Hacker Newsnew | past | comments | ask | show | jobs | submit | xtajv's commentslogin

Friendly reminder: The Mayo Clinic is located in Minnesota.

The Mayo Clinic does a lot of groundbreaking research, new techniques, ultra-rare diseases... stuff that is super awesome, but nonetheless relatively unlikely to have established billing norms.

I will also remind you that in most U.S. states, the largest employer in the state is either a university or Walmart. In Minnesota, it's Mayo.


This one's almost as good as "why don't we try paying software engineers by the line?"


Yes. It's a brillant [1] idea to apply metrics like that to people with university level training in optimization!

[1] https://thedailywtf.com/articles/The_Brillant_Paula_Bean


This is legitimately reassuring.

There are nearly-century-old journalistic guidelines and ethical codes about what you do and do not put into widespread news media.

Posting explicit details about methods used in a celebrity suicide encourages copycats.

Posting explicit details about a shooter's extremist philosophical beliefs brings those beliefs closer to the mainstream AND encourages copycats.

There was a certain recent college debate that I was very surprised to see proliferate across social media, because of the fact that We Do Not Publish Snuff Films.

I actually assumed it was a deepfake, doubted AP News Wire and Reuters, and finally bought it when I saw a tiktok from the TMZ cutting room floor. The fellow in charge didn't believe it either... until he did, and then it was an all-hands-on-deck moment steadied by someone clearly experiencing a huge surge of adrenaline but keeping their cool while operating in their element.


There's plenty of hasty generalizations going on in this comment.

If you see this sort of thing happening in the U.S., the place to complain is your state's insurance board.

Medicine is hard enough without people TRYING to do harm.

And actuarial science is brutal enough WITHOUT glossy justifications for assuming that healthcare providers are bad actors.


Translation: Insurance companies intentionally injecting bugs into their own software to make requests that don't respect user input.

Despicable.


Fire insurance protects against the rare disaster where there's a fire.

Flood insurance protects against the rare disaster where there's a flood.

Health insurance protects against the rare disaster where somebody's actually able to get healthcare.


It pains me to mention this but I don't think it's responsible not to: https://github.com/meshtastic/firmware/issues/4030

At time of writing (2025-09-27, plus or minus a timezone), there does not appear to be any serious attempt to secure application-layer message contents. (At least, not yet)

My hope is that this cool new radio link option will still gain traction and grow and develop without painting itself into a corner, security-wise.

To wit- security hints on https://en.wikipedia.org/wiki/OSI_model have improved substantially since my last readthrough.


As if the Meshtastic devs care about anything but pretending to be a business masquerading as an open source project.

They are quite possibly one of the most toxic projects right now.


Meshtastic is GPLv3. So all source code will always be available.

Meshcore is MIT licensed. And closed source applications already started to creep in. See the smartphone apps and the T-Echo implementation. This has already the classic smell of ham radio projects I honestly don't want to support.

The maintainers of MT are friendly. The people using it - not all of them. Like all community driven projects.


I keep seeing folks in my circles playing with it but this is the first I have heard this opinion.

Could you elaborate?


It seems like there are some people in the Meshtastic and MeshCore community who have it out for each other, for reasons beyond me.

I've only personally tested Meshtastic, and from a technical perspective, it still feels very beta, and I wouldn't put critical communications on it. However, it's a fun introduction to LoRa and long range low power RF, and can be a fun way to communicate much like I think amateur radio was to its early adopters.

I think one thing that causes a lot of community strangeness is the strong push by some to make it what it's not, like some doomsday-proof communication system that will outlive cellular networks and atomic bombs. It could be useful but requires skilled operators and coordination to work well (like using different frequencies and coding at events for much more bandwidth).


Given the fact that your account looks to be specifically created for this comment....it would be good to have some sort of citation to back this up?


At least in the linked issue, the project member who, on request of an outside contributor, reopened the issue seemed pretty open towards a fix?


