My guess is that they’ll be phased out next year. The long-term goal seems to be transitioning the CVE program into something more like an industry-led consortium. (If you did not notice they operate zero budgeting approach: cut everything and if something is very important reverse it. But you cut first and then ask questions.)
It’s worth noting that MITRE is a DoD contractor (with minor contracts from other agencies like this one). Having the CVE program operated by a company funded by the U.S. military raises valid concerns about conflicts of interest—especially in an ecosystem that depends on neutrality and global trust.
MITRE is a Federally Funded Research and Development Center (FFRDC), which is a distinct type of federal contractor with strict conflict of interest regulations. They are owned by the federal government, but operated by contractors and are specifically structured and regulated to minimize conflicts of interest, so are distinct from "private industry" in many regards.
Yes, you are correct, I should have typed "runs". But the point is that MITRE runs the U.S. National Cybersecurity FFRDC that maintains the CVE system, and FFRDCs are deliberately structured to minimize potential conflicts of interest (GP comment) and are definitely distinct from private industry (parent comment).
I am quite hesitant to trust the DOD to keep track of software vulnerabilities.
Some parts are developing and exploiting vulnerabilities.
And given a fresh feed of what people find, and usually a delay from notification until publication, which may sometimes just be a bit longer of a delay, would
allow the DOD to weaponize the vulnerability for their own use as well.
This contract is funded by CISA, which is an agency within the Department of Homeland Security, not DoD. As far as I'm aware, there are no components of DHS with Title 10 or Title 50 authorities to conduct cyber operations, unless you count the Coast Guard but they normally operate under Title 14. So there really should be no conflicts of interest as no one in the DHS is authorized to exploit vulnerabilities as part of cyber operations.
This illustrates a misunderstanding of how CVE functions. It's a repository of data about disclosed vulnerabilities (even if some disclosures are embargoed and not yet published - if anyone but the bughunter and dev team that owns the fix knows about it, it's disclosed :P). The actual vulnerability discovery process is external and done by individual researchers, teams and businesses who report vulnerabilities to the appropriate groups called CVE numbering authorities (CNA) who manage the assignment and publication of CVE data through their scopes. There is not much technical advantage in terms of advance disclosure since the CNA controls what data goes to CVE.
As an example, a CNA like Mozilla, Apple, or Microsoft is unlikely to disclose vulnerability data via CVE until they have remediated the issue or have public guidance, and their embargo processes are likely separate from CVE publication.
I'm the opposite — and I think this might be the "4D chess"† interpretation of this move as well.
In peacetime, I think everyone is generally alright with something centralized like the CVE database.
But in what increasingly seems like the lead-up to wartime... I'm hesitant to trust a CVE database operated or funded unilaterally by a single government — or even multilaterally, if the governments are all ones that all would end up on the same side of a hot war.
(Why? Strategic censorship of reports while the DB's patron takes advantage of the exploit, for one. Such a database becoming a high-priority cyberwar target, for another. Strategic wasting of enemy cybersecurity resources with false announcements, for a third.)
IMHO, the ideal form for the organization managing CVE, is one analogous to IANA and its Regional Internet Registries (RIRs).
IANA slices up the keyspace of IPs to assign to RIRs, and arbitrates disputes — but both at such a high level that their work is effectively in a de-facto state of "done until something comes up". The RIRs do all the actual everyday work.
This means that in a hot war that different RIRs end up on opposing sides of, where at least some of the RIRs can no longer trust the ownership of IANA to act in their best interests, the RIRs can just ignore IANA for a while, and keep on doing their own thing (managing allocations from their previously-agreed parts of the IP keyspace), and everything will still work.
And RIRs that control parts of IP space contended over by opposed states? They can just be split up, under obvious rules (every current allocation goes to the sub-RIR associated with the state that controls the gov/mil/corp/org entity currently holding that allocation.)
That's not the case with the CVE database under its current ownership. There's no established way to namespace it, no obvious way to split it up and keep it all working.
And I think that this problem would be obvious to the DoD. Which is precisely why paying to host a single-source-of-truth CVE database loses its lustre when that same DoD is aware that such a split might soon have to happen.
---
† I dislike the term "4D chess", because it implies one chess master who's really good at predicting non-obvious outcomes — rather than an entire military-industrial-complex acting as "see something, say something" inputs to an intelligence apparatus that does a lot of hard work and simulation analyzing potential outcomes, to produce easily-digested suggestions and action items. There just needs to be one guy in the Pentagon / the military / wherever, who realized this and sent a (classified MILNET) email about it.
> That's not the case with the CVE database under its current ownership. There's no established way to namespace it, no obvious way to split it up and keep it all working.
Work on supply chain security has lead to the introduction of standardized SBOMs, as an artifact required by some large customers to accompany software binaries. It should be possible to associate each software binary CVE with a vendor SBOM and organization country code. Large multinationals might have geo-specific binaries to confirm with regional regulations like the EU CRA.
You aren’t worried about the conflict of interest with a government run system, given the desire of governments to be able to intercept all communication?
I've seen no sign of long-term goals, much less any mechanisms being put in place for follow-through on those goals.
It seems like people keep making the mistake of believing there's a detailed plan, while all evidence tells us there isn't. I guess it's the normal human tendency to see order in the chaos.
Project 2025 lays out a clear vision for the privatization and decentralization of federal functions. It’s not subtle—it explicitly calls for it.
Separate from whether we support this or not:
Trump is doing—or promising to do—exactly what he said he would. We can disagree with the policies, but it’s not accurate to say he or his team are directionless or incompetent. They have a coherent (if controversial) agenda.
So rather than dismissing them as clueless or idiots, it’s more productive to debate this:
- Why is outsourcing CVE program to private consortia a bad idea?
- Could a model exist where a private consortium is supported by federal grants, but maintains accountability and public interest safeguards?
Actually Trump repeatedly said he didn't know about project 2025. He's so scattered in his campaigning that it's possible to pretty much justify any action as "what he said he would do." But saying executing project 2025 is exactly what he SAID he would do defies all reality. It may be what intelligent observers expected him to do but it is not what he said.
Edit: good lord people I’m not defending Trump I’m saying he lies about everything including that he lied and said he wasn’t going to do project 2025. Read the post I’m responding to!
People have got to learn how to read between the lines with Trump and those around him. When the things he says he is going to do and the things he’s actually doing are exactly the things laid out in project 2025, the connection to the project is immediately clear and establishes that he was lying about knowing nothing about it.
> Actually Trump repeatedly said he didn't know about project 2025
* He said he'd end the war in a day.
* He said he had a better health care plan.
* He said he'd drop the price of eggs.
* ...
* He said lots of things that were not true.
> Actually Trump repeatedly said he didn't know about project 2025.
His exact quote is: "I have nothing to do with Project 2025." Meaning sure - he did not write it. I doubt he read it - it is 900+ pages long document :-)
Anyway, he might fooled some people but I doubt - my understanding was that he is going to follow Project 2025. It is good time to rewatch this: https://www.youtube.com/watch?v=gYwqpx6lp_s
I am certain you can find more than one quote of his relating to Project 2025. In any event this also doesn't disagree with what I said more broadly, which is, he was not forthright about his plan to do exactly what Project 2025 said, so you can't say he's doing exactly what he said. But anyone with a hint of insight could understand that was his plan.
I'm responding to someone who said Trump is doing what he SAID he would do, and that is all I intended to correct.
Trump said he was not going to follow the project 2025 plan.
So you're making two immediately contradictory claims that Trump is doing what he said he would, and is following the project 2025 plan. That's not coherent.
You're suggesting a privatization plan exists, and want to debate its merits, but I see no sign such a plan is being adopted. E.g. who is enacting the plan? When is the comment period? Who do we send our feedback to? You may have a plan, but what does that have to do with the people in charge? If it's not their plan it doesn't matter one bit. Despite your assurances, I see no sign they aren't acting without a plan (or, as you put, as clueless idiots).
> Trump said he was not going to follow the project 2025 plan.
He didn’t convincingly reject it, though, and his distancing was only convincing to people who were looking for an excuse to ignore it with the way he pretended not to know the people behind it when 31 of the 38 authors were members of his first administration, his campaign was in close contact throughout, and he certainly didn’t put much effort into rejecting specific policy proposals.
I think this is a case where different audiences got different messages. The hardcore base knew he was lying since it had all of their red meat issues, informed Democrats knew he was lying because actions speak louder than vague denials (e.g. if you don’t agree with someone’s policies, you wouldn’t let them have a role in your campaign and you’d be able to say what you’d do differently), but he gave the media and casual voters just enough to make it harder for Biden/Harris to land attacks which we now know were fully accurate.
In most of the video clips I saw, he was saying "I don't know anything about that", which could be entirely true. Often I see hints that he's attempting to play the Aes Sedai game of "speak no word that is untrue" but he's too dumb to do it well. Anyway, as an extension, both comments can be true, that Trump himself has no plan and is an idiot, but that his administration is enacting Project 2025.
There seems to be a lot of hay being made over whether Trump is
- deliberately following Project 2025 to the letter, or
- completely ignorant of Project 2025 and not doing what it says
...when it seems very likely that the truth is somewhere between.
Trump himself is doing things the way he always does: in a mixture of long-standing bigotry and idiocy, his own whims, and whatever someone said to him 10 minutes ago (or he saw on Fox & Friends, or whatever).
His administration is heavily populated with people who either helped write Project 2025 or are close with those who did.
DOGE is only loosely connected with the latter, and it's DOGE that has been instrumental in wrecking federal agencies—and while that destruction largely aligns with Project 2025's goals, it's not clear to me that they're specifically following its playbook. Rather, I think they're doing things their own way with high-level guidance from the people who care about Project 2025. It's very possible that their goals could end up conflicting, depending on what Musk wants.
Edit to add: It's also true that Trump said he knew nothing about Project 2025. Whether or not this is true, he said it during the campaign, when Project 2025 had just been widely reported on as a negative thing. I don't think we can read much into Trump's campaign statements intended to publicly distance himself from something he sees as unpopular.
MITRE is a non-profit company that operates Federally Funded Research and Development Centers (FFRDCs), which are owned and funded by the federal government and contracted out to companies like MITRE to operate them.
While MITRE does have contracts with DoD (and many other agencies across the federal government as part of the FFRDCs they operate), they are not the same as a stereotypical DoD contractor as their non-profit status motivates them to work in the public interest.
MITRE is not a DoD contractor. They are a not-for-profit institution committed to the public interest that operates six Federally Funded Research and Development Centers.
... and that industry led consortium will have a board all paid princely sums, and an executive leadership team that is conflicted to the hilt and paid kingly sums, and they will charge exorbitant rents in order to keep the lighthouse lit.
There's flaws with every approach, but I much prefer the approach where this sort of thing is treated as a public good, rather than as yet another soon-to-be walled garden.
I keep thinking of that time Wisconsin's state government privatized a bunch of IT stuff in the interest of "government efficiency", and the cost taxpayers paid for those specific functions increased by several hundred percent while quality of service went down.
At that same time, though, I worked for a contractor that I do believe saved states money compared to doing things in-house. The work we did really required specialists. But no one state had enough of the work to keep one busy all year. So sharing a pool of people to do the work among many states meant there was room for both saving the states money and allowing some profit for the company.
The idea that you can just blanket assume that private industry is inherently more efficient than public works really needs to die. There doesn't seem to be any more evidence to support it than there is to support the idea that it's inherently less efficient. Life just isn't that simple. It's all case by case.
For every example of privatization going wrong, there's least one example (if not two) of it going right.
But serious question -- what is the difference these days anyways? Our entire government is effectively privatized anyways from the local level up to the federal. We rely on contractors for almost everything that matters. We just maintain this facade that they are not privatized.
I’ve never seen one that worked long term. The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive doesn’t hold up - you make something private, it wants to make more profit.
Just for the most ready to hand example for me, PG&E in SF vs public electricity utilities on the peninsula - the privatized electricity costs twice as much per kWh - and of course it does because the PG&E CEO needs to make $17M from somewhere, the share price needs to go up etc. the rich need to skim from the top, that makes the cost higher.
If you have an essential industry the cynical play is to privatize to save cost, then do a bad job and then effectively make your losses public through bail-outs while still making profit.
>The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive doesn’t hold up - you make something private, it wants to make more profit.
No, the basic premise of privatization is that, assuming the product or service has multiple potential customers, private industry can operate at scale which, alongside competition from other companies, drives down the price and the government can purchase it "off the shelf" at the prevailing commercial rate. Those assumptions don't always hold, utilities being a great example of this, but it's not inherently blind or naive to consider privatizing some components of government function. We don't expect the government to operate its own vehicle assembly lines even if the government needs cars; they just go buy one from Ford or GM.
I'd add that that, for this calculus to work out in a straightforward way, a competitive market is necessary but not sufficient. You also need other factors that help drive economies of scale, such as the thing in question being a manufactured good that can be sold to many people, or the production requiring expensive and specialized equipment that can be used for more than just that one thing.
I'm no expert, but I'd guess that these factors are more likely to line up in manufacturing and construction, or even R&D, than they are for things like maintenance of specialized IT systems or administration of services.
> The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive" doesn’t hold up - you make something private, it wants to make more profit.
The government often acts like it has infinite money. Sure, they'll make a lot of noise about the national debt, but it's all just about getting votes.
I expect privatization to be a way for a politician to stuff their pockets. They'll either buy their stock before the large government contract is announced, or the corporation will kick some money back in the form of campaign contributions, or find some way to just give cash directly.
Nobody ever gets charged with insider trading because everyone that would be involved in that is in on it as well.
Would love to see a list on both sides. It is easy to win an argument when you get to gesture at evidence without being specific.
For your question, the difference is if a government spend succeeds, it should lead to more things that the people can do. If a private company succeeds, it largely funds just the company.
And, ideally, it should be fine that both the government/nation gets benefits while rewarding successful contractors. Nothing wrong with that.
This is hilariously viewable with Musk. People love to point out how he risked so much on Tesla. Ignoring all of the capital that the government risked in the same venture.
I am not here to argue for a "side", to win an argument, nor provide a thesis defense with citation and references -- this is an answer you can easily get from ChatGPT. There's quite literally hundreds.
To add a wrench to both "sides" some of the most effective have been state/federal-owned /state/federal controlled corporations -- or generally, arrangements where you still maintain capitalistic economic incentives and drivers, but have government oversight and (effective) regulation. I think everyone would that is good, but sometimes it takes different forms.
Then let me restate, this is an area where you can easily wade along with largely inaccurate information quite easily. I also wasn't necessarily trying to bait you to give a list, though it would be interesting to know which ones you have in mind, specifically. Far too many of us don't have any evidence, we have been duped by trusting that others do.
I took your specific claim to be privatization of government functions having many success stories. I'm still curious which ones you have in mind, but would more largely be interested in studies on this. Nothing wrong with knowing the wrenches in there.
Beside that, though, I was trying to engage your question. The difference is if growth is privatized into a few, or if it is more broadly available. With a large agreement from me that a mixture of both -- your wrench, effectively -- is fine. Good even.
Answer for your serious question: hiring contractors isn’t “privatized” - that’s outsourcing. The thing you’re saving on is the ongoing cost of having permanent staff.
The difference is the government and public entities like mayoral offices or parliaments get to decide how the entity (doing the contracting) is run and approve costs, and the entity is under no obligation to return a profit.
Thanks. It's always a puzzle what to do with threads based on articles that have since been superseded by later developments. Do we start a new thread based on a new article? The new article / thread usually fails to do very well, partly because there just was a big discussion, and partly because hearing about something getting fixed is less interesting and exciting than the original stimulus.
I've been playing recently with putting [fixed] at the end of the original title to indicate this sort of state change to the reader. Not sure if that's the best way, nor if the situation has genuinely been fixed or not, but I guess it's better than nothing. Swapping out the article and title would probably be too much of a rug pull on the existing thread.
The contract expired today, but had an option period through March of 2026. DHS just needed to exercise the option.
Edit: Note the contract ended today April 16 - so performance would stop midnight tonight if the option wasn't exercised. Government contracts routinely go down to the wire like this, and often are late getting exercised. Why the uproar over this one? Did CISA signal to MITRE that they weren't going to exercise the option?
> Did CISA signal to MITRE that they weren't going to exercise the option?
An internal letter sent to CVE board members was making the rounds yesterday warning the current contract ("contracting pathway") would expire. The letter was authenticated by Brian Krebs[0]. Once Krebs authenticated the letter, people more or less assumed CISA was pulling funding, at least based on the infosec social media posts I saw.
CISA officials responded to multiple media inquiries (including the OP) with a statement that more directly said the contract would expire:
Although CISA’s contract with the MITRE Corporation will lapse after April 16, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.[1]
That’s a pretty big leap. Ending a 25-year contract and laying off ~600 employees are two very different scales of impact. While DOGE-related cuts might have influenced some decisions, assuming they directly caused DHS to initially let the CVE contract lapse seems like a stretch. Just because two things happen near each other doesn’t mean one caused the other - this feels more like another chance to take a swing at DOGE, since that’s the bandwagon everyone’s riding right now.
Yes, imagining that the quasi-government organization that is solely tasked with cutting spending might have cut spending at an agency where they are currently cutting spending is a “huge leap.”
What you’re doing is jumping from “DOGE made cuts” to “DOGE killed a 25-year contract” with zero evidence beyond coincidence. That’s not analysis - that’s just reaching. If this were a clean budget cut, the contract wouldn’t have been renewed at the last minute. That kind of flip-flop screams internal disarray or political games, not a calculated DOGE move. You’re not connecting dots, but drawing them in with a crayon and calling it a map.
What I'm doing is drawing a reasonable inference based on the evidence available to me. Specifically:
* The group is question (DOGE) is tasked with cutting spending deemed superfluous or wasteful.
* The group in question is actively cutting spending at the agency in question (CISA)
* The group in question is actively cutting spending with the vendor in question (MITRE)
* The leader of the group in question (Elon Musk) has said, more or less explicitly, that they have a bias more towards cutting spending and less towards getting the spending cuts right. They expect mistakes to be made. (If you want to dispute or nitpick this, I'll link you to the video where he laughs about cutting ebola prevention funding.)
* The boss of the group in question (Trump) really doesn't like CISA. See: the Chris Krebs debacle.
So, that's what I'm doing. What are you doing? It seems to me that you are trying to fit the available facts to your preferred narrative, instead of the other way around. And what does the contract having existed for 25 years have to do with anything? DOGE has admitted to cutting programs that have been funded for far longer. It is completely irrelevant.
What I’m doing is applying basic critical thinking instead of building a conspiracy theory on vibes.
Yes, DOGE is slashing budgets. Yes, CISA and MITRE took hits. That’s all true. And still doesn’t prove DOGE made the call to let the CVE contract lapse and then magically reverse it within hours. If this was a top-down DOGE directive, why the immediate reversal? Did DOGE suddenly change its mind? Or is it more likely that DHS made a blunder, got backlash, and scrambled to fix it? You’re calling your chain of assumptions a "reasonable inference" but here’s what it actually is: guilt by proximity. DOGE cuts here, DOGE cuts there, and now suddenly every erratic government decision is DOGE’s fault? That’s lazy logic.
The fact that the contract lasted 25 years _is_ relevant. It shows that this wasn't some minor side project. CVE is foundational infrastructure. You don’t accidentally let something like that expire unless someone either massively screwed up or there was serious internal confusion.
So no, I’m not ignoring the facts. I’m refusing to pretend correlation equals causation just because it fits the narrative everyone loves right now: "blame DOGE for everything". It’s easy, it’s trendy, and it completely bypasses deeper institutional dynamics.
What am I doing? I’m resisting the urge to jump on that bandwagon. You should try it.
> If this was a top-down DOGE directive, why the immediate reversal? Did DOGE suddenly change its mind?
From the man himself:
“We will make mistakes. We won’t be perfect. But when we make a mistake, we’ll fix it very quickly,” Musk, a Trump-appointed special government employee, said Wednesday in defense of his group’s haphazard cuts while looming over the Cabinet table. “So for example with USAID, one of the things we accidentally canceled—very briefly—was Ebola prevention."[0]
> The fact that the contract lasted 25 years _is_ relevant. It shows that this wasn't some minor side project. CVE is foundational infrastructure. You don’t accidentally let something like that expire unless someone either massively screwed up or there was serious internal confusion.
See previous quote about ebola funding, another long-term government program.
Look, if you want to play this game where because a DOGE spokesperson hasn't directly come out and said "yep, it was us", then I'll point you back to my original post: I said it was reasonable to assume, not that it was proven fact.
But, if you look at the totality of this situation and think 'nope. no way DOGE was involved. This is just people "blaming DOGE for everything"'. Fine. You do you. I don't think there is any point in continuing this conversation.
> Malicious idiots surrounded by sheepish intelligent people.
Prefixing people with "sheepish intelligent" is bound to oversimplify this. Many of the non-DOGE employees who directly see wrongdoing are likely making calculated decisions on what to do. It depends on many factors, including the law and whistleblower protections.
Many of them are responding in various ways that they hope will have an impact. Some resign in protest. Others file lawsuits. Others leak to the press.
Could they do more? Yes. So let's help them.
What can we do? Just to give two relatively middle-of-the-ground recommendations: First, donate to legal-protection funds for whistleblowers. Second, call your representatives and demand reinstatement of the inspectors general.
I don't think that getting rid of most of the people who perform careful cost-benefit analysis and inspect for waste, and switching to a model of just cancelling everything and waiting to see what goes on fire, is "making the country a little better each day".
Actually idiots could still end up make improvements. Won’t stop them from being idiots. But what the commenter is saying is the ones who recklessly cut programs trashing away all the effort that went into the program are idiots. They are trying to make a thriving government have a reputation for failure and unreliability.
Of course! It's easy to forget he was a guard at one of America's most notorious concentration camps, Guantanamo Bay. It's foolish to think of him only as a Fox News personality.
Do you have any evidence for this at all? That they are automatically awarded? We can discuss the low bar that O's seemingly have for earning some awards, but there is no reason to misrepresent the process. And I know at least one person that was awarded a Bronze Star without the V, even thought the award was for a specific valiant action they took, it's tough to say without reading the award or being there.
While anecdotal, every single O3 and higher in my company received one after our OEF rotation, despite spending their entire time on KAF and not at COPs or FOBs.
Here's an excerpt from the Military Times describing changes to awarding criteria:
"The policy changes also seek to tighten the criteria for awarding the Bronze Star specifically, a combat award that can be presented without a “V,” and often was throughout the wars in Afghanistan and Iraq, for “meritorious” performance.
And here's some details about Pete's own awards:
"The first Bronze Star was awarded to Mr. Hegseth for his assignment in Iraq as a rifle platoon leader in Iraq from September 2005 to July 2006. The citation noted his “professionalism and commitment to excellence” while he was with the 101st Airborne Division. He received the second Bronze Star in 2012 after serving as a counterinsurgency instructor in Afghanistan."
I think that's a strawman about my use of the word "automatic"; my point is that it's not indicative of anything special as they were awarded without needing a qualifying event like you'd see with a V device, silver star, LoM, MoH, etc.
Him denigrating fellow soldiers and being grossly unqualified to even communicate properly in his role are also concerns, but somewhat off-topic.
It is not a strawman, you literally said the awards are automatic, which is untrue on it's face. The vast majority of HN users are not veterans, and likely would not know that what you said is untrue.
Typing a comment isn't the same as providing a source; I've provided two that support my claim. You're welcome to try again, but it's too early for bad faith arguments so you won't get any more replies.
You literally misrepresented the truth then provided 2 articles, neither of which backed up you original claim. All because you evidently don't like someone. The only claim I made is that the awards are not automatic, which we both know is true.
Regardless, my source that Bronze Stars are not automatically awarded is AR 600–8–22.
> Prior to 7 January 2016, awards may be made to recognize single acts of merit or meritorious service.
Which corroborates my other claim - including the timing - about the tightening of criteria? Dang. That's wild. Good thing you have a source that you didn't link or apparently read.
What are you talking about? your original statement was that they were awarded automatically, now you are talking about the standards for awarding it, which implies it is not actually automatic. I said In my original response that we could discuss the standards, but your statement that they are automatic for O3-O4 is just plain false. Your sources do nothing to back up your original claim, in fact, they do quite the opposite. No level of snark will make your assertion correct. There is a reason why your original response was flagged, which I had no part in.
My point was that he served in Iraq and has more "real" experience than being a prison guard. This doesn't mean he has enough experience to run the DoD of course, but I wanted to add that because it's misrepresenting a vet who served a deployment.
I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
I ask this, because I don't think anyone in the subject matter specialist space would have made a strong case "kill it, we don't need this" and I am sure if asked would have made a strong case "CRISSAKE WE NEED THIS DONT TOUCH IT" -But I could believe senior finance would do their own research (tm) and mis-understand what they saw in how other people work with CVE, and who funds it.
> I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
This was not a carefully-weighed decision based on a cost-benefit analysis. This was a political order, consistent with the administration's policy of "cut everything, recklessly, indiscriminately."
There are many problems going on right now, but in terms of cuts this is one of the most problematic: everything is secret, with no oversight or deliberation. It's indistinguishable from corrupt malice because it's not done with open thoughtfulness.
I just can't believe your take on this. The White House press secretary has directly said, multiple times, "this is the most transparent administration ever". /s
In reality, this entire process is insanity. We've had examples of government spending overhaul in the past - early(?) 90s - both sides worked together, cut lots of spending across programs, downsized tens of thousands of federal workers, and balanced a budget, to the point where we had a surplus. It was tough, took time, wasn't perfect, but was deliberated and debated and far far far more open and transparent than all this. But their goal was actually improving government (even if that meant reducing some areas). The current 'leadership' goal is to dismantle/destroy as much as possible, as this is led by people who think government in general should not exist.
I can't tell what argument you're making within the context of my post?
The OP said indiscriminately, which means they're cutting uniformly across the board. I responded with "mostly discriminately" which means they're more selectively cutting based on prejudice. You then linked me a data point where you show they cut funding because it has the word "homo" in it and tell me to "get a hold of myself".. but your link would directly support what I've said?
It is clear from context that the original comment is using "indiscriminately" in a sense of "without due care; thoughtlessly". Your first reply comes across as simply contradicting it, i.e. asserting that actually these cuts were made with an appropriate level of thoughtfulness. Your point that there are criteria which are being applied is a useful contribution, but you should have expanded on this in your original comment, as it was not clear that you were reframing the discussion in this way.
Respectfully, I took the word at face value and made what I thought was a fair, albeit half-jokingly correction. Certainly, I understood the context of the original post and I expected that this community would understand my follow up comment which is using correctly applied English. For whatever it's worth, I see no synonyms for indiscriminately that would fall under "without due care; thoughtlessly" on Merriam-Webster. Even if I understood what the OP was saying, it was not technically the correct verbiage to use. I would have thought I'd receive a similar level of "allowable nuance" in my comment that the OP was afforded.
He came in quite hot and has made no acknowledgements of my rebuttal. To be honest, taking a deep breath and giving me a more sensible response than what I got could have gone a lot way.
We're allowed, and should be encouraged, to write with a small amount of nuance and creativity.
My intent was to argue by counterexample. That grant being cut merely because of containing the prefix homo is an example of indiscriminate cutting, in my opinion. Actually effectively cutting grants that only related to homosexuality or something would've been discriminate.
However, I might still be misunderstanding you, pardon me.
> That grant being cut merely because of containing the prefix homo is an example of indiscriminate cutting, in my opinion.
I disagree. I think it would be considered "discriminate cutting".
> Actually effectively cutting grants that only related to homosexuality or something would've been discriminate.
I agree and that's the point I was making. They're just cutting grants with the word "homo" in them because it meets their criteria of interest for cutting. Whether they deal with homosexuality or not is not a discriminate vs indiscriminate topic, but a topic of DOGE's competency in actually executing on their discriminate cutting vision.
Most of the general population can’t read above something like a fifth grade level. Here on HN it’s higher, but I wouldn’t say it’s safe to assume you can just engage in even mild word play without risking being misinterpreted, unfortunately.
Written word play, especially in such a short sentence, will be hit or miss with even capable readers because one's interpretation will be devoid of interpersonal context (including nonverbal signals) and heavy on other context such as expecting some in this community to continue to defend Elon/DOGE because we've seen it plenty on HN to date.
Indiscriminate means at random or without judgement. The comment you're arguing with clearly (and cleverly) said the cuts are not random. As one data point, I did not read the comment as contradicting anything, but as agreeing and expanding.
Afaik there's never been a DEI initiative (or similar, I'm not American) that I've ever heard of to hire more gay people specifically. Most of us would hate to be hired for our sexuality rather than our skills.
There's nothing "woke" about it and screaming woke woke woke isn't going to change the fact that we exist and you don't like it. I'd tell you what I really think of you but it would invoke Dang.
You misinterpreted that comment, which was sarcastically pointing out a study which was purportedly cut simply because it had the word part “homo” in it.
You have got to stop engaging with the idea of “woke” as a specific ideology to stand against. It’s like you purposefully intend to misunderstand common shared meanings of words.
If I'm giving them the benefit of the doubt (which I hate), it's a shotgun approach; cut things relentlessly and see what falls apart. Chaos engineering applied to a country and / or the world.
That’s exactly what it is, and they said as much repeatedly while campaigning. Voters, in their zealotry against the perceived status quo, failed to realize how much of what we have right now you don’t want to cut recklessly, as well as just how reckless the people that they were choosing to do that job were.
wunderkind is a loanword, it's one of those cases of a German word being used but being odd in English since it's so similar.
Like kindergarten which is often speller as "garden".
You stated Endgegner was not used lightly in Germany when it was. You seemed to think Wunderwaffe was used lightly in English when it was not. And searching for Endgegner and Endlösung found our comments and a few opinions they sound similar. No evidence or claims of origin. I conclude Endgegner does not originate from Endlösung probably.
Certainly, so we have to critically look at the terms and check which have been used by the Nazis to promote their ideology. It is a call to make in each case.
Absolutely not. They are not broadly experts, and they are not making these decisions after careful consideration, as evidenced by their continual acts of stupidity and basic errors and cutting things despite having no idea what it is they are cutting. Musk got in an argument with someone who said DOGE cut funding for a cancer treatment program, and Musk was calling the person a liar, and the person provided evidence and Musk admitted it was an accident. They are a clown car of idiots who vastly overestimate their own knowledge and underestimate how much good the government actually does. They think they can just slash and burn and there will be no negative consequences because they think the government is worthless.
She was an Objectivist. She considered social security to be "legalized plunder". Then when she needed it, she decided to take it.
One of her wonderful worldviews was to rejects altruism as a moral imperative, arguing that individuals should live for their own rational self-interest. Social security, based on the idea of supporting others, contradicts this principle.
It takes strong and complex social glue to create a place where millions can safely follow their own self-interest.
Which means anyone whose wisdom matches their self-interest is going to understand that different things have very different efficiencies at different scales.
And some things happen to be dramatically more efficient/person and more effective, the larger the scale they can be coordinated at.
>It takes strong and complex social glue to create a place where millions can safely follow their own self-interest.
This exactly. All of these people who profess to believe in objectivism could easily move to a failed state and do anything they want to with zero government intervention. But they don't do that. They want all of the benefits of a working government with none of the things required to actually create a working government.
Also, even if you don't need it yourself, it's far nicer to live in a society where people's basic needs can be met otherwise we end up living in some kind of Mad Max apocalyptic wasteland where people with nothing and nothing to lose roam the country looking for targets.
I don't see altruism as being outside of my own self-interest. I think that you get what you give, so having to give up some money to the public good is OK (usually not awesome, but OK).
> One of her wonderful worldviews was to rejects altruism as a moral imperative, arguing that individuals should live for their own rational self-interest. Social security, based on the idea of supporting others, contradicts this principle.
This position was already pointed out by Plato (in the Gorgias IIRC) as being inconsistent. Political systems are made up by people - if a society, in particular a democratic one, has certain systems in place, then this is probably because it was (at least believed to be) in the people's self interest.
What's funny, and it might be because of the translation, but I first thought her book where all entrepreneurs are hidden away in a sort of parallel country was a dystopian satire and a joke about some people sense of self importance. Then I learned about her (and when the book was written too) and realised her book was to be read as it was written, 'seriously'. Which makes it silly, but a funny story.
They've done their degrees and masters in Computer Science, and many of them dropped out. But they focused on AI, so I'm assuming this makes them great at statistics, but does this mean they are great at security? Given the way they've gone through a variety of departments, I'd say they aren't.
The DOGE crew are incompetent. Witness their firing of all the people who look after the nuclear stockpile and Ebola research.
Hang out around here for a while and you will realize quickly that us tech bros mostly just know tech stuff. Our perceived intelligence in topics which we don't spend our time on is called hubris and we are swimming in it at all times.
Vampire capitalism. They want civilization to break down so they can offer a solution for profit. The enemies of all people and life on the planet are a tiny group of oligarchs and their supplicants.
I agree, given the right definition of “capitalism”.
Unfortunately “capitalism” has two quite different meanings. Which are rarely clarified in use.
Capitalism with a big C, a too common overarching ideology, gets bent to mean whatever the greedy, unethical and rich want it to mean so they can get more money.
But small c capitalism, evolving from both practical and ethical foundations, is a system so useful it has multiplied the benefits of civilization. But it is just one such system.
It can’t do everything, it needs other independent systems (justice, dispute resolution, rules of clarity, risk & trust limiting systems, for starters) to work, and extending it to places it doesn’t work causes great harm.
(Like when perversely applied to those enabling systems, in big C form, as is happening now.)
Hah. I’ve been hearing this No-True-Scotsman for Capitalism for decades now. It’s what we’ve got and is widely understood as capitalism. I won’t repeat your last sentence but the sentiment is similar.
It's no different from what apologists for Communism and any number of other -isms will tell you. "B...b...but it's never really been tried." Capitalists are as entitled to that excuse as anyone else.
It's almost as if no economic, social, or political system known to mankind will stand up for long under a determined onslaught of corruption.
As if laws have any meaning to this administration, and anyone expecting this will only last four years instead of turning into one of those countries so much admired by the captain at the helm, is fooling themselves.
When the citizens realise this, the structures to clamp down any revolution will be in place.
"CVE" is trademarked and emphasized (e.g. included in the shorthand notations, e.g. CVE-2014-0160), explicitly to prevent other groups from using "CVE" in a way that causes confusion in the marketplace. And yes, this is the same reason trademarks exist for commercial purposes.
But imagine if Microsoft could issue CVEs against Apple ... or OpenAI against Anthropic, etc.
The label "CVE" has to have a known authority to be useful. And the only way to ensure that is to trademark it. See also: "Linux™".
"We are paying MITRE how much? Bigballs and co will write a better ststem in 1 week and have it integrated with xAI. How hard could it be? Send out a first draft of an xAI contract to our DHS contact"
> perhaps the thinking is to radically change approaches?
If there had been a replacement or reform plan for even one single iota of the things this admin has cut, I might give them the benefit of the doubt. But there's not. It's just kill, kill, kill.
This sort of thing is happening across the federal government. There is no rhyme or reason. DOGE has been given an unrealistic target for cuts and they're desperately cutting whatever they can get their hands on. If you look at the federal budget it's nearly impossible for DOGE to hit their stated goals without touching benefits like medicare and social security (which are off limits so far) so the only option is deep, deep cuts into the narrow slice of the federal budget that excludes those protected categories.
There is no rhyme or reason to what gets cut, other than someone under pressure to hit KPIs (dollars cut) was desperately searching for things that looked easy to cancel.
This is happening everywhere the federal government touches. Most people aren't aware of it until they come around and pull the rug on something that intersects with your own life.
Even my die-hard Republican distant relatives are suddenly shocked because programs they benefited from are being cut. They thought they voted for something different.
Like what exactly? I mean the guy ran on cutting the budget by 2 trillion. In his last term he gave tax breaks yo the rich. Where did they think the cuts were coming from?
He ran very hard on raising tarrifs. Which demonstrably raise prices (thats literally their goal.) But now people claim "I didn't vote for this."
In truth they voted for him because he was the Republican on offer and they're die-hard Republican. The Republican party has made no secret of its agenda for decades.
I get it, people are good at cognitive dissonance. But this is the place for blunt truth. They voted for this. I'm not letting Republicans got off the hook here. They voted for this.
Just like to my Republican friends who are upset that CVE is cut. You voted for this. The general public benefit from CVE even though they dont know it exists. Just like you benefitted from dozens of other programs you didn't know existed, but have also been cut.
That's the problem with cuts. They ultimately end up hurting everyone.
Now clearly there's some fat that could be trimmed. Companies do it all the time. Done well its good. Swinging a hatchet in a crowded elevator does not seem like "Done well".
> In truth they voted for him because he was the Republican on offer and they're die-hard Republican. The Republican party has made no secret of its agenda for decades.
This is actually simply not true. The Republican party before the Tea Party looked nothing at all like this. Trump won the presidency last year riding a wave of distinctly not-your-typical-Republican lower class voters. As he rose the old guard Republican establishment formed the anti-Trump wing of the party until they were forced out one by one.
To put some numbers to this: Bush won the upper income brackets by 5+ points in 2000, with a lead that widened as you went up the income ladder. Trump lost the equivalent brackets in 2024 by 5+ points, a 10 point swing away from what Bush won them by. The lower brackets are even more stark, with a whopping 18-point swing towards Trump in the $30k-$50k bracket (inflation adjusted to $15k-$30k).
These numbers show that Trump is not a Republican in the George W Bush sense and he's certainly not a Republican in the Ronald Reagan sense. He's a populist and won on a populist agenda by putting together a coalition of rabid social conservatives (who probably really did go Bush in 2000) and poor people (who largely did not).
You are ignoring that trump rode to power explicitly by enabling the shittest of Republicans that already exist. To try and let republicans off the hook for supporting him, especially a 2nd time? Is hilarious
There are extremely superficial similarities here, but they're just that: extremely superficial. Along the same axis but in totally different orders of magnitude, and orders of magnitude make a difference.
Obamacare and communism are along the same axis too, but the Republicans who claimed they were the same thing were obviously wrong.
I'm upvoting you because you make a coherent argument, and votes here should be for that, not whether I agree with you or not.
I would agree he's not George Bush, much less Ronald Reagan. Nevertheless those who voted for Bush and Reagan also voted for Trump.
This has been "decades" in the making in the sense that since Obama was elected (in 2008), Republicans have embraced racism at the heart of their populist message. That swing rightward was made palatable to center republicans with a woman democratic candidate in 2016 (one not terribly well liked in democratic circles) and a black woman candidate in 2024.
While racism, and misogyny gather a bunch of votes, long-term distrust of institutions is sown, and fostered. Republican policy becomes protecting white guys, and especially old, rich, white guys.
Reagan was popular and competent, and worked for the good of America. Today's president is nothing like him, but wins because a bunch of people "vote Republican".
> Today's president is nothing like him, but wins because a bunch of people "vote Republican".
There's a component of that, but it's not the primary cause. A lot of former Republicans stopped voting Republican with Trump, including a lot of old rich white guys, and a lot of the current Republican voters didn't vote for Bush. He wins because of the new wave of voters that counterbalanced the flight of the educated core of the Republican establishment.
Populism is not an agenda it's a style. Also the majority of poor people voted Democrat, the majority of people with low education levels voted for Trump (which is not the same thing as dumb, although voting for Trump is dumb regardless of PhD or lack of HS diploma). There's overlap between low levels of education and income but if you define class by income then low income people mostly voted Dem
When someone hands you a pencil, you don't wonder what variety of tree the wood came from, or what paint chemistry was used for the coating. It's a pencil. You might have broad opinions on whether the one in your hand is comfortable to use, and sharp - but you leave the details to the pencil makers.
About 70% of the population engage with politics the same way: Leave the details to the people who do this stuff for a living.
Do they expect to be disappointed? Sure, but everyone who engages with politics expects to be disappointed.
This pencil was proudly advertised as being comprised of the remains of all that was decent in humanity. The fact that it wrote in blood was gleefully touted and cheered.
This is exactly the attitude Putin tries to encourage in his population. If enough people don't pay attention or don't think what they do matters, it's easier to subjugate a population.
If people in the US aren't starting to notice what Musk/Trump are doing it will bode very poorly for the future of the US.
You are a pencil company director. A CEO candidate promised to cut expenses by 30% by eliminating waste. People who do this stuff for a living countered wood and graphite exceed 70% of your expenses. The CEO candidate proposed to increase graphite spending. Do you wonder what the CEO would do if hired?
