I don't agree it's a myth. Is it an extreme risk? Yes, of course. Do people view the risks to be way too low? Yes. But I worked at Cloudflare pre-IPO, got shares at 1.73, and at one point CF was at 200 a share. That was more or less what I was "promised" from the equity.

Stripe is one example of a successful startup not going public, but there are tons of startups that are going public. And there are many startups that wish they could go public, but they simply don't have the finances or business to do so.

I don't think VCs changed much from when Google went public until COVID. We were seeing massive overvaluations of tech companies for years. Once through 2020, VCs got scared and now the landscape is a bit different. But the AI craze has started to get VCs back out of their shells taking bets on risky projects.

So, yeah, idk what I agree with this assessment. At least it's not been my experience in tech over the last 8+ years.

> I don't think VCs changed much from when Google went public until COVID.

VCs changed a ton over that time. In 2004 VCs were still smarting from the dot-com bust. And VCs were hardly spewing cash during and in the aftermath of the GFC of 2007/08. The days of easy VC money were mainly in the early-mid to late '10s.

And as you point out with your end date of COVID, VCs have now backed off again, as they did around 2000 and 2008 during those bust/bear cycles. I would credit interest rate increases with the current backoff, though, not COVID. During early COVID, funding was still fairly well available, assuming your business wasn't something that required in-person contact; even better if your business facilitated home-office work.

> At least it's not been my experience in tech over the last 8+ years.

That's only ~4 years pre-COVID; either seems like too short a horizon to make this sort of assessment. (Source: been in tech for 20-odd years.)

PCI is the most checklist framework around. SOC 2 can be a checklist audit, depending on how much effort your internal compliance team puts into it. I've never had SOC 2 be really a checklist in the way PCI is. SOC 2 requires you to design and write your own controls and scope in or out different aspects of the business. SOC 2 does include monitoring and stuff like that.

The difference really is point in time vs period over time audits. PCI is a point in time audit, SOC 2 is a period over time audit. So for SOC 2 you do need monitoring controls, and then they test that control over the entire period (often 6-12 months). So you are monitoring the control effectiveness over a longer period of time with SOC 2. And even PCI has some period over time controls you need to demonstrate.

From the outside all compliance will seem like checkboxes to most people once controls are established. Because really the goal for most of the business is to make sure the control they interact with doesn't break, and the compliance team will likely give a list of things that the business can't afford to have broken. Which does seem like a checklist similar to PCI. But really, only PCI is straight up a checklist, as you don't really get to decide your controls.

I am not sure where you're getting your information on requirements for PCI service providers. There isn't anything inside of PCI DSS that requires some sort of SOC report to be generated and distributed to customers. And Cloudflare does make their PCI AoC available to customers.

They clearly defined the scope of impact, and demonstrated that none of this impacts systems in scope for PCI. There was no breach to change management inside of BitBucket, and none of the edge servers processing cardholder data were impacted. They will have plenty of artifacts to demonstrate that by bringing in an external firm. So I am really not clear why you're bringing up PCI at all here. They made it clear no cardholder data was impacted so your perspective on the required "on-site" audits is moot.

Cloudflare operates two entirely different scopes for PCI; The first being as a Merchant where you the customer pays for the services. This is a very small scope of systems. The second is as a Service Provider that processes cards over the network. The network works such that it is not feasible to exfiltrate card data from the network. There are many reasons as to why this is, but they demonstrate year over year that this is not something that is reasonably possible. You can review their PCI AoC and get the details (albeit limited) to understand this better. Or you could get their SOC 2 Type 2 Report which will cover many aspects of the edge networks control environment with much better testing details. After reading that you can then come back to the blog and see that clearly no PCI scoped systems were impacted in a way that would require any on-prem audit to occur.

And they are not a card network. They are a PCI Service Provider because cards transit over their network. They are not at risk of being unable to process payments or transactions for their Merchant scope even if there are issues with their Service Provider scope. Because, again, these are two separate PCI audits that are done, testing two different sets of systems and controls.

And, as an aside, Cloudflare effectively always has on-prem PCI audits occur. Because the PCI QSA's need to physically visit Cloudflare datacenters to demonstrate not only the software side of compliance, but the datacenters deployed globally.

and there is already a massive shortage of ATC employees right now. At minimum this would need to be addressed and more than double the workforce of ATC. That's without accounting for any additional infra that might be needed to support a 10x or 100x in traffic.

>That's without accounting for any additional infra that might be needed to support a 10x or 100x in traffic.

The TSA requirement is nil for 10 person flights and these would be VFR only anyways. You would avoid a vast majority of the need for added ATC by operating between uncontrolled fields and relying on enhanced automation. The traditional airport model doesn't really apply when flights can be made so casually. Imagine a world where tiny runways that only service EVs are integrated into the city and you can hop between them as easily as catching a bus. Crosscountry travel would be also be possible via smaller hops, and cost less than a direct long haul jet liner ticket.

All of that is enabled by the orders of magnitude reduction in operating costs. EV Alice is claiming $200/hr to operate an aircraft that has the equivalent performance to a $1k+/hr turbine within the range limitation.

> Imagine a world where tiny runways that only service EVs are integrated into the city and you can hop between them as easily as catching a bus.

I mean, that sounds like a massive shift in infrastructure and city planning. I am not sure how efficient and affordable this would need to be to achieve that level of integration into daily society. Currently nothing, in the US at least, is setup to function this way. Whereas rail and roads are already deployed.

And again, this ignores any of the issues brought on by scale. If this is the way we want people traveling at a 10x or 100x rate, the airspace is going to be busier and likely will need some sort of coordination, whether ATC or some other mechanism.

Yeah, it's so free the word CIS is considered hate speech. It's so free you can't see tweets without logging in. It's so free Elon gave insider information to hand selected journalists to build a misleading narrative. Maximum freedom for sure.

We all know why certain people seem to like Musk, they just won't admit it because they know the reasons make them look bad.

Also, there are still scams, still fake accounts, still tons of bots, etc lol.

I do wish Elon fulfilled his promise of 'free speech absolutism', but unfortunately it's not possible with advertising today. The problem is we have no choice here given the censorship of other social media companies so anything is better than what we had before.

It's almost like there is a bottom line and laws and stuff that require sites to moderate content. Elon will either follow suit or he'll pay out a ton of money and go broke taking Twitter/X down with him. Twitter is really no different than Facebook or any other social media site, the censorship still occurs and by and large along the same lines. The primary difference is that Elon is fine with the extreme right voices not the extreme left. But there is still a boot on the throat.

Flight trackers are not allowed on Twitter. Why? That's clearly free speech, and it's not political in nature at all. Elon just doesn't like it.

Censored in Türkiye because like every other platform he will crumble to government pressures.

He's doing the same shit that he tried to call out in the "Twitter Files", the ONLY difference is which views he supportive of compared to say Zuck.

And overall it's fine with me. A platform built around free speech absolutism is doomed to fail. No one wants to be associated with the most extreme voices, unfettered and in some cases even promoted. It's just more embarrassing when Elon says he wants to establish true free speech values, then his platform doesn't represent those values, and he tries to lie to your face telling you it is.

> There are no censorship laws in America.

Yes and no. There are libel and slander laws, and there is definitely content that has to be moderated, such as illegal content. Which, if we're being strict on the idea of free speech absolutism, then complying with the laws is still censorship. Which is sort of the issue with the entire idea of "free speech absolutism" in general.

> Please show me some examples of new Twitter increasing political censorship of people he disagrees with.

The fact that the word CIS gender is considered hate speech on the platform[0]. That's a decidedly moral perspective and one that comes with an entire political movement.

> The flight trackers thing (from what I understand) ended up being a security risk

You understood wrong. There is no risk, period. The flight trackers aggregated public data which literally anyone can go look at. And they didn't validate whether the plane being tracked had anyone on it, and they didn't follow the people on-board around telling you their destinations once they landed. There was no real risk, full stop. Musk and other people with private jets have many ways to remove themselves from those trackers and simply chose not to do it.

> Turkey thing is not a choice of his.

Weird, now it's not a choice when he decides to censor stuff, but it is a choice when he decides to not moderate people using other slurs AT individuals. Is Musk located in Türkiye? No. Is the Corp offices for the company located there? No. Do they have employees there? No. Türkiye has no power over Musk, yet he still bent the knee because he wanted his platform to stay up in a country so that he could continue to benefit from the user base. Just like Zuck does with FB and Dorsey did with Twitter before that. Musk could have said eff you to Türkiye because he truly believes in free speech, but he didn't because he doesn't.

[0]: https://twitter.com/elonmusk/status/1671370284102819841?s=20

That's a pretty ridiculous notion to pit illegal content such as death threats and real libel with free speech. No one of any significance on the right who advocates for free speech believes in that and it's just a cheap trick / wordsplay.

>The fact that the word CIS gender is considered hate speech on the platform[0]. That's a decidedly moral perspective and one that comes with an entire political movement.

CIS IS a slur, used to marginalize non-transgender people. I totally disagree with banning the term, but labeling it under "hate speech" alongside anti-transgender wording is perfectly logical IMO.

>yet he still bent the knee because he wanted his platform to stay up in a country so that he could continue to benefit from the user base.

