Hi, I'm Manuel, the developer of Zenitizer. Thank you so much for mentioning my app! Quite exciting to see it pop up here on HN, where I'm usually just a silent lurker.
It started as a typical "scratch my own itch" indie project since I, too, was looking for an app like this for iOS and watchOS and couldn't find one that ticked the boxes for me.
Happy to answer questions and always open for feedback!
You’re conflating two different things. The number of guns in absolute terms doesn’t matter as much as availability to people who are inclined to commit crimes: a collector / prepper going from 10 to 11 guns affects the total count but doesn’t impact the crime stats the way an angry teenager going from 0 to 1 gun does.
This is why it’s misleading to talk about state-level stats without accounting for density: Idaho has a lower crime rate because it is mostly rural and has a single large city, which isn’t that big. Crime is a function of population, not land.
> Idaho has a lower crime rate because it is mostly rural and has a single large city, which isn’t that big. Crime is a function of population, not land.
The comparative lack of people in Idaho is accurately accounted for in its crime rate.
Are you suggesting that density causes crime? Some of the world's most densely populated cities don't have anywhere near the crime rate of American cities, which aren't all that densely packed by world standards.
>This is why it’s misleading to talk about state-level stats without accounting for density: Idaho has a lower crime rate because it is mostly rural and has a single large city, which isn’t that big. Crime is a function of population, not land.
Don't you mean function of density or was that a slight of hand rather than a typo? Like compare Wyoming to 1/16 of NYC or 16x Wyoming and compare it to all of NYC. They're about equal in population but the rates per capita are per capita so they're unchanged whether you multiply one or divide the other.
Yes, density would have been a better choice - what I was trying to get at is that when you have a lot of people in close proximity you have more social interactions which can turn negative. For example, here in DC violent crime is largely limited to a few areas where drunk people get out of bars late at night and various crews are fighting over territory, so the numbers go up but most people in the neighborhood aren't affected. The crime rate always goes up in the summer because people are out on the street where they can get into arguments, and everyone's a bit touchy during a heat wave.
You certainly have things like rural gangs, too, but if things are spread out you just don't have that critical mass to ramp the numbers up. This also plays out in other types of crimes – cars get stolen anywhere there are cars, but thieves are playing the odds and it's easier not to attract in a dense population while they'd stick out if they started going up some stranger's driveway in a place where there's no other traffic. When that Kia lock exploit was in the news, there were bored teenagers basically treating street parking as a shopping mall because the supply was huge and until they actually touched a car there was no crime in walking down a sidewalk.
Household ownership doesn't matter if the people who own them aren't likely to be involved in crimes - if a 50 year old farmer has a hunting rifle, their risk profile to society is really different than an angry 19 year old with a handgun.
While crime rates are per 100,000 people, population density makes a big difference because a low density, homogeneous population is going to have fewer interactions which turn negative. That's why people comparing crime stats usually compare cities or regions to avoid falsely reporting a correlation which is nothing more than a function of urban vs. rural density.
Yeah, if I remember correctly iTunes had a clause it couldn’t be used for nuclear development.
Not sure what Apple lawyers were imagining but I guess barring Irani scientist from syncing their iPods with uranium refiner schematics set back their programme for decades.
Glad to live in a sane jurisdiction, where provisions made available only after purchase and those that go against typical customer expectations are simply invalid, so I never had to care about EULAs.
Oracle licenses 100% restrict reverse engineering it's product to build a competing once, which is probably the closest to what these AI giants are trying to restrict.
Oracle db products are not meant to build databases, unlike LLM code generator which are meant to build any kind of software, so the restriction sounds a bit different.
Imagine if Oracle was adding a restrictions on what you are allowed to build with Java, that would be a more similar comparison IMO.
You can you just have to ask. And that's not an oracle thing. All the commercial databases have that rule. It's too easy to make misleading benchmarks for such complicated products so that's why they do it.