Something different like gay people, women, immigrants all suffering while they laugh. Who's laughing now? From an outsiders perspective, I sincerely hope that Republicans get to feel a fraction of what these usually marginalised groups feel every day.
You'd think that lessons would incite learning but that has never seemed to be the case throughout history.
Remember, DOGE has nothing to do with money or "efficiency". It's a pure ideological dismantling of the Federal government aimed at eliminating oversight, regulations, assistance and entitlements as envisioned by ultra-conservatives for decades.
This isn't speculation or hyperbole, it's specifically laid out in their published plans: By hobbling or outright eliminating federal agencies responsible for executing the laws passed by Congress, the administration can circumvent the democratic process and impose their extreme vision of limited government on the country, regardless of popular support.
The U.S. system of government relies on established norms as much as it does law. Conservatives realized that they can ignore precedent with impunity if they had an executive willing to do so. They then spelled out exactly how, and are now enacting that plan.
Then SCOTUS's decisions last summer turbo boosted their agenda. The ruling that only Congress can hold the President legally accountable essentially means executive power is unchecked if the legislature is unwilling or unable to Impeach and convict. The President can now confidently ignore the law and judicial orders with a veneer of legality. And this is what he's doing.
(The fact that all this just so happens to benefit Russia after their decade long campaign to destabilize their opponents in the West is a topic for speculation.)
DOGE is about permanently altering how our country works modeled on the right wing worldview, plain and simple. Since that's their overall goal, they're not concerned where they swing the wrecking ball - it's all going to get destroyed eventually.
> The U.S. system of government relies on established norms as much as it does law.
And it's also happily breaking the law. The Executive doesn't legally have the power to allocate resources (or not), not to mention the power to arbitrarily suspend due process.
> This sort of thing is happening across the federal government. There is no rhyme or reason. DOGE has been given an unrealistic target for cuts and they're desperately cutting whatever they can get their hands on
You make it sound like poor DOGE employees are being forced to do this on this kind of schedule, which definitely isn't the impression I got. They're all a bunch of incompetent overconfident weirdos who think they know better and what to do. Is there any pressure to do anything quickly?
And the US federal budget is quite easy to trim. E.g. remove an aircraft carrier from the planned construction pipeline and you've saved $15 billion with no actual ramifications.
I'd say that the rhyme and reason are quite clear [0]. They published a playbook, and they are implementing it at a record pace.
> The NSC [National Security Council] staff will need to consolidate the functions of both the NSC and the Homeland Security Council (HSC), incorporate the recently established Office of the National Cyber Director, and evaluate the required regional and functional directorates.
> Given the aforementioned prerequisites, the NSC should be properly resourced with sufficient policy professionals, and the NSA should prioritize staffing the vast majority of NSC directorates with aligned political appointees and trusted career officials. - Project 2025, pg 52.
> ... History shows that an unsupervised NSC staff can stray from its statutory role and adversely affect a President and his policies. Moreover, while the NSC should be fully incorporated into the White House, it should also be allowed to do its job without the impediment of dually hatted staff that report to other offices. - Project 2025, pg 53.
The goal is to build up a political organisation to use as a weapon, and to scrap the rest - as a legal excuse to say that the political appointments will be necessary.
They have to find some gumbah to head the security dept,because the best one they had,left in a hurry. Heard he went to Denmark. ( I am really really kidding )
The ryme is Humpty Dumpty, had a great fall. Now China and Russian security forces step up their relentless attacks. Let's hope the white house falls first.
> Even my die-hard Republican distant relatives are suddenly shocked because programs they benefited from are being cut. They thought they voted for something different.
Out of curiosity, which programs? And is this enough to change their opinion about Trump, or do they still think it'll be worth it?
They are breaking down the federal government intentionally. DOGE was never going to hit their goals, they were impossible to hit. The goals were just cover to take full control over anything they can get their hands on.
> Even my die-hard Republican distant relatives are suddenly shocked because programs they benefited from are being cut. They thought they voted for something different.
They voted for others to be hurt and to lose benefits, not their “in group.” Surprise surprise, they are considered the waste by those they voted for.
> DOGE has been about fighting corruption and reducing wasteful spending
It absolutely staggers me that anyone can still say this with a straight face. I will ask this, though: as part of the DOGE fight against corruption and wasteful spending how many of Elon Musk's government contracts and subsidies have been cut?
Also ~12K IRS workers (7x per head ROI) and inspectors general (who actually get results and are fully accountable) have been cut. And our already bloated military budget is increasing to $1 trillion without an eye being batted. DOGE is theatre.
"A system’s function or purpose is not necessarily spoken, written, or expressed explicitly, except through the operation of the system. The best way to deduce the system’s purpose is to watch for a while to see how the system behaves. Purposes are deduced from behavior, not from rhetoric or stated goals.” —- Donella Meadows
> "A system’s function or purpose is not necessarily spoken, written, or expressed explicitly, except through the operation of the system. The best way to deduce the system’s purpose is to watch for a while to see how the system behaves. Purposes are deduced from behavior, not from rhetoric or stated goals.” —- Donella Meadows
I hate Trump as much as the next guy, but let's not take things out of context, he clearly seems to mean it in a "I want everyone" sense here, rather than just the poorly educated specifically.
His statements were of inclusion into a set of suckers, he was only cheering of the relative sizes of those that vote for him. I understand what you are saying, and this isn't it.
I see at least three obvious reasons for the cuts:
1. Politically-motivated "purge the weak" Nazi stuff - Cutting Medicare, cutting Medicaid, cutting Social Security, cutting education, cutting anything that benefits people who are old, poor, queer, female, etc.
2. Privatization - NWS and NOAA are wonderful public services, and they'd rather profit from the data they produce. This is why taxes in the US are such a bitch to file, tax companies oppose any policy change that would make the paperwork easier for filers.
3. They might actually be Russian assets. Tearing down institutions that took generations to build makes space in the world for Russia to exert more influence. You can tell this is working because Europe is now wanting to re-arm.
It makes me sad. If I had a billion dollars I would still want to live in a better country. These guys only want a better world for themselves, and making everyone else into a permanent servant underclass only plays into that.
> I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
Come on, are you living under a rock right now? There are massive indiscriminate funding cuts to anything that Elon/Doge deems to be "fraud", and they explicitly do not care about the collateral damage.
This is not about the DHS or "compartmentalization". This is just a politician running amok and having real consequences.
Also there has been funding cuts to all agencies where Musk is currently under investigation. NHTSA is getting cut so they can't get in the way of Tesla.
No one analyzed it most likely. It’s possible on of the college students working for Doge doesn’t understand security because they are a child with no real world experience that Elon brought in to slash costs.
Your words don't make any sense in this environment. The idea that any person at an agency could stand up to or convince the DOGE team of anything is preposterous.
Anything that weakens the US or puts our cybersecurity in a place that Russia can exfiltrate data will happen. This is not about the US needing anything and it's silly to think otherwise. See also the NLRB whistleblower and the security backdoors that DOGE demanded to allow data exfiltration and the subsequent death threats to the whistle blower.
You mindset is behind the times and needs to adjust to a, frankly, insane current reality.
> Your words don't make any sense in this environment. The idea that any person at an agency could stand up to or convince the DOGE team of anything is preposterous.
Your comment embraces and spreads the powerlessness they want you to feel and spread.
Of course you can stop them - like any other negotiation in life, especially non-friendly ones, you need to make it in Trump's interest either by carrot or stick. Trump has interests; identify them and identify your power in those regards ('power and interest' is the term), and use it.
Also, stop helping them make DOGE the scapegoat. It's Trump.
No, it's definitely DOGE doing all of this. Each one of these young fools need to be named and shamed. The level of damage they have done is unprecedented. They will, in their later years, hopefully look back at this time in their life with a great deal of shame and embarrassment.
I have the feeling that there will be no redemption arc for those ones and the repenting would be for show before a court of public opinion.
I'm going to be to the point here, if you guys over there don't start to heavily push and organise, and I said it already, you're one Reichstag fire away from something very bad, and from my point of view, there is probably one kristallnacht pending in the mix.
This is not a hyperbole and if someone wonders why this has relevance to the discussions, in this case most of the people around here are blue team, and it does feel like the red team has already taken anything that wasn't attached and now taking the time to take what's bolted on...
I guess the silver lining of all this, is in their hubris, they forgot the bread and games motto, so they're might still be a chance to turn things around somewhat... But the window is closing at an impressive speed.
I'm an Australian. We have a guy called Clive Palmer, who has formed a party called (no joke) the "Trumpet of Patriots". It's certain nobody will vote for him. The opposition leader married himself to MAGA (and close to Trump) and now it appears like this will prevent him from winning.
It needs to be the "shame and embarrassment" Nazis felt at the end of WWII and not the traditional shame and embarrassment they are used to feeling after losing the civil war and Jim Crow laws. It will just happen again in a generation otherwise.
Nazi did not felt shame and embarrassment. They felt loss. They felt to be weak. Nazi and Germans felt sorry for themselves after the WWII. The feeling of sorry for stuff they have done to others is something Germany found a bit later, largely due to Nuremberg and general policies not allowing it to stay hidden.
Forget about them feeling sorry for anyone but themselves. They will feel resentful and as if they were being treated unfairly even when actual clear criminal investigation happens.
You don't think they are carrying out Trump's goals? They are just working independently? The great similarity between their actions and Trump's goals and methods is coincidental?
Why are you protecting Trump, the President, from responsibility?
No, blaming "someone inside DHS" is what makes no sense. It 100% makes sense to blame DOGE and actual perpetrators. You can stop them only if you start to blame those who do the stuff you dont like instead of blaming everyone else except them.
DOGE is doing this, it's not a "scapegoat", and Trump is not going to negotiate anything here, that's ridiculous.
What leverage do you have for the DOGE boys? What power? Resigning? Because on the Defense side of the government the best leverage that some teams have found is mass resignation, meaning that nothing happens.
There is no negotiating with bullies, it merely breeds more concessions.
> DOGE is doing this, it's not a "scapegoat", and Trump is not going to negotiate anything here, that's ridiculous.
DOGE follows Trump's direction and acts on his behalf, as you must know. They make a big deal out of DOGE so Trump's name is less attached to these actions. Then they can take much of the blame with them when they go away, with Trump and the GOP blaming them for 'excesses'.
> Trump is not going to negotiate anything here, that's ridiculous.
> What leverage do you have for the DOGE boys?
You don't understand how negotiations work. Everyone has interests, strengths and weaknesses, and power. You need to make it in Trump's interest to keep the CVE program.
Everyone saying they are helpless, and that anything else is ridiculous, are panicking. Very unfortunately - dangerously - many people legitimize the panic. It's so normalized that it's "ridiculous" not to panic.
Every day you continue this behavior, you fall further and further behind and lead others in that direction. Will you wake up in time?
> Isn't the US supposed to be the birthplace of modern democracy?
I would not dare not mention the revolutions in England and in France. And before that some Greece city states, and definitely Rome. The US declaration of independence is just another point.
It's just not practical to organize a rally to save a niche cybersecurity program. People are busy protesting to protect Medicaid and keep themselves out of foreign gulags, they can't divert the attention to CVE.
> You need to make it in Trump's interest to keep the CVE program.
This guy is ~80 years old and bragged about "person, woman, man, camera, TV." He recently got into a Tesler and exclaimed "everything's computer!" Have you seen the way his aids explain executive orders to him (like a child) before he signs them?
He doesn't have the foggiest notion of comprehension of what the CVE program is, or how it would benefit him. Unless you're greasing his wheels, it's not going to happen.
I don't think there's any reason to believe that Trump is mentally competent to understand what's happening here or engage in any kind of meaningful negotiation.
I'm curious by what means you think Trump can be bargained with.
Do you mean things like handsfull of like-minded countries selling t-bonds? No one in the R party has any leverage, and it's not clear that even a few US billionaires could exert any influence.
Do you really think Trump has ever heard of "CVE" or could comprehend them?
it might also be deliberate: that they actually don't think the government should be involved in this sort of thing. after all, someone could be making a profit on this, and that seems to be their highest value. if gov is involved, that makes it a communal effort, and you know what else starts with "commun-"?
yes, those reasons are stupid and ignorant AND intentional.
but is there any evidence against that interpretation?
Yes, there are apparently various ways of profiting from vulnerabilities. The interesting question would be whether any of the regime insiders have a way to profit.
I think it's more of a principle: if it looks like someone could charge money for it, they think that would make the country stronger, because all they understand is first-order profit. Trump's ethics is "get away with whatever you can".
For instance, most people find healthcare middlemen (pharmacy benefit managers, etc) to be grotesque parasites. But to a laissez-faire fundamentalist, they're smart for finding a way to liberate some profit, even laudable.
I love Hanlon's razor. Super-helpful in certain contexts: "Never attribute to malice that which is adequately explained by stupidity."
But, having known about it for a dozen years now, I also find it inadequate alone as a razor without the following caveats/corollaries:
Hubbard's corollary to Hanlon's Razor: "Never attribute to malice or stupidity that which can be explained by moderately rational individuals following incentives in a complex system". ( https://en.m.wikipedia.org/wiki/Hanlon's_razor#Exceptions )
Or (HN) Nerdponx's punchier simplification: "When money is at stake, never attribute to incompetence what could be attributed to greed." ( https://news.ycombinator.com/item?id=41066724 )
Hanlon's razor is utter trash. In most contexts that people bring it up, sufficient stupidity IS malice, because at a certain level of resources and responsibility, you do not have an excuse to be that stupid
You can only get into such a position if you've ignored smart people telling you "No". That's malice.
Hanlon's Razor is susceptible to pathological inputs, causing unbounded runtime.
A large amount of things related to Trump fall into that category, and it's important to recognize when you need to instead treat it as a superposition: It is both malice and incompetence, unless the perpetrators decide to plead just one or the other.
Stupidity rarely has a consistent destructive track record. You score occasional wins. Only malice allows every decision to do damage. (The other razor, essentially - Occam)
If you made this careful analysis, you'd hear "CRISSAKE WE NEED THIS DONT TOUCH IT" for almost everything (and it likely would be right for a significant portion but not everything).
That's why the current approach seems to be to axe everything, listen to how much screaming there is, then reinstate only the projects where the screaming is really loud.
You forget that their stated policy (and I don't doubt their commitment) is that whoever complains the loudest were probably scamming. That "honest people don't complain"
> A coalition of CVE Board members launched a new CVE Foundation "to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program."
This kind of a consortium needs to explicitly avoid being captured by both the product vendors (who could be incentivised to manipulate the CVE issuance process to support their own remediation timescales), and by security companies (who could be incentivised to obtain a competitive advantage via preferential access to the CVE database).
It isn't impossible for a commercially-funded organisation to avoid this kind of capture, but it isn't easy either. My mind immediately jumps to the relationship between the Mozilla Foundation and Google.
CNAs [1] are assigned blocks of CVEs and then assign from within that block, but the system only works if there is overall administration of the CVE Program [2].
My concern is that a capture of the administration would become a capture of the entire programme. Looking at the structure, it seems possible that CISA are in a position to prevent any such capture but, given some of the recent positions taken by the US government, we'll need to wait and see how that plays out.
yes, but it's a hierarchy. If you disagreed with their judgement you could always go up the chain, and MITRE can take the privilege away again if they think a vendor is misusing it.
The way their letter is worded it seems that they have a rainy day fund constituted to ride out the stormy next few week and I'm fairly certain they'll come back with more details as to how they'll be acquiring funding from now on in the next few days. Maybe paid access to an API, maybe donations from large companies that use the system, maybe something else ::shrug::
Hopefully a project as important as this doesn't just dissapear completely because of government pressure.
This smells like a quick attempt to enable phishing for vulnerabilities, and not a legit way to make progress. The comment is from a person that runs a security startup and the site is a google site that people can report to google as a scam. (Edit: downvote as you like it— perhaps my language was too harsh to help make the point clear. It is interesting how easy non-sec people fall for names and quotes and authority.. building trust does not come overnight, in fact it is never fully there, and infosec experts would not fall for such supply chain redirections with questionable future. Hopefully we will not have to test this idea soon, though some level of reliability and long-term automation would be welcome. We need technical, generally agreed upon systems, not a “foundation”).
The real irony here is that a lot of ycombinator founders and the people reading HN were exactly the ones making this possible and now start to wonder why the snake eats its own tail.
Or they wanted this, because this could be part of the privatization of many government functions. They, or at least some of them, could see this as controlling this function for money. It's a regular stream too, the valuable subscription model and customers who really need the service (and if they don't, just add a new law in the name of IT security forcing firms to sign up).
The GP sounds like one of these people who describe themselves as self made, or libertarian, where history begins where you like it and coalitions are only worthy when you’re the biggest benefactor. Best to ignore and let the leopards find them.
exactly; I hope ycombinator and its proponents can enjoy living in the ancap fantasy land where you have to pay to be alerted for a climate change fueled mega hurricane (also caused by this exact same reckless, unregulated greed) because NOAA was disbanded. Billionaires shouldn't exist, but neither should millionaires.
The insurance industry long ago figured out that nothing has the profit to effort ratio of "pay us or die", and so any capitalist endeavor that is not somehow restrained will attempt to approach this perfection.
Weren't there major problems with the current CVE implementation, especially with the waves of script kiddies and AI tools spamming the database and the fact that projects who take security seriously have little to no say in the "score" that gets assigned?
As an active consumer of CVEs: yea there are major problems. No there's nothing better and no I don't have any better ideas.
The scores are mostly useless, I would not care if they disappeared, I do not look at them. I don't really understand why people get so upset about garbage scores though. If a high CVSS score creates a bunch of work for you then your vuln mag process is broken IMO. (Or alternatively, you are in the business of compliance rather than security. If you don't like working in compliance, CVSS scores aren't the root cause of your misery).
Having a central list of "here's a bunch of things with stable IDs that you might or might not care about" is very valuable.
Yeah, most businesses need window cleaners too. If you're a window cleaner and you complain about all the birds shitting on windows, I dunno what to tell ya.
If you're working in compliance either
A) you're stuck in your compliance job, that sucks, CVSS scores aren't the reason why though.
Often it is a second order impact. This creates a bunch of work for the compliance people, but then the compliance people end up competing a bunch of work for everyone else. If you count anyone who might have to follow compliance as working in compliance, then I purpose that there isn't enough non-compliance jobs to go around.
a) If you are having to do busywork for compliance reasons, you are either disempowered to push back on bullshit work (case A above, unfortunate, but your job was gonna suck anyway), or it's not really a second order effect, you work in compliance in a meaningful way.
b) Compliance bullshit seems to expand into the space available to it. Nobody thinks CVSS scores are meaningful, the fact that they feed into compliance processes is not the CVSS scores' fault it's the compliance machine just globbing onto random bullshit as its expansion continues. If you took away CVSS scores it feels like it would just glob onto something else instead.
Anyway, in the end I think we aren't disagreeing about that much. I think they're silly, if someone wanted to get rid of them I wouldn't try to defend them at all. I just wouldn'e be the person to push for that.
and then a random 9.8 critical comes that affects some software you have in a way that makes it a 0 in your environment but it doesn't matter cause the cve tanks your organizational Security Score (tm) by 10 arbitrary points and management is wondering when you'll secure the company again because the Security Score is their only tangible deliverable to measure success
Spot on. Vulnerability scanners that make up an organizational Security Score (TM) tend to operate at the wrong level of abstraction, flagging some library somewhere that never runs and has nothing to do with your production flow or architecture, or some test keys with zero security impact. Go explain that to management, because obviously the security tools are right and you are wrong. This sad state of affairs is unfortunately the best that the security industry has been able to deliver. Trying to wrangle complexity by adding more complexity is the craziest notion to me. Yes, no scoring scheme is perfect, but when the scheme introduces more noise, what have we gained (well, security vendors gain, but what have organizations gained).
That's very cool. You probably know more about it than I do, then, but my advice is to articulate the exact problem you try to solve.
I expect your field is probably teeming with AI proposals or offers on how to manage vulnerabilities, but that is doubtful the way, because again it is adding complexity, and no classifier is perfect, especially when scanners fail to understand scanned applications and their threat models or environment.
Stop selling external scanners, start simplifying code? This will never work, of course, because security vendors sell the promise of security to those willing to buy it, in the form of add-on products and capabilities.
Empower people to ignore scanner reports without so much red tape? That would never work either, because megacorp wants compliance and reduced liability.
Build secure systems as opposed to cataloging and scoring flaws? That would never work, because building secure systems is hard, nature tends to favor otherwise.
Charge people for adding complexity and credit them for removing complexity? Sadly, there is no way to do that, especially since products must ship and quality is hard to observe, since it is often invisible and only surfaces when things are broken.
Off the top of my head, would be nice to require proof of exploitation, by adding CTF-like capabilities to apps, such that only if the flag is captured do we consider the report real. This places more burden on scanners, in that it is no longer enough to report an outdated library. Requiring some proof of exploitability reduces noise and increases SNR, reducing false positives. Naturally, not all vulnerabilities have working exploits, and scanners can never fully simulate an adversary, so we may get more false negatives, but at least we would not have to waste so much time upgrading pointless modules and breaking applications to appease a false report. So the idea is "here is a dummy asset, show me how you leaked or compromised it". Adding the dummy asset should be cheap, but would force scanners to better simulate an attack.
At the very least, there ought to be a knob to decrease scanner sensitivity.
I disagree that it is Way Better than before. A judgement call is worth more than a team wasting effort chasing irrelevant pseudo-vulnerabilities being reported as vulnerabilities. A broken yardstick is worse than no yardstick.
But that's an issue organizations bring upon themselves, by defining semi-arbitrary KPIs that are used without proper interpretation. It's not directly caused by CVEs or assigned scores. It's like blaming git that it count lines in diffs, because your company created a KPI that measures developer's based on LOC changes.
Yeah like when we bundled in a .js library for client side date processing that has a CVE affecting node.js servers with high score. Our auditors don’t care they tag the whole app as high risk. It doesn’t even run on the server!
the auditors that sign off on your security to meet your clients requirements usually know way less about your security posture than your clients do
its all just surface-level box-checking. most companies required to get 'penetration tests' just get an overpriced Nessus scan sold as a pentest and that meets their reqs.
Incompetent auditors don't detract from the classification system, though. If we removed every data point auditors misinterpret or don't care to understand, we may as well remove all metrics.
Solving this problem in a generalized way is really hard.
Maybe I have a dependency on Foo which has a critical vulnerability in a feature that I don't use. I suppress the warning and all is well. Then two weeks later someone on my team decides to use that feature, not knowing that there's a problem with it. Now we're fucked, and we'll never know because the vulnerability has been suppressed.
Don’t let the perfect be the enemy of good. It is(was?) a very useful and important system.
Trump must be receiving a lot of emails from companies wanting to fill the void, and I bet the Trumpiest of them all is going to be awarded a contract worth 10x the budget CVE had, and do a much worse job.
I feel that. So tired of management being completely uninterested in actual, actionable security holes but getting wildly spun up because they saw a notice with a big scary number that has absolutely no relevance in our architecture.
Most tracking tools have exception processes. But yeah, security as a product family instead of a simple score seems to be a foreign concept at most companies.
The scores were never going to be that accurate across people's environments (IDK how much other places relied on them, places I worked never did that much) and issues with the scores don't seem to be a good justification to torch the whole CVE system anyway.
This^ and to add to that, at the very least MITRE assigned IDs which is great. Plus they did an initial scoring, which, well… will never be perfect like you said and I’m sure these things evolve throughout time and get better (not talking necessarily CVSS vX).
What a shame on this current gov. administration, if you can even call it that.
I think the question everyone in this thread should ask is: why is it the government's job to do this, especially given the prior widespread view that they're doing a bad job? Is the software industry so immiserated by poverty that it cannot organize its own distribution of security bulletins? Clearly not: GitHub already runs its own vuln tracking scheme that's better integrated with the tooling we use for open source software. The industry routinely sets up collaborations like standards bodies, information sharing groups and more. And there is as whole ecosystem of security companies to help you understand vulns in your stack.
So there seems nothing specific to CVEs that requires government involvement, but the existence of the tax funded scheme does discourage the creation of competitors that might function better.
But, to CVE or not to CVE ... that is not the question. US deficit spending is out of control. This sort of thing had to happen some day. It's what Europeans in the 2010s called "austerity" and it always makes some people scream but this graph:
... is not sustainable. Up to 1984 overall US debt was stable. Since then its growth rate became dangerous. Debt/GDP ratio is now worse than just after WW2. The federal government is currently spending more on interest than on defense or Medicare:
The US is currently getting its first taste of what parts of Europe started going through in 2008, and unfortunately there's bad news: the cuts you're seeing now are mostly cosmetic. They're what can be done within the current framework of laws, sort of, with lots of bending of the rules and creative interpretations of them and maybe some oversteps. But it's just the start of what's needed. Large scale reform of the laws themselves will be required regardless of whoever wins the next elections.
This is like, exactly the sort of thing that the public sector should be doing. There's no profit incentive for this to happen in the private sector.
I don't disagree with your overall sentiment re: unsustainable debt. But the answer must be reform and taking hard looks at the military budget, not just randomly cutting programs that you disagree with politically.
They are doing it, but there's no profit incentive. Github is a bit of a special case because of their commitment to OSS and the broader engineering community, but the moment a downturn occurs and MS takes a harder look at P&Ls, you better believe that's on the chopping block.
The public sector is exactly where you need things that are important to society but don't make money.
There's a profit incentive: GitHub sells its services. The free stuff is an advert.
At any rate, even if they give it away for altruistic reasons, Microsoft is a sustainable going concern that brings in more than it spends. It can afford charity. The US government isn't and can't.
> But, to CVE or not to CVE ... that is not the question. US deficit spending is out of control. This sort of thing had to happen some day.
I suppose more people would be more amenable to these wholesale cuts if the current administration weren't blowing through even more money than before [0]:
> The new Treasury Department data shows a deficit of $1.307 trillion for October through March, the first six months of the fiscal year 2025. And spending is $139 billion more in the first three months of 2025 compared to the same period last year, with borrowing over that period $41 billion higher.
We're currently fighting no wars and yet Trump is proposing a record $1 trillion defense budget [1]:
> “We’re going to be approving a budget, and I’m proud to say, actually, the biggest one we’ve ever done for the military,” he said. “$1 trillion. Nobody has seen anything like it.
And that's before proposed cuts to tax revenue [2]:
> Extending the expiring 2017 Tax Cuts and Jobs Act (TCJA) would decrease federal tax revenue by $4.5 trillion from 2025 through 2034. Long-run GDP would be 1.1 percent higher, offsetting $710 billion, or 16 percent, of the revenue losses.
So this whole "we're just imposing much needed austerity" to justify penny-wise-pound-foolish policies is kind of laughable when the proposed increase to our peacetime defense budget alone wipes out Elon's most recent estimate of DOGE's total savings [3].
Yes. The Republicans are not and never have been united around fiscal conservatism. Eliminate-the-deficit libertarians are one faction within the party but not the dominant one, and Trump doesn't come from it. Same with most right wing parties the world over: the bigger faction is usually one that likes both tax cuts and spending increases. That's why deficits are out of control across the west: between the tax-and-spend left and the don't-tax-but-spend right, the don't-tax-and-don't-spend contingent isn't big enough to outvote the others. Clinton was very unusual in this regard, perhaps a product of the short post-USSR consensus.
Elon is a libertarian and has been allowed to go do some spending cuts around the edges. This gets support from Republican members of Congress partly because the USG turns out to be spending a lot of money on highly partisan Democrat projects, but mostly because it's someone else doing the cutting and not them. Even if they know they should be doing it themselves they don't want the crazies trashing their cars, so if some outsider does it for them that's a deal they'll happily take whilst it lasts.
All that said, it's inevitable that the administration would be blowing through more money than before even with DOGE. It's the nature of debt that it compounds. The level of cuts required to even keep the deficit stable would be huge because interest payments are accelerating, and the cuts DOGE are allowed to make are small (even when they go further than they might technically be allowed).
Right now there's just no mainstream support in US politics for serious austerity. There never is in any country, but sometimes the public can be convinced to agree to some amount if politicians do a good job of communicating the deficit problem. The UK in 2010 is an example of that, where the Conservative/Lib Dem alliance was able to convince the public to vote for spending cuts (albeit not as deep as were actually required... but it tided the UK over until the economy started growing again).
Getting a bit tired of posts like this (no offense), something dumb / nefarious happens like funding is cut for <useful thing>, then someone posts an off the cuff comment or question like, "wasn't this <useful thing> not that useful because <superficial reason>?".
Why do people do this, to down play all the destruction of the last few months? Seems to be some type of coping mechanism.
you like to say word 'bikeshedding', adoption of formal intellectualish sounding terminology even when inappropriate is orange-site affliction I advise against. I am saying this for your own sake... speak truths with POWER
Thank you for the unsolicited defense. Linguistic bikeshedding is tantamount to an ad hominem. It's the mark of someone unable or unwilling to form a rational, valid argument or engage in civil discourse. Let's instead refocus to the HN site guidelines please. :o)
Maybe you don't see how it's bikeshedding. Ah well, let me try to explain.
It's because it's like if someone had forgotten to validate the user's role in an endpoint in a Django app, and someone said that they should have used Rails because it's easier to understand. In reality both are easy enough to understand to be able to do an authorization check, and the framework isn't the issue. So the person suggesting Rails is bikeshedding.
Likewise, if someone made another vulnerability database it would likely have the same issue, and this isn't really the place to solve it. If somehow this does trigger the realization to solve it, then it will be by luck.
We're getting into pedantic arguments, but bikeshedding is when multiple people argue to death about the easy stuff because it's easy, and don't argue at all about the actually hard stuff, because none of them know enough to argue about it. I don't know what your example is, but it's not bikeshedding.
I had argued for a less pedantic take, but I guess by replying to you I'm being pedantic. It seems to me that my example not only is bikeshedding by the definitions I find but also that to me it fits your definition of it. It's easier to talk about what framework you think is best than it is to talk meaningfully about process, which is more relevant place to look to prevent serious bugs, assuming both frameworks are capable. https://en.wiktionary.org/wiki/bikeshedding
Bikeshedding is when people need to make a decision on something, and keep talking and talking about the easy stuff. Your example of someone offering a driveby opinion isn't an instance of a group of people needing to make a decision.
Ah, it wasn't a driveby opinion how I imagined it, and I've experienced stuff like it in the past. It would then go into talking about rails features and libraries that could save the day, and the django counterparts. The decision that needed to be made would be what action to take to prevent a similar issue from occurring in the future.
I'm not saying it doesn't happen, but bikeshedding is when you say "OK guys we need to figure out the architecture of this complicated new service" and then there's a bunch of debate on libraries and frameworks and very little debate on the actual (hard) problem it needs to solve.
NIST maintains the National Vulnerability Database (NVD).. This is a key piece of the nation’s cybersecurity infrastructure. There is a growing backlog of vulnerabilities.. based on.. an increase in software and, therefore, vulnerabilities, as well as a change in interagency support.. We are also looking into longer-term solutions to this challenge, including the establishment of a consortium of industry, government, and other stakeholder organizations that can collaborate on research to improve the NVD.
> Security and vulnerability handling in software is of ever increasing importance. Recent events have adversely affected many project's ability to identify and ensure these issues are addressed in a timely manner. This is extremely worrying.. Until recently many of us were relying not on the CVE project's data but on the NVD data that added that information.
Five years ago (2019), I helped to organize a presentation by the CERT Director from Carnegie Mellon, who covered the CVE backlog and lack of resources, e.g. many reported vulnerabilities never even receive a CVE number. It has since averaged < 100 views per year, even as the queue increased and funding decreased, https://www.youtube.com/watch?v=WmC65VrnBPI
I did find this post to be non-helpful and confusing. It would be helpful to edit it (or write differently in the future) to clarify that the sudden defunding event occurring today is separate and not related to the previous funding cuts. If that's the case.
Is there no connection between 2025 funding cuts and previous ones? e.g. If a year of work after the previous cuts resulted in an open-data collaboration between NVD and commercial vendors to share a subset of CC0 vulnerability metadata, could that industry collective now argue for government to share (with companies) the burden of funding an open, decentralized program for CVE tracking? Commercial vendors could still offer additional metadata and analytics, over and above the public baseline.
> A bipartisan bill that would establish a nonprofit foundation aimed at boosting private-sector partnerships at the National Institute of Standards and Technology was reintroduced in the House and the Senate.. the proposed foundation structure was described as replicating similar nonprofits that support public-private partnerships at other science agencies.. we encourage a strategy that leverages NIST’s leadership and expertise on standards development, voluntary frameworks, public-private sector collaboration, and international harmonization.. NIST’s funding has been in focus following a budget cut of roughly 12% to $1.46 billion in fiscal year 2024.
Edit_2: is there a shortage of database rows, or people to write a shell script? Why not pre-allocate N CVE IDs for every CNA, while a new plan is worked out? At least one random commercial vendor could foresee the shutdown early enough to reserve CVEs.
> Garrity posted on LinkedIn, “Given the current uncertainty surrounding which services at MITRE or within the CVE Program may be affected, VulnCheck has proactively reserved 1,000 CVEs for 2025,” adding that Vulncheck “will continue to provide CVE assignments to the community in the days and weeks ahead.”
> A coalition of longtime, active CVE Board members have spent the past year developing a strategy to transition CVE to a dedicated, non-profit foundation. The new CVE Foundation will focus solely on continuing the mission of delivering high-quality vulnerability identification and maintaining the integrity and availability of CVE data for defenders worldwide. “CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself,” said Kent Landfield, an officer of the Foundation.
> Moving forward, cybersecurity companies will have to “fill the void” .. NVD said in April [2024] that it is “working to establish a consortium to address challenges in the NVD program and develop improved tools and methods.” .. CISA acknowledged the concerns and outrage of the security community and said it is starting an enrichment effort called “Vulnrichment," which will add much of the information described by Garrity to CVEs.
Vulnerability enrichment was mentioned in many talks. However, most organizations seem to handle it internally. There doesn’t appear to be momentum toward a shared or open source solution – at least not yet.
Following your comment's reference leads to a claim of NVD needing 300 to 550 million (?!) per year, but only receiving 4 million in funding. If anyone has pre-2024 data on NVD or MITRE CVE funding, that would be helpful, https://news.ycombinator.com/item?id=43701532
> Since February 2024, the National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD) has encountered delays in processing vulnerabilities.. caused by factors such as software proliferation, budget cuts and changes in support.. NIST, an agency within the United States Commerce Department, saw its budget cut by nearly 12% this year.
Reading that article closely it says nothing about an NVD budget cut, only a NIST one. They were trackijg the changes after NIST's budget was cut, not NVD's. As pointed out below, CISA announced a cut and then NIST more than made up for it by reallocating funds, for an NVD funding increase, even though NIST had their overall budget cut.
One of your references has budget numbers that are two orders (?!) of magnitude higher than the CISA number. Hopefully someone can chime in with granular historical data for NIST NVD and MITRE-via-NIST CVE funding.
I've noticed that there's a post like this in most articles on HN that could be construed as negative for the current administration: some vague false statement followed by either a factually incorrect explanation or some quote that does not support the statement.
Your post has now been edited to be factually correct. But the misleading implication that this abrupt cut is part of some other cuts that started before remains.
The post (currently AND previous to comments being moved here from a different HN thread) links to the official _2024_ (not 2025) statement about NVD cutbacks. Here's a 3000 word article with quotes from Linux Foundation and commercial vendors, around the same time, https://news.ycombinator.com/item?id=43700884
This makes me wonder what other stuff most people don't know exists but is important to our society has quietly disappeared in the last few weeks. We know about this one because we know it's important. What are the things we don't know about?
The cheerleaders don't care. Americans' relative certainty and quality of life is backstopped by institutions they either barely understand or have never heard of. Let them touch the stove, I guess.
https://www.project2025.observer/ lists a few. Of course, those are only the agencies the Trump people know about and explicitly want to destroy, but it's a start.
I think it’s ignorance and arrogance. The US seems to be on a path to lose technological and science leadership. The current leadership doesn’t seem to understand things that aren’t flashy. I wonder when they’ll dial back on food safety. I am sure RFK knows some vitamins that protect against salmonella
important to note: the US's food safety is already really bad. salmonella isn't a thing you have to worry about in first world countries. can't wait to see what plague demon spawns out of a food industry running amok after the FDA gets gutted.
> important to note: the US's food safety is already really bad. salmonella isn't a thing you have to worry about in first world countries.
There were 65,000 cases of salmonellosis in the EU in the most recent data I could find (2022). Thats a lower per capita rate than the US, but definitely not zero.
I agree that it’s not zero, but according to CDC, the US sees about 1.35 million cases per year in a population of about 346 million, which is about 390 cases per 100,000 people. Your figure for the EU over a population of 447 million in 2022 gives 14.5 cases per 100,000 people, or more than a factor of 26 less.
Being 26 times less worried about something translates, at least for most things, for me, to not being worried about it any more.
Salmonella and it causes are very regional in EU. Places like Finland have basically 0 cases of salmonella caused by domestic poultry products per year. If there salmonella is found from any chicken in the flock, the whole flock will be quarantined and generally fully slaughtered (meat & eggs must be pasteurized after the slaughter if they are sold). In 2023 0.1% of the tested flocks had salmonella.
"The vast majority of chicken processed in the United States is not chilled in chlorine and hasn't been for quite a few years," says Dianna Bourassa, an applied poultry microbiologist at Auburn University, "So that's not the issue."
I don't think he's considered a small gov conservative. He increased spending last time and has continued so far this term. His tariffs are one of the biggest expansions in gov interference in modern history. They are also attempting to significantly expand executive power beyond even 9/11 terrorism days.
> I really can't think of a non- nefarious justification for this
Tragedy of the commons - NVD and the CVE project havr been backlogged and facing funding issues for a couple years now, and most security vendors are either cagey about providing vulns in a timely manner (as it can reduce their own comparative advantage), or try upsell their own alternative risk prioritization scores.
Every company will gladly use NVD and CVE data, but no one wants to subsidize it and help a competitor, especially in an industry as competitive as cybersecurity.
Reduce government spending; since it's not actually a government organization (as far as I can tell, I never looked into it before), other organizations can fund it. How much goes into this organization a year anyway? I'm seeing a Mitre corporation that does lots of other stuff too that has a revenue of 2.2 billion a year.
Multi-trillion-dollar companies benefit from and contribute to this system, surely they can spare 0.01% of their revenue to this bit of critical infrastruture?
Yes, you can also run such a system based on donations. But I personally think that such a system is important enough to be paid for by the government. When you run on donations, there will always be conflicts of interest and the risk of running out of funds.
But yeah, Mitre being a private organization that was paid for by the government was a problem.
Yes, I'm sure corporations funding the CVE system would go wonderfully.
"It would be best if we don't see any severe CVEs for our products this quarter, if you want our funding next quarter."
I'll admit this is a bugbear of mine, but I think this is the reason "steelmanning" is counterproductive.
Steelmanning is a neologism that serves no purpose other than in-group signaling. There was already a perfectly acceptable term for the same concept, one with more nuance and a rich history: Charitability.
The major difference is that charitability is about treating your interlocutor with respect. Steelmanning is about using one's own intellect to make your interlocutor's argument better than them. Because charitability is based on a concept of mutual respect, if somebody clearly doesn't respect you one iota, then why would you be charitable? Steelmanning tries to divorce the person from the argument, and is ironically both arrogant and naive.
Threat intelligence firm Flashpoint noted in March 2024 it was aware of 100,000 vulnerabilities with no CVE number and consequently no inclusion in NVD. More worryingly, it said that 330 of these vulnerabilities (with no CVE number) had been exploited in the wild.. Since the start of 2024 there have been a total of 6,171 total CVE IDs with only 3,625 being enriched by NVD. That leaves a gap of 2,546 (42%!) IDs.
Despite all those private companies and various OSS projects being willing to contribute ideas, infrastructure and code, they have somehow failed to coalesce into a decentralized replacement for NVD, built on CC0 data and OSS tooling.
I tried to look over the history and I only see a funding increase, CISA cut $3.7 million at the end of 2023 for the next year and in response NIST reallocated extra funding to NVD: $8.5 million in 2024
A funding shortfall and strain isn't a funding cut. And from what I see there was a funding increase.
> According to NIST, while the National Vulnerability Database (NVD) is processing incoming CVEs at the same rate as before the slowdown in spring and early summer 2024, a 32 percent jump in submissions last year means that the backlog continues to grow.
> CISA had previously been supporting the NIST NVD program with approximately $3.7 million per year in interagency funding, which they have discontinued
2024
> While NIST has since reallocated $8.5 million to NVD for fiscal years 2024 and 2025
Assuming that's spread over both years it wasn't as big of an increase as I said, but is still an increase even inflation adjusted.