Again, he has no choice here. Either shut twitter down or follow the countries laws. The choices tech giants make in authoritarian countries is pretty meaningless. It's the choices they make in free countries that count and shows their true colors.

A lot of words to say that you are fine with curtailed speech, and that Elon's Twitter/X is not doing anything unique in regards to speech. Which is fine, the product needs to be for someone I guess. But don't pretend that Twitter is a safe haven for speech when it's not. It's just another social media site where moderation is done at the whim of those in control of the platform.

> That's a pretty ridiculous notion to pit illegal content such as death threats and real libel with free speech.

I am not the one that chooses to call myself a "free speech absolutist" and I am not the one that is claiming that Twitter is a place for free speech. If we're only looking at what is considered free speech in the US then Twitter had completely free speech before Elon took over. My usage of illegal content was in response to the claim that there were no laws around censorship in the US. Clearly there is, and you agree; Illegal content does need to be censored. I am fine with that, but is a "free speech absolutist"? If so, they aren't an absolutist.

I wasn't making a claim on whether or not that was reasonable content to take action on.

> CIS IS a slur.

No, it's not. It might be able to be used as a slur but that is true for most adjectives. You feeling like it is a slur says a lot more about you than it does about people who use that word. And this is just another example of where someones personal perspective is influencing the moderation on Twitter/X. You agree with Elon that its a slur, which is fine I guess. Elon says thats going to get banned, and that's not a free speech issue for some reason. But when people bring up the usage of the N-word or anti-Semitic language, Elon is oddly quiet. Again, I guess that is fine, it's his platform, but clearly slurs aren't wholesale banned, so then how is that free speech? Oh, right, it's not. It's the exact same as Facebook or Reddit or any other website. As if Elon isn't doing anything unique but selling you on the idea that he is.

> CIS IS a slur, used to marginalize non-transgender people. I totally disagree with banning the term, but labeling it under "hate speech" alongside anti-transgender wording is perfectly logical IMO.

Do you then also consider "hetero" to be a slur?

Well this is already sort of the case. But instead of Netflix it's Hulu. Hulu was the sort of agnostic platform that included live TV and needed to be able to VOD all the shows available on live TV networks. Now, you bundle Hulu + ESPN + Disney. Until every company wanted their own streaming service, Hulu was where you could find broad network content. And they even have commercials, so it worked great by classical TV metrics.

The issue is, Hulu created content is meh. Hulu's UI is meh. And Hulu doesn't aggregate ESPN+ and Disney+ in a single pane. And now everyone wants to own their own cut of the streaming service pie. So there was a push for this type of service that saw the incumbents rallying together against Netflix. For whatever reason that wasn't good enough for them, so the idea that now they will just partner with Netflix seems unlikely.

> And Hulu doesn't aggregate ESPN+ and Disney+ in a single pane.

My Hulu shows aggregated ESPN+ in the "Live TV" category (which does show up on the Home Hub as well). It's quite obvious to me because that and HBO (incidentally) are the only "Live TV" I pay for so all I see in the Live TV section at all are ESPN+ and HBO.

Disney+ aggregation isn't there in Hulu, but the opposite is definitely already happening: a bunch of Hulu shows are now aggregated in Disney+ for me. Though the border between "aggregated there" and "slowly moving there" is quite blurry as Disney does seem keen to move towards Disney+ as the final brand left standing and eventually killing the Hulu brand. This is already the case in most of the world (Star+ which was the Indian sub-continent Hulu equivalent that Disney also outright bought is a "hub" in Disney+ rather than the other way around, despite predating Disney+ by several years just like Hulu; incidentally Disney did integrate a Star+ hub into Hulu in the US if you were curious what some of that content looks like), so it does seem inevitable in the US eventually Hulu will be eaten by Disney+.

(The one weird twist to that being how protective Disney as a brand has been of their family friendly part of their brand image in the US and in their merger of Fox and Hulu they found it useful to treat the Hulu brand as "Disney After Dark" and avoid some of the "family friendly" issues in the first few months of Disney+ while they added parental controls and other family focused tools after the US launch date. Disney will get to unwind the concept that they need a "Disney After Dark" that their own PR created in the first place in order to eventually merge Hulu into that plus in Disney+.)

Thanks for the update on that. I went back and checked and you're correct ESPN+ is there for Live TV. I just also happen to pay for Hulu Live, so it gets a bit buried. But it is in fact there.

I then went and checked Disney+ and you're also correct. Some of the Hulu content is now on that app. But yeah, its almost like completely random content was moved over, so it seems like its just easier to go to Hulu for now. But it's been clear for a while that Hulu is dying slowly.

