider moats and bigger margins. The TAM is smaller - too small for a mega-cap company like Meta to care about, but nonetheless can contribute to the health of the ecosystem.
This play gives influence over these niche, specialized uses of AR/VR without having to commit the entire company to it.
For example think of a medical instruments company that trains on VR headsets. Their choices right now are to use consumer-grade hardware which may not hit all of their needs, or become a full-on AR/VR company with all the requisite R&D that involves.
This allows these companies to exist in the middle ground - having the core R&D being done by another party, but having sufficient control to ship specialized hardware.
> The people who want to buy a Honda aren't the same people who want to buy an Acura, even though it's (essentially) the same parts.
Nit, but as an Acura driver (chooser), I can tell you that they are definitely not essentially the same parts. The irrelevant parts are the same, but everything that matters to the driver (suspension/drivetrain, interior materials, technology, etc.) all all different and better in the Acura. I get what you're trying to say, but that was not a good metaphor.
This depends on the model. I have an Acura project car and most of my performance relevant parts are Honda part numbers. Interior is the main exception.
Heck, I've got a Civic intake manifold in the room with me to replace the Acura one, haha. (The generation of K series after mine has better airflow and it's an easy enough swap.)
The Acura brand doesn't even exist outside of the US- if a car is sold in Europe or Japan the parts are Honda.
when you say something it's better, you should add better in what angle, because Acura suspension can be better for high speed cornering in a circuit, but suck if you leave in a place with bad road surface, and the honda suspension can be both softer and cheaper to replace.
Yes, but also there are currently so few components to pick from. SoC is definitely some kind of variation of Snapdragon XR2 unless you're Apple.
Can't go into high-end because for a device to make sense either an existing ecosystem around it or high confidence in one appearing. If you tell me that I can buy a 3k dollar vr headset that can run current quest library, I would pretend you're joking.
Mid-end is where we're at right now has/had very small margins because despite it being mid-end - you still have to use high-end components due to lack of options.
I can see someone like Porsche Design making a "high-end" headset (in terms of price, components would be the same). The only option for low-end is to use components previously used in mid-end that would need to compete with used previous gens since they would be nearly identical on the hardware level.
I feel like this is a bit off. There have been things like Porsche phones, but those are so niche that I don't think they're really worth considering. They happened, but they haven't been a long-standing product. They were a cash grab where they licensed a brand.
Now, Hondas and Acuras are different products. You can say "oh, they're essentially the same" and if you truly believe that, I'll sell you a Core i3 processor for the price of a Core i7. Yea, they're essentially the same, but it's the differences that make one better than the other. The point is that the high end isn't about branding. The high end is about capability. Apple has shown that their iPhone will outsell any luxury-branded Android phone to rich people because some things are about capability, not a logo. Samsung's flagships will way outsell some luxury logo smartphone too. The high end here is really about devices with better capabilities and it allows companies with good hardware businesses (like ASUS and Lenovo) to build something in the Meta VR ecosystem.
It's also possibly a way for Meta to stop dumping Quest devices. They'd rather just own the ecosystem rather than doing the hardware. If they can get ASUS, Lenovo, and others to do the low-margin hardware work and pick up the tab for a lot of the marketing, that's a win for Meta. Maybe Meta simply backs out of hardware over the next 5 years if a nice third party hardware ecosystem arises.
But I think this is going to be tough with VR. When you're trying to make an immersive experience, you need a baseline of hardware. It's also easier when you know the hardware you're trying to target. Android development can be frustrating because there's so much variance in speed and capabilities. One of the reason gaming consoles exist is that targeting a small set of hardware/capabilities makes things easier. That's not to say that PC gaming doesn't exist, but it can be hard because gamers need to spend a lot of money on hardware and there's a variance in capabilities that you need to account for - and who you might simply exclude. With a phone, it's less of an immersive experience for most apps which are just displaying something. They might display it slower, the UX might be laggier, etc. but it works. VR can't be laggy.
In some ways, it feels like Meta is trying to become a game console company without having to subsidize the console. That would be big if they can pull it off. I guess in many ways this is what Steam pulled off on the PC - taking a 30% cut without having to subsidize any hardware. We'll see if Meta can do the same for VR.
I don’t disagree with your core point, but branding is about a lot more than a logo. I think iPhones do sell to rich people because of branding, because iPhone’s brand basically is “the best possible phone you can get, plus it integrates seamlessly with your other Apple devices”. And Samsung flagships’ brand is “the best Android phone”.
Porsche, or whatever, have a great and meaningful brand when it comes to cars, but that doesn’t translate to smartphones. So when you see a phone with the Porsche logo the brand isn’t really gonna do much for you.
I strongly disagree that the low end of the market is taken. XReal's Air/2 are awesome and Moore suggests we'll see awesome displays in that form factor, not even necessarily from XReal.
After reading the article, it sounds like iPerf3 on Windows is going through an emulation layer (Cygwin) which - I kinda get why it's going slower if that's the case. Isn't syscall translation always going to add overhead?
I guess you mean it's some sort of great nerd challenge in school to comprehend and study this stuff. Taxing. Right? I didn't study EE so idk.
But if not...then you can just not read if you see it. Like a street sign to some place you don't wanna go: you see it, you turn the other way. Haha! :)
I was trying to say “this is an area I’m also interested in, and I’ve been looking into this recently, and I’m surprised to see it pop up here, because I thought it was niche.”
If you’ve got other stuff in the Yagi-antenna area of interest, I’d actually really like to see it!