> 2025 article claims 30% increase in 2024 workload
Underfunding in the face of more workload isn't itself a funding cut.
> While NIST has since reallocated $8.5 million to NVD for fiscal years 2024 and 2025, this funding remains a fraction of the $300 million to $400 million estimated to be needed annually to fully restore capacity, with an additional $120 million to $150 million required to prevent further system “deterioration.”
Did NVD receive 300MM annual funding pre-2024? That would be a 98% funding cut.
For decades, the US could be counted upon to fund things with little immediate benefit but massive long-term positive externalities. I don't think its likely that the republican party will "go back to normal" post-Trump, so we can all kiss the long-term reputation building that American hegemony relied upon goodbye. Short of a great depression-esque political reset, I do not see things changing for the better.
Reduce spending. Steelmanning (not actually believing this): it probably cost a lot for what is essentially a database, and can be done cheaply by private sector (Google, Microsoft).
It's a dying empire, really nothing else to say. The USA led world order is over, we've voted ourselves out of it, and now need to learn how to deal with that.
Probably the thinking goes that someone in the international community will step in. CVE is in practice a global registry for all, thus "Why should the USA Department of Homeland Security pay for all the freeloaders".
Still shortsighted and stupid, but it's plausible this is intended as leverage to get someone else to pony up.
Why? This administration is not acting in good faith, you don't have to act as if they are. People and institutions doing that is part of how we got here in the first place.
They could attack the non-steelmanned version, but that just opens them up to having their own comments attacked. You quickly get derailed. (It's sometimes called "sealioning".)
They could propose alternatives, but that too is subject to sealioning. Real alternatives are always subject to tradeoffs, and the answer to "how about you do X instead of attacking me?" is always "no".
They could refrain from discussing it, but that just allows the offenses to continue.
So what often happens is that people persist in acting as if this were a sincere discussion, and hope that a majority will recognize the quality of your argument. It's a lousy plan but I don't have much else to suggest.
I still find it wild that so many people are trying to frame these decisions through a political lens. This is the actions of a foreign bad actor dismantling critical institutions from within, not "bad policy".
> I still find it wild that so many people are trying to frame these decisions through a political lens.
Why? The decisions are pretty well politically aligned with the ideology which detests the size and scope of the government (realistically, those aspects which the ideologues feel are not in their interest). What is unexpected is the swiftness and the brutality of action, but revolutions tend to be messy, and make no mistake, this is a revolution.
> This is the actions of a foreign bad actor
Now this sounds like a coping strategy: everything is so preposterous it couldn't possibly be homegrown. Foreign influence and underhanded actions are as old as human interactions, but IMO outright plants can't succeed without a massive economic and power asymmetry between the adversaries.
They are not. Trump is no libertarian or small government guy. The build the wall guy is the opposite of that. Even with stuff like social security he usually at least rhetorically claimed to be for more benifits (as long as it goes to "real Americans") and he is all for increasing police and military spending. And generally spending more on stuff that gives him money. Plus giant tax increases (tarrifs). He doesn't care much if government is dismembered as long as it owns the libs and gets rid of the public corruption prosecutors/others who might stand up to him
Trump's actions towards Putin are highly irrational. Maybe he's being blackmailed, maybe he's being bought, maybe he just has likes Putins style but there is a reason people suspect him despite it being unlikely in the general case.
> He doesn't care much if government is dismembered
This is exactly the process that conservatives take to privatise services into their own friends pockets. Destroy services until they're ineffective and use it as an excuse to privatise it.
There's no such thing as small government, only large sprawling private services that the government hands money to.
lol, coping strategy? I'm not American and have no reason to 'cope' with anything. There is enough evidence to make a strong allegation about Trump being a Russian asset.
The entire world seems to be able to 'cope' with that assessment.
Imagine being eaten alive by a cackling hyena that ambushed you and all the while being like "hmm what is the appropriate steelman here? why do I deserve this? why is this just?"
In reality this would never happen so all these people playing steelman are just detached/insulated.
I just don't see how it is universally so, frankly. As a general guideline sure but some discernment is necessary nothing is gained from steelmanning apartheid or the third reich or torture prisons or or you see my point I hope.
We're way past the point of policy disagreements the relevant question right now is how do you stop them. It's certainly not by reimagining your adversary's actions in the most charitable light.
Exploiting the need to invent a "logical" reason to do something illogical is the exact attack vector that the Gish Gallop uses to fuck over people.
Like you get that right? This administration does not discuss or debate, it shits out lies and laughs as people play make believe high school debate games, and give them infinitely more effort than they did.
There is no such thing as "effectively arguing" against a Gish Gallop, that's it's entire purpose.
You manage the system and not the CVEs themselves. The simplist thing would be a list of numbers that correspond to Google docs. The owner of the Google doc can share it with the needed parties and eventually set it as public.
You truly believe that the CVE database (and others like CWE) are only about assigning serial numbers to random reports, don't you? I see people underestimating and understanding the work of others in matters like this. Is that a trend now?
I saw this same behavior quite a while back. While I'm out of the CVE game these days, it seems that there is a forever rotating new group of people who simply don't and can never see the complexities on the process.
I think it's a testament to the previous stewardship that it appears so simple.
No I don't believe that, but it might as well operate like that. The extra stuff isn't truly needed and was being outsourced to the companies that own the products since it wasn't providing much value. Take a look at Daniel's blog posts about CVEs for curl for what happens when you let them handle it.
Grok becoming an artificial nepobaby running the entire CVE program with zero oversight sounds so fucking funny I don't even care, PLEASE god make this real holy shit I can't breathe at the thought
That's a good idea to raise during the budget time or with some warning ahead of time. But even discussing the cost of CVE program itself is likely a waste of time and money. When trying to deal with 2tn deficit, looking at things that historically got ~$5M is just a distraction. And the lack of it may cost even more given how many existing agreements/contracts rely on cve to be a thing - maybe just in gov lawyers having to rewrite things.
Selling bonds is not the same thing as a family budget being in the red. Either you know this and you're making this argument in bad faith, or you don't and, well...
Listen, I hate the debt, but we have an income problem, not a spending problem. The military looks like a waste, but it does more than build bombs i.e research etc.
The issue we have is that republican every chance they get since the 1970s have cut taxes. And then blamed democrats for causing the deficits. We don't need smaller governments. We need a reasonable tax system that taxes people. It can be progressive like it was before we decided rich people just need it easier than poor people.
Yes, I will pay more taxes sign me up, especially if they can finally fix the roads and fund research. The problem is my taxes as a middle-class person go up and rich people get a tax cut. It's stupid. I like water provided by government utilities, I like planes that don't crash into stuff because there are air traffic controllers. These things used to work because we paid for them. When you buy cheap you get cheap.
Yeah republicans claim to want to run the government like a business, but the first thing a business should do when they have a deficit is raise revenue! And especially in the case of the US government, the the only barriers to doing that are self-imposed.
Military also employs a bunch of people who otherwise would be poor. Also provides a gentrification path for a bunch of previously poor people extending throughout their lives.
I think people VASTLY overestimate the amount of graft in military procurement.
Lockheed only has a $100b market cap. Raytheon has $200b. General Dynamics $74b
The reality is that US defense spending pays American designers and American laborers high prices for their American effort. We pay basically the same prices for ammo and supplies and services as other countries.
When we pay $13 billion for an aircraft carrier, that's just what it costs to build a gigantic boat with nuclear reactors. The French paid $4 billion for their aircraft carrier, and a $12 billion Gerald R. Ford class is over twice as large as the Charles de Gaulle (40k tons vs 100k tons), and much much much more advanced.
Americans love to misunderstand the cost of military things. They will scream about the F35's $1.5 trillion "price tag", ignoring that the estimate is for 50 years of operations and maintenance as well as initial purchase. Actual purchase price is about $90 million a plane, which is reasonable. Which makes sense, since being not stupidly overpriced was a key point of the program. The operational cost is about $40k a flight hour, which is roughly the same as the F-14, another high tech superplane program.
This is an absolute pittance compared to the total budget. And considering the current administration wants a $4T tax cut they are not interested in trimming the deficit at all.
Yep, DOGE is a song and dance distraction. If they were serious about lowering the deficit they wouldn't have laid off ~12K IRS workers (whom show a 7x ROI per head.) They also wouldn't be asking to increase the military budget to $1 trillion per year. Trump has spent 1/3 of his days in office so far golfing; $30 million+ so far paid to Trump properties for the privilege of that. This is the biggest capture in US history and it's all out in the open.
The latest contract[1] (I hope this is the right one) for MITRE's involvement with CVE and CWE programs was USD$29.1m for the period 2024-04-17 to 2025-04-16 with optional extension of expenditure up to USD$57.8m and to an end date of 2026-04-16.
Seemingly MITRE hasn't been advised yet whether the option to extend the contract from 2025-04-16 to 2026-04-16 will be executed. And there doesn't appear to be any other publicly listed approach to market for a replacement contract.
I can't figure out why the hue and cry wasn't raised until the very last minute. Did they not know a month ago that they were running out of time? Is it standard practice for the government not to say they're going to extend the contract until the day beforehand or something?
Right now, yes. You can pretty easily have a scenario where you’re talking to the agency you’re working with and they’re saying “we want to renew this, but we don’t know if they’ll give us the money in the end”.
So you’ll get a bunch of “hopefully this week” up until it expires.
Why would they spend money to replace it? The idea is to weaken and destroy the US and its institutions. Giving Palantir money might mean that security improves, and that goes against their goals. They have already demanded that Russia stop being treated as a cybersecurity threat in other areas of the government, this is a way to ensure that systems are vulnerable to attack.
These sort of government services are always under attack by private organizations. The US Gov doesn't have to give Palantir or whoever a contract, they just cede the ground, give the right people a heads up, and then make the new subscription service a "recommended service provider" as a solid to whichever of Elon's circle gets the nod.
In the UK the some "entrepreneur" was after monetizing access to the Land Registry a couple of years ago. Apparently the free UK Gov service was not fit for purpose it needed a paywall to make it better. Nothing as globally significant as the CVE database, but you can see if the vultures are going after small UK Gov services, something like the CVE database is absolutely a chance to add to the executive bonus pool.
Exactly. The Trump admin is well on its way tanking the USD with tariffs and getting every country (including the penguins) mad at us. The rationalization given by the admin for tariffs (trade imbalance) make zero sense, and they haven't offered anything else.
It’s a reckless move to cut funding so abruptly, but taking a step back from the short-term chaos, it probably is an anomaly that this was government funded. All of private tech relies on it, and private tech is big enough to pay for it. I hope that the trillion dollar babies consider this an opportunity to pool together to form a foundation that funds this, and a bunch of other open source projects run by one random person in Nebraska.
Ah yes the old “well can’t concerned citizens band together, form a committee, collect revenue and fund things that are in the common interest” answer you hear from small government types that makes me think you lot don’t really understand what government actually is.
Considering the large number of government agencies that have sponsored the program, no, I don't think it was an anomaly: https://www.cve.org/About/History
> it probably is an anomaly that this was government funded. All of private tech relies on it, and private tech is big enough to pay for it.
I mean doesn't big tech and the people they give salary money to pay taxes? Ground transportation companies rely on public roads and but we fund it because having the infrastructure is an economic multiplier.
I'm not arguing in favor of funding the CVE program, I just don't think that's a good reason.
Opinions vary on what the purpose of government is, but if you take the view that the government's priorities should be providing services that are impossible, inefficient, or unethical to provide privately, then I don't see the CVE program making the cut, when the tech industry is collectively flush with resources and has every incentive to form an industry consortium to take it over.
> Hearing a bit more on this. Apparently it's up to the CVE board to decide what to do, but for now no new CVEs will be added after tomorrow. the CVE website will still be up.
Basically when any software/library/whatever has a vulnerability, they have to communicate that out themselves, in some format.
If I'm developing a product built on 20 libraries, it won't just be a matter of scanning CVEs for major vulnerabilities any more, so I'm more likely to miss one.
"always update" doesn't always work, when to manage a product you realistically have to version pin.
So, while arguably true, there wont be a single source of truth of new cve's. It doesn't however mean there wont be.
I would imagine the only SANE option would be some kind of git repository where CNA's can collaborate. Probably run some code across to make the website that people can easily access.
This is deliberate. I just want to figure out the avenues of communication and coordination between trump admin and moscow so we can pin them down better.
Is MITRE's CVE program redundant with NIST's National Vulnerability Database? I'm having a hard time telling how the two are related, or if NVD is simply performing the same service as MITRE.
NIST NVE relies on the CVE program. (vulnerabilities get reported, MITRE assigns CVEs and publishes them, NIST then copies that list and adds their own scoring etc to it)
The US has made at least hundreds of billions of dollars from it's tech companies and has had a dominance over global tech for a long time. The tech industry has brought a crazy amount of money and power to the US so it makes sense the US puts extra effort to support it.
The US isn't supporting it out of charity, it's good for US businesses to have someone coordinating this for everyone. Why would we want to rely on other countries to be supporting our tech sector? At least now we are subject to only the capricious whims of our own government, as little comfort as that is right now (if another country was funding it we would be relying on the whims of a foreign government, which isn't ideal when tech is the golden goose of your modern economy).
The CVE program was started over 25 years ago. It is very reputable (until yesterday) and it was very much in the interest of the US to be seen as the stewards of this.
The funding requirements can't be that high and I'm willing to bet that other countries and entities would have happily stepped up if they had the chance.
Up until recently CVE was very centralized and only in the last few years have there been steps in more decentralization with CNAs taking more responsibility, Red Hat as a CNA of last-resort etc.
So, the cost of doing all of this work has already been shifted partially (!) away from the US but I have not seen any movement towards e.g. moving the program to a foundation which could have been done.
Personally I would conclude that it was the responsibility of the US to pay for this because they wanted to and it was in their best interest to control this program.
They have the chance to step up now. Every Comercial company that is supposedly so reliant on this for their very existence has the opportunity today. They can fund it.
What commercial company is going to "fund" this? It's such a strange idea, disconnected from the real world. You may as well say "companies can start doing road maintenance, as they are so reliant on them for their very existence."
And perhaps if there had been more than a days notice, some consortium could be pulled together, but who's going to pay? Why would private companies do this, how do they profit? CVE program was the roads that everybody could drive on.
The basic lack of understanding of how the world works is killing the US. Why do people think we have such a massive GDP? Where do people think that comes from? We've given control of everything in society over to our dumbest and greediest members that have no clue about how anything works.
The EU. They can have all the massive advantages that funding MITRE will give them. Why won't they step up to the plate? It's killing the EU and they have absolutely no idea how anything works. It's why they're a dying empire.
I will bet money that removing the cap from a bottle will be a hate crime in Europe before they start funding a institution like MITRE that actually functions.
I mention this in another comment. The infrastructure for an alternative is already partially in place.
In my opinion it's mostly the industry needing to adapt to a new setup that needs to happen. It was just "easy" to rely on what's already there. A lot of company policies need to be adapted etc.
Because, contrary to popular views, there is no "government of the world".
So, since the US government needed that (it provides security to US businesses), they organised and funded it (as everything else, with US taxpayers money, and savings from investors in US and abroad.)
Now, the US government decided to commit temporary-seppuku, so a number of things will happen:
* state-level government will use their local-taxpayer money to fund similar efforts (with duplication of effort), or share it with everyone
* another country or block of country will do it, and decide whether they want to "share". (I suppose Russia and China have more of an incentive to keep their CVE DB private, given their level of dis-integration with US economy ? EU maybe ?)
* an international, ad-hoc organisation is created to share the funding (something like NATO.) Multi-latteralism is not exactly in fashion this days, but if EU does it, it will be "international" by design since we're not really a federation ; so, states in "Southern Canada" are welcome to join.
* or none of that happens, the CVE db rots for a while, until a sufficiently embarrassing cybersecurity problem occurs, and the CVE db is deemed worthy of the "10% you need to bring back" by President Elon.
Pray your company, families and friends are never on the wrong side of the "reverse-Chersteron's fence".
It's a program the US government spun up to serve America's interests. Why would someone else pay for American interests?
Other countries have their own programs, some cooperating with the US, others separate. China has the CNNVD if you're interested in helping Chinese society safe. My government operates https://advisories.ncsc.nl/advisories to serve my country's interests.
Of course, the US is free to abandon their programme and rely on Chinese, Russian, and European vulnerability databases to keep their country safe. It does save them a couple of million after all!
Because USA was a superpower that can afford it easily. Taking the leadership in everything is quite cheap price to pay when the other end of the bargain is everyone else has to follow you.
Now of course USA is ceasing (voluntarily, by stripping down every international soft power effector in government) to be a superpower, to the great glee of dictators all around the world.
The "we can't afford being great" is a direct admission that USA is no longer a superpower. And is not going to become great again, just another nation again (at whims of China).
The nazis don't think that though, uh I mean conservatives. After they've burned down everything, they expect still to be a superpower somehow. Do they think they can just start a war with everyone who doesn't play ball? It's hard to comprehend what their rational is, if there is one.
Don't worry, that will also end soon. Regimes that require political subservience from universities, like the current US administration, inevitably result in poor research capabilities in the long run.
It's a near certitude that Russia and China each have databases of exploitable software errors and prize zero days.
It was to the advantage of the US and allies to coordinate and lead in tracking and fixing such errors.
Multiple countries, companies, and individuals contributed finding and fixing bugs.
The administrative task of keeping track was one part of a greater picture, a part that came with first to be advised and other perks.
It's not that the US had a responsibility to take on the lead admin task, more that in past times the US saw an advantage to being at the centre of global action.
This is just another part of increasing US isolationism.
Almost every other western country does fund their own databases, CVE was just significant because its the one central source of truth. its like a standard. Instead of having to coordinate with dozens of different registries every time you publish a vulnerability you just communicate with one instead.
Researchers also don't directly talk with MITRE they go through one of the intermediaries that assigns the number.
In public spaces like this, though on the face of it the argument might appear to be with the toddler, it's also about batting down the idiocy and not letting it swamp out basic common sense and reason.
Bluesky has a different tact that also works: block and hide and don't engage. However in forums like HN, where earnestness and questions are so prevalent, leaving these baiting questions and statements unanswered instead leaves them as bastions of the mind rot. Because these toddler-level arguments are being repeated daily through propaganda channels all over the internet, and if they are never answered, the constant swarm of propaganda takes in even more people.
I do sometimes wonder how different HN would be if it had "block". Mind you I think few people are getting their propaganda from here, it's more likely to be downstream of other well-poisoners.
I guess that’s why I don’t get all the knee-jerk “China will step in” comments. Even if they did people wouldn’t have the same trust levels as they did with the former USA.
I’d trust a European version a lot more.
China will be able to fill some voids but ideologically they’re not fit to fill them all.
Who is still stunned by these things? They want you to be stunned; they want you to tell everyone else that you're stunned to spread feelings of terror and powerlessness. If you actually are stunned, you are stunningly ignorant. If you are not and still saying it, perhaps to emphasize your unhappiness, you are a 'useful idiot'. Either way, if you are saying it, you are a useful idiot.
You should have known decades ago: The GOP impeached a President for lying about sex; they fabricated intelligence to invade another country (killing thousands of Americans and 100,000+ Iraqis) - and that was all before 2004. They've voted almost unanimously, multiple times, to bankrupt the country (by refusing to authorize debt for existing obligations). Nobody (i.e., the Dems failed to) stopped them or made them pay a price, so why wouldn't they keep doing those things. (Edit: And if you object because the analysis criticizes one side and therefore you reject it as partisan, that's a big part of the reason nothing was done.)
This time they published Project 2025, telling you what they were going to do.
Project 2025 literally calls for dismantling the DHS. Seems pretty unsurprising that the CVE database wouldn’t be in the list of things they’d care to maintain in that process.
This is a chance for the EU to step up and take over. If the US government won't pay for the CVE program, the EU surely could. Many EU countries already run a program like this to server their own interests, and I believe the EU does as well.
If the US is willing to give up influence and control over the cybersecurity sector, we should accept that gift and use it to our advantage.
The title of this article is simply false. The CVE Program is a separate entity from MITRE and is most definitely not ending. The CVE Program has been acquiring assets from MITRE for years now. That is why the main site shifted from cve.mitre.org to cve.org. MITRE has always simply been the workhorse of the program, and now that is being shifted to others (CVE foundation, which has global representation).
Some companies are already clueless when it comes to CVE management. Probably won’t see the effects immediately but give it a few more years for new generation of vulns to be created/found and we will be back to early 2000s level security.
Open season on American corporations for domestic and foreign hackers.
If program isn’t brought back then CVE database likely to be fragmented amongst the “private” CVE databases.
Sec Corp A has 700 well documented CVEs but Sec Corp B has 702 CVEs in their database since NIST funding pulled. What do corps do? Maybe some of them with massive budgets setup contracts with both to get “full spectrum coverage”. Maybe other non-technical companies that think of IT as strictly a cost will go with the cheapest or forego it all together.
Who knows maybe we get ~~~free labor~~~ open source community to pick up the slack?
This country with the orange man administration is quickly going to shit. Not in a “I dislike {opposing party} way” either. In a “I dislike authoritarian regimes” way.
Including this as a prime example, the overall trend seems to be that we're going back to the bad old days where a kid gets to code the entire security infrastructure because the CEO thinks he's smart and then the bugs are covered up with legal threats (because they were able to mislead the courts), obfuscation, while being easily discoverable by 3rd parties. Another example is the way the bug bounty gimmick is run and most researchers never disclose their findings nor are they patched in any consistent manner, plus the companies threaten to sue you for disclosing even if it's 100 years later.
I see this as the perfect moment to get into consulting - either development, or security. People were not sure what jobs AI will create: "GenAI babysitting" is one of them.
Reminds me of Trump's first term where he said if we stopped testing for Covid, we'd stop catching new cases and case numbers would go down. If you stop testing for vulnerabilities then vulnerabilities go down. Easy stuff.
I didn't realize that CVE was funded by the DHS. Isn't it better for it to be independent and not funded by an intelligence agency?
It's enough of a public good to have a common advisory for vulnerabilities that FAANG should just kick it a few million a year. How much can it possibly cost to run this anyway?
FWIW, I've never understood why this sort of thing wasn't just directly handled by the NSA --- aren't they the group which should be tasked with cybersecurity?
I always suspected that "Department of Homeland Security" would lead to Banana-republic-like shenanigans --- could we defund them?
"National Security" doesn't mean you personally. It's the government only. There's a conflict of interest that immediately arises if a part of the DoD (who owns cyberwarafe, which uses vulns) maintains a public vuln database.
As a newly minted cynic, this seems like a cynical play to save someone's budget.
Step 1: Post discreetly to a forum with minimal information and an absurdly short deadline
Step 2: Phone your friend, the former board member, to make your case on LinkedIn
Step 3: Ring up a friendly journalist and give them a tip
Step 4: Reference the insuing chaos as justification for keeping your project funded
Note that the article carefully avoids pinning the blame on DOGE or the Whitehouse while heavily implying it. MITRE is technically a private entity, albeit a non-profit. And the very last paragraph of the article states:
> A CISA spokesperson told CSO, “CISA is the primary sponsor for the Common Vulnerabilities and Exposure (CVE) program… Although CISA’s contract with the MITRE Corporation will lapse after April 16, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.”
To be clear, the point isn't to say that the CVE program isn't valuable, nor is it to say that it's good for a shenanigan like this to be necessary.
The point is that, unless you're directly involved in this subject (not impacted—involved), it's probably best to maintain a "wait and see" attitude rather than succumb to catastrophizing this news.
Have you seen proof that this is what has been happening? Your explanation is much more convoluted than "DHS cut funding, like the administration has said it is going to do".
I think my post aged quite well, considering the resolution happened a few hours later, no?
Your post was implicitly invoking Occam's razor and so the premise of the question was about deciding which explanation to believe. I rejected that premise because it wasn't necessary to decide between the two explanations—they weren't mutually exclusive.
The only proof I had was that I've seen enough of these events resolve themselves very similarly to the way this one was resolved—which is why I was recommending a "wait and see" approach.
Yes we can’t afford anything new. And that’s why we need to cut back. It’s unfortunate but our children are going to suffer. The debt is unsustainable at this point.
The private sector zero day market collapsed last year with Zerodium - corporate bug bounties, nation states in-housing offensive security operations, and the democratization of knowhow destroyed the Zero Day market.
Important update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.
I guess I'm naive, but given the current situation, wouldn't a smart person resign from DOGE? If I were smart and highly employable, like these guys, I would not want to be associated with all the indiscriminate firings of DOGE.
There are quite a few threads on hackernews that were cautiously optimistic about doge with, frankly, pretty naive libertarian takes about how the government works.
The government is not particular (in the sense of particularism) and cannot be easily tuned to fix particular problems; rather, its best solutions come through institutional procedure and design, such as the tension between the FAA and the NTSB that, at a first glance, would seem like obviously needless duplication and waste.
It is a broad, blunt, wasteful instrument to solve broad, blunt problems in a way that may not be the best but that work far, far better than alternatives that have been tried.
That the effort to treat government like a personal budget has ended up destroying important things is a sad inevitability of such efforts. I hope it goes remembered.
It won't be. Willful ignorance is a cornerstone of the movement. You can't lie about what you don't know. You can't have a bad take if you don't know. Upton Sinclaire said in the 1930's: "It is difficult to get a man to understand something, when his salary depends on his not understanding it." Now add to "salary" "identity", "relationships", "sense of belonging to the group". This is why critical, independent thinking, speaking truth to power, must be separately honored and encouraged by a healthy culture, because these attributes are by default mercilessly punished. (Physical courage and heroism are honored by a healthy culture for similar reasons.)
I mostly agree, although I really disagree with 'speaking truth to power' — I feel like the outsized reverence for this is exactly what got us into this mess. For YEARS, there's been a culture of celebrating opposition for opposition's sake, a performative stance of always positioning oneself against the perceived holders of power, rather than critically evaluating the actual accuracy or value of what's being said.
Democrats are repeatedly pilloried simply because they govern while the Republicans cosplay as a permanent opposition, and therefore became 'the power' to speak against. Governing inherently involves trade-offs, compromises, and complex realities that never match ideological purity. Thus, an atmosphere developed where people who engaged in governance—and therefore took responsibility for difficult, real-world outcomes—became easy targets for criticism that was more interested in the aesthetics of "truth to power" than in providing accurate analyses or constructive solutions.
As a result, "speaking truth to power" became a performance, disconnected from accountability or genuine insight. The loudest critics weren’t necessarily those with the most accurate or useful truths, just those who most visibly positioned themselves as opposing power structures. This reinforced public cynicism and undermined nuanced understanding of governance and policy, further obscuring genuine critique and necessary reforms.
I agree that "speaking truth to power" can, and has been, abused. Treated as an end unto itself it becomes mere contrarianism, and loses the "truth" part of the phrase. I mean it in its original sense: speaking up when it is dangerous for you to speak, particularly when you have evidence of misdeeds by the powerful (the lack of evidence is another pervasive issue with most online speech - mere allegation against those you don't like is enough, it seems, for most people). When the government can disappear its critics and optionally suppress news of the disappearance, then critics deserve praise and honor.
Am I missing something or was this literally announced with less than 24 hours of warning that one of the critical components to the cyber security landscape was disappearing.
What the fuck are you supposed to do about this. This is something that should have had multiple MONTHS of warning in order to allow those who depend on the CVE infrastructure to plan what to do next with their security posture.
Consider this part of the attack on the American infrastructure, economy, and society. Attacks do not abide by laws, official procedures, or come with warnings.
Or 10 people will create that list and nobody will use any of them. The whole point here is that the CVE program had the network effect of being the defacto list of issues but now that's been pissed away.
- What improvement did the NHTSA ever bring to full self driving?
- What improvement in airline safety did the FAA bring?
- What good did FEMA do in any disasters?
I don't want to quip about how their achievements are invisible because they prevented the disasters that would have brought the spotlight on them, even when they were too underfunded to properly do their jobs. But I sure would like to see the people making these smart comments to give it a try and see how that goes. Then again, I have no complaints - at this rate, we'll get that chance soon.
Likening CVE database maintainers to natural disaster response teams and an entire country's medical board is quite the achievement in hyperbole, congratulations.
Anyway, my opinion is that CVEs have a very low signal-noise ratio and vulnerability databases in general should be revamped to try and fix that problem. The current system - I don't claim to know the root cause - is simply horrible. It could be the management, the entry requirements, some loophole perhaps, etc,. I also don't claim that this is the motive behind this move, I am just hoping it gets revamped anyway as a side effect (There's another article on HN floating around that says someone else has picked up the baton - good luck to them). I also don't care for your country's politics which you seem to be eluding to in your final paragraph.
Hyperbole according to whom? Clearly, this forum full of tech professionals seem to disagree with you. And I listed those arguments to show how hollow your own argumentation is - not to draw a parallel. But even with that straw-man, how did you decide that such a database has no serious utility to the governments and private institutions worldwide? And what's even worse is how some people belittle others' work without getting even the basic facts right. You neglected the fact that they were underfunded to begin with. So perhaps what's needed to improve their quality is to increase their funding, not cut it further. That's a trick used by some sleazy politicians to justify de-funding and privatizing useful endeavors like these. I find such excuses to be quite dishonest to begin with.
> how did you decide that such a database has no serious utility to the governments and private institutions worldwide
I did not. I said that the signal noise ratio has to be improved. I explicitly used the word "revamp". I know, hyperbole <= hot head => low reading comprehension.
> So perhaps what's needed to improve their quality is to increase their funding, not cut it further.
Sure, if that is the blocker, funding them more is fine by me.
> I guess this must have been by somebody else who thinks it's OK to shutdown CVE db because it isn't good enough for them.
Yes, shutting it down is completely fine by me, letting some other database take its place. It has a chance to be better.
> Perhaps you should have started with that first before belittling their work. This is exactly what I have been saying all along.
I very much intentionally criticised their work - I think the CVE system (the way it runs today) is garbage. You proposed a solution to this situation involving increased funding. I am fine with that solution. Just like I am fine with the solution "nuking it and starting afresh".
I find it a little incredible people are still talking about "four years".
They tried to reject the election result and do a coup, and were rewarded for it by getting back into power. They are refusing to follow the law or the courts. They are sending people to gulags in foreign countries. All the checks and balances were destroyed last time. The party has been stripped of anyone who would fight the admin or reject this illegality. They have set up a power grab over elections.
There will not be free and fair elections in four years unless they are simply too incompetent to rig it, the rubicon was crossed long ago. Without mass protest that makes it impossible for them to hold power, American democracy is dead.
They have tried to do it, they say they want to do it, they have the ability to do it, they are actively doing it, and no one is stopping them. How are people still acting like in four years they are going to neatly hand over power to be prosecuted for their crimes?
I understand you have elections in two years, don't you ? I don't know if a complete reversal congress is possible.
That would be a good litmus test. "They" have not prevented special elections so far ; if "They" need to prevent the next one, whatever they try will happen then, I suppose ?
I'm British, but I think to expect free and fair election in the US in two years is to stick your head in the sand.
I don't see them preventing elections, but just rejecting or altering results that don't support them: the litmus test is already triggered: the special election in North Carolina has an ongoing court case trying to throw out ballots to allow the Republican to win.
They have also pushed a executive order claiming sweeping powers over elections which they will use as pretext to do this nationally. Blatantly illegal, but they have already shown they are ignoring the courts, so who will hold them to account? Mass civil unrest is the only thing left.
I'm not suggesting anyone give up on the elections: I'm saying prepare for the inevitable attempt to rig them. Voting alone is not enough, people must be ready for mass civil unrest when they throw out votes and claim victory.
Organizing mass protests isn't something you do instead of organizing electoral opposition. Even in countries that haven't had fair elections for a while, people generally still organize opposition and talk about how they're going to vote. The best way to ensure your opponents retain power is to go around telling people it's too late and they've already won.
I'm not saying people should not organise to vote, I'm objecting to the framing of "in four years this will be over" or "in four years we can fight this", if you are waiting for elections to solve this alone, that's a mistake. Elections alone won't be enough. It's not too late to do anything, it is too late for just voting against it to be enough.
I agree that elections alone aren't enough, but the question of whether you expect a chance to reset in 4 years affects a lot of strategic calculations. If you expect Trump will face democratic accountability in 2026 and 2028, it makes sense to focus on things like tariffs that a lot of voters will find mildly uncomfortable. If you don't, any energy you spend on things that don't produce mass mobilization is wasted.
It’s astounding that the users here watched all the horrendous things going on and ignored them. But now the CVE numbers are gone it’s shocking and too far.
Come again? This is Hacker News, a heavily moderated forum with a narrow focus. We don't discuss Israel or El Salvador here (unless it's tech related.)
I would hope the folks that frequent HN would not be so insular as to only read what happens on HN and not read any other news source.
If you’ve somehow missed Trump’s systematic dismantling of academic freedom or his disappearing of folks he doesn’t like, then we have a far bigger problem than the limits of what is discussed on HN.
Please, this place has permeated with Trump rage since before he took office. The only way you could think he was ignored is to not have read any comments.
If there are any Europeans here, I'd love to make my vulnerability database that's accumulated from all linux security trackers and the CVE/NVD open source if I can manage to find some folks who'd help with maintenance.
Currently hosting costs are unclear, but it should be doable if we offer API access for like 5 bucks / month for private and 100 / month for corporate or similar.
Already did a backup of the NVD in the last couple hours, currently backing up the security trackers and OVAL feeds.
Gonna need some sleep now, it's morning again.
My project criteria:
- hosting within the EU
- must have a copyleft license (AGPL)
- must have open source backend and frontend
- dataset size is around 90-148 GB (compressed vs uncompressed)
- ideally an e.V. for managing funds and costs, so it can survive me
- already built my vulnerability scraper in Go, would contribute it under AGPL
- already built all schema parsers, would contribute them also under AGPL
- backend and frontend needs to be built
- would make it prerendered, so that cves can be static HTML files that can be hosted on a CDN
- needs submission/PoC/advisory web forms and database/workflow for it
- data is accumulated into a JSON format (sources are mixed non standard formats for each security tracker. Enterprise distros use odata or oval for the most parts)
If you are interested, write me on linkedin.com/in/cookiengineer or here.
"Fourth, national vulnerability databases like China’s and Russia’s, among others, will largely dry up (Russia more than China)."
"Fourth [sic], hundreds, if not thousands, of National / Regional CERTs around the world, no longer have that source of free vulnerability intelligence."
"Fifth [sic], every company in the world that relied on CVE/NVD for vulnerability intelligence is going to experience swift and sharp pains to their vulnerability management program."
All major powers have at least one each, some few for different parts of bureaucracy. Most of them are probably minimum budget operations just rsync-ing US CVD but they exist.
I don't think the EU has any interest in this. They've been aware of the risk of relying on the US for software security for years, but AFAIK there have been no efforts to do anything about it. Maybe the current situation will kick some butts into gear ...
Off topic: your username is very appropriate given the situation.
>They've been aware of the risk of relying on the US for software security for years, but AFAIK there have been no efforts to do anything about it.
Indeed. Just as Germany knew their economy is vulnerable to Russian gas and did nothing about it, even after the 2014 invasion of Crimea. Just as the west knew moving their entire manufacturing sector to one country would make them vulnerable, but choose to ignore it because it was too profitable.
I never EVER saw politicians act proactively for the good of the nation or the people, all they do is act reactively after the shit hits the fan to control public opinion and blame someone else to make sure they get re-elected, that's it.
Once you realize our rulers aren't competent at their jobs or acting in the peoples' best interest, it all makes sense. They're in it for the grift and to enrich their monopolistic friends in the private sector, to make sure line goes up in the next quarter, that's it.
Yes, I know there are good politicians out there who care and fight for their local communities, but they never make it to rule at national or international stage and actually change the rotten system because the status quo doesn't allow that.
Politicians react to the public when it stands up. Otherwise it will follow other agenda's.
That is why it is critical to have an informed public. When journalism has to compete with corporate owned Fake News and Entertainment, journalism dies, and democracy will follow. Then, add the spy business of Big Tech in the mix, with algorithmic silo's. The people don't even realize they are locked up in a jar, where they live on a diet of cultural engineering.
Now, pause a moment and think about what happens when you add AI-models to the mix. Your daughter, your neighbor will be totally brain-wrecked.
>When journalism has to compete with corporate owned Fake News and Entertainment, journalism dies, and democracy will follow.
Which journalism are you referring to? The one owned by Rupert Murdoch? The Washington Post owned by Jeff Bezos? MSNBC? CNN? Are they better just because they're owned by different billionaires and interest groups?
I got news for you, the journalism you knew died a long time ago.
American independent journalism seems to be dying (unfortunately) but I think in Europe there are several large news organizations reporting on things that matter in a relatively independent fashion, at least a lot more independent than what we see happening in the US (I'm thinking of e.g. The Guardian, Le Monde, I could also name a couple of Dutch news sources, but they would mean nothing to 95% of the readers here).
That is not news to me (see my post history). The information landscape in America is segmented, and works to keep the Big Picture out the frame. To quote myself:
- No real journalism, instead, career in media house depend on commercial ownership. Narratives tailored to segment, but no deep and critical analysis.
- "Let us talk about the tariffs today, they make zero economic sense"
- "I think what he meant is..."
- "Of course this is not entirely correct, but..."
- "President Trump has said.."
- "Rubio did a press conference today"
- Only drama, never the Big Picture.
- Elections? According to the press, those are just
- The latest polls!
- Repeat marketing from spin doctors at affiliated media houses
- "Debate" = Reality TV, scores are given on wit and emotional play
As an English speaker, you have one option and that is to read The Guardian.
Perfect exmple of the "one-deep" conservative response.
PP is looking for a pattern, finding, and abstaining from questioning or contextualizing it:
Engaging only with the first or most obvious layer of an issue—never going deeper into context, nuance, or systemic causes.
The quickest counterexample that comes to mind is Elizabeth Warren's Consumer Financial Protection Bureau. It has returned billions to American citizens.
I'm gonna have to stop engaging with you here if you start a comment by accusing someone to be a conservative.
If your first reaction is putting people into political/ideological camps in order to make their arguments weaker and easier to attack form a holier than though political/ideological angle, it's game over for me as I like to judge actions objectively based on the outcomes, not conservative vs democrat, left vs right, etc. since corruption and incompetence is colorblind.
I don't care which side of the political isle did what, I'm pointing at the systemic failures of the entire system built like a house of cards by all political parties, which collapsed as no thought was put into building it, and only chased short term profits at the expense of long term security. Trying to finger point a single political side only detracts from the issue which is the classic "divide and conquer" tactic politicians have been using to deflect blame and get away with it.
It is damningly simple, the root cause beneath far too many issues our advanced civilization faces: we have a global adult immaturity issue, species wide. The leaders that are crony capitalist and widely populist are in truth terribly immature public figures. Our incredibly short sighted (also an immature behavior) news and analyst media pretends to be adult while never really having any solutions that are not plain school yard bullying and tribe glorifying. And the public is only allowed outsider fringe opportunities to include their voice in these public non-debates. We do not produce adults anymore, we produce a civilization of Lindsay Lohans that think they are adult men and women.
If capitalism is allowed to operate without regulation, it corrodes.
If government is allowed to operate without regulation, it corrodes.
The pattern is clear. Unchecked power imbalances are bad for everyone, but the folks at the top of a power imbalance generally advocate for it, and change the environment to ensure their power and reduce everyone else.
What is that aspect of humanity that causes unchecked power to imbalance anyone and everyone? I'm saying it is unchecked immaturity. Recognition is step one. If the species identifies en mass there is an unchecked immaturity issue in adults, a huge amount of it will evaporate, and people will be given an excuse to start calling other adults on their immaturity. Harsh, but necessary as the immature are actively justifying destroying people all over the place.
Let's say you're right and people's immaturity immaturity is the issue.
The problem is, if you try to check people's immaturity and call it out, you get labeled a bigot, a fascist, or a $fobe.
So people's immaturity is a consequence of the modern toxic positivity and cancel culture the west has bred where you aren't allowed to say anything that might hurt someone's feelings, so people grow up in a bubble of fakeness that's detached from real world issues.
You're pointing out the end effect but not the cause that has led to that.
I'm trying to create a recognition of immaturity as an adult problem issue, and if that recognition takes place then society will generally recognize the issue, and that becomes internalized as an issue people understand.