For a while it seemed like Hulu was the path to killing Netflix but that floundered out years ago. And now everyone has their own service, so it seems very unlikely its worth trying to rebuild off Hulu at all. We'll see how Disney deals with the more adult/dark content on their platform but that seems like a better problem to solve than having 3 different platforms for streaming stuff. I do wonder if they will care at all about live streaming though; it costs a lot of money and idk how good the margins are.

Yeah, my Hulu account dates back to an early Beta key from a friend then working at GE Appliances, and I've maintained an active subscription on my Hulu account through more years than my Netflix account, so there's an interesting sense of nostalgia/loss in assuming the Hulu brand will be dead soon and even if it manages to remain a zombie brand for a while (if for no other reason than the "After Dark" problem), the Disney era of Hulu which started just a few months back when Comcast sold their last shares of Hulu to Disney is already a different Hulu from the Hulu that once thought it could be a multi-provider aggregator platform to truly rival the cable companies. (Not that Disney killed that vision, Comcast did their part to kill that vision when they bought majority ownership from GE along with NBC Universal.)

Your entire line of comments seems to miss the entire conversation.

In Germany, they do find it economically viable and important for line level employees to have direct representation on the company board. Talking about the CEO or other management classes being on the board is missing the conversation. Suggesting that because US companies don't believe in the economic value is missing the conversation. Suggesting that people are saying that this type of board composition is illegal is also missing the conversation. No one said it's illegal, but it's equally not a legal requirement either like it is in other places.

The conversation is that this composition doesn't exist, by and large, in the US, and people think it should. People seem to believe that it does have value to the business.

So yes, it does seem like you're creating semantic arguments because your points miss the conversation semantically.

Europe has sectoral bargaining (whole-industry unions) and codetermination (workers on boards) because they're running on newer legal systems than the US. It'd probably work here, but we have older corporate unions (per-company unions) which causes unions and management to fight each other more.

On the other hand, we do have higher productivity, but not having codetermination probably isn't the reason for that.

When I was a kid I went to work with my dad sometimes. He owned his own painting/handyman company. One of these work trips had a lot of work but very little an 11 year old could really do. I spent most of my day doing nothing, and it felt like the longest day of work in the world. I was tired, bored, and felt like I had actually worked all day. My dad said "sometimes having no work feels like more work doesn't it?" and honestly, yeah. Sometimes that really is the case.

A few years ago I had a tech job where they straight up didn't have work for me to do. For the first month it was amazing. But after a few months a day of doing nothing was completely draining. And my dads words rang in my head again, and I was like damn that as true now as it was when I was 11.

Doing nothing is shockingly hard mentally. We need to be engaged in stuff day to day, and without that engagement it seems like we spend a lot of energy trying to find something to do.

I was a summer intern at a big defense company for one of my first summer jobs. They gave me some fairly simple work but not enough to fill my day. I ended up reading a lot of books for a large chunk of my day. =/

And I am again forced to ask this silly question, but what are you referencing in regards to Section 230? There is no such delineation that is made as part of Section 230[0] and there is no legal definition for being a platform. Thusly there is no conundrum here.

This is a talking point that got beat dead in 2020 and I am shocked that it still has any life on HackerNews. It's not only moral positioning, it's a fundamental misunderstanding of what makes someone a publisher and what is actually covered as part of Section 230.

[0] https://www.eff.org/deeplinks/2020/12/publisher-or-platform-...

all true, but the conundrum remains, especially as there's been talks to rejigger S230. but again, it's all a smokescreen for creating advertiser-friendly websites.

So because a Twitter is single purpose its bad? If the twitter account followed two peoples private jets would that be enough? Or does it need to be a whole sale repost of the entire flight tracking feed? Can the person parse ANY flight data from this type of a Twitter account? Where do you draw your arbitrary line here?

This entire premise is so very weak to me. Elon is famous and a public figure and it's his own choice that people have as much interest in him as they do. He does everything he can to be in the public eye. There are tons of plane tracking accounts or applications. There is even one that tracks AF1 which carries one of the most powerful and important people in the world.

And this isn't a location tracker. This account doesn't follow Elon around and Tweet where he's headed once he lands, how long he might be staying, where he went for lunch, etc. And Elon can use completely legal methods to reduce how much of this information is publicly available.

> Just because you can publish information like this doesn't mean it's ethical

And just because some actions MIGHT have negative outcomes doesn't mean they are unethical.

Elon has all the tools to avoid being tracked by a random flight tracking service. If he doesn't use those tools then he doesn't care that much about his privacy. He posts images of him sleeping in the Twitter HQ, which has a publicly listed address. We aren't talking about some powerless individual who is having big companies abuse their privacy.