At least one person has been subject to secondary screening and ultimately denied entry on the accusation that they had two phones.
> I thought I was just going to be given my passport and sent on my way, or maybe asked a couple of questions, but they made some pretty outlandish accusations. They said, ‘We know you have two mobile phones. We’ve been tracking your calls. We know you’ve been selling drugs’.
Oh my god, the story/stories from that post are awful. I didn't know it had came to the point where people with valid visas could be detained, rejected and visas cancelled. :(
Yes, 'cyber' security has devolved to box checking and cargo culting in many orgs. But what's your counter on trying to fix the problems that every tech stack or new SaaS product comes without of the box?
For most people when their Netflix (or HN) password gets leaked that means every email they've sent since 2004 is also exposed. It might also mean their 401k is siphoned off. So welcome the annoying and checkbox-y MFA requirements.
If you're an engineer cutting code for a YC startup -- Who owns the dependancy you just pulled in? Are you or your team going to track changes (and security bugs) for it in 6 months? What about in 2 or 3 years?
Yes, 'cyber' security brings a lot of annoying checkboxes. But almost all of them are due to externalities that you'd happily blow past otherwise. So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
Actual accountability. Do not let companies be like "Well, we were SOC2 compliant, this breach is not our fault despite not updating Apache Struts! Tee Hee" When Equifax got away with what was InfoSec murder by 6 months of jail time suspended, Executives stopped caring. This is political problem, not technology one.
>So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
By actually having the power to enforce this, if you pull our SBOM, realize we have a vulnerability and get our Product Owner to prioritize fixing it even if takes 6 weeks because we did dumb thing 2 years ago and tech debt bill has come due. Otherwise, stop wasting my time with these exercises, I have work to do.
Not trying to be mean but that's my take with my infosec team right now. You are powerless outside your ability to get SOC2 and we all know this is theater, tell us what piece of set you want from me, take it and go away.
We should be stopping leaks, but we also need to reduce the value of leaked data.
Identity theft doesn't get meaningfully prosecuted. Occasionally they'll go after some guy who runs a carding forum or someone who did a really splashy compromise, but the overall risk is low for most fraudulent players.
I always wanted a regulation that if you want to apply for credit, you have to show up in person and get photographed and fingerprinted. That way, the moment someone notices their SSN was misused, they have all the information on file to make a slam-dunk case against the culprit. It could be an easier deal for lazy cops than going after minor traffic infractions.
The problem with "identity theft" specifically is that, in itself, it's just a legal term for allowing banks to save on KYC by letting them transfer liability to society at large.
If someone uses your SSN to take a loan in your name, it shouldn't be your problem - in the same way that someone speeding in the same make&model of the car as yours shouldn't be your problem, just because they glued a piece of cardboard over their license plate and crayoned your numbers on it.
> For most people when their Netflix (or HN) password gets leaked that means every email they've sent since 2004 is also exposed. It might also mean their 401k is siphoned off. So welcome the annoying and checkbox-y MFA requirements.
Not true. For most people, when their Netflix or HN password gets leaked, that means fuck all. Most people don't even realize their password was leaked 20 times over the last 5 years. Yes, here and there someone might get deprived of their savings (or marriage) this way, but at scale, approximately nothing ever happens to anyone because of password or SSN leaks. In scope of cybersec threats, people are much more likely to become victims of ransomware and tech support call scams.
I'm not saying that cybersec is entirely meaningless and that you shouldn't care about security of your products. I'm saying that, as a field, it's focused on liability management, because that's what most customers care about, pay for, and it's where the most damage actually manifests. As such, to create secure information systems, you often need to work against the zeitgeist and recommendations of the field.
EDIT:
> This is the ultimate nihilistic take on security.
I don't believe it is. In fact, I've been putting efforts to become less cynical over last few months, as I realized it's not a helpful outlook.