I saw some twitter-like shit comments on chi-mesh while visiting family in IL.

But I've seen nothing but friendly interactions on the SF bay mesh which is much larger and thriving.

Nothing seemed particularly toxic, not on either of these meshes. Considering it's an open system anyone can say anything on, I'm sure it'll devolve into chaos as it gets more popular.

But when it comes to toxicity I'm going to assume you're either referring to the Discord, or making shit up. Discord having its roots in gamers is known to be a dumpster fire and I expect nothing less than toxic behavior on any Discord "server".

I do not understand why people spend time on Discord to play with Meshtastic though. Play with the mesh, that's the whole point.


I appreciate you pointing that out. I've been curious about meshastatic and wondered how well the encryption was being handled.


Check out the alternative https://github.com/meshcore-dev/MeshCore Seattle has the largest functioning mesh core installation in the world


MeshCore seems to enforce a strict separation between client devices and repeater devices, which is a significant downside for many use cases.


I find meshcore way more useful as I know if my messages arrive. On meshtastic the conversations especially in groups are always incomplete.


They're looking at ways to have regular nodes repeat on the network. Right now it's a one line change to enable it. Doing it well and smart is what's holding it back


I dream that LLMs will be the disaster that finally convinces the software engineering field that code isn't so "soft" after all, and that software engineering should be licensed, bonded, and insured.

Every single other engineering field has gone through it. "Regulations are written in blood".


Blood has been spilled. 737 MAX happened and it didn’t change the industry, so nothing will.


There isn't a single unified software industry. 737 MAX problems happened in a software engineering and software development context embedded within one of the nominally most rigorously regulated industries that already exist.

MCAS failures was not a failure of software per se, but a clear system engineering and management failure, and a failure of all engineers involved, including ones that actually are licensed.

If nothing else, MCAS shows the limits of regulation, particularly in the failure mode of regulatory capture (FAA delegated too much power back to Boeing).


It shows the broken incentives of the lobbied failure mode. It does not say anything about the limits of regulation. In particular, regulation can say: you need to perform 100,000 failure-less flights across the globe without any passengers to approve the aircraft. I’m not saying it’s practical to do so, rather that regulation always has a headroom.


Sadly, I’m not sure things change when blood is spilled. Only when a DRASTIC amount of money is lost. Multiple times.


Looking at https://en.wikipedia.org/wiki/List_of_software_bugs there has been several major bugs, e.g. in 2012 Knight Capital Says Trading Glitch Cost It $440 Million, or https://en.wikipedia.org/wiki/Northeast_blackout_of_2003 which lasted up to 4 days and affected 55 million people and resulted in almost 100 deaths.


History has sadly proved you right imo.

Don't think it'll change anytime soon either.


Not really, very few fields of engineering are that heavily regulated, and software in safety critical contexts is already heavily regulated. And having seen the sausage made, it's really not that much better. In fact the average web app probably has better quality software than most embedded medical devices, there's just a bare minimum bar of documentation and testing that hopefully stops them killing someone.


Oh no you're right- usually the handwavy argument that will be made is "Okay, hashing is never O(1) in the bitlength of the input... it's O(1) in the number of elements being hashed, and the rest of the complexity analysis is done relative to the number of elements".


Oh boy, this should be good. Mark my words, this will be followed by a "proof" of nonexistence, in the following form:

"Well, let's build a list of attacks that I can think of off-the-cuff. And then let's iterate through that list of attacks: For each attack, let's build a list of 'useful' things that attackers could possibly want.

Since I'm the smartest and most creative person on the planet, and can also tell the future, my lists of ideas here will actually be complete. There's no way that any hacker could possibly be smart enough or weird enough to think of something different! And again, since I'm the smartest and most creative --and also, magically able to tell the future-- and since I can't think of anything that would be 'worth the cost', then this must be a complete proof as to why your security measure should be skipped!"


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: