A UK doctor friend mentioned they believed a lot of people being prescribed anti-depressants were suffering from "shit life syndrome" rather than real depression. This wasn't to belittle the issues but rather to highlight the issues they maybe facing, which society doesn't deem valuable enough to fix and the GP is one of the only perceived options they have for help.
I feel like there’s a balance between —- a thing that really helped me in life was seeing a therapist in my early twenties who really validated a lot of my struggles and take them seriously. But also, kept me from going to far in the other direction of wallowing or being driven by a label.
Part of the problem is the medical system doesn’t have great language around this, I think in America in order for insurance to pay for therapy there has to be diagnosis. My therapists solution to that was to provide a diagnosis but we didn’t really lean into it, he just explained that’s the process.
But the language around diagnosis unfortunately has implicitly power. We probably should talk about mental illness much less that way.
You've broken the site guidelines repeatedly in this thread and others lately. Crossing into personal attack is particularly unwelcome.
We ban accounts that post like this, and we've asked you more than once before, so that's not good. If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules, we'd be grateful.
I agree, that I post a lot of snarky replies and that is generally against the rules. But in this case what was the rule I broken?
The parent says that they themselves had reservations about having a diagnosis associated with whatever problem they had. I merely pointed out the negative side of the coin ("wasted money") if over diagnosis is the case here (which considering the recent threads on the topic and author's own previous doubt seemed probable to me). I mentioned the author ("you") as the responsible party, because that's what needs to be considered. Otherwise it is easy to defer blame to "the system" and absolve oneselfs from personal responsibility.
There are a bunch of guidelines you broke there. If you want an example, how about ""Have curious conversation; don't cross-examine."" or this one: "Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith."
More importantly, though, is a spirit-of-the-law place, not a letter-of-the-law place, so if you're asking for specific rule citations about a comment which obviously was not in the intended spirit of the site, we're already off track a bit.
Do you understand the consequences of insurance companies or government paying for something that does not need medical intervention en masse? Where do you think they get money to do that?
This is also why I kind of hate it when rich people say that money doesn't make you happy. It's true, it doesn't but if you don't know how to pay for your next meal or worse your kids next meal, or you're sick and can't afford good care, then money does make all the difference.
In mathematical terms money might not be sufficient to make you happy, but it's a necessary condition indeed.
There is a persistent and perhaps fundamental problem of balancing self optimization and social optimization.
A group of people are trudging through the desert with limited water arduously pumped from scattered wells. Do you ration water such that everyone gets equal amounts or such that those sweating the most get the most.
Solve this dilemma accounting for the fractal parameters that go into it, and you'll have a utopia.
> balancing self optimization and social optimization
A person in a society has a right to the minimum of essential ordinary resources (food, shelter, clothing) to function as a general matter. (We have a right to pursue other goods, and in some cases a right to them once had, but we cannot say we have a right to them per se and before the fact. We have to be careful to distinguish between the two, as undisciplined and entitled people consumed by appetite tend to be unprincipled and like to inflate the list of “essentials” in self-serving ways. There’s certainly a pathology of envy at work as well, and we should in no way naturalize envy.)
In a situation of scarcity where there isn’t enough for everyone (which does not apply to the developed world), there is no solution that could satisfy that right universally. There is therefore no injustice committed when such basic resources are not distributed accordingly. Whoever gets their share gets it; whoever doesn’t simply doesn’t. You would expect competition here. Now, you could be charitable and self-sacrificial and give up your own share for another, but you have no such obligation to do so, and thus no one has the right to your share. Such charity would be an extraordinary act that transcends mere justice. It is entirely voluntary, even if heroic.
> and you'll have a utopia
Well no, you wouldn’t. This is the fallacy of consumerism and homo economicus. Even if everyone were rich, you would still have plenty of misery. The idea that human well-being is rooted in mere consumption - full stop - is at the root of so many ills. There is no well-being without virtue.
More like most people are dragging a cruise ship through a desert while being baited with the possible opportunity to belong to those enjoying the endless buffets and on-board water park.
This whole "should we ration so everybody gets some" is complete BS. There is an abundance of resources that are concentrated to a few and the rest made to suffer. We don't have to ration, we have to prevent the greedy from hogging it all. It's quite the opposite.
Funny how the choice of an analogy can set bounds to the set of accepted solutions.
Instead of trudging through the desert, or escaping a sinking ship, or surviving in a dog eat dog jungle, I prefer to compare modern society with a large boarding house, where every one has to cooperate a bit to make it work reasonably well.
A poltical philosopher from the XXth century once wrote: "At the end of the day, all we are trying to achieve is a basic level of decency, for which all that's required from citizens is the simple politeness commonly found in any boarding house."
Anyone who makes like 100 million dollars and thinks to themselves "this isn't enough money to stop working and just enjoy life" has something seriously wrong with them. The billionaire class will never be happy, and it's time for society to stop letting these loonies ruin society to satisfy their insanity.
I think it is far to keep working if you love what you are doing. To filter, there should be an absolute cap on wealth at a few hundred million dollars. This would eliminate the incentive to manipulate politics in favour of yourself, but if you want to keep working you should be doing it for society via charity or taxes on anything additional that is earned.
Have a nice ceremony and present a medal for winning capitalism.
>To filter, there should be an absolute cap on wealth at a few hundred million dollars.
One million dollars and not a penny more. Enough for most people to live comfortably, but not enough to buy governments, or for the upper classes to never need to work again to maintain their lifestyle and privilege.
No human being needs or deserves a hundred million dollars.
I agree with you in principle here, but to play devils advocate, $1,000,000 isn't a whole lot of money. A worker will make around that much at $25,000 a year over 40 years. If we have to keep money/capitalism, the limit should probably be around 10-15 million. That's still pretty high, but not egregious. Give or take ~40yrs on a high FAANG salary ($375k/yr). Still firmly upper middle class IMO.
I don't mean earnings over a lifetime or career, but currently. A worker making $25,000 a year will still probably never see a million dollars regardless of the limit. Maybe everything above that is taxed 100%. I don't know.
But the point is kind of to eliminate the upper classes and scale the economy back into the reach of most people. So there would be no FAANG salaries. The cost of everything (healthcare, education, housing) would go down. It would place a hard limit on political influence that isn't too far out of reach of current Congressional salaries and would probably limit pork barrel politics and insider trading as well. It would end inherited wealth and maybe even limit the length of copyright.
That's an admittedly naive and utopian view and I'll admit there are bound to be complexities and externalities I'm not taking into account because I'm not an economist. But it's either that or we seize the means of production and put the rich to the guillotines until the sewers choke on their blood. And then something something luxury space communism.
That's the crazy part. The people at the top seem to think they're better off if they can get another billion in the bank, regardless of the impact on the rest of society. But they, too, live in that same society that they are destroying.
They seem to think it's better to be a king in the Middle Ages than just a regular rich person in modern society. They forget that the lives of kings in the Middle Ages were absolutely terrible.
The purpose of capitalism is the flourishing of the capitalist classes.
The labor classes only need to be maintained like machines or draft animals, kept just alive and well enough to afford the rent on their lives so they can continue to create value.
The collective reactions to this aren't mental illness, they're trauma responses. Capitalism is accelerating towards its final form and the shock is giving people PTSD.
Billionaires are a convenient distraction for the upper middle class.
The wealthiest group of people (on the whole) is the 70-95th percentile.
If we were to have the toppling of "the rich" that brought about meaningful change to the "poor", it would necessarily include the toppling of the ~$200k income households.
It's just common sense that things would not be geared toward the patient's best outcome.
It's easier (read: cheaper) for the broken NHS and cash strapped government to shovel pills than it is to get someone to revamp their life.
Imagine the alternative cost of talking therapies for the NHS. There are three year waiting lists for them already.
Depression usually occurs for a causal reason, it just may not have been found for the individual yet. It could be poor diet, lack of exercise, excessive escapism as a response to unprocessed trauma etc. Ultimately though these causes require the patient to exert effort toward improving their life, and so they have to have willpower and motivation.
Thankfully exercise can now be prescribed by doctors in the UK!
Following a public statement by Hansford about his use of Microsoft's AI chatbot Copilot, Crikey obtained 50 documents containing his prompts...
FOI logs reveal Australia's national security chief, Hamish Hansford, used the AI chatbot Copilot to write speeches and messages to his team.
It matters as he's the most senior Australian national security bureaucrat across five eyes documents (AU / EU / US) and has been doing things that makes the actual cyber security talent's eyes bleed.
Years ago people routinely uploaded all kinds of sensitive corporate and government docs to VirusTotal to scan for malware. Paying customers then got access to those files for research. The opportunities for insider trading were, maybe still are, immense. Data from AI companies won't be as easy to get at, but is comparable in substance I'm sure.
They are now, although to be clear there was (is?) nothing nefarious going on, just people not understanding that public submissions are available to VirusTotal's paying users. These days VT has private scanning, too, but the issue was always one-offs from random finance or investor relations teams.
It lingers in fat tissue and once at a low enough level your liver doesn't really clear it. But that kind of level isn't necessarily linked to increased risks of diabetes or heart disease.
this one time when i was young and dumb and into smoking weed, i remember running out of rolling paper so i rolled a joint using a supermarket receipt i had and smoked it
this was like 20 years ago, still makes me shudder after i learned about the BPA stuff
A few years ago my friend's mother started using medical marijuana for pain management. My friend had to explain that no, you should not make a pipe out of a coke can because of the plastic liner, go to a head shop and buy a glass pipe like a normal person!
> you should not make a pipe out of a coke can because of the plastic liner
I'm fairly sure it doesn't make much of an health impact considering the hot smoke you pull into your lung, but when I was kid and we made pipes out of cans in "emergencies" we'd use the outside of the can as where you put anything with fire, you don't have to turn it inside out to be able to smoke out of it.
Some stoner-engineering could hook up two cans with each other, one is the cup you use for burning the material and the other one the "water-passageway". Obviously not recommended as there is plastic liner on the inside, but in that way you could use the inside :) Basically a bong in two pieces made out of two cans.
"In the 2010s public health agencies in the EU,[81][82][83] US,[84][85] Canada,[86] Australia[87] and Japan as well as the WHO[12] all reviewed the health risks of BPA, and found normal exposure to be below the level currently associated with risk."
If it has some health effects, they've been incredibly hard to actually pin down..
“Normal exposure” is doing some heavy lifting in that sentence. Presumably having all your daily texts arrive on such paper wouldn’t be “normal exposure,” which if I recall correctly is handling a receipt for a few seconds a day with only your fingertips.
You do know that BPA-free just means they use BPS or some other bisphenol plasticizer, right? Right? Because all of the research was focused on BPA and nobody tested BPS even though they're quite similar chemically.
You just can't polymerize plastics without a plasticizer. It's just not allowed by chemistry. No free lunch.
If you want something that's not going to leach huge amounts of plasticizers onto your fingers, use an inkjet or a laser toner printer or a laser marking machine.
They don't really make those for receipts, though, because fingers tend to be wet and powdered toner is expensive.
Just out of interest have you had any legal threats etc from this kind of probing if they don't have explicit bug bounty programs? Also do you ever get offered bounties in on reporting where there wasn't a program?
In Germany, the case of a company called "Modern Solution" has gained quite a bit of traction. An IT guy found a password, tried it on the company's phpmyadmin and reported that he could access their data. They sued him and the case went up to the highest German court, which acknowledged the lower court's decision to rule with the company. The IT guy got fined.
When the changes that toughened the § 202 StGB were made in 2007, there were a lot of public rallies against it in which many programmers participated. These were ignored by the politicians in power. This (together with other worrying political events) even lead to a temporary upcoming of a new party (Piratenpartei) in Germany.
The fact that these rallies were ignored by the politicians in power lead to the situation that from then on by many programmers the German politicians got considered to be about as trustworthy as child molesters who have relapsed several times.
(playing the devil's advocate here) But that's not the case- if you find someone's physical keys in the street, will try to open the neighbor's door with it? so why is it ok to use a password that you "found" to log into a site?
Curiosity. I once dropped my keys on the way to my leasing office. I searched the entire complex and office for my keys. Then I saw a guy at the mailboxes trying to open each one, one by one.* I asked if he needed help and he just said he found some keys on the ground and wanted to find out who they belonged to. They were mine. And my mailbox was in the other side of the complex so all bets were off for him anyway.
It costs next to nothing to try out a key in multiple places in the same proximity. Once you start going door to door using a random key you found, that's suspicious.
*it occurs to me now that I write this that this behavior is suspicious as well and probably illegal. He should have turned it into the leasing office.
No, it's different. I would compare it to my neighbor using a padlock with code combination. It takes 15 minutes to brute-force that. If I tell my neighbor that his padlock is shit and in response he sues me to oblivion, next time I'll just tell local thugs "hey here's the padlock, here's the code, do what you must", zero regrets, if the asshole insists on being an asshole just for the shits and giggles then so will I.