The goal is not to call people out, the goal is recognition as a real, active issue at the root of a lot of public figure behavior. Those behaviors need to be called out, and those public figures shamed for their immature behaviors and immature opinions - which non-public figures then mimic in ordinary life. Which is an immaturity that I do not expect to be called out, which sound like you're focusing.
Beneath the immature world view and attitude is self deception, a far harder issue to call out. That self deception is caused by religious claims of answers to unanswerable questions. To accept an unanswerable question's "answer" from another is a self deception, driven by anxiety and fear. Life has uncomfortable unanswerable questions, and facing those unanswerable questions is a critical part of becoming mature - there are no answers to these questions about what happens or if there is an afterlife. By supplying answers to these critically unanswerable questions, religions create immature individuals that are in fact trapped within the cult of that religion's reasoning, which tends to be terribly immature in far too many logical manners. Then you get morons.
>I'm trying to create a recognition of immaturity as an adult problem issue
Adults don't just spawn into the world like characters in a video game. They're raised and educated into adulthood by the previous generation parents and political regimes. So if you want to point the finger for the issue with current generation, point it at those who raised and cared for them, as it was their job.
>and if that recognition takes place then society will generally recognize the issue, and that becomes internalized as an issue people understand.
The issue with your logic is that you assume society can recognize issues and acts rational to issues, when in fact it does not.
Society selectively chooses what it recognizes as issues, based on emotional manipulation and tribal behavior.
It is also the job of an individual. Immaturity is a choice. A choice to be adult or not to be an adult, and to pretend one is an adult when they are not is also immature. It's a vicious cycle each individual is in full control, despite their awareness of it.
Ah yes, great strategy. After they've been fucked over by a generation of bad parenting, bad governing, bad education and bad economics, go and tell them it's their fault and how they should pull themselves up by their bootstraps.
What could go wrong? I'm sure they'll vote rationally and responsibly and not in a vindictive way to watch the system burn to the ground. /s
“A society grows great when old men plant trees in whose shade they shall never sit.” — Greek Proverb
What our society did instead was cut down the tree to save money on upkeep and increase the value of their property. Sorry, but you reap what you sow.
Of course children will react with emotion, which is why the only alternative is to treat them as an adult. Point out they can end the cycles they were born into by identification and effort. There is no other way, it cannot be done for them.
Germany had with under the best deal for gas possible with Russia, I don’t understand the sentiment calling it a vulnerability. There is still a working pipeline available and Russia stated clearly if would continue delivering gas, if Germany wants to.
Except what Russia states and what Russia does are only aligned when it serves Russia. Russia stopped delivering gas through NordStream 1. After that, Germany took note of the danger and decided it would do better without that dependency.
> Germany took note of the danger and decided it would do better without that dependency.
So they just swapped dependencies. And it's not that the new dependency will have no strings attached.
Diversifying while keeping russian energy in the loop, as part of a risk-management strategy, would make more sense. Completely cutting off russian energy just gives more bargaining power to their new energy provider.
If we put half the effort into shoring up our institutions and reinforcing our shared norms and cooperative values as we are into "de-risking" everything, right now, and all at once, we'd all be in a much better place. Overnight we all just accepted that this new transactional, mercantile, hostile mentality was the way of things and the only way it can be. This is a self-fulfilling fatalistic prophecy and is going to move us backwards into a much worse, less prosperous world, empowering the bullies and the tyrants even more.
Greed got us here. There's a rules based world possible where Russia sells gas to Germany. Russia did not transform from an free and democratic society with respect for human rights and the international community into an authoritarian dictatorship overnight; we turned a blind eye to this when it suited our short term economic needs and that is how we allow ourselves to sleepwalk into the situation we are now. Had we held first to our principles we'd have either had the impact the neoliberal trade focused policies were supposed to eventually deliver or at the very least not ended up with dependencies that gave such governments leverage and eventually blow up in our faces. Had we instead put human rights first and foremost we would not have created and empowered these monsters.
Same thing with Trump's reelection in the US. By all rights in a functioning democracy Trump should be sitting in jail right now along with the January 6th insurrectionists. The Biden administration had 4 years to prosecute, but felt it was not politically expedient to do so. Likewise what is left of the GOP within the republican caucus right now faces a similar choice between short term benefits and upholding the principles which nearly everyone in congress and even the Trump administration has previously claimed they would uphold.
> There is still a working pipeline available and Russia stated clearly if would continue delivering gas, if Germany wants to.
You conveniently leave out that minor detail that it was RUSSIA who stopped the gas.
Germany tried hard to keep it going, even making a sanction-exemption or a Siemens turbine repaired in Canada, which according to Russia was needed. Only that when they were to receive it nothing happened, gas stopped anyway.
Nordstream 1 which had if I recall correctly one working turbine left and went into inspection during which an oil spill was noticed and the restart of the service was postponed. Shortly after Nordstream 1 Pipeline A + B and Nordstream 2 Pipeline A was been blown up.
It’s up to debate if the oil spill which was uncovered during the inspection which postponed the gas delivery was a political move.
The turbine, which underlies sanctions, should have been still in transit during that time and even if delivered useless.
There is still Nordstream 2 Pipeline B intact available to deliver gas and it uses Russian made turbines compared to Nordstream 1.
The whole discussion is very special to say the least if you leave out that some adversary blow up the infrastructure.
I'm German, I followed those developments closely at the time. Russia refused to deliver gas! The blowing up of the pipes happened quite some time after that!
That shows that Russia prepared for using gas as an economic weapon against Germany especially well before they even started the war.
From the Zeit article:
German
> "Die Gasflüsse über die deutschen Grenzen sind unüblich niedrig für diese Jahreszeit - mit Ausnahme von Nord Stream 1, die sind konstant hoch", sagt Fabian Huneke. Es sei verwunderlich, dass vor dem Hintergrund der hohen Preise und der hohen Nachfrage die Gaslieferkapazitäten Richtung Europa so wenig genutzt würden. "Wenn Gazprom sich marktrational verhalten würde, würden sie die Gaslieferungen nach Europa auch durch die Pipelines, die durch Belarus und die Ukraine führen, verstärken." Den Grund für dieses Verhalten sieht der Energiemarktexperte in der Ukraine-Krise.
English, translated by Google
> "The gas flows across the German borders are unusually low for this time of year - with the exception of Nord Stream 1, which are consistently high," says Fabian Huneke. It is surprising that, given the high prices and high demand, the gas delivery capacities to Europe are so little used. "If Gazprom behaved in a market-rational manner, they would also increase gas supplies to Europe through the pipelines that run through Belarus and Ukraine." The energy market expert sees the reason for this behavior in the Ukraine crisis.
The transport of the turbine was accompanied by sanctions and each party didn’t wanted to get punished, awaiting exemption documents for delivery. As the article already states in the headline and further acknowledges in the content Russia was not refusing to get their turbine back but waiting for documents themselves which the article beautifully conceals with the little word ‘apparently’.
The unusual low gas storage reserves at the beginning of the year 2022 in Germany with 45% compared to usual 75% while Nordstream 1 is delivering at full capacity could be related to the sanctions which lead Poland to stop transit through the Jamal pipeline and other transit routes through Ukraine and possibly gas market trade activities. Having just the ‘economic weapon’ argument is lacking, especially in regard that Russian gas is still to today reaching Germany and it is in the interest of Russia to deliver.
Tangentially... how did the German name of the city/region get into _that_ form? Is it a loan from English?? Germany and Russia have been closely entwined for centuries.
Wikipedia has a comment which appears to make no sense:
> The [old] form Moskovĭ has left traces in other languages, including English: Moscow; German: Moskau; French: Moscou; Portuguese: Moscou, Moscovo; and Spanish: Moscú.
But all of the older forms include a /v/. How did that drop out of every language except Portuguese?
(There is an English term Muscovy for the region, but wiktionary suggests that it derives from the formal name given to the region in international Latin rather than deriving from Russian. In that case, a /w/ would also generate a letter V, so there's no explanatory power.)
U, v and w are all derived from the same letter v, for which no distinction existed in latin (same for i, j and y).
Apparently, when different languages started to make the distinction, they picked a different letter combination: ov, ou, ow, au, ú, etc. probably depending on the local way of pronouncing the word.
Same for latin ivvenis, modernized to juvenis, which gave young, jeune, jung, joven, etc.
The letters "U", "V", and "W" are all derived from the same letter, the Latin "V". The sounds /u/, /v/, and /w/ are different.
We're talking about a period many centuries after Latin phonology might have been relevant. The word doesn't come from Latin. Old English has no confusion between [v] and [w] to begin with; [w] is part of the phoneme /w/ and [v] is part of the phoneme /f/. In Middle English there's a distinction between /f/ and /v/, where we see French-derived words like village and vine distinguished from English-derived words like fill and fire, and from French-derived words like fine.
So what happened?
> Same for latin ivvenis, modernized to juvenis, which gave young, jeune, jung, joven, etc.
Please don't just invent things that sound good to you. Young and (German, I assume) jung don't come from Latin either.
> U, v and w are all derived from the same letter v, for which no distinction existed in latin (same for i, j and y).
Again, please don't just make up random non-facts. Latin has no letter J. It does recognize Y, as the Greek letter upsilon, which it distinguishes from all Latin vowels. The fact that Romance languages name "Y" the "Greek I" should have been a hint of this. You can hardly read any Latin that mentions Greeks without running into it; compare Pyramus, Thucydides.
Except that Russia did not deliver (not any meaningful amount anyways), when the pipelines were still intact. And yes, they pretended to be willing, firing off a series of excuses sufficiently transparent to make it clear between the lines that it's a demonstration of power. Get your history straight: "Russia stated clearly if would continue" has between zero and negative value.
>I don’t understand the sentiment calling it a vulnerability
- You're Germany.
- You join NATO for protection from Russia, an actor with a long history of military aggression[1]
- Your export economy is based on manufacturing.
- The energy driving your manufacturing sector is ~60% cheap gas from Russia, your military aggressive partner.
- Russia invades Georgia in 2008 and Ukraine in 2014 to no ones surprise
- Leaders of USA and Eastern Europe warn you of Russia's influence on your economy
- You ignore all this and build another gas pipeline from Russia
- You are surprised Russia invades Ukraine(again) and gas sanctions cripple your manufacturing economy
MFW German leaders and HN commenters see no vulnerability in this.
Someone please stop the planet, I wish to get off, my sanity can't handle this level of stupidity anymore.
> Someone please stop the planet, I wish to get off, my sanity can't handle this level of stupidity anymore.
News from an American here, on an antidepressant and deathly fat from stress eating:
I’m worried about the eventual welfare of those protesting. I’m hearing that people of color are being told by their pastor to stay home rather than protest so as not to risk being used as scapegoats.
My family and friends are divided and still dividing over politics. I recently was crazily ranted to by big-personality entrepreneur immigrant that told me his story of how easy it was to come to the states, rags-to-riches, and how they were supporter of the administration because “they don’t want to pay taxes for illegals”. Part of the half of the U.S. that supports the administration isn’t just brainwashed, but has a very strong, angry, and desperate look, and the other part says “just wait four years and it will be over”, but it won’t; before the election, this party used gerrymandering and legal action to ensure that election, then post-election replaced election officials and many government officials.
The DOE is claiming anti-semitism and the need to have viewpoint diversity to deny funding to schools that are known for their open viewpoints.
And yet somehow I’m still surprised when they kill the CVE program.
It’s an ever-escalating circus of chaos, because our administration thinks this was needed to ensure U.S. interests, because those vulnerable in the U.S. were manipulated by outside actors and internal power-hungry politicians and zealots, and all is spun to just feed into the chaotic nationalism that is trying to one-up every other dictator that has ever lived.
To top all of this off, AI, which I use daily, will take my job before I retire, and I have no backup plan.
Despite all of this, I have the will to live, to support those whom I love (even the crazy ones), and to try to make the world better. I continue to pray for direction on all of this.
oh but you forgot the mandatory time before they even start considering the tender.
looking at average speed of bureaucracy in EU it will take roughly a year to set date for a meeting that will set the date for actual meeting which will decide if this will go forward or not....
(if you think i'm joking - i'm basing this on proposed EU initiative for nuclear power which started with setting a date of meeting to setup a meeting to draft an agenda)
I know that they are a 501(c)3, but they have significant revenue and intellectual property, so in order to do the lift and shift, there would need to be some money changing hands to accomplish it. Not only that, but being owned by the EU gives the ability for MITRE employees to have the option to immigrate to the EU to protect against any retaliation.
I cannot believe I am typing that second sentence, but here we are.
> Not only that, but being owned by the EU gives the ability for MITRE employees to have the option to immigrate to the EU to protect against any retaliation.
According to which rule would "owning by the EU" result in an option to immigrate? Immigration is handled on a per country basis. I don't see how the EU provide such an option.
The EU has agreed upon programs in order to bring in, through an immigration policy, high skilled persons from non-member states. More importantly, working within the member nations, as to which member nation would want MITRE to be located within their borders, is not something that is a hard sell given that it has economic advantages for whichever state(s) onboard MITRE.
> The EU has agreed upon programs in order to bring in, through an immigration policy, high skilled persons from non-member states.
Where in this is the option that the EU provides an option to immigrate because the EU owns something?
I'm very well aware of knowledge workers. It's not something the EU can provide as an option. What you linked to is the legal framework around how EU members can provide such a thing.
That still leaves decisions on who to admit to states. As far as I can see its main effect is to allow people admitted to one country as highly skilled to travel to (not live in) other countries?
I think all the big companies that owe their ongoing business should band together and fund it. No way an organization like this should rely on just one sponsor.
Non-profit means (in this case) payed by somebody who does not have anything to say about the transaction. It would be better to pay for it so that people who are interested in this subject have a say.
This would be hilarious. That would be a good thumb in the eye to the current administration who complained long and loud about how Obama let ICANN leave US possession. Just imagine the campaign commercials in 2026,
>The POTUS transferred our cyber defenses to the EU
Well, that's kind of the point? The current administration doesn't care about cyber defense, any less than it cares about protecting the environment, protecting consumers, having top-notch universities and research, foreign aid etc. etc. Actually, it takes pride in not caring about all of these things.
My guess is that they feel they are supplying something the whole world is benefiting from, and they believe that unfair.
That ignores the fact that the US benefits immensely from this, and that they benefit domestically from providing that benefit more widely by getting a lot of free contributions from the outside. But the US foots the bill of those who do get payed, so its unfair...
Its a bit like when you are a two-bit loser but have a private island where you can do whatever you like, and invite every celebrity you can find over to party every weekend, then start complaining that they haven't paid any of the island running costs and that they are all spongers because you are the main attraction of the island parties.
I find your analogy to be poor: is someone owning a private island and familiar with lots of celebrities a loser? I'd very much like to be such a "loser".
Another analogy: my friends and I often eat at the restaurant I own, and occasionally, I pick the tab. I complained angrily about it, and now they want to try out other restaurants or dine at home.
And at the best restaurants! And I get to choose the restaurant! And choose when we eat! And pick the appetizers, drinks, entrees, and desert!
So instead I will allow myself to be robbed and we'll all share the cost of a low-key restuarant. Or maybe let's charge each other to eat together, yeah!
> The current administration doesn't care about cyber defense, any less than it cares about protecting the environment
On the contrary, I would argue that they deeply care about the environment. The REAL point of all those tit-for-tat tariffs with China including with small mail/packages are to drastically cut cargo/shipping emissions. The threatening of annexation of Canada? That was really to get ~70% reduction in air passenger traffic BECAUSE they care about the environment. Same with creating a few high profile border horror story incidents against nationals from allied countries. The real point of it? Reduce transoceanic air passenger loads and save the environment. /s
Yes, maybe reach out to Michiel Leenaars from the NLNet foundation. But IIRC NLNet mostly funds shorter development tracks, not ongoing upkeep/maintenance.
The main costs definitely not hosting and can be quite significant. MITRE had $2.37B revenue in 2023, most if it contributions. I don't know how much of it can be attributed to the CVE, but I assume it's not an insignificant part of it: https://projects.propublica.org/nonprofits/organizations/422...
I agree with you there. Before CISA got sacked / taken down, they were working together with the BSI and other CERT agencies on a vulnerability exchange format.
This might be the optimum time to implement CSAF and to lead by example when it comes to vulnerability disclosures.
We should host it and collect membership fee from people who need this data. This way we can make it resilient against lack of government support. I would love to pay 5-10EUR/month to use such a service.
I would email someone like Patch My PC they seem good stewards of stuff open source from my vague looking and they are good people. They may just host a clone of it that's open.
(Spain, doing storage and web hosting)
What usually worries me the most is the administrative or management part, which I don't know how big would be for this project...
The European, GDPR compliant subnet of the Internet Computer could suit your needs. The app would be decentralized out of the box and it can't be shut down by a single entity like a traditional cloud provider or nation state. Hosting 100GB costs about 500$ per year [0]. This is not a traditional hosting provider, it's a decentralized cloud. Reach out on the forum [1] or to me if this sounds like a good fit to you (I think it does, from your list of requirements).
As mentioned in the response to the sibling, I am not just talking about hosting the data, but also running the app. Ofc, with a lot of traffic the running costs would increase.
The reason for the higher price is that both data and running software is redundant and decentralized by design - no need to configure anything.
Seems way overkill & unnecessary. Wouldn't the e.V. (foundation) especially with FOSS backend/frontend already ensure continued operation? Also if it's about redudancy/resilience it seems like good ol' torrent/ipfs or even a dedicated dht (if you really want to have fast updated content) would be much more efficient.
That phrase does not address where and how to host data and run software, and while I think an e.V. would be a great idea, it also does doesn't address it. So these concerns seem orthogonal to my input.
The IC Protocol is indeed about redundancy and resilience, but also about sovereignty and security, and it does not just host data (like torrents) but also runs software in a verifiable way (in particular, for every message you get from a dapp on the ICP, you get a certificate that proves that the majority of nodes in the subnet agree on the result).
In a nutshell, it's a platform that gives you many guarantees (security, redundancy, sovereignty) out of the box - as opposed to classical solutions which have to be composed of many different building blocks that need to be orchestrated to work together.
> runs software in a verifiable way (in particular, for every message you get from a dapp on the ICP, you get a certificate that proves that the majority of nodes in the subnet agree on the result).
There is no need for this though, by it's very nature CVE services are "authorities", that distribute fairly simple data. Also if it costs 500$ to keep it online it's not really giving you much more resilience than regular multi-node hosting and significantly less than torrenting which is effectively free for many volunteers.
No, more seriously, just like with shutting down NOAA services, it seems the goal is to:
1. cut services (we saved taxpayer money!!)
2. at some point later: oh, we actually need those services
3. pay <insert your favorite vendor here, preferably one connected to Musk> to provide the service (see! we don't need to pay gov employees!!) (fine print: the vendor costs 2-3x the original cost). But by then no one is looking at the spending numbers anymore.
And here lies the problem. Even from a libertarian perspective DOGE is counterproductive because maintaining a system is much more cost effective than starting it anew.
Especially when you cut something recklessly, figure out in month that you need back that capability right now and have very little leverage to negotiate with private providers.
When you look at the last cutting effort in the Clinton administration the difference in jarring.
Combine that with the fact that with a few exceptions DOGE has been cutting the most cost effective programs (i can’t think of a better bang for buck science program than NOAA) it’s saved very little vs the amount of pain it has caused.
It's more likely to boost the zero day black market. I don't know if I want to attribute this to idiocy (indiscriminate cost cutting), greed (contracts for their crony pals) or malice (hoarding and trading 0 days).
The trick is that there's more than one person involved in making these things happen. In this way, greed, malice, and idiocy can work hand in hand. Such is entropy.
It seems phrasing it in the form of a joke was too much.
I was trying to convey (with levity/humor) WHY it should continue to be funded as well as the argument that should be made to the one currently in control of the spineless US Congress.
Yes, fixing the vulnerabilities is important. However what the government probably does gain from it is an inside advantage in the lead time for vulnerabilities to protect against, as well as to exploit on adversaries.
For those reading, a fair few of my recent posts were downvoted after this comment, and it was initially flagged.
If I violated some rule so be it, and I could care less about internet points, but it certainly feels like suppression of individuals based on individual posts which is a behaviour that could end up being the death of hn.
Apart from the few maniacs On Here who seek out the unregulated intentionally. Raw milk (all those tasty diseases). "Research chemicals" (don't hear so much about that lately, but there were whole microdosing fads).
That said, I’m for people being idiots. I’m just done paying for it. If you’re chugging raw milk during a bird flu epidemic and your family gets sick because of it, basic insurance and the public should only pick up the cost after you’ve declared bankruptcy.
Similarly I wish I could enact carveouts so I wasn't supporting peoples health problems related to commenting way too much on the internet, hackernews in particular.
Milk is my main drink. I don't drink beer or wine, it's mostly just plain milk for me. And while there is a substantial taste difference based on the % of fat, I have never seen a difference in taste between pasteurised and non-pasteurised. I actually bought a bottle of raw milk from a farmer just to try it. No negative effects, but it just tasted insipid compared to 5.4% fat milk I can get at the supermarket.
People who claim a taste difference between raw and pasteurised, I'd very much like to see someone taste the difference on the same cow's milk blind, before and after pasteurisation. I just don't think it affects the taste much, and certainly not as much as fat %.
And for people who claim health benefits, I would like to see a double blind study demonstrating those benefits.
I think the main difference is fresh. When I was in high school I stayed with a dairy farmer who brought in a jug of milk from the tank for breakfast after milking the cows. After that I can't drink regular milk.
Pasteurization does affect taste though. Around me there are two different dairies, one does regular pasteurization and one does vat pasteurization and I can tell the difference. There is ultra pasteurization which is just gross. I've never put unpasteurized head to head against equally fresh pasteurized though, and given what I now know I'm not going to.
I love ultra pasteurization. I'm lactose intolerant so I have to drink "lactose free"[1] milk and in Canada such milk is often UHT pasteurized since it has to stay on the store shelf longer (lower inventory turnover). It's amazing that we can, non-chemically, disinfect a dairy product in such a way that it will stay good for months even without refrigeration.
In Mexico I suspect that almost all milk is ultra pasteurized since it's not refrigerated in stores and has wicked-long expiration dates. It's also some of the best-tasting milk I've had so I think that flavour has more to do with some of the other milk processes (like skimming) and the livelihood of the cows rather than with how it's pasteurized.
[1] In practice this is just milk with the lactase enzyme added at some point during production.
I have no doubt that milk that is 15 minutes old tastes great. My question is if that jug of milk was divided in two and one half was pasteurised, would people be able to tell the difference? You're saying yes, I'm saying I'd like to see blind tests of people tasting both.
IF you read close you will see that I didn't say yes. I said that I don't know and am not willing to be part of such a blind test. I will state clearly that all the unpasteurized milk I had was less than an hour old and tasted great, while all the pasteurized milk was unknown age but likely at least a day old and tasted worse. Is it fresh or pasteurization that makes a difference is not something I know.
What the cows eat matters for how milk tastes too. Cows can get sick. Udders can get infections. Milking processes (machinery) and its ease of cleaning can vary. Bacteria is everywhere. Pasteurization is a cheap, effective and has no real drawbacks. This whole raw milk thing is just silly and has become political for some silly reason.
You may be onto something about the different cows. This was while I lived in France temporarily. I had no idea that I was drinking raw milk. I was commenting how delicious it was and a coworker said "oh is that the stuff you have to boil". Me "wut". It was much better than the supermarket milk I could get.
The confounding factor is milk fat. In my experience higher fat milk just tastes better regardless of any other factor and milk straight from the cow will have up to 5% milk fat compared to 3.25% for "whole" milk. Try drinking a shot glass of 10% cream sometime, it's amazing.
And we enjoyed our milkborne tuberculosis, typhoid, scarlet fever, diphtheria, and septic sore throat thoroughly, too. The risks actually doubled the joys. Why does a supposedly enlightened society step all over my right to choose which eliminated diseases to bring back?
Sickness caused by bacteria doesn't happen as soon as one bad bacteria (bacterium?) enters your body, a certain critical mass is usually required. This is very similar to the concept of "viral load" where a certain amount of viral genetic material needs to be exchanged before the viral infection can take hold.
The "beneficial bacteria" on your skin and in your gut make it harder for bad bacteria to take root in many different ways, one of them simply being they provide competition, "crowding out the bad guys".
Another way is that many, many, many types of antibiotics were originally discovered as metabolites produced by bacteria and fungi (examples include penicillin, streptomycin, chloramphenicol, and tetracycline).
And for completeness sake, milk kefir contains many Lactobacillus species that are also a natural part of the mammal microbiome (which makes sense when you think about it; Lactobacillus are named for consuming lactose, an ingredient of mammal milk).
> Raw milk is delicious, my ancestors have been drinking it for millennia.
Before refrigeration most milk was made into butter, cheese and other products. Unless your ancestors actually herded the animals themselves they probably didn’t drink much raw milk.
The problem with discussing politics is that it gives you the kicks. Its very easy to get into a feedback loop and take things quite far off civility. I am also guilty of it, many times.
IMHO there needs to be a mechanism for breaking the loop and then we can have civil online political discussions. Unfortunately most places just ban it or ban those who got into the loop, either way its ugly.
IRL when discussing politics and things don't go badly its thanks to 3rd party who will moderate or calm down the heated debaters.
No thank you. I am absolutely uninterested in civil discussions with people who literally want to kill me and deport my good friends to guantanamo bay cuba. When you accept nazism you throw the concept of civil discourse out the window.
Having civil discussions with people who disagree isn't about politeness or acquiescence. Having political discussions per the same rules we use for technical debates, like steel manning, allows information to actually flow both ways. I'm up to four people now that I changed parties between 2020 and 2024. That doesn't seem like a lot, but if everyone was doing it it would make a difference. It took time. I had to non judgementally listen to their concerns and intuit the fears underneath. They were reasonable intelligent people operating off of propaganda mostly. The emotional hook had been set and used draw them further and further into false narratives that fed their fears and hopes. To think I am immune isn't realistic either. My triggers are getting used to pull me the other direction, to make me uncompromising, and to view those who disagree as inhuman. Some of that is game theory polarizing us, but some of it is the intentional result of the Kremlin's standard divide and conquer they have been using on us for over half a century. The antidote is calm conversations with voters who have been made scared about irrational things, and looking to see what fears we are being manipulated with as well.
> Having civil discussions with people who disagree isn't about politeness or acquiescence. Having political discussions per the same rules we use for technical debates, like steel manning, allows information to actually flow both ways.
What additional information do they need to get out there other than they want me and people like me dead? What additional information do I need to get out there other than I don't want them to do that?
The logical end state of this belief is a civil war. I assume that in lieu of trying to change minds you're buying guns and ammo and trying to organize like minded people into a militia to protect your safety? Cause if not, I don't really think you really believe that a significant fraction of the country wants people like you dead.
Not sure which hated demographic you fall in, but I have friends that are suddenly being threatened by individuals who now feel free to expose their true selves. I can't believe almost half the population are like that though. Escape may be the best option for a lot of people at this point. My friend doesn't realistically have that option due to finances and skillset. I do think people who aren't in immediate danger can pull a lot of people supporting those fueled by hate away from their positions with calm dialogue.
In my experience as a chronic immigrant, most people are nice but there are some a-holes who would want to harm you or see you get harmed but they would not act unless they feel in power.
Therefore, most of the time you can just ignore them and your experience wouldn't any different than the natives who would also encounter a-holes for different reasons. The problem starts when someone in power to affect your life is one of those but in normal times you still can push back by questioning their actions as they still seek approval from the larger society.
The case with Trump seems to be the same with the case with Brexit: Those a-holes(not everyone who support those but a subset of them who are a-holes) start believing that they are in power and the society approves them therefore they can act on their instincts or plans.
I was working in London on the Brexit referendum day, some of our Spanish developers had trouble with people from their neighborhood right after the referandum.
Case in point: you have decided that those who disagree with you want to kill you, deport your friend, and are otherwise nazis. While a minority do, that isn't the majority.
This argument went out the window long ago. You're not absolved of responsibility just because you voted for someone who wants to hurt people instead of hurting them yourself.
Quit turning the argument around. forget about "them" - what does it say about you when you cannot talk nice about people you disagree with?
People who voted for Trump are not stupid. They have real concerns that they do not see being met and so they are turning to something that while maybe not ideal is at least a promise of maybe better. Maybe it will be worse, but they don't see things on the right track as they were either.
I feel like by now those people you describe should have realized Trump is doing no good on those issues they supposedly cared about. And if they had even a tiny modicum of empathy, they should be scared shitless about the people getting disappeared.
The economy is shit, eggs are more expensive than ever but those same people that insisted those issues alone should decide the fate of the country don't seem to care anymore. Why?
People who voted for Trump weren't stupid, they've been molded into it by the most expensive proaganda apparatus that ever existed. Ask yourself, why isn't Trump's popularity declining in the face of such incompetency?
Now, what can a nice talk achieve that material reality failed to convince those people of?
Then why did he run on that?? That's my whole point! Why did Fox News make this the central issue of the campaign? Why did he promise 100 times he would bring down egg prices? And why is he now pretending like the prices are down and lower than ever before???
And most importantly, why aren't there any Republicans that care he lied and continues to lie so shamelessly about it? On that and the thousand other issues he promised he would fix and did not deliver jack shit on.
My point is, they're completely detached from reality. No amount of polite discussion can bring them back. If you haven't realized Trump is a lying crook at this point, you never will.
You're prime example, you just shut your mind completely and said "he can't do anything about it" when 4 months prior you, like the rest of them, certainly would have been adamant Biden should go to hell for making eggs so expensive and that Trump would fix everything.
Why can't we talk plainly to each other anymore? Can we not talk in loaded statements and projection?
They have valid concerns, and taking steps to minimizing those concerns is just muddying the water in favor of those using political violence against people who don't deserve it.
There's a lot of counter-intel campaigns flying around all at once, and a lot of them are curated to infect brains of people who are willing to accept fascism.
"Well, they're not completely nazis... so you're wrong for likening them to nazis!"
"Well, you've decided to shut off discussion to people opening your mind about the impending fascism. That must mean you're not fit for discussion"
“Historians have a word for Germans who joined the Nazi party, not because they hated Jews, but out of a hope for restored patriotism, or a sense of economic anxiety, or a hope to preserve their religious values, or dislike of their opponents, or raw political opportunism, or convenience, or ignorance, or greed.
That word is 'Nazi.' Nobody cares about their motives anymore.”
We had a word for people that voted for Nazis, agreed with Nazis, talked like Nazis but claimed they weren't Nazis themselves in the 40s. It was "Nazi".
What matters is that the current administration is disappearing people with no legal reasons, due process or possible recourse. Either you agree with them in which case fuck you, or you don't and you condemn them. There can be no compromise or civility when one side is so aggressive and dangerous.
See, its unlikely that its those people that you meet online and you won't be able to do anything to them anyway.
%99.999 of the time its usually trolls or people with good intentions(with wrong solutions based on wrong information or understanding of the situation). Trolls can be fun when they play with hypothetical scenarios and edge cases, conducting thought experiments.
You are also unlikely to change the views of the people with good intentions through discussion but they are very useful to understand what their motives so you can develop beter arguments or solutions. Also, you might find out that on some issues you are one of those with good intentions(but misguided understanding of the situation).
No thank you. I am absolutely uninterested in civil discussions with people who literally want to control everything I say and put my good friends into reeducation camps. When you accept communism you throw the concept of civil discourse out the window.
Democrats haven't put anyone into a reeducation camp as far as I'm aware. Your enemies are imaginary while the parent comment's enemies are all too real.
Yes, but the Republicans literally want to kill some minority groups. /s
Do you know how crazy this all sounds once you're outside of a specific left echo chamber? How is the hyperbole I employed any more unbelievable than that of the poster I was replying to? Another sibling comment to yours says that Trump is rounding up political opponents for a gulag. Nevermind that he has only rounded up non-citizen (most of them in the US illegally) because that's all he can do.
If you look at my posting history, it's wildly left-wing as little as 2 years ago. I've become completely disillusioned with the left after noticing how self-contradictory some of those ideas are and how the language of crisis is deployed to constantly smear their political opponents. Everyone the left doesn't like is Hitler and every policy they don't like is fascism. Give me break.
Edit:
For a little more elaboration, look at the speech codes and compelled "DEI pledges" that American universities have employed in the last few years[1]. How is this not speech policing? You might argue that these are private institutions, and maybe that's fair enough, but when the government pulls funding for crap like this the hyperbole and outrage persist.
Or look at Canada's bill C-63[2]. This bill aims to allow the possibility of life sentences for "hate speech"[3]. To me this is authoritarian. To many left wing commentators, it's another day at the office, I guess - meanwhile the Canadian right wing party is regularly called fascist[4][5] despite being basically in line with US Democrats on many issues.
Oh good, "it's only non-citizens". Nevermind that they're still supposed to be protected by the constitution, then. Also, Trump said two days ago that he wishes to send citizens to El Salvador too [1]. Are we allowed to call them fascist or should we wait for that to be made illegal too?
Trump does not care about the law. SCOTUS, in a historic 9-0 ruling, commanded him to bring back Kilmar Abrego Garcia from El Salvador. He unsurprisingly did not comply. Yet you're still insisting he can't legally do X or Y so everything is fine. When has that stopped him, like ever?
If that's not fascism, then what is? What would it take for you to say "OK that's too much"?
I understand you're trying to "both sides" an argument. What have you found that has achieved for you in the past? Do you change people's opinions with this?
What you are saying is the fantastical kool-aid Fox News and alt-right media spin to you.
In the meantime, Trump is actually deporting people without due process to inhumane torture camps run by a dictator while openly bragging about it and defying court orders.
> What you are saying is the fantastical kool-aid Fox News and alt-right media spin to you.
What I'm replying to is the fantastical Kool-aid MSNBC and alt-left media spin. I'm pretty sure the Republicans are not going to be rounding up and killing minorities despite hyperbolic descriptions like "people who literally want to kill me and deport my good friends to guantanamo bay cuba".
Wait, you're saying El Salvador is a dictatorship? From briefly glancing at Wikipedia I don't see any evidence of that. Why the need to smear another country just to make Trump look worse?
Insane talk. Where is that communist political force seeking to open gulags? The Democrats? Hahahahah
Trump has a gulag in El Salvador, right now, that he uses to send his political opponents to. And you people are still making up fantasies to play the victim. Absolutely disgusting.
> people who literally want to control everything I say and put my good friends into reeducation camps
Then you shouldn't talk to Trump supporters as that's exactly what they want to do for anyone that disagrees with them, and last I checked, they're capitalists.
They are planning on abducting people off the street, completely ignoring the courts and denying due process, and sending them to another country where they're being deprived of their rights, again, with no due process and no (effective) judicial review.
I'd expect most right wingers would be against this, but the Orange in Charge's supporters seem to hew to the "well if you didn't do anything wrong you've got nothing to worry about" angle because it's something happening to people they think deserve it.
> but the Orange in Charge's supporters seem to hew to the "well if you didn't do anything wrong you've got nothing to worry about" angle because it's something happening to people they think deserve it.
This is literally the left wing reply when people complain about losing their job or their family for voicing the wrong political belief. "They deserve it, they should 'do better'."
The loop is intentionally being closed and sped-up by enemies of the USA who want to exhaust the USA in every way possible.
After the infekktion of 2015, moderators of Right-leaning discussion boards started amping up their censorship. Left leaning and moderate discussion boards still tend to be more moderate, letting most discussions in and censoring less.
Most of the time, one side is trying to play an equal field, while the other shits all over it and just yells "Winning!"
To play devil's advocate - it's horrible when gaming, programming, business or even porn forums get overrun by politics.
It's not that the political topics are unimportant but all my feeds just end up looking the same as each other and the same as a newspaper app. I hate election nights because of this.
I miss that, too, but the way we get there is by re-establishing democratic norms and boundaries. The United States is flirting with fascism, and globally we are seeing the fallout from that and the cascading effects of climate change, not to mention the impacts of AI on employment, surveillance and censorship, social media, etc. Keeping politics out of forums like the ones you mentioned is like keeping oxygen out of a space station.
Porn forums are a thing. For example, this politician lost what should have been an easy election because someone found his old comments on a porn forum - https://en.wikipedia.org/wiki/2024_North_Carolina_gubernator.... Among other things he commented on the forum that he'd like to bring slavery back.
Honestly did not believe that people commented on porn forums before this incident.
Politics are also never discussed with any level of depth. At best, it each side throwing in their opening arguments and nothing more. More often you don't even get that and instead have attacking people directly, stereotyping, straw manning, and all sorts of logical fallacies. Discussion in such a situation does not happens, so either it is an ongoing war or some side wins and pushes out the rest. None of these outcomes would seem beneficial for here, and while I do think there would be some slightly longer form discussions here compared to most places, I don't think it would be enough to avoid the eventual decay.
But look at it this way: I see the us political spectrum melting down into authoritarianism and you’re complaining you don’t need to be reminded of it.
A similar analogy would be if we are at your house, and it catches fire, and you complain that it is interfering with watching Netflix while I’m trying to call 911 for help.
From my perspective you are ignoring your own demise and from your perspective I’m just being annoying.
I think it's a stretch to suggest _all_ are, I'm not sure I could believe that a game like Super Hexagon is political. Would it be political to paint the tree in your backyard, or to draw a picture of your cat?
While I have absolutely no idea what the politics of Super Hexagon could be framed as, with regards to the paintings, yes. Having a tree, having a backyard, having a pet (or a cat specifically), these aren't universal across cultures and ideologies and can carry slight, subtle, political messages. Politics don't have to be intentional.
You could say that this is having political implications rather than carrying a political message, but the politics are still lurking in there all the same.
Depends. We’re a small, very international startup and have a super strict “no politics” policy. Politics and work are not a good combination when you’re employing people from all over the world.
But I would not consider it a political statement to adopt this policy.
I think it exists two different general ideas of what politic mean.
For some (including me), politics are, following the oldest definition: 'how do I and fellow humans organize ourselves to live together' this often leads to a belief that everything is politics (for me it's true, but it's a belief, not a fact).
For other, I think that when they say politics, they think of geopolitics and partisanship, which is fair, because it's how politicians and political journalists themselves define politics. For this group, hopefully, not everything is politics.
So to me, this disagreement about wether or not all is political is often semantic rather than ideologic.
The disagreement is semantic and irrelevant in the sense the question at hand usually is which topics and opinions are forbidden at work.
The disagreement is semantic and relevant in the sense people who say no politics at work believe their categories of politics and not politics are obvious.
The disagreement is ideological in the sense ethical concerns about products or customers are designated political often.
Politicians, political journalists, and people who say no politics at work do not define politics as geopolitics and partisanship.
Your statements are incoherent. Politics is decision making and power relationships within groups of people. It is 100% a political statement to adopt this policy as it exercises power over a group. You cannot function as a group without politics. "Where do y'all want to go for lunch" is also politics, as it involves group decision making and power relationships (Do you go to the vegetarian place? Do you avoid the spicy place?) It's a completely banal decision but it is still politics.
If what you want is a "don't piss off your coworkers by discussing topics unrelated to work that you know will annoy people" policy, that is fine, but don't pretend you are not engaging in politics.
The politics of saying "no politics" is that you are drawing some line that separates some political issues into "politics" and others into "not politics". Because to truly avoid all politics is impossible; even if you believe banal, purely intra-personal politics are not political so much of the basic organization of a business & capitalism are politics. "Should we allow remote work" for example is a deeply political question that ties deeply into discussions about the rights/value of neurodivergent & disabled people in the workplace. To say 'I don't believe in God' is a deeply political and dangerous statement in some parts of the world, but fairly banal where I live. To contrast, in Indonesia, it is technically _unconstitutional_ to not believe in a "one and almighty God"
I wish people were at least honest about "no politics" to mean "lets avoid to unsafe, potentially divisive issues relative to our geographic location, and take the basic tenets of neoliberal, capitalistic society to be assumed". And yeah, that is a more than reasonable policy. Its a difficult policy in international spaces, because its very hard to not trespass that line when political contexts differ so strongly across the globe
> The politics of saying "no politics" is that you are drawing some line that separates some political issues into "politics" and others into "not politics".
I find someone's heuristics for deciding which category a statement falls into chiefly turns on if they agree with the statement. If they agree with the statement then it is not political, and if they disagree, it's political.
The word “politics” is vague, and that only makes banning political discussions worse if it only becomes political when the higher-ups don’t like it.
Say your company has a possibility of working with some client company who is directly or indirectly involved with cause X. If it is “political” to talk about not working with them because of X, but it is “not political” to talk about working with them, then you see what I mean.