It's more like, techies in cybersecurity seem to have overinflated sense of uniqueness and importance of their work. The reality is, it's almost all about liability management - and is such precisely because most cybersec problems are nothingburgers that can be passed around like a hot potato and ultimately discharged through insurance. It's not the worst state of things - it would be much worse if typical cyber attack would actually hurt or kill people.
This really resonated with me because I'm also working to avoid becoming more cynical as I gain experience and perspective on what problems "matter" and what solutions can gain traction.
I think in this case the cognitive dissonance comes from security-minded software engineers (especially the vocal ones that would chime in on such a topic) misunderstanding how rare their expertise is as well as the raw scope of risks that large corporations are exposed to and what mitigations are sensible. If you are an expert it's easy to point at security compliance implementation at almost any company and poke all kinds of holes in specific details, but that's useless if you can't handle the larger problem of cybersecurity management and the fallout from a mistake.
And if you zoom out you realize the scope of risk introduced by the internet, smart phones and everything doing everything online all the time is unfathomably huge. It's not something that an engineering mentality of understanding intricate details and mechanics can really get ones head around. From this perspective, liability and insurance is a very rational way to handle it.
As far as the checklists go, if you are an expert you can peel back the layers and realize the rationales for these things and adjust accordingly. If you have competent and reasonable management and decision makers then things tend to go smoothly, and ultimately auditors are paid by the company, so there is typically a path to doing the right thing. If you don't have competent and reasonable management then you're probably fucked in unnumerable ways, such that security theater is the least of your worries.
I’m a fellow cyclist in SF and can only wholeheartedly second this. To add some extra anxiety, I’m usually riding a cargo bike, ferrying a child to or from daycare.
I still remember the first time I went through a four-way stop intersection and saw a driverless car idling, waiting for its turn. It was weird and nerve-wracking. Now… I’d much prefer that to almost any other interaction at the same spot.
It's really interesting seeing all the comments from cyclists regarding Waymos. I currently live in a Waymo-less city and they weren't common enough in SF when I was biking there to be a big factor but I remember some harrowing moments with human drivers (without precious cargo - that sounds extra scary!). I'd be curious to try it again and am pleasantly surprised to hear it makes such a big difference!
I've got conflicted feels about Tailscale. I love their product and a bunch of the people I know use their free tier, including myself.
But their enterprise strategy destroys their good will. I can only assume it's focused on killing old school VPN products. The free tier that we love is a marketing expense. And it’s not even a conversion play.
People are complaining about ~10/user/month -- add basic things that you'd need to manage more than 10 peeps (SAML/SCIM support) and you're talking ~20/user/month. For us, a small sub 200 person company, they immediately lost their chance. We have lots of problems in the security space, some we're willing to spend more than 20/user/month to solve. Legacy network access is not one of them.
Assuming they wouldn't want to take on server maintenance workload, wouldn't something like NetBird be a better fit? The free version has ACL already, the $5/user/month has OIDC integration, and the business version (MDM integration and auditing) is $12. Then the server is still open source so if they wanted to transition to doing it themselves they still would have that option down the road.
I doubt it’s a real threat but it would be a country that would happily unsubscribe from US export bans. So Israel or Singapore would be two good options for the chip industry. South Korea or Switzerland you could argue for but are probably less realistic. Maybe Canada now, lol.
As well as being disingenuous your whole argument is beside the point. ASML isn’t threatening to move to the US.
The current administration has created day light between the US and EU governments and ASML is using this leverage to try and get the Dutch to ignore US export bans.
Here are some choice exerts so you can continue to avoid clicking on TFA:
> The pressure on asml began to build in 2019, when the Dutch government, at America's urging, barred the company from exporting its advanced euv machines to China... President Donald Trump's second term brings the threat of still tighter controls
> Referring to the Dutch government's willingness to follow America's lead on export bans, Mr Fouquet says that Europe must "decide for itself what it wants" and "should not be dictated to by anyone else".
https://apps.apple.com/us/app/meditation-timer-zenitizer/id6...