I don't think the common analogy of "key to a house" makes any sense. For starters, a significant portion of people in existence aren't trying to break into your house 24/7.
The kind of probing they did and described in the blogpost, with the attempt to raise their privileges to admin is legally fishy AIUI. Usually this kind of thing would be part of a formal, agreed-to "red teaming" or "penetration testing" exercise, precisely to avoid any kind of legal liability and establish necessary guidelines. Calling an attempted access "ethical" after the fact is not enough.
Good-faith security research[0] is the only way this industry will move forward, for better or worse. It is clear that most companies do not want to invest in anything further like VDPs.
Without any sort of formally posted bug bounty program explicitly authorizing this sort of activity the CFAA prohibits unauthorized access of "protected computers". I would classify this as legally risky. If FIA had a stick up their ass they could definitely come after the researcher. The researcher's ethical standing is pretty clean in my book, but this was definitely a little more than just changing a URL parameter (only a little more). I would say this is unsafe to do if you are in the united states. The stopping point was somewhere around "I think I could provide the admin role" and reaching out to the best contact you can find and say "Hey, I am an ethical white hat security researcher and I noticed X and Y and in my experience when I see this there is a pretty reasonable chance this privilege escalation vulnerability exists. The chance it exists is high enough in my experience that you should treat it like it exists and examine your authorization code. If you would like I can validate this on my end as well if you give me permission to examine this issue. I am an ethical security researcher" ---> point over to your website and disclosed issues if you got em. To just do it is ehh... I would not take the risk. However if I /did/ do it I would definitely disclose it to them immediately and give an explanation like the above. Shooting the messenger in this case would be pretty asinine, especially if they didn't access anything sensitive, that would preclude FIA from having any evidence you did anything sketchy (cause you did not). The reason I would not do it is because you never know if a system like this pre-fetches data, etc. and that is definitely opening you up to liability of possessing PII etc. Overall, I have disclosed issues like this in the past without actually exploiting the issue to good results. Some times companies ignore it. You can always say "If you do not want to treat this issue as a vulnerability I am going to write this up on my website as an example of things you should probably not do" if you feel ethically compelled to force them to change without actually exploiting the issue. People tend to get the message and do something.
I think nobody does, but ultimately our laws are stupid. The CFAA in particular can be unfairly weaponized to make examples, and can put people in prison for DECADES for activities that don't warrant such a response.
Remember that while for a lot of us this kind of security research & remediation is “fun”, “the right thing to do”, etc there are also people in our industry that are completely incompetent, don’t care about the quality of their work or whether it puts anyone at risk. They lucked their way into their position and are now moving up the ranks.
To such a person, your little “security research” adventure is the difference between a great day pretending to look busy and a terrible day actually being busy explaining themselves to higher ups (and potentially regulators) and get a bunch of unplanned work to rectify the issue (while they don’t care personally whether the site is vulnerable - otherwise they wouldn’t have let such a basic vulnerability slip through - now that there is a paper trail they have to act). They absolutely have a reason and incentive to blame you and attempt legal action to distract everyone from their incompetence.
The only way to be safe against such retaliation is to operate anonymously like an actual attacker. You can always reveal your identity later if you desire, but it gives you an effectively bulletproof shield for cases where you do get a hostile response.
When I was still in university I reported a vulnerability and when the company started threatening me with legal action, my professor wrote a strongly worded email and they dropped it. Haven't had it since in 8 years. Feels like many companies understand what we do now, atleast compared to 10 years ago.
This seems depressingly common in universities. I know of a case where someone discovered anyone with a university account (so students, etc.) can edit DNS, and the IT tried to file charges until the head of CS department intervened.
Many years ago when I was at school, I found a paper on a table in the computing library with a list of root passwords for some of the machines at Yale, just sitting there. I tried one and it was valid (this was the old days when remote root logins were a thing). I sent the admins a message telling them, and I was entirely ignored. A month later I tried the password again and it was still good. Luckily for me, I guess, it was before the days of suing people for trying to be helpful.
Actual legal threats are uncommon but I have seen some companies try to offer a bribe disguised as a retroactive bug bounty program, in exchange for not publishing. Obviously it is important to decline that.
reply