It doesn’t have to be a destructive conversation: one employee might say we should avoid them, but you might say we need to work with them because we need the money now and can drop them later when we are in a better place. Other employees could talk how cause X is not that unethical for reasons. If someone balks at a point of view incompatible with theirs and is incapable of expressing a viewpoint in a way that respects other views, maybe that someone is not mature enough and next time your HR can avoid that type.
Yeah exactly, the same people who shout the loudest about "everything is politics" and want to talk about it at work would go apeshit if someone at work said "I'm not comfortable with abortion", etc. HR would quickly be called and shut them down.
First, “no politics” is not a political statement to me, more of an implicitly adopted political position.
Personally, if I have a personal political position and my colleague has an opposite one, I don’t see why we can’t talk about it. If you have a workplace rule about no politics during working hours, you better have this rule for all non-work discussions at work, or I personally would feel uncomfortable.
— If politics talk happens at work too much and affects productivity, then it is a problem, but then it is a problem with any non-work topic.
— If it causes heated debate, ruins morale, and makes people dislike each other, then it is a problem, but then it is a problem with any topic that causes heated debate. For some people it’s golf, for some philosophy, for some music. How many topics should be banned?
Are you from the US? In the last 15 years it has become impossible for two people to reasonably disagree over political positions because of how much vitriol is thrown around on the attention markets—even if both individuals themselves are rather tame. When having an otherwise normal political opinion makes you a racist bigot or a beta cuck because the opposition is so determined to get their way at any cost, no, you can’t just talk politics at work and have a cohesive team. Someone will feel oppressed.
Work is about making money. Politics is a distraction unless there’s an issue that directly affects the business. Then it’s fair game. Like this one. Many teams of individuals will have to figure out how to navigate this situation so discussing it in context is apropos and can be done objectively.
> When having an otherwise normal political opinion makes you a racist bigot or a beta cuck because the opposition is so determined to get their way at any cost
If someone calls me a racist bigot or a beta cuck, that is a problem. That problem also has nothing to do with politics. It has to do with someone not being emotionally mature enough or equipped to handle a discussion with someone who has different views, or someone having a mental breakdown.
I am not from the US, but I had enjoyed some reasonable conversations with people from the US (among other countries) with very different views, and I was never called names. There are awkward moments when you have to hear something you don’t agree with, but that is most of life if you ever interact with people.
The key is to be like an HTTP server: liberal in terms of what you can accept, but strict with what you put out there.
> Work is about making money.
You have just thrown another political position into the mix, I hope you realize that?
> It has to do with someone not being emotionally mature enough or equipped to handle a discussion with someone who has different views, or someone having a mental breakdown.
Any moderately sized company is practically guaranteed to have a few people like this. So getting into these discussions has a high risk of becoming an HR issue as tempers flare and conversations become vitriolic.
There's also the issue that the company founders and leadership have political opinions of their own that might inform company policy and any political opinion to the contrary may be perceived as pushback from a "troublemaker".
> getting into these discussions has a high risk of becoming an HR issue as tempers flare and conversations become vitriolic.
Here we can forget that IRL face to face people are much less likely to be offensive to each other. If they get to literal name calling and aggression, sure, that’s an HR issue, HR gets paid to sort this out, doesn’t it? I don’t see how politics is different from any other topic on which people can have strong opinions.
> There's also the issue that the company founders and leadership have political opinions of their own that might inform company policy and any political opinion to the contrary may be perceived as pushback from a "troublemaker".
That is why “no politics” is somewhat dishonest. In my view, either blanket forbid all off-topic talks, or don’t censor by topic and handle fights if they arise. There can also be softer guidelines about how to behave at work without an actual ban of any topic.
I agree with your ideal. I used to be one of those people who would just talk about whatever in any context assuming everyone was mature enough to have academic discussions and not get personal. Political viewpoint is a protected class in the US. But we all saw what happened to James Dramore. Real consequences for holding a political opinion that allegedly made him “unemployable at Google” where his politics were so threatening to the established order that Google just couldn’t operate with him in the mix. You’d think G has the most mature employees… and either they do but humans are just toxically unable to hold differing opinions, or they don’t and therefore have to maintain a safe space for the comfort of their sensitive workers.
The silliest part: what was his thesis? Well that using race and gender based quotas during hiring and leveling made Google less competitive. Certainly not a privileged white male tech bro just barreling through the company on a racist bigoted spree leaving tears in his wake. There is more interesting discussion to be had here about how the Civil Rights Act has been weaponized in the US and companies feel they have a legal obligation now to prove that their systems don’t yield “unfair distribution of protected classes”, or whatever the actual wording is. And how that is at odds with a world where you can openly discuss politics at a company without fear of falling afoul of the Chief Diversity Officer (ffs, there are executives installed to maintain the order now). And related: just look at how pockets of people respond to Trump’s second term insisting that he’s a fascist dictator and anybody who doesn’t see it is a de facto fascist. But I digress.
Nobody wants to bet their job on being on the losing end of a kafka traps and thought terminating clichés.
I am torn.com player which is a MMORPG as far removed from politics as can be. But when large part of dev team are ukrainians that were suddenly unable to work from clearly political reasons you can't ignore it.
Being straight is also pretty much political at this point. With the way it's being slipped into the culture (all that trad stuff, images of lifestyle to aspire to, etc.) and has become (has always been perhaps) a part of political messaging and campaigning, heterosexuality is political. Even within the heterosexuality itself and its expressions, there's still politics - "what's the right way to do it" and such. (not saying this like 'oh those poor straight people' but just that, it is all, all political)
For what it’s worth, I completely agree, I just thought LGBTQ was a clearer example because of how different it is seen in different parts of the world, and how it is at the same time an inescapable part of many people’s identity.
One might argue that it's even more important to discuss international politics these days, considering how interconnected the world is and how so many countries seem to be facing many of the same issues.
No it’s not. It’s a position that comes from experience of knowing that it’s a complete waste of time because nobody’s mind is being changed.
Further, there are entire segments of political groups who just want to assume your beliefs like a political straw man so they can denigrate you.
It’s an unhealthy waste of time and that doesn’t truly hit you until you invest the time in talking to an otherwise rational person, provide the closest thing to proof of your perspective in a situation and then watch them deny it anyway.
> it’s a complete waste of time because nobody’s mind is being changed.
What you said can be true if you approach the discussion with an attitude of “I want to change everybody’s mind” instead of trying to get to some agreement and truth.
Not only stating an opinion is compatible with a constructive discussion that could lead to a mutual adjustment of opinions—in fact, stating your opinion is a precursor to having a discussion that can change it.
> It’s an unhealthy waste of time and that doesn’t truly hit you until you invest the time in talking to an otherwise rational person, provide the closest thing to proof of your perspective in a situation and then watch them deny it anyway.
The magic happens when one person realizes that another, obviously sane in every other way person can think very differently about topic X. Repeated exposure to alternative views from other people in your circles leaves no alternative except to adjust your own opinion on topic X.
Thing is, it’s tricky or impossible online. Aside from a handful of well-known people with some reputation or infamy, most of us only know each other as handles with no context. On the Internet, no one knows you are a dog or a basement dweller who lives with his parents and could never hold a job. Meanwhile, access to a group of like-minded people is always at your fingertips when you are online. However, when you are in a company of people who clearly are similar enough in what they achieved, in their choice to work for the same company, maybe good in their software engineering skill, etc., it makes their opinion something that may count.
Not being able or willing to freely exchange and consequently converge on opinions with people whom you routinely meet in real life, and only discussing said opinions in your respective online bubbles, strikes me as a path to having more and more divergent, incompatible, extreme opinions (which I rather suspect might have been happening a lot in recent years).
Maybe don’t always just take their word for it. Some (most?) people will continue to express their view vocally, but the fact of encountering an opinion from someone they otherwise find a reasonable and sane person will cause introspection and adjustment, and maybe in a different group they would express an adjusted opinion. Most people are always affected by others (excluding sociopaths or other unusual cases).
>> No it’s not. It’s a position that comes from experience of knowing that it’s a complete waste of time because nobody’s mind is being changed.
I think the issue is that when people debate someone, they want to "win" by having the other side accept defeat. You are right, that rarely happens, especially in politics.
However, as someone who has participated in countless formal debates, I'll share a secret: your goal in a debate isn't to convince the person you're debating. It's to convince the audience. And that happens quite frequently, even if it's not immediately visible to the debate participants.
You don't need to completely change someone's positions for it to be worthwhile. This is a thread about something that has directly to do with HN's usual tech topics, and it would be hard to not talk at least a bit about the political aspects.
Incorrect, not talking about politics does not signal any political affiliation.
I think the "everything is political" statement is technically correct but practically useless. In the workplace the discussion is mostly about allowing or disallowing politics that are irrelevant to the business.
No it’s not. It’s having discipline to not pollute unrelated conversations with your politics. I am very against the status quo but I don’t complain about it to a bunch of anonymous usernames on a forum focused on technology.
Technology and the consequences of using technology are inherently highly political.
New or improved technologies shape communities.
Ignoring that is a political statement as well.
Just see how online media has changed discourse, how Amazon changed retail business, how business analytics change the way businesses work, how always being connected changes relations, ...
When developing technologies one can be Wernher von Braun "(where the rockets land and whether they contain explosives is) not my department" or one can consider consequences.Both are a political position, with consequences.
Knuth in the wake of the Iraq war and the Abu Ghraid crimes asked some "Infrequently Asked Questions" which are of course highly political. He kept this page linked on top of his home page. And in 2022 he wrote a postscript with more political questions.
Perhaps you are exaggerating. At least, my original comment was “not talking about politics is a political position”, not “everything is HIGHLY political”.
However, yes, some people would say that, for example, almost everything is political to some degree. I don’t know if I agree with them entirely. In case of Knuth, they would probably say that the choice of what to write about in the book (just like the choice of whether to be a computer scientist in the first place) cannot be divorced from his politics. Like the choice of someone to work in nuclear science or environmental science or “anything that pays good money” is informed by individual’s political positions. “Politics is water” is a great metaphor.
Between the four books there is a lot of paper being printed, with chemicals which have to be sources somewhere.
But a bit more serious there are different angles to this:
One is that the formalization Knuth did, is basis for the way other research on computer science has been setup.
His work on TeX as part of writing the books has great impact on how scientific reports are being written, which themselves have consequences.
And then there is all the consequence while implementing technology. How optimisations by better algorithms enable data mining, replacing manual labor, ...
Now of course impact differs. Not everybody is building V2 rockets (as well as Saturn rockets) like von Braun did, but there are many wheels in the machinery.
I myself am a small wheel in building database engines. The software is used by sports clubs to manage their members, shop owners to manage their inventory, companies to run their ads and air craft carriers to replicate strategic data across the ship, so that if one part is damaged, the other can still operate. If I were to leave, the organisation would continue developing, but the work has impact.
That’s a very narrow redefinition of both technology and politics, and even there it’s only a step away from discussions about how automation affects millions of jobs, how daily lives are shaped by what’s allowed by the software which large companies or governments build, or how amassed data can be misused in ways which wouldn’t be possible without efficient algorithms.
Is communism the only political topic? Or does whether or not The Art of Computer Programming talk about accessibility in software not constitute a political opinion?
> having discipline to not pollute unrelated conversations with your politics
Discipline isn’t found in hiding. Someone who cannot discuss politics without polluting conversations isn’t disciplined, they’re unpracticed in conversing and thinking through their views.
> You can believe something without proselytizing.
You can talk about politics without proselytising. Why should discussing a topic even invoke the words like “belief” and “proselytising”?
Not only stating an opinion is compatible with a constructive discussion that could lead to a mutual adjustment of opinions—in fact, stating your opinion is often a pre-requisite to having a discussion that could lead to it being changed.
The magic happens when person A realizes that another, equally sane person B can think very differently about topic X. At that point, the person A has to either 1) write the person B off as crazy (not so easy when that person is obviously sane in every other way), or 2) realize that there may be something to it and ever so slightly adjust own opinion on topic X, or at least become more tolerant.
Not being able or willing to freely exchange and converge on opinions with people whom you routinely meet in real life, only discussing them online in your respective bubbles, is a sure way to having only more and more wildly incompatible and divisive opinions, and I suspect it is exactly what has been happening in recent years.
It's in favor of not having relationships break down in your community/company.
Only a small percentage of people are able to handle fundamental disagreements calmly and without it bleeding over to other interactions.
Will the SE and sales guy work as well together if the former knows the latter donates half his commission money to organizations that help kill babies?
I have friendly relationships with a few people who have political opinions some of which are opposite to mine.
> Will the SE and sales guy work as well together if the former knows the latter donates half his commission money to organizations that help kill babies?
A friend of mine is a vegan. Anywhere he works, to him, most of his coworkers not just help kill conscious beings that have self-awareness and feel pain, they literally eat them. Does this mean talking about what you have for lunch should be banned? Does this mean he should throw a fit any time he talks to a non-vegan?
Incidentally, we sometimes have good debates about the nature of consciousness, the effectiveness of individual veganism on reducing suffering, utilitarianism and deontology, vegan food options, etc. I feel being converted and I don’t mind it.
> Anywhere he works, to him, most of his coworkers not just help kill conscious beings that have self-awareness and feel pain, they literally eat them. Does this mean talking about what you have for lunch should be banned?
You're making the opposite case of what you think. Your Vegan friend is avoiding taking about politics constantly because they're not bringing up the fact that everyone is consuming the flesh of innocent animals every time they go for lunch. If they started talking about the politics and beliefs of veganism at every meal shared with coworkers, I think it would have a negative impact on those relationships.
He does not bring up consuming products of animal suffering (including egg and milk products) directly, but he does order vegan food, which is enough to make a point (for me at least).
What he is doing by expressing his philosophical position simply through his order is turning me subsequently ordering something with eggs into a philosophically loaded action as well. That, of course, shifts my opinion on the question.
I am making the point I am making: if we worked together, we should be free to discuss veganism or paleo diet (which I have discussed with a coworker previously) whenever either of us wanted, and he demonstrated being an adult about it when we do. If he asked to not talk about it because it made him uncomfortable, then we wouldn’t. I do not see why political discussions have to be different.
Turning the question around, will the SE and sales guy work as well together if the former knows the latter donates half his commission money to FSF while the other is hard advocate for commercial software?
Politics are across all layers, including at technology decisions.
It’s really a question of time and place. There are many foundational topics in life, such as politics, religion, and philosophy. But it’s not always helpful or appropriate to discuss them in a particular setting.
That said, HN already has an extremely wide range of subject matter, so I wouldn’t say politics should be out of place here. It can, though, become a divisive distraction that disrupts other conversations, so I can appreciate that some limits are needed.
Ignore politics entirely maybe, but people who are tired of hearing the exact same extremist reductive opinions over and over again everywhere aren't necessarily ignoring politics. Yes we know it's all because conservatives are fascists and corrupt and Russian agents and liberals are communists and in bed with the Chinese, etc., not caring to hear about it again is not surrendering the battle of good vs evil.
For me, ironically, the worst casualty of "politics" infiltrating everything is... politics. I mean the respectful and reasoned discussion of politics. Not that it was ever in great supply, but now it is non-existent.
> The ancient Greek understanding of an “idiot” referred to someone who was a private citizen or a person who did not actively participate in public life or politics.
It's scary how widely this varies between different communities. On Reddit, /r/politics is mostly people acting like they're auditioning for the writers' room on one of those late-night talk shows, whereas /r/ukpolitics and /r/australianpolitics are almost exclusively people making insightful, analytic comments.
Agreed. Those who don't care about politics are doomed to be ruled by those who care.
Moreover, avoiding politics is impossible. It's all around you. Labor, entertainment, food, housing. Burying your head in the sand will only get you to have your ass in the air.
Maybe "be polite" should be a better rule than "avoid politics".
Everything was always political. Laws, the economy, conflcit. How is any person not affected by these? The government is responsible for all or a large part of how a country functions.
People who say "I'm not political" are deflecting to avoid conflict
One of the benefits a working democracy conveys to its citizens is that they largely don't have to care about politics. They can trust that government action is relatively consistent over time, that laws will be enforced fairly enough, that their property will be protected to a reasonable degree, that the currency will be reasonably stable, that the roads will be maintained, that some public transport will be available, that sudden wars won't erupt around them, and so on.
That's what makes working democracies successful. But it seems that it also makes democracies vulnerable because people don't realize they have these benefits because they live in a working democracy. They start to think these benefits have nothing to do with politics and are just the way things are, like the laws of nature.
Interestingly, I believe that the reality is exactly the opposite: on the political regimes' spectrum of democratic -> authoritarian -> totalitarian only the middle one doesn't require people's participation. Both democracy and totalitarism need to be actively maintained by significant part of the population, otherwise they converge to the "natural" state of things - authoritarian order. None of the stuff you listed (fair laws, property rights, etc.) occur naturally once it has been set up at some point in past. That's why they talk about "checks and balances" all the time, and they are impossible without active participation.
I think the most significant distinction is exactly that:
Authoritarian - leaves people alone in general as long as they stay out of politics. Examples: 90% of regimes throughout human history. Almost all post-soviet countries, almost all of Middle East and Africa, Singapore, etc.
Totalitarian - forces people into actively participating in leader's political goals and penetrates the daily life. North Korea, USSR, Nazi Germany, Fascist Italy.
The distinction is fuzzy, but I think what is meant here is more directly political. In a totalitarian system, it is considered important for everyone to know and openly and regularly support state ideology with words and deeds. In the least totalitarian but authoritarian system, the state just wants apathy and obedience from its citizenry.
So it would be totalitarian leaning for a leader to make a speech (watching is mandatory btw) saying that buying foreign is anti-patriotic and generating social censure, in addition to the tariffs, for people seen with foreign goods.
>it is considered important for everyone to know and openly and regularly support state ideology with words and deeds.
People literally do this on social media and they aren't even being forced.
As for the remainder, I do see the forced part but I'm not sure of how meaningful that is. If I don't agree with Trump but I'm forced to watch his speeches what does this do?
As for supporting state ideology, while not forced, there are hats, bumper stickers, flags to identify yourself
Imagine Trump forced everyone to wear his MAGA hat. What effect does it have? I don't think being forced to do this and that has much value
> People literally do this on social media and they aren't even being forced.
I think applying the authoritarian-totalitarian distinction in a democracy gets weird because democracies like totalitarian systems but unlike the archetypal authoritarian system expect the average person to engage in politics. So it's not a straight spectrum from democracy to totalitarian with autocracy in the middle.
And if someone forces everyone to wear their symbols, then it becomes obvious who the open dissenters are, and it becomes hard to tell who is neutral, who is enthusiastic, and who is silently dissenting, everyone looks like a supporter and people may start becoming more supporting simply because of apparent social consensus.
Anyway, here's what Wikipedia has to say. Maybe it clears up
> In exercising the power of government upon society, the application of an official dominant ideology differentiates the worldview of the totalitarian régime from the worldview of the authoritarian régime, which is "only concerned with political power, and, as long as [government power] is not contested, [the authoritarian government] gives society a certain degree of liberty."[6] Having no ideology to propagate, the politically secular authoritarian government "does not attempt to change the world and human nature",[6] whereas the "totalitarian government seeks to completely control the thoughts and actions of its citizens",[5] by way of an official "totalist ideology, a [political] party reinforced by a secret police, and monopolistic control of industrial mass society."[6]
Well, a bit. A part of liberal democracy is that elections don't matter that much. The losers can trust that they aren't going to be arrested, have their property confiscated etc. The established system like the courts, constitutions separation of powers and other anti-majoritarian things will prevent most extreme measures. And in at least some political systems, it is expect that no matter what some minimally competent people will win and govern not that differently from what the election loser was going to do.
And remember voting is not mandatory and a lot of people don't vote. Those people are ultimately letting others decide, and a lot of them are hoping the voters are going to pick well, or at least decently.
>The losers can trust that they aren't going to be arrested, have their property confiscated etc.
Is that what people are worried about? What about the economy, civil rights, wars, etc.
I'm very confused about your argument. Is it that who you vote for doesn't matter because they won't personally attack you and the policies of whatever politician won't harm you?
>lot of them are hoping the voters are going to pick well, or at least decently.
Considering how the popular vote is almost always close to being split (you know like +10/-10) why would a non voter have that trust when from their view it's a coinflip
You had asked "how can you not care about poltiics?" which implies there's some force driving people to care about the outcome. Similarly "why would a non voter have that trust when from their view it's a coinflip" is effectively the same question.
If someone doesn't particularly care about the outcome given the available options then it follows that how close or far the odds are isn't going to matter to them.
> Is that what people are worried about? What about the economy, civil rights, wars, etc.
It's important to be clear about the context. There's the thing, and then there's the thing relative to the election where only a few outcomes are possible once the ballot has been set. It is possible to care deeply about the former but not particularly about the latter, either because all options are either good enough or pointlessly bad from your perspective. And of course it is also possible to simple not care (ie be emotionally invested in and go about broadcasting your opinion to others) about the things you listed to begin with.
It's also important to keep in mind that "not caring" can be at odds with "ought to care", although that is obviously a subjective third party judgment.
> Is that what people are worried about? What about the economy, civil rights, wars, etc.
I meant this more like what people could be worried about. In a functioning liberal democracy, there are things people usually don't worry about, which allows some people to just ignore politics. Sure the economy is an issue, but there isn't a serious communist contender in the election or a candidate wanting to start wars of conquest.
Imagine this election. Candidate A you think will deliver GDP growth of 2+-0.5%. Candidate B you expect to deliver GDP growth of 3+-2% growth. No other big difference between them. Maybe you prefer A, maybe you don't, but in the end you'll probably be relatively fine either way.
Now imagine this other election. Candidate A hates your ethnic group and you are likely going to be fired from your government job or worse if he wins. Candidate B is from your ethnic group and will do reverse Candidate A. Now the point is that this sort of election isn't supposed to happen in a functional liberal democracy.
Consequences are rarely this extreme, and even when they are it's not a product of personal or group targeting just a general policy like "ban fracking", which means even affected people can still carry on with their lives.
And also this is one of the reasons elections "work" at all. If the losers think they will be chased by the state after losing, there's no reason to participate in the election, might as well arm up before the polls and take your chances in the battlefield and/or negotiate directly with the other side's elites.
> I'm very confused about your argument. Is it that who you vote for doesn't matter because they won't personally attack you and the policies of whatever politician won't harm you?
> Considering how the popular vote is almost always close to being split (you know like +10/-10) why would a non voter have that trust when from their view it's a coinflip
My point is that it's a coinflip between two acceptable choices. Some of those nonvoters would be literally undecided if asked who they prefer. It may matter, but not that much. And even if it does, it may matter in a way where the consequences are hard to predict or not obvious.
>The citizens elect the government so how can you not care about poltiics?
I don't think there's a direct correlation between the ability to vote and caring about politics. People usually care about politics when it affects them negatively. I would guess that most people in most democratic systems don't have strong negative experiences with their governments and, thus, are not incentivized to care about politics.
Note that I'm not making an argument that they should not care. I think they should, but the very system that allows participation probably also decreases the incentive for most people to participate.
Alternatively people who say “I’m not political” are benefiting from the status quo and political direction of things (long term, not necessarily short term). They frame inaction as apolitical.
It is apolitical for any reasonable definition of the term "political". That doesn't mean you don't benefit, or that it's a responsible choice, or anything else. It just means you aren't engaging in political activity - attempting to convince those around you, to gain influence, etc.
> People who say "I'm not political" are deflecting to avoid conflict
A great truth. Even isolating yourself from society like a hermit is still a political decision: you are rejecting society as it is, and prefer to live in your own solo society. That's politics.
I don’t think that’s totally accurate. If I live as a hermit but perform my civic duties like voting and paying any taxes, I don’t see how choosing to live in solitude is anything more than a lifestyle choice.
> Even isolating yourself from society like a hermit is still a political decision
That is a nonsensical definition of that term. It implies that literally any action you take falls into the set "political" instead of outside of it. That defeats the purpose of the term. The point of qualifiers is to differentiate between different sorts of things.
Obviously the intention of the person using such a term is to distinguish between things. Thus such a rebuttal amounts to intellectual dishonesty by intentionally misinterpreting what was said.
When this is discussed, what's being meant is that everday party politics are spilling out and overwhelming a project's or industry's individual, internal politics, which are often a completely disconnected meta.
Appealing to "well everything is connected" I'm not sure is useful. It's interesting from a semantics perspective the first few times you come across it maybe, then swaps around into being plain frustrating, then lands on just missing the point.
Finally, I think people who want to stay out of said party political meta I think are doing a pretty big favor to their mental health, and I really can't fault them one bit for it. No coincidence either.
"Party politics" is ill-defined, and so a "no politics" rule becomes an arbitrary hammer that bosses can use to smash employees. If I say "I'm going to get a COVID vaccine this afternoon" is that discussing party politics? In the UK, where I live, the vaccine was provided by the government, so I'm implicitly discussing the actions of the government. That is under any reasonable definition a discussion of politics.
"everyday party politics are spilling out and overwhelming a project's or industry's individual, internal politics" is how "no politics" rules are usually justified, but this was not what happened in the poster child cases of implementing "no politics" rules (37signals, Coinbase). 37signals in particular tried to spin it this way, but it was the actions of a group within the company approved by the founders that caused the problem. (Coinbase was just completely incoherent from the start. Their mission is something like "End economic inequality" which a reasonable person could take to mean anarchist or communist discussion is on topic.)
There's no way to define any modality of politics such that someone like you won't come around and start going off about how it's a leaky segmentation, and is actually just an excuse for censorship.
Every artificial segmentation of the real world is leaky. Just like the recognition that politics is everywhere, this too is not actually inquisitive. It's like arguing that stairsteps are chairs. They can be, but that doesn't make the word "chair" ill-defined.
> but this was not what happened in the poster child cases of implementing "no politics" rules
There is no such thing. These may be notable cases in your cohort, for me it's the first time I heard of these. And I've seen my fair share of these rules.
What's the purpose of a "no politics" rule at work? Is to stop people starting shit with their coworkers, or is to give those in power an arbitrary hammer to apply to those without power in the organization?
If it's the former, 1) it should be just that and 2) it isn't needed because it's never ok to start shit with coworkers that is unrelated to work. If someone spends all their time starting shit, whether about politics (however that is defined), sports, food choices, clothing, or anything else you can just fire them. No need to have a "no politics" rule.
I think it's more simple. Just avoid any conflict. As you pointed out "don't start shit" already covers this but they specifically call out politics because some might not think it would cause offense.
What if you speak about something with no intention of creating conflict, but a few people around you get riled up? You haven't done anything wrong yet the divisive topic isn't a good fit for the workplace.
Some employees either can't or won't see this, hence rules such as "no politics".
The covid vaccine example is a good one in terms of something in everyday life that is politicised.
It is also illustrates the problem with discussing politics in an international forum. The KCL study of covid conspiracy theories (carried out during the pandemic) found that in the UK young people and those who identified as left wing were more likely to believe conspiracy theories. I am pretty sure this is significantly different from the US. Also matches things I have heard (e.g. my daughter met people at university who refused the vaccine because "we don't trust the Tories".
It is pretty common for Americans to assume that the Conservatives are equivalent to Republicans, and Labour are like the Democrats, which is very far from the truth. It has always been far from the truth but the reasons why change - e.g. in the 80s Thatcher and Reagan were not far apart, but that that time Labour were far to the left of the Democrats (actual socialists).
> I think are doing a pretty big favor to their mental health, and
It your mental health is harmed while defending your political views it's possible your views are the issue.
For example if my view was that "domestic animals shouldn't be abused and penalties increased for such crimes" I wouldn't have mental health issues discussing this.
The vast majority of people will get stressed talking to people they think are evil or against their values. Someone breaking down in tears because another person says they "don't give a fuck about the bloody Gazans" is not behaving particularly unusually.
The views don't matter as much as how strongly they are held.
I understand this happens and I agree but there's two options.
1. Avoid talking about politics
2. Learn to control your emotions when discussing politics even if you have a strong view.
I think 2 is a better solution otherwise the worse things get the more people will avoid talking about it.
It's worth the effort because, based on your example, if you really cared about the people of Gaza you need to stand up and defend them, not avoid the topic due to how uncomfortable it makes you feel
> Someone breaking down in tears because another person says they "don't give a fuck about the bloody Gazans" is not behaving particularly unusually.
it might be reasonable if you have personal close links to Gaza (e.g. you are worried about family who live there), but otherwise it OUGHT to be very unusual.
> it might be reasonable if you have personal close links to Gaza (e.g. you are worried about family who live there)
That's another problem with political discussions at work - you're often not sure why someone has a particular beliefs and so it's hard to know whether disagreement will be taken as an abstract difference of opinion or as an attack on their family, friends, or homeland.
So if I now said some intentionally asinine garbage, e.g. about how dogs need to be disciplined, shown who the pack leader is, and sometimes that necessarily involves a beating, and how if you disagree you're woke, that wouldn't make you very understandably very distraught?
Because it would make me pretty distraught, and I don't think that it's because anything is wrong with the idea of not abusing animals.
Even doing this mental exercise for the sake of this conversation is already extremely frustrating for me. And I don't think this should surprise you, or is anything strange or unusual.
Actually yeah if someone stating their views in a context that doesn't directly impact you leaves you "distraught" I'd say you have an emotional issue on your end. That said, in the real world people commonly have those and avoiding the situations that trigger them is perfectly reasonable.
Let's just be clear that something can be commonplace while also being a personal issue.
My entire point there was that this is not exceptional in the least. People having emotional issues is quite common!
Incidentally, the response you're exhibiting here - a reflexive emotional rejection as opposed to critical thought - is closely related to the phenomenon being discussed here. That exact response is often (but not always) what leads to people becoming distraught in the first place. It's an emotional feedback loop.
Examining the context we see something of a dichotomy. That mental health being harmed by political discourse is likely to indicate a problem with personal views versus that being normal and expected depending on context. I'm presenting a third viewpoint tied to the example you provided. The idea that it is related to an emotional issue which is largely independent of personal views, that this is a relatively common thing to encounter, and that people should not be criticized for taking steps to mitigate personal issues.
In other words, I am largely agreeing with you but going on to point out that it's a personal issue deserving of long term work.
I mean I think The Republican Incumbent was chosen specifically as a tool because he is so extreme, pervasive and demoralising and creeps into everything. Definitely by Russia, maybe also by our "friend" in the ME. Although it's not that reported on they are on friendly terms.
Disaffection lends itself easily to creating a Russia-style society. This all feels pretty Dugin-esque, and his proposition (return to values, reject interest/hope in politics because it is always flawed anyway, bind together under the state) fits perfectly, and is finding prominence at the perfect time.
Just my opinion, but to me this seems far more akin to Dugin than whatever Curtis Yavin is pushing
Agree, but it goes both ways, with technology (that many of us here have helped create and maintain) also reaching out into every facet of society and community, many times in close symbiosis with the political powers that be, to the detriment of said society and community.
Not 100% sure what I wanted to say, maybe that said politics (and the political as a whole) wouldn't have invaded almost our entire lives without the help of technology.
> That's because we got reliant on the funds from government
Not we, some people got reliant on the funds from government. It is always at the cost of someone else. The tax the rich and bourgeoisie mentality is what led to Mao Zedong and Stalin, but no-one wants to learn about history anymore.
Tax the rich mentality also led to the "golden age of capitalism" of the 1940s, 50s, and 60s. The tax rates on the wealthiest in the US at that time were huge, and that money went into job programs, housing assistance programs, construction projects, etc.
Stalin and Mao were both cults of personality being driven by a young, disaffected population who were so sick and tired of the status quo that they were willing to murder and burn and kill and destroy and didn't really care about what came after.
I view the archive.org, Wikipedia, CVE program, and Linux Kernel to all have had discussions on HN about how to they should be funded. Is that kind of politics the kind that people wish that HN stayed out from?
Yep. It's also true of people who think they can simply move out of the US and that "solves" the problem too. America's problems are still (almost) everyone's problems too.
True. But it's much less of a problem outside. For example, does the gun culture in the US affect the rest of the world? It sure does. You can guess where most of the illegal weapons come from. But we rarely even think about getting shot while at school or on our way to the groceries.
What people mean when they say this is that they don't want to engage in party political and/or tribal political discussions. They don't want to do this because it just means rehearsing talking points.
People are not dumb. They know that politics is everywhere but they want to live and love and talk about things that are interesting.
HN can stay out of politics just fine for the most part. If a political topic comes into tech we can talk about it then, and stay out of other crap that insufferable people drag in because "there's no such thing as being neutral" or whatever.
It's true that HN insists on and respects civil behavior. But HN doesn't always remain impartial in terms of downvotes, flagging and removal of comments when it comes to some topics that are inherently political. There was one such overtly political thread recently where some of the opposing comments were flagged and removed. Those comments were not even as inflammatory as the news article itself. It indicates that HN does have a majority political bias that they're not hesitant to impose up on the discourse.
I'm not going to go into specifics of the topic because I don't want to start another episode, though I do have the complaint that such actions distort the discourse unfairly to one side. And I also understand that political biases are human nature and that they can never be fully eliminated. But at the same time, it would be harmful to pretend that the discourse on HN is apolitical, balanced or that it shields you from that sort of censorship. Imagine making a good-faith counterargument, only to have it flagged and removed because the opposition doesn't like it. And when asked, you get cited a point in the CoC, except that it's not applied uniformly and impartially in that thread. Makes you wonder what the purpose of flagging is at all! That will just put certain groups at an undisclosed disadvantage and lets harmful stereotypes flourish without any challenge. All we can do is to be forthright about this fact and try our best to have a civil debate.
Not keeping politics out of our lives is the reason we’ve ended up with a totalitarian fascist dictatorship. If politics is forbidden, people have to just make up their own minds and vote for what makes sense to them, instead of banding together and slowly intensifying to the most radical extremes in bids to outdo each other.
Everytime you discuss politics on the internet, you entrench the current administration.
I understand how you get here, but you haven't considered what would be required in practice to "forbid politics." Banning speech would be where you would have to start, and by the time you were finished Walter Freeman might grow a bit faint.
Forget everything you know and consider that it might be a misguided and risky negotiation tactic.
Disclaimer: This is not business advice and should be read using Cartman’s voice.
Step 1: Announce publicly that you are not renewing your contract.
Step 2: If the market has viable alternatives or the service you are negotiating isn’t that hard to replicate, other actors will manifest to fill in the gaps, especially if your business is attractive. (E.g., The top comment is building an alternative; other comments point to alternative services.)
Step 3: Congratulations, you now have leverage for a significant discount with your previous provider because they face the real prospect of losing your business entirely to a competitor. If the competitor is private, you can even double dip by investing in their company before attributing them the contract.
I can't believe what a bunch of bollocks this administration is. I couldn't believe it the first time, and this time I thought "Well at least I'm ready, it will be a lot like last time" and it's so much worse
It was all opinion. Trump said a lot of stuff before this election, but he said a lot of stuff before his first one too.
When people disagreed on what he might do, it was all guesses. There was no evidence to base anything on. Would his second term be restrained by people around him like in his first? That would be an evidence-based extrapolation. Would tariffs be all talk and little action, like in his first term? Extrapolating from evidence, they would be. But 2025 isn't 2017. Things would be different, but how? It's all guesses.
It's insanely naive to have thought a second Trump admin would not be worse in every possible way. Did you pay attention at all to what was going on with SCOTUS? Project 2025?
Saying "there wasn't any evidence" is borderline bot-speak. Anybody who thought Trump 2.0 was going to be like the first round was simply not paying attention at all and anybody telling others it wasn't going to be like the first admin is either a Russian troll, the mainstream media, or just plain irresponsibly ignorant.
"Nobody could have foreseen this" is about the dumbest take I think I've seen so far.
I didn't claim any of those things were specific to Project 2025.
We've known about RFK Jr all along so yes, if somebody is surprised by the secretary of health being anti-vax, that somebody is irresponsibly ignorant. If that somebody also claims that nobody could have foreseen this, or that prior to him being picked they were fond of reassuring people that "there's no way it'll be that bad"... yeah I'd 100% associate that with the type of behavior becoming of a Russian troll.
I find it really weird and cringey that you're bringing up ego. I don't feel like I'm smarter than everybody else, nor am I claiming to be, nor do I see how any of my comments could even be construed as such. To say this is about me thinking I'm smarter than everybody else is to imply that I'm relishing in the fact that I "foresaw what others couldn't", which is just... an insanely idiotic thing to say. I'm not a sociopath. And for what it's worth, I know plenty of people who also saw this coming.
To be clear, it's a tragedy that so many people were ignorant of what a second Trump admin would be capable of, but that's not really the point I'm trying to make; I am specifically taking issue with your insistence that it was somehow impossible for anybody else to foresee this.
> I find it really weird and cringey that you're bringing up ego. I don't feel like I'm smarter than everybody else, nor am I claiming to be, nor do I see how any of my comments could even be construed as such.
Then you should re-read your comment. Calling people "insanely naive"? "Bot-speak"? The "dumbest take"? "Irresponsibly ignorant"?
And you really think you're not trying to portray yourself as smarter than everyone else who didn't see this coming?
Your comments are insulting, provocative, in bad faith, and do not belong on HN.
I was trying to make a reasoned point that no, most reasonable smart people didn't expect the Trump administration to be anything like what it is now. I don't know of anyone who predicted this. Your claims to the contrary are simply rewriting history. You're calling people ignorant, when you seem to be the one with the faulty memory.
I hope you can learn a little humility. Good luck to you.
Sorry, but this is a very misguided take. He tried to do all the same things his first term, but enough people around him kept him in check. Now, he explicitly got "yes" folks around him and purged the career folks who'd uphold the Constitution. He's emboldened like a child who just learned they can command the world to do their bidding without restraint.
A lot was lost in the midterms and Supreme Court appointments.
Hopefully these 4 years energize people to vote. I know protesting and direct action and so on are also important, but the gradient is not negative for voting for every office you can vote for in every election.
I'm scared that elections won't be secure, especially with the way the Republicans are trying to (arguably unconstitutionally) wield federal power to force individual states to change their systems in abrupt ways.
I fear the situation either ends badly or in a bloodshed. They aren't respecting the courts, so assuming they will accept defeat in elections is naive.
People can learn once the world puts most of its money into education.
The unfortunate part is that education is often also part of propaganda and spinning history for said propaganda. These days I wish education had a bigger emphasis on history and history should be looked at from different angles, like how the same thing is being taught from different angles.
>These days I wish education had a bigger emphasis on history and history should be looked at from different angles, like how the same thing is being taught from different angles.
It does. In higher education.
You cannot force someone to learn something. The mean-spirited bully not paying attention in high school history class and barely getting a C- to graduate didn't exactly learn anything about nuanced topics like "The Nazis didn't start the holocaust right away" and "Fascism is inherently incompetent, and that makes it so much worse"
If parents raise their kids to not consider education important (and millions of parents in the US have always done just so, we have an insane level of anti-intellectualism in this country), you won't get educated kids.
Every time someone says "I wish school taught <X>", plenty of schools EXPLICITLY DO THAT, and it doesn't work, because the person complaining was one of the kids crying "When will I ever use this" instead of paying attention.
The same adults who complain that school didn't teach them "critical thinking" are upset that school didn't walk them through the process step by step, as if you can't balance a check book with fucking basic algebra you learn by 4th grade. Meanwhile, 90% of the uproar about "new math" ends up being parents who can't even manage to understand basic word problems, you know, things which take critical thinking to work through?
I've had people complain that school should teach them how to calculate a mortgage, which is funny, because those people sat next to me in Precalculus as we literally did mortgage calculation problems.
The USA is struggling with multiple generations of people who have insisted that education is not only useless, but a liberal agenda, or even a devil-run plot to distract you from god. It's insane.
> Hopefully these 4 years energize people to vote.
This euphemism has to end. I think you mean: "Hopefully these 4 years energize people to vote Democrat".
Why not just say it plainly instead of using supposedly non-partisan language? This neutral phrasing seems to be an appeal to a "silent majority" that agrees with you and disagrees with Republican leadership. What if that silent majority doesn't exist?
You're right in that it's possible that the silent majority doesn't exist.
But personally, the reason I believe it does exist is two-fold:
1. The "My vote won't change anything" rhetoric only ever gets expressed by left-leaning people.
2. Only left-leaning people require endless purity tests for their political candidates and will refuse to vote for anybody that they don't think is the perfect candidate. These are the ones that talk about being fed up for having to choose between the lesser of two evils, then look like a Surprised Pikachu when Trump wins.
> This neutral phrasing seems to be an appeal to a "silent majority" that agrees with you and disagrees with Republican leadership. What if that silent majority doesn't exist?
Then we are on course to lose our spot on top of the world, and I should probably plan to get laid off. Idk, I get what you mean, but not agreeing with Democrats (I don't really agree with them much) and wanting a stable country with a good economy are way different things. I can hold my nose and vote for someone who doesn't actively try to tank the economy, the same way many conservatives (especially religious ones), held their nose and voted for Trump
You are assuming there will be next elections that are free, fair, and matter.
Trump says a lot of things that ultimately doesn't matter, but he has also said, and is the type of brute to believe it, that he intends to stay in power. He and his cronies have successfully dismantled the checks and balances that should have prevented him from doing they, legally. IMO the only way he leaves the White House without stirring trouble is in a casket.
I would rather that he stays alive for the rest of his term. I am more scared of the damage that could be done by Vance. Trump is inept and easy to manipulate, but is fairly predictable in his actions. Vance and his technocrat bros could cause a lot more damage on the other hand. I'll take the devil we "know".
Given the current government has blown off an unanimous 9-0 supreme court decision, right now I can't feel too optimistic there will even be more elections.
I think there will be more elections, but I think they will be fraudulent, because I think Trump has shown he is adept at turning things around and then trying to pretend that what he's doing is analogous to what the other side has done.
For example, a lot of people have forgotten, but the phrase "fake news" originally came about in the wake of the 2016 election about all the (actually false) misinformation that was spread on social media in the run up to the election. Trump adeptly then co-opted the term, so any news he didn't like he could just call it "fake news", and who was to say any news he called fake was any less fake than what people were calling fake before?
My guess is the 2028 elections will be marked by fraud, and then when people protest or object, Trump and the Republicans will just say "Hey, you called all those Jan 6 protesters traitors and said the election was secure, how is now any different? Now you're all the traitors."
The only belief that gives me hope these days is "History will judge the complicit."
> Trump tells them they are OK. They are worthwhile.
The chasm between what Trump says (and what the propaganda says about him) and what he actually does is astounding. Most of his fans are completely uninformed of what he says and does. We've never had a president (and cabinet) with more conflicts of interest. He's been a pioneer at abusing power; tariffs on Canada because of a fentanyl crisis... give me a break!
We never ever told people they are losers for wanting a better life. One of the most popular candidates for the Dem ticket was Bernie Sanders. He actually wanted to cut our biggest budget line items and spend them on the things people worry about the most (healthcare, something most Americans worry about being able to afford).
Trump is a literal billionaire. How is him telling the sons of people who used to do manufacturing that they're okay any better than a Harvard educated lawyer saying he feels for them (Trump and Vance are both Ivy League educated, btw)?
I also want Americans to have a better life. I also think we spend way too much elsewhere instead of at home. A lot of Democrats think that and drive policies for that. Trump may care about that too, but you can't vote for who makes you feel good. You have to learn how to vote for who will actually improve your life. We are the rulers of America, we have to understand our economy, our government, etc. No one is going to do it for us. I'd much rather vote for someone who talks down to me and will deliver stability than a guy who hypes me up and tanks the economy
> The Democrats say "we feel your pain" Fuck them, truly. Voters do not want some Harvard educated lawyer to "feel their pain".
Yeah, apparently they want some billionaire who doesn't pay his taxes, who was given millions by his daddy, and who famously stiffed small business contractors at his buildings, to say he feels their pain.
That said, I actually upvoted your comment because right now it's heavily downvoted but I actually think there is an important point behind your comment. It may feel insane to me, but Trump is so beloved by his base because he was the first one to really acknowledge their anger and give it validity. "Make America Great Again" is a slogan that works because a lot of people have seen their financial and social position deteriorate over the past 30-40 years and they want to go back and they want someone to blame (even if going back is impossible and they're blaming the wrong people). Trump understood this, the Democrats didn't, or worse, branded anyone who harbored some of this anger as a bigot. This is basically how all fascist leaders come to power - the parallels with Mussolini are uncanny, right down to having a minor body part shot off in an assassination attempt.
Relevant recent example to me: a lot of folks can't understand the hypocrisy about bitching about inflation under Biden, but then saying "we'll hunker down" in response to the expected inflation from tariffs. The difference is the Trump base believes he is taking them "back to the promised land", and for better or worse Trump is definitely a man of action, so they're more willing to put up with temporary hardships if they think the direction is right. With Biden and the Dems, they just believe they'll get more of the "slow slide."
> Trump is so beloved by his base because he was the first one to really acknowledge their anger and give it validity. "Make America Great Again" is a slogan that works because a lot of people have seen their financial and social position deteriorate over the past 30-40 years and they want to go back and they want someone to blame (even if going back is impossible and they're blaming the wrong people).
I agree. And they're not wrong to want to go back or blame someone. We can "go back" in terms of increasing the QoL of our populace. Idk, the Democrats were always clear about wanting to uplift people. Obamacare and Medicare for All were extremely clear policy positions meant to uplift the common man. Eliminating student debt (a policy I don't agree with) was also obviously positioned to help people improve their economic and social standing.
I don't know why people say Democrats missed this and Trump saw it? The Democrats won on slogans that capitalized exactly this sentiment. Obama's "Hope" and "Yes we can" are obviously in a context where people didn't have hope or questioned whether we could.
I think he just got lucky against bad candidates, and we ascribe way too much to his branding and the other garbage. Clinton's branding was about HER (i.e. I'm with her), not about THE PEOPLE (biggest political branding mistake in the 21st century imo). And Harris never had the popularity to go to to toe with Trump.
Idk, I think people are mad, but I think the Democrats have spoken to that more authentically and proven themselves to actually do things that help the common man than Trump ever has
The Democrats were always constrained by what's reasonable, whereas Trump has been able to promise the sky, even though delivering it means the sky is now falling.
Oh! It will be even more fun when the entire infotech and infosec industry starts seething soon. Then the rest of the world will just make alternative arrangements and move on, leaving the US behind because they can't be trusted anymore. HN's reaction is just a small taste of things to come.
> This sounds like looking for lemonade in a genocide.
It really doesn't. This level of catastrophising has no point. It would be nice if CVE continued to exist, but it wasn't close to perfect, and perhaps it can continue in another form. There's no particular reason the US taxpayer has to sponsor global security threat tracking any more than any other taxpayer or customer.
This is also a myopic argument against funding standards bodies that support the internet.
The point of having a global, shared database is a single, authoritative (more-or-less), semi-vetted repository that can hold vendor accountable externally without digital amnesia or downplaying issues, and global unique identifiers. If that takes an international nonprofit funded by bits of the free world who are okay with investing in commonwealth infrastructure, so be it. Those who don't understand what they're destroying so casually are ignorant, and possibly evil if they do understand.
> This is also a myopic argument against funding standards bodies that support the internet.
No, it's the opposite. Things like this shouldn't be in the hands of a single government. They should be independent and funded by many parties. The part of your message that isn't catastrophisation is agreeing with exactly what I'm saying.
I thought most people in the US wanted the UN to have less control over this stuff? Remember the talk about moving control of the Internet to the ITU (International Telecommunication Union)?
The EU, the EU and all bodies that remove a nations sovereignty should be removed entirely. Brexit was good, but the UK government made it meaningless. The UN chokes and strongholds it member states.
The CVE program is already a public-private partnership, which is BAD. CVE's board has people from Microsoft, Github, CrowdStrike, etc. Public-private partnerships are how the US government gets away with things a State should not be able to do: via private contractors. The US government has also run programs like Vault 7. The NSA has a vested interest in vulnerabilities not being made public until the US can fully exploit them Internationally.
The merger of state and corporate interests seems to be everyone's favorite overused word of the decade.
I'm sure that a hundred other countries will step up to fund it. But have you given any thought about why the US was so willing to sponsor it alone in the past?
Yes, as it would be a public good to everyone to be able to know where the potholes(that aren't profitable to fix for these private companies apparently) are so they can avoid them.
They might take a step back and realize that it would be more cost-effective to just own the roads, in which case your thought experiment ends where we are, because where we are was a place reasoned to(to an extent).
Doesn't the government use those software (private and open source) to handle private information of citizens and other sensitive information? And what about their contractors? That alone justifies maintaining such a database.
It's not. The CVE board members include representatives from CrowdStrike, Microsoft, Github Security, LP3, F5, Panasonic, NIST.
Everyone crying about "Oh no! This government institution is going away! Private companies would never do this! They would use it for financial gain!"
Um.... It's already run entirely by private entities via government money. It's the literal definition of a "Public Private Partnership." You know, that way the US government get away with doing a lot of shady stuff via non-government contracts who are totally not state actors /s.
There seems to be little reason for the US government to
pay for this since it is vital information that a lot of
companies rely upon.
Some form of a foundation or NGO could be given a reasonable
endowment from the industry to operate the CVE program.
O am quite hesitant to trust the DOD to keep track of software vulnerabilities. Some parts are developing and exploiting vulnerabilities. And given a fresh feed of what people find, and usually a delay from notification until publication, which may sometimes just be a bit longer of a delay, would allow the DOD to weaponize the vulnerability for their own use as well.
I don't see why this should be publicly funded, so I don't really see an issue with this. The industry benefits from having a CVE database, so the industry should fund it.
Like there aren't any messed up incentives with it funded by the government? Um, Vault 7? Snowden? PRISM? Did you literally just forget the past two decades of domestic spying and the NSA withholding critical vulnerabilities they were currently using?
No, "the industry" is all of us alive in the 21st century who depend on software to make material decisions and to be resilient to attacks and tampering. We were all funding it, and now surely we will see some big tech company now assume responsibility from the federal government (please god don't let it be Oracle...)
The insane number of downvotes you’re getting for saying basic common sense stuff, it’s why we should push for stricter political rules here in HN.
You didn’t say something wrong or controversial, just an opinion.
Some ideologies love to pay things with other people’s wallets, and they’ll do whatever they can to pursue this.
Related ongoing threads:
CVE Foundation - https://news.ycombinator.com/item?id=43704430
Replacing CVE - https://news.ycombinator.com/item?id=43708409
The contract with MITRE has been extended.
https://www.forbes.com/sites/kateoflahertyuk/2025/04/16/cve-...
My guess indefinitely.
DOGE might be a bunch of idiots, but in the entire DOD, there are non-idiots.
My guess is that they’ll be phased out next year. The long-term goal seems to be transitioning the CVE program into something more like an industry-led consortium. (If you did not notice they operate zero budgeting approach: cut everything and if something is very important reverse it. But you cut first and then ask questions.)
It’s worth noting that MITRE is a DoD contractor (with minor contracts from other agencies like this one). Having the CVE program operated by a company funded by the U.S. military raises valid concerns about conflicts of interest—especially in an ecosystem that depends on neutrality and global trust.
I’m a little hesitant to trust a CVE database operated by private industry on the grounds of conflict of interest for that reason, too.
MITRE is a Federally Funded Research and Development Center (FFRDC), which is a distinct type of federal contractor with strict conflict of interest regulations. They are owned by the federal government, but operated by contractors and are specifically structured and regulated to minimize conflicts of interest, so are distinct from "private industry" in many regards.
You can read a congressional report by the CRS describing FFRDCs and their role here: https://www.congress.gov/crs-product/R44629.
MITRE is absolutely not an FFRDC. It's a regular old 501(c)(3) which happens to manage FFRDCs.
Yes, you are correct, I should have typed "runs". But the point is that MITRE runs the U.S. National Cybersecurity FFRDC that maintains the CVE system, and FFRDCs are deliberately structured to minimize potential conflicts of interest (GP comment) and are definitely distinct from private industry (parent comment).
They were talking about AFTER that when it is privatized. That's what the comment they're responding to was talking about, not it's current state.
I am quite hesitant to trust the DOD to keep track of software vulnerabilities. Some parts are developing and exploiting vulnerabilities. And given a fresh feed of what people find, and usually a delay from notification until publication, which may sometimes just be a bit longer of a delay, would allow the DOD to weaponize the vulnerability for their own use as well.
This contract is funded by CISA, which is an agency within the Department of Homeland Security, not DoD. As far as I'm aware, there are no components of DHS with Title 10 or Title 50 authorities to conduct cyber operations, unless you count the Coast Guard but they normally operate under Title 14. So there really should be no conflicts of interest as no one in the DHS is authorized to exploit vulnerabilities as part of cyber operations.
This illustrates a misunderstanding of how CVE functions. It's a repository of data about disclosed vulnerabilities (even if some disclosures are embargoed and not yet published - if anyone but the bughunter and dev team that owns the fix knows about it, it's disclosed :P). The actual vulnerability discovery process is external and done by individual researchers, teams and businesses who report vulnerabilities to the appropriate groups called CVE numbering authorities (CNA) who manage the assignment and publication of CVE data through their scopes. There is not much technical advantage in terms of advance disclosure since the CNA controls what data goes to CVE.
As an example, a CNA like Mozilla, Apple, or Microsoft is unlikely to disclose vulnerability data via CVE until they have remediated the issue or have public guidance, and their embargo processes are likely separate from CVE publication.
CVE Numbering Authorities (CNA) have lots of control over those.
I'm the opposite — and I think this might be the "4D chess"† interpretation of this move as well.
In peacetime, I think everyone is generally alright with something centralized like the CVE database.
But in what increasingly seems like the lead-up to wartime... I'm hesitant to trust a CVE database operated or funded unilaterally by a single government — or even multilaterally, if the governments are all ones that all would end up on the same side of a hot war.
(Why? Strategic censorship of reports while the DB's patron takes advantage of the exploit, for one. Such a database becoming a high-priority cyberwar target, for another. Strategic wasting of enemy cybersecurity resources with false announcements, for a third.)
IMHO, the ideal form for the organization managing CVE, is one analogous to IANA and its Regional Internet Registries (RIRs).
IANA slices up the keyspace of IPs to assign to RIRs, and arbitrates disputes — but both at such a high level that their work is effectively in a de-facto state of "done until something comes up". The RIRs do all the actual everyday work.
This means that in a hot war that different RIRs end up on opposing sides of, where at least some of the RIRs can no longer trust the ownership of IANA to act in their best interests, the RIRs can just ignore IANA for a while, and keep on doing their own thing (managing allocations from their previously-agreed parts of the IP keyspace), and everything will still work.
And RIRs that control parts of IP space contended over by opposed states? They can just be split up, under obvious rules (every current allocation goes to the sub-RIR associated with the state that controls the gov/mil/corp/org entity currently holding that allocation.)
That's not the case with the CVE database under its current ownership. There's no established way to namespace it, no obvious way to split it up and keep it all working.
And I think that this problem would be obvious to the DoD. Which is precisely why paying to host a single-source-of-truth CVE database loses its lustre when that same DoD is aware that such a split might soon have to happen.
---
† I dislike the term "4D chess", because it implies one chess master who's really good at predicting non-obvious outcomes — rather than an entire military-industrial-complex acting as "see something, say something" inputs to an intelligence apparatus that does a lot of hard work and simulation analyzing potential outcomes, to produce easily-digested suggestions and action items. There just needs to be one guy in the Pentagon / the military / wherever, who realized this and sent a (classified MILNET) email about it.
> That's not the case with the CVE database under its current ownership. There's no established way to namespace it, no obvious way to split it up and keep it all working.
Work on supply chain security has lead to the introduction of standardized SBOMs, as an artifact required by some large customers to accompany software binaries. It should be possible to associate each software binary CVE with a vendor SBOM and organization country code. Large multinationals might have geo-specific binaries to confirm with regional regulations like the EU CRA.
[dead]
You aren’t worried about the conflict of interest with a government run system, given the desire of governments to be able to intercept all communication?
No, particularly because CVE has no communications functionality.
My worry would be that a government might want to hide a particular vulnerability it has found that enables it to break into a system.
> The long-term goal seems to be...
Where do you get that from?
I've seen no sign of long-term goals, much less any mechanisms being put in place for follow-through on those goals.
It seems like people keep making the mistake of believing there's a detailed plan, while all evidence tells us there isn't. I guess it's the normal human tendency to see order in the chaos.
Project 2025 lays out a clear vision for the privatization and decentralization of federal functions. It’s not subtle—it explicitly calls for it.
Separate from whether we support this or not:
Trump is doing—or promising to do—exactly what he said he would. We can disagree with the policies, but it’s not accurate to say he or his team are directionless or incompetent. They have a coherent (if controversial) agenda.
So rather than dismissing them as clueless or idiots, it’s more productive to debate this:
- Why is outsourcing CVE program to private consortia a bad idea?
- Could a model exist where a private consortium is supported by federal grants, but maintains accountability and public interest safeguards?
Actually Trump repeatedly said he didn't know about project 2025. He's so scattered in his campaigning that it's possible to pretty much justify any action as "what he said he would do." But saying executing project 2025 is exactly what he SAID he would do defies all reality. It may be what intelligent observers expected him to do but it is not what he said.
Edit: good lord people I’m not defending Trump I’m saying he lies about everything including that he lied and said he wasn’t going to do project 2025. Read the post I’m responding to!
Someone is clearly pushing that agenda whether it's (knowingly) Trump or not.
Project 2025 is 42% complete, 3 months in.
https://www.project2025.observer/
People have got to learn how to read between the lines with Trump and those around him. When the things he says he is going to do and the things he’s actually doing are exactly the things laid out in project 2025, the connection to the project is immediately clear and establishes that he was lying about knowing nothing about it.
Obviously
> Actually Trump repeatedly said he didn't know about project 2025
That’s exactly right and what I said. The guy above said Trump is doing what he said he would. He isn’t.
Which doesn't mean Trump saying he has nothing to do with Project 2025 a lie.
I've never been in the room, but it's a safe assumption that he was lying.
> Actually Trump repeatedly said he didn't know about project 2025.
His exact quote is: "I have nothing to do with Project 2025." Meaning sure - he did not write it. I doubt he read it - it is 900+ pages long document :-)
Anyway, he might fooled some people but I doubt - my understanding was that he is going to follow Project 2025. It is good time to rewatch this: https://www.youtube.com/watch?v=gYwqpx6lp_s
I am certain you can find more than one quote of his relating to Project 2025. In any event this also doesn't disagree with what I said more broadly, which is, he was not forthright about his plan to do exactly what Project 2025 said, so you can't say he's doing exactly what he said. But anyone with a hint of insight could understand that was his plan.
I'm responding to someone who said Trump is doing what he SAID he would do, and that is all I intended to correct.
Trump said he was not going to follow the project 2025 plan.
So you're making two immediately contradictory claims that Trump is doing what he said he would, and is following the project 2025 plan. That's not coherent.
You're suggesting a privatization plan exists, and want to debate its merits, but I see no sign such a plan is being adopted. E.g. who is enacting the plan? When is the comment period? Who do we send our feedback to? You may have a plan, but what does that have to do with the people in charge? If it's not their plan it doesn't matter one bit. Despite your assurances, I see no sign they aren't acting without a plan (or, as you put, as clueless idiots).
> Trump said he was not going to follow the project 2025 plan.
He didn’t convincingly reject it, though, and his distancing was only convincing to people who were looking for an excuse to ignore it with the way he pretended not to know the people behind it when 31 of the 38 authors were members of his first administration, his campaign was in close contact throughout, and he certainly didn’t put much effort into rejecting specific policy proposals.
I think this is a case where different audiences got different messages. The hardcore base knew he was lying since it had all of their red meat issues, informed Democrats knew he was lying because actions speak louder than vague denials (e.g. if you don’t agree with someone’s policies, you wouldn’t let them have a role in your campaign and you’d be able to say what you’d do differently), but he gave the media and casual voters just enough to make it harder for Biden/Harris to land attacks which we now know were fully accurate.
Yes, he was obviously lying, as he has done about so many things.
Well, it's obvious to some us, anyway.
In most of the video clips I saw, he was saying "I don't know anything about that", which could be entirely true. Often I see hints that he's attempting to play the Aes Sedai game of "speak no word that is untrue" but he's too dumb to do it well. Anyway, as an extension, both comments can be true, that Trump himself has no plan and is an idiot, but that his administration is enacting Project 2025.
There seems to be a lot of hay being made over whether Trump is
- deliberately following Project 2025 to the letter, or
- completely ignorant of Project 2025 and not doing what it says
...when it seems very likely that the truth is somewhere between.
Trump himself is doing things the way he always does: in a mixture of long-standing bigotry and idiocy, his own whims, and whatever someone said to him 10 minutes ago (or he saw on Fox & Friends, or whatever).
His administration is heavily populated with people who either helped write Project 2025 or are close with those who did.
DOGE is only loosely connected with the latter, and it's DOGE that has been instrumental in wrecking federal agencies—and while that destruction largely aligns with Project 2025's goals, it's not clear to me that they're specifically following its playbook. Rather, I think they're doing things their own way with high-level guidance from the people who care about Project 2025. It's very possible that their goals could end up conflicting, depending on what Musk wants.
Edit to add: It's also true that Trump said he knew nothing about Project 2025. Whether or not this is true, he said it during the campaign, when Project 2025 had just been widely reported on as a negative thing. I don't think we can read much into Trump's campaign statements intended to publicly distance himself from something he sees as unpopular.
MITRE is a non-profit company that operates Federally Funded Research and Development Centers (FFRDCs), which are owned and funded by the federal government and contracted out to companies like MITRE to operate them.
While MITRE does have contracts with DoD (and many other agencies across the federal government as part of the FFRDCs they operate), they are not the same as a stereotypical DoD contractor as their non-profit status motivates them to work in the public interest.
I can see how govt funding was needed to help bootstrap the CVE program before people saw the value of it.
But now that CVEs form the basis of a very lucrative ~$16b/year industry[0], wouldn't it make sense to let those companies take over?
Privatizing the Internet enabled much more innovation than if it had stayed govt-funded.
0: https://www.grandviewresearch.com/industry-analysis/security...
It’s probably more accurate to describe mitre as a publicly funded non profit operating for public benefit like the post office or PBS.
It’s a stretch to describe it as an arm of the government.
MITRE is not a DoD contractor. They are a not-for-profit institution committed to the public interest that operates six Federally Funded Research and Development Centers.
... and that industry led consortium will have a board all paid princely sums, and an executive leadership team that is conflicted to the hilt and paid kingly sums, and they will charge exorbitant rents in order to keep the lighthouse lit.
There's flaws with every approach, but I much prefer the approach where this sort of thing is treated as a public good, rather than as yet another soon-to-be walled garden.
I keep thinking of that time Wisconsin's state government privatized a bunch of IT stuff in the interest of "government efficiency", and the cost taxpayers paid for those specific functions increased by several hundred percent while quality of service went down.
At that same time, though, I worked for a contractor that I do believe saved states money compared to doing things in-house. The work we did really required specialists. But no one state had enough of the work to keep one busy all year. So sharing a pool of people to do the work among many states meant there was room for both saving the states money and allowing some profit for the company.
The idea that you can just blanket assume that private industry is inherently more efficient than public works really needs to die. There doesn't seem to be any more evidence to support it than there is to support the idea that it's inherently less efficient. Life just isn't that simple. It's all case by case.
For every example of privatization going wrong, there's least one example (if not two) of it going right.
But serious question -- what is the difference these days anyways? Our entire government is effectively privatized anyways from the local level up to the federal. We rely on contractors for almost everything that matters. We just maintain this facade that they are not privatized.
I’ve never seen one that worked long term. The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive doesn’t hold up - you make something private, it wants to make more profit.
Just for the most ready to hand example for me, PG&E in SF vs public electricity utilities on the peninsula - the privatized electricity costs twice as much per kWh - and of course it does because the PG&E CEO needs to make $17M from somewhere, the share price needs to go up etc. the rich need to skim from the top, that makes the cost higher.
If you have an essential industry the cynical play is to privatize to save cost, then do a bad job and then effectively make your losses public through bail-outs while still making profit.
>The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive doesn’t hold up - you make something private, it wants to make more profit.
No, the basic premise of privatization is that, assuming the product or service has multiple potential customers, private industry can operate at scale which, alongside competition from other companies, drives down the price and the government can purchase it "off the shelf" at the prevailing commercial rate. Those assumptions don't always hold, utilities being a great example of this, but it's not inherently blind or naive to consider privatizing some components of government function. We don't expect the government to operate its own vehicle assembly lines even if the government needs cars; they just go buy one from Ford or GM.
I'd add that that, for this calculus to work out in a straightforward way, a competitive market is necessary but not sufficient. You also need other factors that help drive economies of scale, such as the thing in question being a manufactured good that can be sold to many people, or the production requiring expensive and specialized equipment that can be used for more than just that one thing.
I'm no expert, but I'd guess that these factors are more likely to line up in manufacturing and construction, or even R&D, than they are for things like maintenance of specialized IT systems or administration of services.
> The basic premise is “what was done for $X dollars with no profit motive can be done for <$X dollars with profit motive" doesn’t hold up - you make something private, it wants to make more profit.
The government often acts like it has infinite money. Sure, they'll make a lot of noise about the national debt, but it's all just about getting votes.
I expect privatization to be a way for a politician to stuff their pockets. They'll either buy their stock before the large government contract is announced, or the corporation will kick some money back in the form of campaign contributions, or find some way to just give cash directly.
Nobody ever gets charged with insider trading because everyone that would be involved in that is in on it as well.
Or maybe I'm just cynical.
Would love to see a list on both sides. It is easy to win an argument when you get to gesture at evidence without being specific.
For your question, the difference is if a government spend succeeds, it should lead to more things that the people can do. If a private company succeeds, it largely funds just the company.
And, ideally, it should be fine that both the government/nation gets benefits while rewarding successful contractors. Nothing wrong with that.
This is hilariously viewable with Musk. People love to point out how he risked so much on Tesla. Ignoring all of the capital that the government risked in the same venture.
I am not here to argue for a "side", to win an argument, nor provide a thesis defense with citation and references -- this is an answer you can easily get from ChatGPT. There's quite literally hundreds.
To add a wrench to both "sides" some of the most effective have been state/federal-owned /state/federal controlled corporations -- or generally, arrangements where you still maintain capitalistic economic incentives and drivers, but have government oversight and (effective) regulation. I think everyone would that is good, but sometimes it takes different forms.
Then let me restate, this is an area where you can easily wade along with largely inaccurate information quite easily. I also wasn't necessarily trying to bait you to give a list, though it would be interesting to know which ones you have in mind, specifically. Far too many of us don't have any evidence, we have been duped by trusting that others do.
I took your specific claim to be privatization of government functions having many success stories. I'm still curious which ones you have in mind, but would more largely be interested in studies on this. Nothing wrong with knowing the wrenches in there.
Beside that, though, I was trying to engage your question. The difference is if growth is privatized into a few, or if it is more broadly available. With a large agreement from me that a mixture of both -- your wrench, effectively -- is fine. Good even.
Answer for your serious question: hiring contractors isn’t “privatized” - that’s outsourcing. The thing you’re saving on is the ongoing cost of having permanent staff.
The difference is the government and public entities like mayoral offices or parliaments get to decide how the entity (doing the contracting) is run and approve costs, and the entity is under no obligation to return a profit.
> Having the CVE program operated by a company funded by the U.S. military
...Yep, we're done as a democracy. Pack it up, boys.
Edit: I know it is doom and gloom but the CVE program could easily delay information and leave holes on purpose.
Thanks. It's always a puzzle what to do with threads based on articles that have since been superseded by later developments. Do we start a new thread based on a new article? The new article / thread usually fails to do very well, partly because there just was a big discussion, and partly because hearing about something getting fixed is less interesting and exciting than the original stimulus.
I've been playing recently with putting [fixed] at the end of the original title to indicate this sort of state change to the reader. Not sure if that's the best way, nor if the situation has genuinely been fixed or not, but I guess it's better than nothing. Swapping out the article and title would probably be too much of a rug pull on the existing thread.
Previous examples of this for anyone curious:
NIH.gov DNS servers down, making PubMed, BLAST, etc. unreachable [fixed] - https://news.ycombinator.com/item?id=43229201 - March 2025 (385 comments)
Mozilla site down due to "overdue hosting payments" [fixed] - https://news.ycombinator.com/item?id=43226089 - March 2025 (102 comments)
Ask HN: Stripe Atlas messed up my 83B election what do I do? [fixed] - https://news.ycombinator.com/item?id=40825802 - June 2024 (3 comments)
Maybe [updated] as a more neutral term to indicate post-submission change?
Ok! Updated above.
It doesn't appear to have posted to FPDS yet: https://www.fpds.gov/ezsearch/fpdsportal?q=PIID%3A%2270RCSJ2...
The contract expired today, but had an option period through March of 2026. DHS just needed to exercise the option.
Edit: Note the contract ended today April 16 - so performance would stop midnight tonight if the option wasn't exercised. Government contracts routinely go down to the wire like this, and often are late getting exercised. Why the uproar over this one? Did CISA signal to MITRE that they weren't going to exercise the option?
> Did CISA signal to MITRE that they weren't going to exercise the option?
An internal letter sent to CVE board members was making the rounds yesterday warning the current contract ("contracting pathway") would expire. The letter was authenticated by Brian Krebs[0]. Once Krebs authenticated the letter, people more or less assumed CISA was pulling funding, at least based on the infosec social media posts I saw.
CISA officials responded to multiple media inquiries (including the OP) with a statement that more directly said the contract would expire:
0 - https://krebsonsecurity.com/2025/04/funding-expires-for-key-...1 - https://www.csoonline.com/article/3963190/cve-program-faces-...
But the article says, quote:
> It’s unclear what led to DHS’s decision to end the contract after 25 years
and then suddenly it gets extended. What does it have to do with DOGE?
MITRE has been hit with DOGE-branded cuts[0] earlier this month. CISA has been impacted[1]. It seems reasonable to assume they were involved in this.
0 - https://virginiabusiness.com/nova-govcon-firm-mitre-to-lay-o...
1 - https://techcrunch.com/2025/03/11/doge-axes-cisa-red-team-st...
That’s a pretty big leap. Ending a 25-year contract and laying off ~600 employees are two very different scales of impact. While DOGE-related cuts might have influenced some decisions, assuming they directly caused DHS to initially let the CVE contract lapse seems like a stretch. Just because two things happen near each other doesn’t mean one caused the other - this feels more like another chance to take a swing at DOGE, since that’s the bandwagon everyone’s riding right now.
Yes, imagining that the quasi-government organization that is solely tasked with cutting spending might have cut spending at an agency where they are currently cutting spending is a “huge leap.”
What was I thinking?
What you’re doing is jumping from “DOGE made cuts” to “DOGE killed a 25-year contract” with zero evidence beyond coincidence. That’s not analysis - that’s just reaching. If this were a clean budget cut, the contract wouldn’t have been renewed at the last minute. That kind of flip-flop screams internal disarray or political games, not a calculated DOGE move. You’re not connecting dots, but drawing them in with a crayon and calling it a map.
> That kind of flip-flop screams internal disarray or political games
Or that the people responsible for renewing the contract were previously fired without enough notice to effect an orderly transition of work.
Which seems par for DOGE's hamfisted approach.
What I'm doing is drawing a reasonable inference based on the evidence available to me. Specifically:
* The group is question (DOGE) is tasked with cutting spending deemed superfluous or wasteful.
* The group in question is actively cutting spending at the agency in question (CISA)
* The group in question is actively cutting spending with the vendor in question (MITRE)
* The leader of the group in question (Elon Musk) has said, more or less explicitly, that they have a bias more towards cutting spending and less towards getting the spending cuts right. They expect mistakes to be made. (If you want to dispute or nitpick this, I'll link you to the video where he laughs about cutting ebola prevention funding.)
* The boss of the group in question (Trump) really doesn't like CISA. See: the Chris Krebs debacle.
So, that's what I'm doing. What are you doing? It seems to me that you are trying to fit the available facts to your preferred narrative, instead of the other way around. And what does the contract having existed for 25 years have to do with anything? DOGE has admitted to cutting programs that have been funded for far longer. It is completely irrelevant.
What I’m doing is applying basic critical thinking instead of building a conspiracy theory on vibes.
Yes, DOGE is slashing budgets. Yes, CISA and MITRE took hits. That’s all true. And still doesn’t prove DOGE made the call to let the CVE contract lapse and then magically reverse it within hours. If this was a top-down DOGE directive, why the immediate reversal? Did DOGE suddenly change its mind? Or is it more likely that DHS made a blunder, got backlash, and scrambled to fix it? You’re calling your chain of assumptions a "reasonable inference" but here’s what it actually is: guilt by proximity. DOGE cuts here, DOGE cuts there, and now suddenly every erratic government decision is DOGE’s fault? That’s lazy logic.
The fact that the contract lasted 25 years _is_ relevant. It shows that this wasn't some minor side project. CVE is foundational infrastructure. You don’t accidentally let something like that expire unless someone either massively screwed up or there was serious internal confusion.
So no, I’m not ignoring the facts. I’m refusing to pretend correlation equals causation just because it fits the narrative everyone loves right now: "blame DOGE for everything". It’s easy, it’s trendy, and it completely bypasses deeper institutional dynamics.
What am I doing? I’m resisting the urge to jump on that bandwagon. You should try it.
> If this was a top-down DOGE directive, why the immediate reversal? Did DOGE suddenly change its mind?
From the man himself:
> The fact that the contract lasted 25 years _is_ relevant. It shows that this wasn't some minor side project. CVE is foundational infrastructure. You don’t accidentally let something like that expire unless someone either massively screwed up or there was serious internal confusion.See previous quote about ebola funding, another long-term government program.
Look, if you want to play this game where because a DOGE spokesperson hasn't directly come out and said "yep, it was us", then I'll point you back to my original post: I said it was reasonable to assume, not that it was proven fact.
But, if you look at the totality of this situation and think 'nope. no way DOGE was involved. This is just people "blaming DOGE for everything"'. Fine. You do you. I don't think there is any point in continuing this conversation.
0 - https://newrepublic.com/post/192082/elon-musk-fact-check-dog...
[dead]
[flagged]
[flagged]
> Malicious idiots surrounded by sheepish intelligent people.
Prefixing people with "sheepish intelligent" is bound to oversimplify this. Many of the non-DOGE employees who directly see wrongdoing are likely making calculated decisions on what to do. It depends on many factors, including the law and whistleblower protections.
Many of them are responding in various ways that they hope will have an impact. Some resign in protest. Others file lawsuits. Others leak to the press.
Could they do more? Yes. So let's help them.
What can we do? Just to give two relatively middle-of-the-ground recommendations: First, donate to legal-protection funds for whistleblowers. Second, call your representatives and demand reinstatement of the inspectors general.
The current administration is shipping people out of American territory to a hellhole in El Salvador without trial. It'd like to do that more often.
Whistleblower protections don't mean much if the brute squad snatches you off the street and throws you on a plane regardless of what the law says.
> Whistleblower protections don't mean much if the brute squad snatches you off the street and throws you on a plane regardless of what the law says.
Activism isn't either/or; do what you think is best!
Hasn't that always been the case for society at large? From Wernher Von Braun to Oppenheimer.
[flagged]
[flagged]
I don't think that getting rid of most of the people who perform careful cost-benefit analysis and inspect for waste, and switching to a model of just cancelling everything and waiting to see what goes on fire, is "making the country a little better each day".
Opinions vary widely on whether that is the case.
Better for who exactly? Malware authors?
You've put your faith in the wrong people.
I don't know if this is a Poe's Law situation or not, so apologies if this is a satirical bit, but I'm horrified by the idea that you may be serious.
No, see, they're doing things and doing things is Good. Therefore progress is being made, and the country is being made incrementally better.
Poe's Law overflow detected
Actually idiots could still end up make improvements. Won’t stop them from being idiots. But what the commenter is saying is the ones who recklessly cut programs trashing away all the effort that went into the program are idiots. They are trying to make a thriving government have a reputation for failure and unreliability.
[flagged]
This is DHS, not DOD.
Yes, I was responding to someone who was talking about the DoD. Noem is likewise not someone I would depend on to make good decisions.
A bit disingenuous; he also had a career as a soldier.
There is a massive difference between having a career as a soldier and knowing how to lead one of the world's largest organisations (the DOD)
Of course! It's easy to forget he was a guard at one of America's most notorious concentration camps, Guantanamo Bay. It's foolish to think of him only as a Fox News personality.
Not defending him as a person, but he earned a bronze star serving in Iraq.
[flagged]
"automatically"
Do you have any evidence for this at all? That they are automatically awarded? We can discuss the low bar that O's seemingly have for earning some awards, but there is no reason to misrepresent the process. And I know at least one person that was awarded a Bronze Star without the V, even thought the award was for a specific valiant action they took, it's tough to say without reading the award or being there.
While anecdotal, every single O3 and higher in my company received one after our OEF rotation, despite spending their entire time on KAF and not at COPs or FOBs.
Here's an excerpt from the Military Times describing changes to awarding criteria: "The policy changes also seek to tighten the criteria for awarding the Bronze Star specifically, a combat award that can be presented without a “V,” and often was throughout the wars in Afghanistan and Iraq, for “meritorious” performance.
https://www.militarytimes.com/news/your-military/2017/03/30/...
And here's some details about Pete's own awards: "The first Bronze Star was awarded to Mr. Hegseth for his assignment in Iraq as a rifle platoon leader in Iraq from September 2005 to July 2006. The citation noted his “professionalism and commitment to excellence” while he was with the 101st Airborne Division. He received the second Bronze Star in 2012 after serving as a counterinsurgency instructor in Afghanistan."
https://www.washingtontimes.com/news/2024/dec/6/pete-hegseth...
Nothing valorous. He was a PL that did his job, then a teacher in Kabul. And the dude is still a christo-fascist with a drinking problem.
OK, so they are not automatically awarded then?
EDIT: How about CIBs? are they automatically awarded for officers that never leave the wire?
I think that's a strawman about my use of the word "automatic"; my point is that it's not indicative of anything special as they were awarded without needing a qualifying event like you'd see with a V device, silver star, LoM, MoH, etc.
Him denigrating fellow soldiers and being grossly unqualified to even communicate properly in his role are also concerns, but somewhat off-topic.
It is not a strawman, you literally said the awards are automatic, which is untrue on it's face. The vast majority of HN users are not veterans, and likely would not know that what you said is untrue.
What I said in full is:
"automatically awarded to O3s / O4s for a deployment",
which is pretty clear and backed by both the linked articles and my first-hand experience.
That misrepresents the process, which is why I continue to clarify.
Typing a comment isn't the same as providing a source; I've provided two that support my claim. You're welcome to try again, but it's too early for bad faith arguments so you won't get any more replies.
>Bad faith
You literally misrepresented the truth then provided 2 articles, neither of which backed up you original claim. All because you evidently don't like someone. The only claim I made is that the awards are not automatic, which we both know is true.
Regardless, my source that Bronze Stars are not automatically awarded is AR 600–8–22.
You mean this part of the regulation, right?
> Prior to 7 January 2016, awards may be made to recognize single acts of merit or meritorious service.
Which corroborates my other claim - including the timing - about the tightening of criteria? Dang. That's wild. Good thing you have a source that you didn't link or apparently read.
https://ri.ng.mil/Portals/31/Documents/MILITARY%20AWARDS%20A...
What are you talking about? your original statement was that they were awarded automatically, now you are talking about the standards for awarding it, which implies it is not actually automatic. I said In my original response that we could discuss the standards, but your statement that they are automatic for O3-O4 is just plain false. Your sources do nothing to back up your original claim, in fact, they do quite the opposite. No level of snark will make your assertion correct. There is a reason why your original response was flagged, which I had no part in.
My point was that he served in Iraq and has more "real" experience than being a prison guard. This doesn't mean he has enough experience to run the DoD of course, but I wanted to add that because it's misrepresenting a vet who served a deployment.
[flagged]
can you image that? people will just go on the internet and lie?
https://en.wikipedia.org/wiki/Eric_Shinseki
Oversight, okay. Point stands that Hegseth is a decorated solider, before and more importantly than previous news show host.
Ok, and he is not someone you should rely on to make exclusively good decisions.
[flagged]
I wish this hadn't happened.
I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
I ask this, because I don't think anyone in the subject matter specialist space would have made a strong case "kill it, we don't need this" and I am sure if asked would have made a strong case "CRISSAKE WE NEED THIS DONT TOUCH IT" -But I could believe senior finance would do their own research (tm) and mis-understand what they saw in how other people work with CVE, and who funds it.
> I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
This was not a carefully-weighed decision based on a cost-benefit analysis. This was a political order, consistent with the administration's policy of "cut everything, recklessly, indiscriminately."
There are many problems going on right now, but in terms of cuts this is one of the most problematic: everything is secret, with no oversight or deliberation. It's indistinguishable from corrupt malice because it's not done with open thoughtfulness.
I just can't believe your take on this. The White House press secretary has directly said, multiple times, "this is the most transparent administration ever". /s
In reality, this entire process is insanity. We've had examples of government spending overhaul in the past - early(?) 90s - both sides worked together, cut lots of spending across programs, downsized tens of thousands of federal workers, and balanced a budget, to the point where we had a surplus. It was tough, took time, wasn't perfect, but was deliberated and debated and far far far more open and transparent than all this. But their goal was actually improving government (even if that meant reducing some areas). The current 'leadership' goal is to dismantle/destroy as much as possible, as this is led by people who think government in general should not exist.
Yes, this is 100% consistent with their policy: cut everything and if you find out that something is really really needed then reverse it.
> cut everything, recklessly, indiscriminately
Mostly discriminately, tbh.
[flagged]
I can't tell what argument you're making within the context of my post?
The OP said indiscriminately, which means they're cutting uniformly across the board. I responded with "mostly discriminately" which means they're more selectively cutting based on prejudice. You then linked me a data point where you show they cut funding because it has the word "homo" in it and tell me to "get a hold of myself".. but your link would directly support what I've said?
It is clear from context that the original comment is using "indiscriminately" in a sense of "without due care; thoughtlessly". Your first reply comes across as simply contradicting it, i.e. asserting that actually these cuts were made with an appropriate level of thoughtfulness. Your point that there are criteria which are being applied is a useful contribution, but you should have expanded on this in your original comment, as it was not clear that you were reframing the discussion in this way.
Respectfully, I took the word at face value and made what I thought was a fair, albeit half-jokingly correction. Certainly, I understood the context of the original post and I expected that this community would understand my follow up comment which is using correctly applied English. For whatever it's worth, I see no synonyms for indiscriminately that would fall under "without due care; thoughtlessly" on Merriam-Webster. Even if I understood what the OP was saying, it was not technically the correct verbiage to use. I would have thought I'd receive a similar level of "allowable nuance" in my comment that the OP was afforded.
https://www.merriam-webster.com/thesaurus/indiscriminately
I interpreted “discriminately” as exercising due diligence. I think in this instance you were perhaps too clever by half.
[flagged]
> albeit half-jokingly
It seems then that you could have acknowledged MiguelX413's comment without the feigned aloofness?
He came in quite hot and has made no acknowledgements of my rebuttal. To be honest, taking a deep breath and giving me a more sensible response than what I got could have gone a lot way.
We're allowed, and should be encouraged, to write with a small amount of nuance and creativity.
My intent was to argue by counterexample. That grant being cut merely because of containing the prefix homo is an example of indiscriminate cutting, in my opinion. Actually effectively cutting grants that only related to homosexuality or something would've been discriminate.
However, I might still be misunderstanding you, pardon me.
> That grant being cut merely because of containing the prefix homo is an example of indiscriminate cutting, in my opinion.
I disagree. I think it would be considered "discriminate cutting".
> Actually effectively cutting grants that only related to homosexuality or something would've been discriminate.
I agree and that's the point I was making. They're just cutting grants with the word "homo" in them because it meets their criteria of interest for cutting. Whether they deal with homosexuality or not is not a discriminate vs indiscriminate topic, but a topic of DOGE's competency in actually executing on their discriminate cutting vision.
Most of the general population can’t read above something like a fifth grade level. Here on HN it’s higher, but I wouldn’t say it’s safe to assume you can just engage in even mild word play without risking being misinterpreted, unfortunately.
Written word play, especially in such a short sentence, will be hit or miss with even capable readers because one's interpretation will be devoid of interpersonal context (including nonverbal signals) and heavy on other context such as expecting some in this community to continue to defend Elon/DOGE because we've seen it plenty on HN to date.
You're completely right, for what it's worth, and I appreciated the wordplay.
Thank you.
Indiscriminate means at random or without judgement. The comment you're arguing with clearly (and cleverly) said the cuts are not random. As one data point, I did not read the comment as contradicting anything, but as agreeing and expanding.
Afaik there's never been a DEI initiative (or similar, I'm not American) that I've ever heard of to hire more gay people specifically. Most of us would hate to be hired for our sexuality rather than our skills.
There's nothing "woke" about it and screaming woke woke woke isn't going to change the fact that we exist and you don't like it. I'd tell you what I really think of you but it would invoke Dang.
You misinterpreted that comment, which was sarcastically pointing out a study which was purportedly cut simply because it had the word part “homo” in it.
This is correct.
You have got to stop engaging with the idea of “woke” as a specific ideology to stand against. It’s like you purposefully intend to misunderstand common shared meanings of words.
I never believed in such a thing. I don't understand where you possibly could have gotten the idea that I adhere to such a thing.
Destroy, destroy, destroy. Promise to rebuild but don't. Take it all.
Did they promise to rebuild?
If I'm giving them the benefit of the doubt (which I hate), it's a shotgun approach; cut things relentlessly and see what falls apart. Chaos engineering applied to a country and / or the world.
That’s exactly what it is, and they said as much repeatedly while campaigning. Voters, in their zealotry against the perceived status quo, failed to realize how much of what we have right now you don’t want to cut recklessly, as well as just how reckless the people that they were choosing to do that job were.
> in their zealotry against the perceived status quo,
Perceived, not actual, because spreading lies and misinformation is what makes the most money for the ad sellers that make up 90% of our industry.
There are various glorious futures floating around about how this will make America better, stronger, more independent.
So much for the wunderkinds in DOGE.
They were able to eliminate all open CVE's while cutting costs at the same time. Amazing!
Soon to be powned, by their own extreme short sightedness. Duh.
Soon to be? They already failed to deploy a website safely by exposing the db. https://www.404media.co/anyone-can-push-updates-to-the-doge-...
Maybe "they" want to do the pwning with less coordinated resistance. Doing away with CVEs would help with that objective.
No, they are not skilled enough to hack anything. These are just a bunch of average junior engineers with hubris.
@bigballs, please save U.S.
I think you mean wonder kids.
wunderkind is a loanword, it's one of those cases of a German word being used but being odd in English since it's so similar. Like kindergarten which is often speller as "garden".
https://en.m.wikipedia.org/wiki/Wunderkind_(disambiguation)
I think the GP was making a reference to the Apple TV show “Ted Lasso”.
“Wunderkind” mispronounced as “Wonder Kid” is a running joke in that show.
https://www.reddit.com/r/TedLasso/comments/132rw9v/what_the_...
No, not really though that was pretty funny
"tariff as wunderwaffe" often comes to mind these days.
Many of these terms originate during the Nazi regime and thus aren't used lightly in Germany anymore.
Other example includes: Endgegner (final boss) or Endlösung (final solution)
I would suggest to avoid such terms.
Wunderkind and Endgegner are used lightly in Germany.
The parallels to Nazi Germany's striking but impractical weapons seemed intended every time I heard or read Wunderwaffe in English.
Wunderkind predates the Nazis so it doesn't have that much baggage.
Endgegner originates from Endlösung and while it indeed often is used without thought, the question if it should be used lightly.
You stated Endgegner was not used lightly in Germany when it was. You seemed to think Wunderwaffe was used lightly in English when it was not. And searching for Endgegner and Endlösung found our comments and a few opinions they sound similar. No evidence or claims of origin. I conclude Endgegner does not originate from Endlösung probably.
> Endgegner
I did not know about this, thanks for die Vorwarnung. In context, I'd assume "ultimate enemy" (Gegner=opponent) as "final boss" sounds videogame.
Many did in the golden age of German research, then to be destroyed by those mentioned.
Either the philosophers or the mathematicians/physicists likely coined them.
Certainly, so we have to critically look at the terms and check which have been used by the Nazis to promote their ideology. It is a call to make in each case.
It was sarcasm that apparently went over everyone’s head. See: Ted Lasso.
I'm pretty sure this is a joke reference to Ted Lasso.
Same thing.
Given that the Kids at DOGE are all computer experts, this reeks of a calculated move.
Absolutely not. They are not broadly experts, and they are not making these decisions after careful consideration, as evidenced by their continual acts of stupidity and basic errors and cutting things despite having no idea what it is they are cutting. Musk got in an argument with someone who said DOGE cut funding for a cancer treatment program, and Musk was calling the person a liar, and the person provided evidence and Musk admitted it was an accident. They are a clown car of idiots who vastly overestimate their own knowledge and underestimate how much good the government actually does. They think they can just slash and burn and there will be no negative consequences because they think the government is worthless.
Until, like Ayn Rand, they actually need the government. Then they'll be complaining how the government doesn't provide services.
My knowledge of Ayn Rand stops at having read a book (and considered it silly), when did she need the government and complained about it?
Medicare and social security after a lung cancer diagnosis (from being a heavy smoker)
https://www.openculture.com/2016/12/when-ayn-rand-collected-...
She was an Objectivist. She considered social security to be "legalized plunder". Then when she needed it, she decided to take it.
One of her wonderful worldviews was to rejects altruism as a moral imperative, arguing that individuals should live for their own rational self-interest. Social security, based on the idea of supporting others, contradicts this principle.
It takes strong and complex social glue to create a place where millions can safely follow their own self-interest.
Which means anyone whose wisdom matches their self-interest is going to understand that different things have very different efficiencies at different scales.
And some things happen to be dramatically more efficient/person and more effective, the larger the scale they can be coordinated at.
>It takes strong and complex social glue to create a place where millions can safely follow their own self-interest.
This exactly. All of these people who profess to believe in objectivism could easily move to a failed state and do anything they want to with zero government intervention. But they don't do that. They want all of the benefits of a working government with none of the things required to actually create a working government.
Side note: if they wait a little bit, they may end up not needing to move anywhere after all.
It is in your self interest to have a strong social safety net, because one day you might need it too.
Also, even if you don't need it yourself, it's far nicer to live in a society where people's basic needs can be met otherwise we end up living in some kind of Mad Max apocalyptic wasteland where people with nothing and nothing to lose roam the country looking for targets.
I don't see altruism as being outside of my own self-interest. I think that you get what you give, so having to give up some money to the public good is OK (usually not awesome, but OK).
> One of her wonderful worldviews was to rejects altruism as a moral imperative, arguing that individuals should live for their own rational self-interest. Social security, based on the idea of supporting others, contradicts this principle.
This position was already pointed out by Plato (in the Gorgias IIRC) as being inconsistent. Political systems are made up by people - if a society, in particular a democratic one, has certain systems in place, then this is probably because it was (at least believed to be) in the people's self interest.
What's funny, and it might be because of the translation, but I first thought her book where all entrepreneurs are hidden away in a sort of parallel country was a dystopian satire and a joke about some people sense of self importance. Then I learned about her (and when the book was written too) and realised her book was to be read as it was written, 'seriously'. Which makes it silly, but a funny story.
Sorry, I really should have said "experts" with the rabbit ears. But it still reeks.
They are clueless kids at their first job, following the orders of their hero. You think they’ll resist when the boss tells them, “cut everything”?
No. [0] I wouldn't say they are computer experts. [1][2]
[0] https://www.404media.co/anyone-can-push-updates-to-the-doge-...
[1] https://www.npr.org/2025/04/15/nx-s1-5355895/doge-musk-nlrb-...
[2] https://www.bloomberg.com/news/articles/2025-03-14/doge-staf...
I think expert is not the right word for what looks like mostly rookies.
They've done their degrees and masters in Computer Science, and many of them dropped out. But they focused on AI, so I'm assuming this makes them great at statistics, but does this mean they are great at security? Given the way they've gone through a variety of departments, I'd say they aren't.
The DOGE crew are incompetent. Witness their firing of all the people who look after the nuclear stockpile and Ebola research.
Hang out around here for a while and you will realize quickly that us tech bros mostly just know tech stuff. Our perceived intelligence in topics which we don't spend our time on is called hubris and we are swimming in it at all times.
Vampire capitalism. They want civilization to break down so they can offer a solution for profit. The enemies of all people and life on the planet are a tiny group of oligarchs and their supplicants.
Not unlike the manga Berserk
This isn't capitalism, any more than arson, burglary, or extortion is capitalism. Get some new material.
I agree, given the right definition of “capitalism”.
Unfortunately “capitalism” has two quite different meanings. Which are rarely clarified in use.
Capitalism with a big C, a too common overarching ideology, gets bent to mean whatever the greedy, unethical and rich want it to mean so they can get more money.
But small c capitalism, evolving from both practical and ethical foundations, is a system so useful it has multiplied the benefits of civilization. But it is just one such system.
It can’t do everything, it needs other independent systems (justice, dispute resolution, rules of clarity, risk & trust limiting systems, for starters) to work, and extending it to places it doesn’t work causes great harm.
(Like when perversely applied to those enabling systems, in big C form, as is happening now.)
Hah. I’ve been hearing this No-True-Scotsman for Capitalism for decades now. It’s what we’ve got and is widely understood as capitalism. I won’t repeat your last sentence but the sentiment is similar.
It's no different from what apologists for Communism and any number of other -isms will tell you. "B...b...but it's never really been tried." Capitalists are as entitled to that excuse as anyone else.
It's almost as if no economic, social, or political system known to mankind will stand up for long under a determined onslaught of corruption.
I'm not sure "well THEY do it so I want to do it too" is the strongest argument.
It's malicious rent seeking. Is that capitalism? Once you run out of easy problems to solve, you create problems for yourself to solve.
To be fair, we don't yet know how capitalism ends.
We know how everything else does, though.
Heat death of the universe?
> any more than arson, burglary, or extortion is capitalism
Indeed.
No, we’re in a middle of a coup. Palantir or some other odious company will get paid 100x more to do something.
People will not submit vulns as happily to such business.
Most of vulns will go unaddressed because company like palantir will most likely want only really good vulns like 0-click RCE.
Putin, Xi, and Un say thank you.
MITRE has a trademark on the term CVE.
As if laws have any meaning to this administration, and anyone expecting this will only last four years instead of turning into one of those countries so much admired by the captain at the helm, is fooling themselves.
When the citizens realise this, the structures to clamp down any revolution will be in place.
TBF trade-marking a term like "CVE" is the most ridiculous fucking thing and just reeks of modern American copyright law type stuff.
It's only superficially ridiculous.
"CVE" is trademarked and emphasized (e.g. included in the shorthand notations, e.g. CVE-2014-0160), explicitly to prevent other groups from using "CVE" in a way that causes confusion in the marketplace. And yes, this is the same reason trademarks exist for commercial purposes.
But imagine if Microsoft could issue CVEs against Apple ... or OpenAI against Anthropic, etc.
The label "CVE" has to have a known authority to be useful. And the only way to ensure that is to trademark it. See also: "Linux™".
[flagged]
> "kill it, we don't need this"
"We are paying MITRE how much? Bigballs and co will write a better ststem in 1 week and have it integrated with xAI. How hard could it be? Send out a first draft of an xAI contract to our DHS contact"
> I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
The National Vulnerability Database has been unable to keep up with the flow of CVEs for over a year now:
- https://anchore.com/blog/national-vulnerability-database-opa...
- https://www.cyberreport.io/news/cve-backlog-update-the-nvd-s...
- https://www.ibm.com/think/insights/cve-backlog-update-nvd-st...
- and many, many, many others
It has been a complete disaster for months. At this point, perhaps the thinking is to radically change approaches?
> perhaps the thinking is to radically change approaches?
If there had been a replacement or reform plan for even one single iota of the things this admin has cut, I might give them the benefit of the doubt. But there's not. It's just kill, kill, kill.
You assume there's a plan. Interesting.
Cutting the program would seem to go in the opposite direction of what is needed.
They were at the mercy of 20 year olds from doge. I wonder when doge enters the NSA & NRO WHAT information will they steal & put in their hard drives.
All of this is criminal behavior on the the current regime.
This sort of thing is happening across the federal government. There is no rhyme or reason. DOGE has been given an unrealistic target for cuts and they're desperately cutting whatever they can get their hands on. If you look at the federal budget it's nearly impossible for DOGE to hit their stated goals without touching benefits like medicare and social security (which are off limits so far) so the only option is deep, deep cuts into the narrow slice of the federal budget that excludes those protected categories.
There is no rhyme or reason to what gets cut, other than someone under pressure to hit KPIs (dollars cut) was desperately searching for things that looked easy to cancel.
This is happening everywhere the federal government touches. Most people aren't aware of it until they come around and pull the rug on something that intersects with your own life.
Even my die-hard Republican distant relatives are suddenly shocked because programs they benefited from are being cut. They thought they voted for something different.
>>They thought they voted for something different
Like what exactly? I mean the guy ran on cutting the budget by 2 trillion. In his last term he gave tax breaks yo the rich. Where did they think the cuts were coming from?
He ran very hard on raising tarrifs. Which demonstrably raise prices (thats literally their goal.) But now people claim "I didn't vote for this."
In truth they voted for him because he was the Republican on offer and they're die-hard Republican. The Republican party has made no secret of its agenda for decades.
I get it, people are good at cognitive dissonance. But this is the place for blunt truth. They voted for this. I'm not letting Republicans got off the hook here. They voted for this.
Just like to my Republican friends who are upset that CVE is cut. You voted for this. The general public benefit from CVE even though they dont know it exists. Just like you benefitted from dozens of other programs you didn't know existed, but have also been cut.
That's the problem with cuts. They ultimately end up hurting everyone.
Now clearly there's some fat that could be trimmed. Companies do it all the time. Done well its good. Swinging a hatchet in a crowded elevator does not seem like "Done well".
> In truth they voted for him because he was the Republican on offer and they're die-hard Republican. The Republican party has made no secret of its agenda for decades.
This is actually simply not true. The Republican party before the Tea Party looked nothing at all like this. Trump won the presidency last year riding a wave of distinctly not-your-typical-Republican lower class voters. As he rose the old guard Republican establishment formed the anti-Trump wing of the party until they were forced out one by one.
To put some numbers to this: Bush won the upper income brackets by 5+ points in 2000, with a lead that widened as you went up the income ladder. Trump lost the equivalent brackets in 2024 by 5+ points, a 10 point swing away from what Bush won them by. The lower brackets are even more stark, with a whopping 18-point swing towards Trump in the $30k-$50k bracket (inflation adjusted to $15k-$30k).
These numbers show that Trump is not a Republican in the George W Bush sense and he's certainly not a Republican in the Ronald Reagan sense. He's a populist and won on a populist agenda by putting together a coalition of rabid social conservatives (who probably really did go Bush in 2000) and poor people (who largely did not).
You are ignoring that trump rode to power explicitly by enabling the shittest of Republicans that already exist. To try and let republicans off the hook for supporting him, especially a 2nd time? Is hilarious
Even the first wave of Republican support came from the Tea Party types more than the establishment types.
> The Republican party before the Tea Party looked nothing at all like this.
Starve the beast is older than the Tea Party.[1]
[1] https://en.wikipedia.org/wiki/Starve_the_beast
There are extremely superficial similarities here, but they're just that: extremely superficial. Along the same axis but in totally different orders of magnitude, and orders of magnitude make a difference.
Obamacare and communism are along the same axis too, but the Republicans who claimed they were the same thing were obviously wrong.
I'm upvoting you because you make a coherent argument, and votes here should be for that, not whether I agree with you or not.
I would agree he's not George Bush, much less Ronald Reagan. Nevertheless those who voted for Bush and Reagan also voted for Trump.
This has been "decades" in the making in the sense that since Obama was elected (in 2008), Republicans have embraced racism at the heart of their populist message. That swing rightward was made palatable to center republicans with a woman democratic candidate in 2016 (one not terribly well liked in democratic circles) and a black woman candidate in 2024.
While racism, and misogyny gather a bunch of votes, long-term distrust of institutions is sown, and fostered. Republican policy becomes protecting white guys, and especially old, rich, white guys.
Reagan was popular and competent, and worked for the good of America. Today's president is nothing like him, but wins because a bunch of people "vote Republican".
> Today's president is nothing like him, but wins because a bunch of people "vote Republican".
There's a component of that, but it's not the primary cause. A lot of former Republicans stopped voting Republican with Trump, including a lot of old rich white guys, and a lot of the current Republican voters didn't vote for Bush. He wins because of the new wave of voters that counterbalanced the flight of the educated core of the Republican establishment.
Populism is not an agenda it's a style. Also the majority of poor people voted Democrat, the majority of people with low education levels voted for Trump (which is not the same thing as dumb, although voting for Trump is dumb regardless of PhD or lack of HS diploma). There's overlap between low levels of education and income but if you define class by income then low income people mostly voted Dem
> Where did they think the cuts were coming from?
When someone hands you a pencil, you don't wonder what variety of tree the wood came from, or what paint chemistry was used for the coating. It's a pencil. You might have broad opinions on whether the one in your hand is comfortable to use, and sharp - but you leave the details to the pencil makers.
About 70% of the population engage with politics the same way: Leave the details to the people who do this stuff for a living.
Do they expect to be disappointed? Sure, but everyone who engages with politics expects to be disappointed.
This pencil was proudly advertised as being comprised of the remains of all that was decent in humanity. The fact that it wrote in blood was gleefully touted and cheered.
This is exactly the attitude Putin tries to encourage in his population. If enough people don't pay attention or don't think what they do matters, it's easier to subjugate a population.
If people in the US aren't starting to notice what Musk/Trump are doing it will bode very poorly for the future of the US.
It is traditionally cedar.
You are a pencil company director. A CEO candidate promised to cut expenses by 30% by eliminating waste. People who do this stuff for a living countered wood and graphite exceed 70% of your expenses. The CEO candidate proposed to increase graphite spending. Do you wonder what the CEO would do if hired?
> Do they expect to be disappointed?
Aurornis said their relatives were shocked.
> They thought they voted for something different.
They voted for the leopards to eat other people’s faces, not their’s.
Something different like gay people, women, immigrants all suffering while they laugh. Who's laughing now? From an outsiders perspective, I sincerely hope that Republicans get to feel a fraction of what these usually marginalised groups feel every day.
You'd think that lessons would incite learning but that has never seemed to be the case throughout history.
Remember, DOGE has nothing to do with money or "efficiency". It's a pure ideological dismantling of the Federal government aimed at eliminating oversight, regulations, assistance and entitlements as envisioned by ultra-conservatives for decades.
This isn't speculation or hyperbole, it's specifically laid out in their published plans: By hobbling or outright eliminating federal agencies responsible for executing the laws passed by Congress, the administration can circumvent the democratic process and impose their extreme vision of limited government on the country, regardless of popular support.
The U.S. system of government relies on established norms as much as it does law. Conservatives realized that they can ignore precedent with impunity if they had an executive willing to do so. They then spelled out exactly how, and are now enacting that plan.
Then SCOTUS's decisions last summer turbo boosted their agenda. The ruling that only Congress can hold the President legally accountable essentially means executive power is unchecked if the legislature is unwilling or unable to Impeach and convict. The President can now confidently ignore the law and judicial orders with a veneer of legality. And this is what he's doing.
(The fact that all this just so happens to benefit Russia after their decade long campaign to destabilize their opponents in the West is a topic for speculation.)
DOGE is about permanently altering how our country works modeled on the right wing worldview, plain and simple. Since that's their overall goal, they're not concerned where they swing the wrecking ball - it's all going to get destroyed eventually.
> The U.S. system of government relies on established norms as much as it does law.
And it's also happily breaking the law. The Executive doesn't legally have the power to allocate resources (or not), not to mention the power to arbitrarily suspend due process.
That plus privatising a lot of it. Kills two birds with one stone, eliminate regulation and fill your pockets with cash.
> This sort of thing is happening across the federal government. There is no rhyme or reason. DOGE has been given an unrealistic target for cuts and they're desperately cutting whatever they can get their hands on
You make it sound like poor DOGE employees are being forced to do this on this kind of schedule, which definitely isn't the impression I got. They're all a bunch of incompetent overconfident weirdos who think they know better and what to do. Is there any pressure to do anything quickly?
And the US federal budget is quite easy to trim. E.g. remove an aircraft carrier from the planned construction pipeline and you've saved $15 billion with no actual ramifications.
Who knows whether it will happen, but in principle DOGE is working under some time pressure as they're scheduled to be dissolved in mid-2026.
I'd say that the rhyme and reason are quite clear [0]. They published a playbook, and they are implementing it at a record pace.
> The NSC [National Security Council] staff will need to consolidate the functions of both the NSC and the Homeland Security Council (HSC), incorporate the recently established Office of the National Cyber Director, and evaluate the required regional and functional directorates.
> Given the aforementioned prerequisites, the NSC should be properly resourced with sufficient policy professionals, and the NSA should prioritize staffing the vast majority of NSC directorates with aligned political appointees and trusted career officials. - Project 2025, pg 52.
> ... History shows that an unsupervised NSC staff can stray from its statutory role and adversely affect a President and his policies. Moreover, while the NSC should be fully incorporated into the White House, it should also be allowed to do its job without the impediment of dually hatted staff that report to other offices. - Project 2025, pg 53.
The goal is to build up a political organisation to use as a weapon, and to scrap the rest - as a legal excuse to say that the political appointments will be necessary.
[0] https://www.project2025.observer/
They have to find some gumbah to head the security dept,because the best one they had,left in a hurry. Heard he went to Denmark. ( I am really really kidding )
The ryme is Humpty Dumpty, had a great fall. Now China and Russian security forces step up their relentless attacks. Let's hope the white house falls first.
> Even my die-hard Republican distant relatives are suddenly shocked because programs they benefited from are being cut. They thought they voted for something different.
Out of curiosity, which programs? And is this enough to change their opinion about Trump, or do they still think it'll be worth it?
[flagged]
Smug, cryptic remarks aren't helpful. If you have a point, say it.
They are breaking down the federal government intentionally. DOGE was never going to hit their goals, they were impossible to hit. The goals were just cover to take full control over anything they can get their hands on.
> Even my die-hard Republican distant relatives are suddenly shocked because programs they benefited from are being cut. They thought they voted for something different.
They voted for others to be hurt and to lose benefits, not their “in group.” Surprise surprise, they are considered the waste by those they voted for.
[flagged]
> DOGE has been about fighting corruption and reducing wasteful spending
It absolutely staggers me that anyone can still say this with a straight face. I will ask this, though: as part of the DOGE fight against corruption and wasteful spending how many of Elon Musk's government contracts and subsidies have been cut?
Also ~12K IRS workers (7x per head ROI) and inspectors general (who actually get results and are fully accountable) have been cut. And our already bloated military budget is increasing to $1 trillion without an eye being batted. DOGE is theatre.
The Verge: Elon Musk's DOGE figured out one thing: if you control the computers, you control everything. - https://youtube.com/shorts/XSKXIUuDV1c
The Moving Goal Posts in Musk’s DOGE Cuts: Why Elon Musk and his team have struggled to make the spending cuts they promised - https://www.nytimes.com/2025/04/14/us/politics/elon-musk-dog... | https://archive.today/GPDNY - April 14th, 2025
Elon Musk dramatically lowers his DOGE spending cut targets (again) - https://www.msnbc.com/rachel-maddow-show/maddowblog/elon-mus... - April 11th, 2025
See How Government Spending Is Up Even as Musk Touts Savings: Musk team’s $150 billion in savings barely dents $6.8 trillion in spending largely on autopilot, WSJ analysis finds - https://www.wsj.com/politics/policy/trump-doge-government-sp... | https://archive.today/DGGhX - April 11th, 2025
"A system’s function or purpose is not necessarily spoken, written, or expressed explicitly, except through the operation of the system. The best way to deduce the system’s purpose is to watch for a while to see how the system behaves. Purposes are deduced from behavior, not from rhetoric or stated goals.” —- Donella Meadows
> "A system’s function or purpose is not necessarily spoken, written, or expressed explicitly, except through the operation of the system. The best way to deduce the system’s purpose is to watch for a while to see how the system behaves. Purposes are deduced from behavior, not from rhetoric or stated goals.” —- Donella Meadows
The purpose of a system is what it does.[1]
[1] https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_wha...
Elon Musk Decimated the Government and Saved Almost Nothing - https://jacobin.com/2025/04/musk-doge-savings-austerity-spen... - April 17th, 2025
There is no in-group and out-group, there is only Trump.
A comment has been deported to El Salvador, in its place
Trump in Nevada: 'I Love the Poorly Educated' https://www.youtube.com/watch?v=Vpdt7omPoa0
I hate Trump as much as the next guy, but let's not take things out of context, he clearly seems to mean it in a "I want everyone" sense here, rather than just the poorly educated specifically.
His statements were of inclusion into a set of suckers, he was only cheering of the relative sizes of those that vote for him. I understand what you are saying, and this isn't it.
I see at least three obvious reasons for the cuts:
1. Politically-motivated "purge the weak" Nazi stuff - Cutting Medicare, cutting Medicaid, cutting Social Security, cutting education, cutting anything that benefits people who are old, poor, queer, female, etc.
2. Privatization - NWS and NOAA are wonderful public services, and they'd rather profit from the data they produce. This is why taxes in the US are such a bitch to file, tax companies oppose any policy change that would make the paperwork easier for filers.
3. They might actually be Russian assets. Tearing down institutions that took generations to build makes space in the world for Russia to exert more influence. You can tell this is working because Europe is now wanting to re-arm.
It makes me sad. If I had a billion dollars I would still want to live in a better country. These guys only want a better world for themselves, and making everyone else into a permanent servant underclass only plays into that.
> I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
Come on, are you living under a rock right now? There are massive indiscriminate funding cuts to anything that Elon/Doge deems to be "fraud", and they explicitly do not care about the collateral damage.
This is not about the DHS or "compartmentalization". This is just a politician running amok and having real consequences.
Also there has been funding cuts to all agencies where Musk is currently under investigation. NHTSA is getting cut so they can't get in the way of Tesla.
No one analyzed it most likely. It’s possible on of the college students working for Doge doesn’t understand security because they are a child with no real world experience that Elon brought in to slash costs.
Your words don't make any sense in this environment. The idea that any person at an agency could stand up to or convince the DOGE team of anything is preposterous.
Anything that weakens the US or puts our cybersecurity in a place that Russia can exfiltrate data will happen. This is not about the US needing anything and it's silly to think otherwise. See also the NLRB whistleblower and the security backdoors that DOGE demanded to allow data exfiltration and the subsequent death threats to the whistle blower.
You mindset is behind the times and needs to adjust to a, frankly, insane current reality.
> Your words don't make any sense in this environment. The idea that any person at an agency could stand up to or convince the DOGE team of anything is preposterous.
Your comment embraces and spreads the powerlessness they want you to feel and spread.
Of course you can stop them - like any other negotiation in life, especially non-friendly ones, you need to make it in Trump's interest either by carrot or stick. Trump has interests; identify them and identify your power in those regards ('power and interest' is the term), and use it.
Also, stop helping them make DOGE the scapegoat. It's Trump.
No, it's definitely DOGE doing all of this. Each one of these young fools need to be named and shamed. The level of damage they have done is unprecedented. They will, in their later years, hopefully look back at this time in their life with a great deal of shame and embarrassment.
I have the feeling that there will be no redemption arc for those ones and the repenting would be for show before a court of public opinion.
I'm going to be to the point here, if you guys over there don't start to heavily push and organise, and I said it already, you're one Reichstag fire away from something very bad, and from my point of view, there is probably one kristallnacht pending in the mix.
This is not a hyperbole and if someone wonders why this has relevance to the discussions, in this case most of the people around here are blue team, and it does feel like the red team has already taken anything that wasn't attached and now taking the time to take what's bolted on...
I guess the silver lining of all this, is in their hubris, they forgot the bread and games motto, so they're might still be a chance to turn things around somewhat... But the window is closing at an impressive speed.
I'm an Australian. We have a guy called Clive Palmer, who has formed a party called (no joke) the "Trumpet of Patriots". It's certain nobody will vote for him. The opposition leader married himself to MAGA (and close to Trump) and now it appears like this will prevent him from winning.
The rest of the world is mostly against Trump.
It needs to be the "shame and embarrassment" Nazis felt at the end of WWII and not the traditional shame and embarrassment they are used to feeling after losing the civil war and Jim Crow laws. It will just happen again in a generation otherwise.
Nazi did not felt shame and embarrassment. They felt loss. They felt to be weak. Nazi and Germans felt sorry for themselves after the WWII. The feeling of sorry for stuff they have done to others is something Germany found a bit later, largely due to Nuremberg and general policies not allowing it to stay hidden.
Forget about them feeling sorry for anyone but themselves. They will feel resentful and as if they were being treated unfairly even when actual clear criminal investigation happens.
You don't think they are carrying out Trump's goals? They are just working independently? The great similarity between their actions and Trump's goals and methods is coincidental?
Why are you protecting Trump, the President, from responsibility?
No, blaming "someone inside DHS" is what makes no sense. It 100% makes sense to blame DOGE and actual perpetrators. You can stop them only if you start to blame those who do the stuff you dont like instead of blaming everyone else except them.
Why wouldn't you blame Trump?
DOGE is doing this, it's not a "scapegoat", and Trump is not going to negotiate anything here, that's ridiculous.
What leverage do you have for the DOGE boys? What power? Resigning? Because on the Defense side of the government the best leverage that some teams have found is mass resignation, meaning that nothing happens.
There is no negotiating with bullies, it merely breeds more concessions.
> DOGE is doing this, it's not a "scapegoat", and Trump is not going to negotiate anything here, that's ridiculous.
DOGE follows Trump's direction and acts on his behalf, as you must know. They make a big deal out of DOGE so Trump's name is less attached to these actions. Then they can take much of the blame with them when they go away, with Trump and the GOP blaming them for 'excesses'.
> Trump is not going to negotiate anything here, that's ridiculous.
> What leverage do you have for the DOGE boys?
You don't understand how negotiations work. Everyone has interests, strengths and weaknesses, and power. You need to make it in Trump's interest to keep the CVE program.
Everyone saying they are helpless, and that anything else is ridiculous, are panicking. Very unfortunately - dangerously - many people legitimize the panic. It's so normalized that it's "ridiculous" not to panic.
Every day you continue this behavior, you fall further and further behind and lead others in that direction. Will you wake up in time?
Currently the "discussion of leverage" you are talking about is out of the hands of the leaders who run these programs.
The amount of disrespect you have shown for someone that is just telling you 99% of federal workers have absolutely no leverage says a lot.
> Currently the "discussion of leverage" you are talking about is out of the hands of the leaders who run these programs.
That's an assertion without any any argument. It means nothing.
> The amount of disrespect you have shown for someone that is just telling you 99% of federal workers have absolutely no leverage says a lot.
What does it say? Why is such a person somehow special?
Isn't the US supposed to be the birthplace of modern democracy? When did you guys forget about protests and rallies?
> Isn't the US supposed to be the birthplace of modern democracy?
I would not dare not mention the revolutions in England and in France. And before that some Greece city states, and definitely Rome. The US declaration of independence is just another point.
It's just not practical to organize a rally to save a niche cybersecurity program. People are busy protesting to protect Medicaid and keep themselves out of foreign gulags, they can't divert the attention to CVE.
That's fine, protests aren't surgical tools anyway. As long as people are protesting, it's OK.
> You need to make it in Trump's interest to keep the CVE program.
This guy is ~80 years old and bragged about "person, woman, man, camera, TV." He recently got into a Tesler and exclaimed "everything's computer!" Have you seen the way his aids explain executive orders to him (like a child) before he signs them?
He doesn't have the foggiest notion of comprehension of what the CVE program is, or how it would benefit him. Unless you're greasing his wheels, it's not going to happen.
He's convinced you to quit and let him do whatever he wants. That's the problem.
he sure understand two things.
one it costs the us and is needed by everyone, so he thinks but paying it someone will pick it up and then the us will be the free loader.
second, he understands that helps he and his pals wash dirty money.
I don't think there's any reason to believe that Trump is mentally competent to understand what's happening here or engage in any kind of meaningful negotiation.
I'm curious by what means you think Trump can be bargained with.
Do you mean things like handsfull of like-minded countries selling t-bonds? No one in the R party has any leverage, and it's not clear that even a few US billionaires could exert any influence.
Do you really think Trump has ever heard of "CVE" or could comprehend them?
it might be ignorance; it might be malice.
it might also be deliberate: that they actually don't think the government should be involved in this sort of thing. after all, someone could be making a profit on this, and that seems to be their highest value. if gov is involved, that makes it a communal effort, and you know what else starts with "commun-"?
yes, those reasons are stupid and ignorant AND intentional.
but is there any evidence against that interpretation?
> someone could be making a profit on this
Yes, there are apparently various ways of profiting from vulnerabilities. The interesting question would be whether any of the regime insiders have a way to profit.
I think it's more of a principle: if it looks like someone could charge money for it, they think that would make the country stronger, because all they understand is first-order profit. Trump's ethics is "get away with whatever you can".
For instance, most people find healthcare middlemen (pharmacy benefit managers, etc) to be grotesque parasites. But to a laissez-faire fundamentalist, they're smart for finding a way to liberate some profit, even laudable.
Hanlon's razor. I also tend to impute malice to things I don't like, but I think it's hard to go past stupidity.
Sufficiently advanced stupidity is indistinguishable from malice.
(Leaving aside that there's plenty of evidence of malice here.)
I love Hanlon's razor. Super-helpful in certain contexts: "Never attribute to malice that which is adequately explained by stupidity."
But, having known about it for a dozen years now, I also find it inadequate alone as a razor without the following caveats/corollaries:
Hubbard's corollary to Hanlon's Razor: "Never attribute to malice or stupidity that which can be explained by moderately rational individuals following incentives in a complex system". ( https://en.m.wikipedia.org/wiki/Hanlon's_razor#Exceptions )
Or (HN) Nerdponx's punchier simplification: "When money is at stake, never attribute to incompetence what could be attributed to greed." ( https://news.ycombinator.com/item?id=41066724 )
Hanlon's razor is utter trash. In most contexts that people bring it up, sufficient stupidity IS malice, because at a certain level of resources and responsibility, you do not have an excuse to be that stupid
You can only get into such a position if you've ignored smart people telling you "No". That's malice.
Hanlon's Razor is susceptible to pathological inputs, causing unbounded runtime.
A large amount of things related to Trump fall into that category, and it's important to recognize when you need to instead treat it as a superposition: It is both malice and incompetence, unless the perpetrators decide to plead just one or the other.
Stupidity rarely has a consistent destructive track record. You score occasional wins. Only malice allows every decision to do damage. (The other razor, essentially - Occam)
[dead]
If you made this careful analysis, you'd hear "CRISSAKE WE NEED THIS DONT TOUCH IT" for almost everything (and it likely would be right for a significant portion but not everything).
That's why the current approach seems to be to axe everything, listen to how much screaming there is, then reinstate only the projects where the screaming is really loud.
So the dumbest way to do anything. Got it.
Please read Isaacson biography of Musk.
The "Musk algorithm" is described in detail, and can be summed up as a "reverse Chesterton's fence"
"If you are not forced to reinstitute 10% of the rules you slashed, you have not slashed enough".
What happens while the 10% are slashed is left as an exercise to the voter.
Hopefully, the cve db will be deemed part of the 10%.
You forget that their stated policy (and I don't doubt their commitment) is that whoever complains the loudest were probably scamming. That "honest people don't complain"
> A coalition of CVE Board members launched a new CVE Foundation "to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program."
> https://www.thecvefoundation.org
https://mastodon.social/@serghei/114346660986059236
This kind of a consortium needs to explicitly avoid being captured by both the product vendors (who could be incentivised to manipulate the CVE issuance process to support their own remediation timescales), and by security companies (who could be incentivised to obtain a competitive advantage via preferential access to the CVE database).
It isn't impossible for a commercially-funded organisation to avoid this kind of capture, but it isn't easy either. My mind immediately jumps to the relationship between the Mozilla Foundation and Google.
Then there were two: https://gcve.eu
Plus the proposed "Foundation for Standards and Metrology (FSM)" to build on NIST, https://democrats-science.house.gov/bills/the-expanding-part...
Don't some projects already issue their own CVEs?
CNAs [1] are assigned blocks of CVEs and then assign from within that block, but the system only works if there is overall administration of the CVE Program [2].
My concern is that a capture of the administration would become a capture of the entire programme. Looking at the structure, it seems possible that CISA are in a position to prevent any such capture but, given some of the recent positions taken by the US government, we'll need to wait and see how that plays out.
[1] https://www.cve.org/ProgramOrganization/CNAs
[2] https://www.cve.org/ProgramOrganization/Structure
yes, but it's a hierarchy. If you disagreed with their judgement you could always go up the chain, and MITRE can take the privilege away again if they think a vendor is misusing it.
So if the govt stops paying them they'll continue to do the work for free?
The way their letter is worded it seems that they have a rainy day fund constituted to ride out the stormy next few week and I'm fairly certain they'll come back with more details as to how they'll be acquiring funding from now on in the next few days. Maybe paid access to an API, maybe donations from large companies that use the system, maybe something else ::shrug:: Hopefully a project as important as this doesn't just dissapear completely because of government pressure.
More likely they will seek funding from companies and other organizations, as every other foundation/consortium of this kind does.
They're converting to a nonprofit, so instead of federal funding they will need funding from big tech companies.
MITRE is already a not-for-profit.
How else will they continue burning out open source maintainers with bullshit?
This smells like a quick attempt to enable phishing for vulnerabilities, and not a legit way to make progress. The comment is from a person that runs a security startup and the site is a google site that people can report to google as a scam. (Edit: downvote as you like it— perhaps my language was too harsh to help make the point clear. It is interesting how easy non-sec people fall for names and quotes and authority.. building trust does not come overnight, in fact it is never fully there, and infosec experts would not fall for such supply chain redirections with questionable future. Hopefully we will not have to test this idea soon, though some level of reliability and long-term automation would be welcome. We need technical, generally agreed upon systems, not a “foundation”).
The real irony here is that a lot of ycombinator founders and the people reading HN were exactly the ones making this possible and now start to wonder why the snake eats its own tail.
Or they wanted this, because this could be part of the privatization of many government functions. They, or at least some of them, could see this as controlling this function for money. It's a regular stream too, the valuable subscription model and customers who really need the service (and if they don't, just add a new law in the name of IT security forcing firms to sign up).
To me it looks too chaotic to be a planned privatization plan but who knows.
I think its part of the tried and true strategy of causing chaos then blaming the government for it and presenting privatization as the solution.
Move fast and break things as we say.
The missing funding is something like 2 million dollars. Any US company could make this issue go away in an instant.
Its not a money problem, its a understanding problem.
Shouldn't the most powerful country has something like this? Being even in the forefront of it?
The USA was doing cyberprotection against Russia and cyberattacks across the world.
Now suddenly it doesn't need it anymore?
Like just did Russia go away (or has russia won and sits now in the white house)?
You're right.
I don't understand why the EU wasn't funding it and isn't funding it now. I thought they're united against Russia?
because they already do? https://euvd.enisa.europa.eu/
please, stop spreading your weird anti-europe views
Great. Then there's no loss here. What's the big deal?
Your comments feel a bit incoherent - just extend your reasoning for why you think Europe should want to fund this back to the US again.
The GP sounds like one of these people who describe themselves as self made, or libertarian, where history begins where you like it and coalitions are only worthy when you’re the biggest benefactor. Best to ignore and let the leopards find them.
haha, sage advice
[flagged]
Can you extend your reasoning for why you think the US should want to continue to fund this for the EU?
"for"? You realise this is a homeland security matter for the US as well as the EU?
Great. That's why the EU should fund it for the US. It's a security matter for them!
It’s a security matter for the US.
It’s a security matter for the EU.
Both countries should pay for the security matter, as they were previously. Stop twisting the other poster’s words.
We will see. I understand that money shouldn't be an issue but trust might be, no?
Sorry, I made the mistake of installing PyPy.
I assume that this comment should go somewhere else or I'm not able to decipher the message ;)
PyPy's logo is a snake eating its tail.
Cool thanks!
Sorry and thanks GP. ;o)
Your nerd card had been validated for today. Go forth, ethically.* :D
* Oops, I introduced 2 more programming languages, my bad.
exactly; I hope ycombinator and its proponents can enjoy living in the ancap fantasy land where you have to pay to be alerted for a climate change fueled mega hurricane (also caused by this exact same reckless, unregulated greed) because NOAA was disbanded. Billionaires shouldn't exist, but neither should millionaires.
You don't need MITRE
For-profit private journaling is working really well for academia!
Will they have a free tier where I can sit through 30 second ads? =(
The insurance industry long ago figured out that nothing has the profit to effort ratio of "pay us or die", and so any capitalist endeavor that is not somehow restrained will attempt to approach this perfection.
Weren't there major problems with the current CVE implementation, especially with the waves of script kiddies and AI tools spamming the database and the fact that projects who take security seriously have little to no say in the "score" that gets assigned?
As an active consumer of CVEs: yea there are major problems. No there's nothing better and no I don't have any better ideas.
The scores are mostly useless, I would not care if they disappeared, I do not look at them. I don't really understand why people get so upset about garbage scores though. If a high CVSS score creates a bunch of work for you then your vuln mag process is broken IMO. (Or alternatively, you are in the business of compliance rather than security. If you don't like working in compliance, CVSS scores aren't the root cause of your misery).
Having a central list of "here's a bunch of things with stable IDs that you might or might not care about" is very valuable.
> you are in the business of compliance rather than security.
So, most businesses. They all need their ISO/NIST/HIPAA/etc certs.
Yeah, most businesses need window cleaners too. If you're a window cleaner and you complain about all the birds shitting on windows, I dunno what to tell ya.
If you're working in compliance either
A) you're stuck in your compliance job, that sucks, CVSS scores aren't the reason why though.
B) you enjoy compliance.
C) you should change jobs.
Often it is a second order impact. This creates a bunch of work for the compliance people, but then the compliance people end up competing a bunch of work for everyone else. If you count anyone who might have to follow compliance as working in compliance, then I purpose that there isn't enough non-compliance jobs to go around.
Hmm I dunnno I think
a) If you are having to do busywork for compliance reasons, you are either disempowered to push back on bullshit work (case A above, unfortunate, but your job was gonna suck anyway), or it's not really a second order effect, you work in compliance in a meaningful way.
b) Compliance bullshit seems to expand into the space available to it. Nobody thinks CVSS scores are meaningful, the fact that they feed into compliance processes is not the CVSS scores' fault it's the compliance machine just globbing onto random bullshit as its expansion continues. If you took away CVSS scores it feels like it would just glob onto something else instead.
Anyway, in the end I think we aren't disagreeing about that much. I think they're silly, if someone wanted to get rid of them I wouldn't try to defend them at all. I just wouldn'e be the person to push for that.
and then a random 9.8 critical comes that affects some software you have in a way that makes it a 0 in your environment but it doesn't matter cause the cve tanks your organizational Security Score (tm) by 10 arbitrary points and management is wondering when you'll secure the company again because the Security Score is their only tangible deliverable to measure success
Spot on. Vulnerability scanners that make up an organizational Security Score (TM) tend to operate at the wrong level of abstraction, flagging some library somewhere that never runs and has nothing to do with your production flow or architecture, or some test keys with zero security impact. Go explain that to management, because obviously the security tools are right and you are wrong. This sad state of affairs is unfortunately the best that the security industry has been able to deliver. Trying to wrangle complexity by adding more complexity is the craziest notion to me. Yes, no scoring scheme is perfect, but when the scheme introduces more noise, what have we gained (well, security vendors gain, but what have organizations gained).
And it's not enough to explain it to management, you also need to explain it to your ISO auditors, your customers et cetera ad nauseam.
This is my research field. Do you have any input you can think of at the top of your head?
That's very cool. You probably know more about it than I do, then, but my advice is to articulate the exact problem you try to solve.
I expect your field is probably teeming with AI proposals or offers on how to manage vulnerabilities, but that is doubtful the way, because again it is adding complexity, and no classifier is perfect, especially when scanners fail to understand scanned applications and their threat models or environment.
Stop selling external scanners, start simplifying code? This will never work, of course, because security vendors sell the promise of security to those willing to buy it, in the form of add-on products and capabilities.
Empower people to ignore scanner reports without so much red tape? That would never work either, because megacorp wants compliance and reduced liability.
Build secure systems as opposed to cataloging and scoring flaws? That would never work, because building secure systems is hard, nature tends to favor otherwise.
Charge people for adding complexity and credit them for removing complexity? Sadly, there is no way to do that, especially since products must ship and quality is hard to observe, since it is often invisible and only surfaces when things are broken.
Off the top of my head, would be nice to require proof of exploitation, by adding CTF-like capabilities to apps, such that only if the flag is captured do we consider the report real. This places more burden on scanners, in that it is no longer enough to report an outdated library. Requiring some proof of exploitability reduces noise and increases SNR, reducing false positives. Naturally, not all vulnerabilities have working exploits, and scanners can never fully simulate an adversary, so we may get more false negatives, but at least we would not have to waste so much time upgrading pointless modules and breaking applications to appease a false report. So the idea is "here is a dummy asset, show me how you leaked or compromised it". Adding the dummy asset should be cheap, but would force scanners to better simulate an attack.
At the very least, there ought to be a knob to decrease scanner sensitivity.
It’s Way Better than what we had before: software vendors making even arbitrarier decisions about how to classify them.
There are far too many bad actors for us to operate as an industry with no yardstick.
I disagree that it is Way Better than before. A judgement call is worth more than a team wasting effort chasing irrelevant pseudo-vulnerabilities being reported as vulnerabilities. A broken yardstick is worse than no yardstick.
But that's an issue organizations bring upon themselves, by defining semi-arbitrary KPIs that are used without proper interpretation. It's not directly caused by CVEs or assigned scores. It's like blaming git that it count lines in diffs, because your company created a KPI that measures developer's based on LOC changes.
Fair point. I was not blaming CVE for the situation, simply bemoaning the situation.
Yeah like when we bundled in a .js library for client side date processing that has a CVE affecting node.js servers with high score. Our auditors don’t care they tag the whole app as high risk. It doesn’t even run on the server!
the auditors that sign off on your security to meet your clients requirements usually know way less about your security posture than your clients do
its all just surface-level box-checking. most companies required to get 'penetration tests' just get an overpriced Nessus scan sold as a pentest and that meets their reqs.
while this is true it in no way diminishes the value that orgs like cve provide
Incompetent auditors don't detract from the classification system, though. If we removed every data point auditors misinterpret or don't care to understand, we may as well remove all metrics.
Solving this problem in a generalized way is really hard.
Maybe I have a dependency on Foo which has a critical vulnerability in a feature that I don't use. I suppress the warning and all is well. Then two weeks later someone on my team decides to use that feature, not knowing that there's a problem with it. Now we're fucked, and we'll never know because the vulnerability has been suppressed.
Don’t let the perfect be the enemy of good. It is(was?) a very useful and important system.
Trump must be receiving a lot of emails from companies wanting to fill the void, and I bet the Trumpiest of them all is going to be awarded a contract worth 10x the budget CVE had, and do a much worse job.
I feel that. So tired of management being completely uninterested in actual, actionable security holes but getting wildly spun up because they saw a notice with a big scary number that has absolutely no relevance in our architecture.
Most tracking tools have exception processes. But yeah, security as a product family instead of a simple score seems to be a foreign concept at most companies.
The scores were never going to be that accurate across people's environments (IDK how much other places relied on them, places I worked never did that much) and issues with the scores don't seem to be a good justification to torch the whole CVE system anyway.
This^ and to add to that, at the very least MITRE assigned IDs which is great. Plus they did an initial scoring, which, well… will never be perfect like you said and I’m sure these things evolve throughout time and get better (not talking necessarily CVSS vX).
What a shame on this current gov. administration, if you can even call it that.
Why isn't it a good justification?
I think the question everyone in this thread should ask is: why is it the government's job to do this, especially given the prior widespread view that they're doing a bad job? Is the software industry so immiserated by poverty that it cannot organize its own distribution of security bulletins? Clearly not: GitHub already runs its own vuln tracking scheme that's better integrated with the tooling we use for open source software. The industry routinely sets up collaborations like standards bodies, information sharing groups and more. And there is as whole ecosystem of security companies to help you understand vulns in your stack.
So there seems nothing specific to CVEs that requires government involvement, but the existence of the tax funded scheme does discourage the creation of competitors that might function better.
But, to CVE or not to CVE ... that is not the question. US deficit spending is out of control. This sort of thing had to happen some day. It's what Europeans in the 2010s called "austerity" and it always makes some people scream but this graph:
https://fiscaldata.treasury.gov/americas-finance-guide/natio...
... is not sustainable. Up to 1984 overall US debt was stable. Since then its growth rate became dangerous. Debt/GDP ratio is now worse than just after WW2. The federal government is currently spending more on interest than on defense or Medicare:
https://www.crfb.org/blogs/interest-costs-have-nearly-triple...
The US is currently getting its first taste of what parts of Europe started going through in 2008, and unfortunately there's bad news: the cuts you're seeing now are mostly cosmetic. They're what can be done within the current framework of laws, sort of, with lots of bending of the rules and creative interpretations of them and maybe some oversteps. But it's just the start of what's needed. Large scale reform of the laws themselves will be required regardless of whoever wins the next elections.
> why is it the government's job to do this
This is like, exactly the sort of thing that the public sector should be doing. There's no profit incentive for this to happen in the private sector.
I don't disagree with your overall sentiment re: unsustainable debt. But the answer must be reform and taking hard looks at the military budget, not just randomly cutting programs that you disagree with politically.
More like the Clinton approach.
But, why is there no profit incentive to do this when for-profit companies are already doing so?
https://github.com/advisories
Note that many of these entries start with GHSA not CVE.
Agree that the military budget should face large cuts too, unless I guess a major war breaks out.
They are doing it, but there's no profit incentive. Github is a bit of a special case because of their commitment to OSS and the broader engineering community, but the moment a downturn occurs and MS takes a harder look at P&Ls, you better believe that's on the chopping block.
The public sector is exactly where you need things that are important to society but don't make money.
There's a profit incentive: GitHub sells its services. The free stuff is an advert.
At any rate, even if they give it away for altruistic reasons, Microsoft is a sustainable going concern that brings in more than it spends. It can afford charity. The US government isn't and can't.
> why is it the government's job to do this?
Because the private sector can't see past their profit motive to the national defense motive.
> But, to CVE or not to CVE ... that is not the question. US deficit spending is out of control. This sort of thing had to happen some day.
I suppose more people would be more amenable to these wholesale cuts if the current administration weren't blowing through even more money than before [0]:
> The new Treasury Department data shows a deficit of $1.307 trillion for October through March, the first six months of the fiscal year 2025. And spending is $139 billion more in the first three months of 2025 compared to the same period last year, with borrowing over that period $41 billion higher.
We're currently fighting no wars and yet Trump is proposing a record $1 trillion defense budget [1]:
> “We’re going to be approving a budget, and I’m proud to say, actually, the biggest one we’ve ever done for the military,” he said. “$1 trillion. Nobody has seen anything like it.
And that's before proposed cuts to tax revenue [2]:
> Extending the expiring 2017 Tax Cuts and Jobs Act (TCJA) would decrease federal tax revenue by $4.5 trillion from 2025 through 2034. Long-run GDP would be 1.1 percent higher, offsetting $710 billion, or 16 percent, of the revenue losses.
So this whole "we're just imposing much needed austerity" to justify penny-wise-pound-foolish policies is kind of laughable when the proposed increase to our peacetime defense budget alone wipes out Elon's most recent estimate of DOGE's total savings [3].
[0] https://apnews.com/article/trump-biden-budget-deficit-spendi...
[1] https://www.militarytimes.com/news/pentagon-congress/2025/04...
[2] https://taxfoundation.org/research/all/federal/trump-tax-cut...
[3] https://www.nytimes.com/2025/04/14/us/politics/elon-musk-dog...
Yes. The Republicans are not and never have been united around fiscal conservatism. Eliminate-the-deficit libertarians are one faction within the party but not the dominant one, and Trump doesn't come from it. Same with most right wing parties the world over: the bigger faction is usually one that likes both tax cuts and spending increases. That's why deficits are out of control across the west: between the tax-and-spend left and the don't-tax-but-spend right, the don't-tax-and-don't-spend contingent isn't big enough to outvote the others. Clinton was very unusual in this regard, perhaps a product of the short post-USSR consensus.
Elon is a libertarian and has been allowed to go do some spending cuts around the edges. This gets support from Republican members of Congress partly because the USG turns out to be spending a lot of money on highly partisan Democrat projects, but mostly because it's someone else doing the cutting and not them. Even if they know they should be doing it themselves they don't want the crazies trashing their cars, so if some outsider does it for them that's a deal they'll happily take whilst it lasts.
All that said, it's inevitable that the administration would be blowing through more money than before even with DOGE. It's the nature of debt that it compounds. The level of cuts required to even keep the deficit stable would be huge because interest payments are accelerating, and the cuts DOGE are allowed to make are small (even when they go further than they might technically be allowed).
Right now there's just no mainstream support in US politics for serious austerity. There never is in any country, but sometimes the public can be convinced to agree to some amount if politicians do a good job of communicating the deficit problem. The UK in 2010 is an example of that, where the Conservative/Lib Dem alliance was able to convince the public to vote for spending cuts (albeit not as deep as were actually required... but it tided the UK over until the economy started growing again).
[dead]
I don't know of anyone who doesn't quickly become exhausted after running a CVE scanner on their code.
> Weren't there major problems with the current CVE implementation
Absolutely. And if the headline was "DHS proposes improvements and streamlining to the CVE program" we'd all probably be cheering.
Leaping from "This is Flawed" to "Let's kill This" is a logical fallacy. A flawed security registry is clearly better than no security registry.
There are a lot of logical fallacies. Have you heard of the sunk-cost one? Or fallacy fallacy maybe? Or ten-tendril eschatomon fallacy?
In honesty to say "logical fallacy" is spoddy, I advise against for aesthetic reason.
This will get lost in the noise, but i think you mean cvss.
CVE is simply identification of a flaw, not a scoring system.
Classic "oh its broken so throw it all away".
It's the way it is because there isn't a good alternative. They cannot possibly know every environment that we operate in.
To this day we still have large corporations down playing their issues, and it was way worse 20 years ago.
Every system has problems. The challenge is to address the problems and fix them. Not just delete the entire system and claim a win.
Sure. There's also major problems with the video encoding pipeline at my big tech job. Let's just delete it
Yes it earnestly needed new direction and leadership.
These sound like downstream effects of funding stress to me, no?
Getting a bit tired of posts like this (no offense), something dumb / nefarious happens like funding is cut for <useful thing>, then someone posts an off the cuff comment or question like, "wasn't this <useful thing> not that useful because <superficial reason>?".
Why do people do this, to down play all the destruction of the last few months? Seems to be some type of coping mechanism.
This is bikeshedding. The point is an authoritative process and an identifier
All this does is help Putin and other rich grifters.
you like to say word 'bikeshedding', adoption of formal intellectualish sounding terminology even when inappropriate is orange-site affliction I advise against. I am saying this for your own sake... speak truths with POWER
It's a legitimate term. It's like criticizing use of the word startup or demanding someone put a dash in frontend or backend.
Thank you for the unsolicited defense. Linguistic bikeshedding is tantamount to an ad hominem. It's the mark of someone unable or unwilling to form a rational, valid argument or engage in civil discourse. Let's instead refocus to the HN site guidelines please. :o)
[dead]
term is real... but is more like criticizing misuse of word startup. to be even more accurate it is what I said and not anything else
Maybe you don't see how it's bikeshedding. Ah well, let me try to explain.
It's because it's like if someone had forgotten to validate the user's role in an endpoint in a Django app, and someone said that they should have used Rails because it's easier to understand. In reality both are easy enough to understand to be able to do an authorization check, and the framework isn't the issue. So the person suggesting Rails is bikeshedding.
Likewise, if someone made another vulnerability database it would likely have the same issue, and this isn't really the place to solve it. If somehow this does trigger the realization to solve it, then it will be by luck.
We're getting into pedantic arguments, but bikeshedding is when multiple people argue to death about the easy stuff because it's easy, and don't argue at all about the actually hard stuff, because none of them know enough to argue about it. I don't know what your example is, but it's not bikeshedding.
I had argued for a less pedantic take, but I guess by replying to you I'm being pedantic. It seems to me that my example not only is bikeshedding by the definitions I find but also that to me it fits your definition of it. It's easier to talk about what framework you think is best than it is to talk meaningfully about process, which is more relevant place to look to prevent serious bugs, assuming both frameworks are capable. https://en.wiktionary.org/wiki/bikeshedding
Bikeshedding is when people need to make a decision on something, and keep talking and talking about the easy stuff. Your example of someone offering a driveby opinion isn't an instance of a group of people needing to make a decision.
Ah, it wasn't a driveby opinion how I imagined it, and I've experienced stuff like it in the past. It would then go into talking about rails features and libraries that could save the day, and the django counterparts. The decision that needed to be made would be what action to take to prevent a similar issue from occurring in the future.
I'm not saying it doesn't happen, but bikeshedding is when you say "OK guys we need to figure out the architecture of this complicated new service" and then there's a bunch of debate on libraries and frameworks and very little debate on the actual (hard) problem it needs to solve.
If you work on OSS software on CVE management, then you already know that NVD funding reductions have been ongoing for more than a year.
April 2024, https://nvd.nist.gov/general/news/nvd-program-transition-ann...
Sep 2024, Yocto Project, "An open letter to the CVE Project and CNAs", https://github.com/yoctoproject/cve-cna-open-letter/blob/mai...> Security and vulnerability handling in software is of ever increasing importance. Recent events have adversely affected many project's ability to identify and ensure these issues are addressed in a timely manner. This is extremely worrying.. Until recently many of us were relying not on the CVE project's data but on the NVD data that added that information.
Five years ago (2019), I helped to organize a presentation by the CERT Director from Carnegie Mellon, who covered the CVE backlog and lack of resources, e.g. many reported vulnerabilities never even receive a CVE number. It has since averaged < 100 views per year, even as the queue increased and funding decreased, https://www.youtube.com/watch?v=WmC65VrnBPI
I did find this post to be non-helpful and confusing. It would be helpful to edit it (or write differently in the future) to clarify that the sudden defunding event occurring today is separate and not related to the previous funding cuts. If that's the case.
Is there no connection between 2025 funding cuts and previous ones? e.g. If a year of work after the previous cuts resulted in an open-data collaboration between NVD and commercial vendors to share a subset of CC0 vulnerability metadata, could that industry collective now argue for government to share (with companies) the burden of funding an open, decentralized program for CVE tracking? Commercial vendors could still offer additional metadata and analytics, over and above the public baseline.
Edit_1: found a proposed bill, April 2025, https://fedscoop.com/public-private-partnerships-bill-nist-h...
> A bipartisan bill that would establish a nonprofit foundation aimed at boosting private-sector partnerships at the National Institute of Standards and Technology was reintroduced in the House and the Senate.. the proposed foundation structure was described as replicating similar nonprofits that support public-private partnerships at other science agencies.. we encourage a strategy that leverages NIST’s leadership and expertise on standards development, voluntary frameworks, public-private sector collaboration, and international harmonization.. NIST’s funding has been in focus following a budget cut of roughly 12% to $1.46 billion in fiscal year 2024.
Edit_2: is there a shortage of database rows, or people to write a shell script? Why not pre-allocate N CVE IDs for every CNA, while a new plan is worked out? At least one random commercial vendor could foresee the shutdown early enough to reserve CVEs.
> Garrity posted on LinkedIn, “Given the current uncertainty surrounding which services at MITRE or within the CVE Program may be affected, VulnCheck has proactively reserved 1,000 CVEs for 2025,” adding that Vulncheck “will continue to provide CVE assignments to the community in the days and weeks ahead.”
I am now more confused and not less.
Apparently 2024 NVD funding cuts did motivate CVE contingency planning, https://www.thecvefoundation.org/
> A coalition of longtime, active CVE Board members have spent the past year developing a strategy to transition CVE to a dedicated, non-profit foundation. The new CVE Foundation will focus solely on continuing the mission of delivering high-quality vulnerability identification and maintaining the integrity and availability of CVE data for defenders worldwide. “CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself,” said Kent Landfield, an officer of the Foundation.
Do you have any visibility into pre-2024 funding for the NIST NVD and MITRE CVE programs?
MITRE CVE/CWE contract, $29M for 2024-2025, https://www.usaspending.gov/award/CONT_AWD_70RCSJ24FR0000018...
What has been ongoing for more than a year?
The funding appears to have been cut off today, and both of these comments seem to talk about continuing work and how important it is.
Do you mean to say that some form of threat to the NVD has been around for over a year now? Just want to be sure I'm parsing correctly!
Yes, NVD funding cuts and a growing CVE backlog began in late 2023.
May 2024, https://therecord.media/nist-database-backlog-growing-vulnch...
> Moving forward, cybersecurity companies will have to “fill the void” .. NVD said in April [2024] that it is “working to establish a consortium to address challenges in the NVD program and develop improved tools and methods.” .. CISA acknowledged the concerns and outrage of the security community and said it is starting an enrichment effort called “Vulnrichment," which will add much of the information described by Garrity to CVEs.
The second VulnCon event took place last week and no silver bullet has appeared, https://ygreky.com/2025/04/vulncon-2025-impressions/
That says nothing about a funding cut, see my comment below
Following your comment's reference leads to a claim of NVD needing 300 to 550 million (?!) per year, but only receiving 4 million in funding. If anyone has pre-2024 data on NVD or MITRE CVE funding, that would be helpful, https://news.ycombinator.com/item?id=43701532
There is nothing in that article mentioning funding reductions.
That article is about how the volume of software vulnerabilities are increasing, resulting in difficulty keeping up by the CVE and NVD projects.
Please stop spamming this thread with political spin.
Both CVE (MITRE contract) and NVD are funded by NIST, https://www.securitymagazine.com/articles/100795-understandi...
> Since February 2024, the National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD) has encountered delays in processing vulnerabilities.. caused by factors such as software proliferation, budget cuts and changes in support.. NIST, an agency within the United States Commerce Department, saw its budget cut by nearly 12% this year.
Reading that article closely it says nothing about an NVD budget cut, only a NIST one. They were trackijg the changes after NIST's budget was cut, not NVD's. As pointed out below, CISA announced a cut and then NIST more than made up for it by reallocating funds, for an NVD funding increase, even though NIST had their overall budget cut.
One of your references has budget numbers that are two orders (?!) of magnitude higher than the CISA number. Hopefully someone can chime in with granular historical data for NIST NVD and MITRE-via-NIST CVE funding.
I've noticed that there's a post like this in most articles on HN that could be construed as negative for the current administration: some vague false statement followed by either a factually incorrect explanation or some quote that does not support the statement.
What is incorrect about the post above? There are citations from multiple reputable news outlets for each claim.
People who actually work with CVEs have been posting about this problem on HN for 18 months.
Your post has now been edited to be factually correct. But the misleading implication that this abrupt cut is part of some other cuts that started before remains.
Anyone that silently edits their posts after being called out for misleading statements or lies is arguing in bad faith.
If you still have a cached copy of their original post you should publicly edit your earliest reply with their original quote.
The post (currently AND previous to comments being moved here from a different HN thread) links to the official _2024_ (not 2025) statement about NVD cutbacks. Here's a 3000 word article with quotes from Linux Foundation and commercial vendors, around the same time, https://news.ycombinator.com/item?id=43700884
NVD != CVE
NIST owns the budget for both NVD and CVE, contracting MITRE to operate the CVE program.
NIST budget was cut 12% in FY 2024 (Oct 2023 - Sep 2024).
An earlier bill to supplement NIST funding has been reintroduced in 2025, https://fedscoop.com/public-private-partnerships-bill-nist-h...
Why do you post this on a comment that is neither of those things then?
This makes me wonder what other stuff most people don't know exists but is important to our society has quietly disappeared in the last few weeks. We know about this one because we know it's important. What are the things we don't know about?
The cheerleaders don't care. Americans' relative certainty and quality of life is backstopped by institutions they either barely understand or have never heard of. Let them touch the stove, I guess.
https://www.project2025.observer/ lists a few. Of course, those are only the agencies the Trump people know about and explicitly want to destroy, but it's a start.
I'm trying to steelman but I really can't think of a non- nefarious justification for this
I think it’s ignorance and arrogance. The US seems to be on a path to lose technological and science leadership. The current leadership doesn’t seem to understand things that aren’t flashy. I wonder when they’ll dial back on food safety. I am sure RFK knows some vitamins that protect against salmonella
important to note: the US's food safety is already really bad. salmonella isn't a thing you have to worry about in first world countries. can't wait to see what plague demon spawns out of a food industry running amok after the FDA gets gutted.
> important to note: the US's food safety is already really bad. salmonella isn't a thing you have to worry about in first world countries.
There were 65,000 cases of salmonellosis in the EU in the most recent data I could find (2022). Thats a lower per capita rate than the US, but definitely not zero.
I agree that it’s not zero, but according to CDC, the US sees about 1.35 million cases per year in a population of about 346 million, which is about 390 cases per 100,000 people. Your figure for the EU over a population of 447 million in 2022 gives 14.5 cases per 100,000 people, or more than a factor of 26 less.
Being 26 times less worried about something translates, at least for most things, for me, to not being worried about it any more.
Salmonella and it causes are very regional in EU. Places like Finland have basically 0 cases of salmonella caused by domestic poultry products per year. If there salmonella is found from any chicken in the flock, the whole flock will be quarantined and generally fully slaughtered (meat & eggs must be pasteurized after the slaughter if they are sold). In 2023 0.1% of the tested flocks had salmonella.
According to https://pmc.ncbi.nlm.nih.gov/articles/PMC11945640/ most of the outbreaks in humans (where exact cause was found) were caused by foreign vegetables.
On other hand countries like Italy find positive samples from 27% of their flocks ( https://efsa.onlinelibrary.wiley.com/doi/epdf/10.2903/j.efsa... ). USA doesn't do testing at that level as far I understand, I only found that 8% of the tested chicken parts have salmonella (https://www.propublica.org/article/salmonella-chicken-usda-f...).
That’s just not true.
https://www.npr.org/sections/shots-health-news/2025/04/15/nx...
At least American chicken is chlorinated:
https://www.npr.org/sections/shots-health-news/2025/04/15/nx...
From the the very article you linked
"The vast majority of chicken processed in the United States is not chilled in chlorine and hasn't been for quite a few years," says Dianna Bourassa, an applied poultry microbiologist at Auburn University, "So that's not the issue."
According to the radio this morning, they're currently working to close all the FDA branches that do food safety testing, so, good guess?
the guy is ultimate small gov. he wants to rip it out by the roots.
I don't think he's considered a small gov conservative. He increased spending last time and has continued so far this term. His tariffs are one of the biggest expansions in gov interference in modern history. They are also attempting to significantly expand executive power beyond even 9/11 terrorism days.
Small enough to fit in a uterus, big enough to kidnap and shoot citizens
If you truly believe this, you don't know what small government means.
It's incredibly foolish. Whatever the justification is, it doesn't matter as much as the horrible outcome.
This is one of those things the government does for the benefit of the whole.
> I really can't think of a non- nefarious justification for this
Tragedy of the commons - NVD and the CVE project havr been backlogged and facing funding issues for a couple years now, and most security vendors are either cagey about providing vulns in a timely manner (as it can reduce their own comparative advantage), or try upsell their own alternative risk prioritization scores.
Every company will gladly use NVD and CVE data, but no one wants to subsidize it and help a competitor, especially in an industry as competitive as cybersecurity.
Reduce government spending; since it's not actually a government organization (as far as I can tell, I never looked into it before), other organizations can fund it. How much goes into this organization a year anyway? I'm seeing a Mitre corporation that does lots of other stuff too that has a revenue of 2.2 billion a year.
Multi-trillion-dollar companies benefit from and contribute to this system, surely they can spare 0.01% of their revenue to this bit of critical infrastruture?
> surely they can spare 0.01% of their revenue
They would, if we made companies pay their taxes.
Yes, you can also run such a system based on donations. But I personally think that such a system is important enough to be paid for by the government. When you run on donations, there will always be conflicts of interest and the risk of running out of funds.
But yeah, Mitre being a private organization that was paid for by the government was a problem.
Yes, I'm sure corporations funding the CVE system would go wonderfully. "It would be best if we don't see any severe CVEs for our products this quarter, if you want our funding next quarter."
MITRE is a non-profit, it receives about $1.5B from the federal government, and another almost $2B from Virginia.
I'll admit this is a bugbear of mine, but I think this is the reason "steelmanning" is counterproductive.
Steelmanning is a neologism that serves no purpose other than in-group signaling. There was already a perfectly acceptable term for the same concept, one with more nuance and a rich history: Charitability.
The major difference is that charitability is about treating your interlocutor with respect. Steelmanning is about using one's own intellect to make your interlocutor's argument better than them. Because charitability is based on a concept of mutual respect, if somebody clearly doesn't respect you one iota, then why would you be charitable? Steelmanning tries to divorce the person from the argument, and is ironically both arrogant and naive.
Privatize all teh things?
April 2024 article on the result of NVD funding cutbacks, with comments by Linux Foundation OpenSSF, security startups like ChainGuard and commercial vendors, https://www.securityweek.com/cve-and-nvd-a-weak-and-fracture...
Despite all those private companies and various OSS projects being willing to contribute ideas, infrastructure and code, they have somehow failed to coalesce into a decentralized replacement for NVD, built on CC0 data and OSS tooling.I tried to look over the history and I only see a funding increase, CISA cut $3.7 million at the end of 2023 for the next year and in response NIST reallocated extra funding to NVD: $8.5 million in 2024
A funding shortfall and strain isn't a funding cut. And from what I see there was a funding increase.
Would appreciate a pointer to the source, thank you.
2025 article claims 30% increase in 2024 workload, https://www.securityweek.com/mitre-signals-potential-cve-pro...
> According to NIST, while the National Vulnerability Database (NVD) is processing incoming CVEs at the same rate as before the slowdown in spring and early summer 2024, a 32 percent jump in submissions last year means that the backlog continues to grow.
Can search these for the links
2023
> CISA had previously been supporting the NIST NVD program with approximately $3.7 million per year in interagency funding, which they have discontinued
2024
> While NIST has since reallocated $8.5 million to NVD for fiscal years 2024 and 2025
Assuming that's spread over both years it wasn't as big of an increase as I said, but is still an increase even inflation adjusted.
> 2025 article claims 30% increase in 2024 workload
Underfunding in the face of more workload isn't itself a funding cut.
Thanks for the pointer. Is this a lobbying org? https://www.fdd.org/analysis/policy_briefs/2025/03/21/delaye...
> While NIST has since reallocated $8.5 million to NVD for fiscal years 2024 and 2025, this funding remains a fraction of the $300 million to $400 million estimated to be needed annually to fully restore capacity, with an additional $120 million to $150 million required to prevent further system “deterioration.”
Did NVD receive 300MM annual funding pre-2024? That would be a 98% funding cut.
300 million would’ve been a quarter of the NIST budget. Doubt.
Yeah, bizarre site.
MITRE CVE/CWE budget is more transparent than NVD since it's a contract, listed on USAspending.gov.
This neo-liberal approach has no place for soft diplomacy, which is what US hegemoney relies on.
This isn't just a rapid disassembly of economic structures, any trust and goodwill is completely obliterated as well.
For decades, the US could be counted upon to fund things with little immediate benefit but massive long-term positive externalities. I don't think its likely that the republican party will "go back to normal" post-Trump, so we can all kiss the long-term reputation building that American hegemony relied upon goodbye. Short of a great depression-esque political reset, I do not see things changing for the better.
Reduce spending. Steelmanning (not actually believing this): it probably cost a lot for what is essentially a database, and can be done cheaply by private sector (Google, Microsoft).
It's a dying empire, really nothing else to say. The USA led world order is over, we've voted ourselves out of it, and now need to learn how to deal with that.
Wow! So who is leading the world order now (aka who is funding MITRE)?
The process seems to be to dismantle anything not nailed down in government.
Now if you want that (even just funding) to be a thing ... you have to go through Trump & Co and pay your bribe to get it back up.
Probably the thinking goes that someone in the international community will step in. CVE is in practice a global registry for all, thus "Why should the USA Department of Homeland Security pay for all the freeloaders".
Still shortsighted and stupid, but it's plausible this is intended as leverage to get someone else to pony up.
> I'm trying to steelman
Why? This administration is not acting in good faith, you don't have to act as if they are. People and institutions doing that is part of how we got here in the first place.
Force of habit. We don't have a framework for talking under these circumstances, so we apply our outdated ones.
As you say, that's exactly what got us here. But the alternatives are very unclear, and seem deeply unpleasant.
People should suck it up and not do it again.
The question is what they should do instead.
They could attack the non-steelmanned version, but that just opens them up to having their own comments attacked. You quickly get derailed. (It's sometimes called "sealioning".)
They could propose alternatives, but that too is subject to sealioning. Real alternatives are always subject to tradeoffs, and the answer to "how about you do X instead of attacking me?" is always "no".
They could refrain from discussing it, but that just allows the offenses to continue.
So what often happens is that people persist in acting as if this were a sincere discussion, and hope that a majority will recognize the quality of your argument. It's a lousy plan but I don't have much else to suggest.
[flagged]
I still find it wild that so many people are trying to frame these decisions through a political lens. This is the actions of a foreign bad actor dismantling critical institutions from within, not "bad policy".
Surely there's an antibody response.
> I still find it wild that so many people are trying to frame these decisions through a political lens.
Why? The decisions are pretty well politically aligned with the ideology which detests the size and scope of the government (realistically, those aspects which the ideologues feel are not in their interest). What is unexpected is the swiftness and the brutality of action, but revolutions tend to be messy, and make no mistake, this is a revolution.
> This is the actions of a foreign bad actor
Now this sounds like a coping strategy: everything is so preposterous it couldn't possibly be homegrown. Foreign influence and underhanded actions are as old as human interactions, but IMO outright plants can't succeed without a massive economic and power asymmetry between the adversaries.
They are not. Trump is no libertarian or small government guy. The build the wall guy is the opposite of that. Even with stuff like social security he usually at least rhetorically claimed to be for more benifits (as long as it goes to "real Americans") and he is all for increasing police and military spending. And generally spending more on stuff that gives him money. Plus giant tax increases (tarrifs). He doesn't care much if government is dismembered as long as it owns the libs and gets rid of the public corruption prosecutors/others who might stand up to him
Trump's actions towards Putin are highly irrational. Maybe he's being blackmailed, maybe he's being bought, maybe he just has likes Putins style but there is a reason people suspect him despite it being unlikely in the general case.
> He doesn't care much if government is dismembered
This is exactly the process that conservatives take to privatise services into their own friends pockets. Destroy services until they're ineffective and use it as an excuse to privatise it.
There's no such thing as small government, only large sprawling private services that the government hands money to.
lol, coping strategy? I'm not American and have no reason to 'cope' with anything. There is enough evidence to make a strong allegation about Trump being a Russian asset.
The entire world seems to be able to 'cope' with that assessment.
Imagine being eaten alive by a cackling hyena that ambushed you and all the while being like "hmm what is the appropriate steelman here? why do I deserve this? why is this just?"
In reality this would never happen so all these people playing steelman are just detached/insulated.
It is the belief that it is not in good faith that makes it more important that you try to steelman it.
If the steelmanning fails then you can you can be even more confident that it is in bad faith.
>> I'm trying to steelman
> Why?
It's a sensible practice and good practice
I just don't see how it is universally so, frankly. As a general guideline sure but some discernment is necessary nothing is gained from steelmanning apartheid or the third reich or torture prisons or or you see my point I hope.
How can you argue effectively against something if you don't understand the strongest version of the argument _for_ it?
We're way past the point of policy disagreements the relevant question right now is how do you stop them. It's certainly not by reimagining your adversary's actions in the most charitable light.
Exploiting the need to invent a "logical" reason to do something illogical is the exact attack vector that the Gish Gallop uses to fuck over people.
Like you get that right? This administration does not discuss or debate, it shits out lies and laughs as people play make believe high school debate games, and give them infinitely more effort than they did.
There is no such thing as "effectively arguing" against a Gish Gallop, that's it's entire purpose.
[flagged]
Thanks for volunteering to manage the "300-600 CVEs each month"!
The world needs more volunteers like you.
Make that 3,000-4,000 on average per month, according to NISTs stats on CVEs for last year. ~40,000 for 2024.
I imagine most of those CVEs not being anything meaningful and just script kiddies trying to put something on their portfolio
all the meaningful ones will show up on HN
You manage the system and not the CVEs themselves. The simplist thing would be a list of numbers that correspond to Google docs. The owner of the Google doc can share it with the needed parties and eventually set it as public.
You truly believe that the CVE database (and others like CWE) are only about assigning serial numbers to random reports, don't you? I see people underestimating and understanding the work of others in matters like this. Is that a trend now?
I saw this same behavior quite a while back. While I'm out of the CVE game these days, it seems that there is a forever rotating new group of people who simply don't and can never see the complexities on the process.
I think it's a testament to the previous stewardship that it appears so simple.
No I don't believe that, but it might as well operate like that. The extra stuff isn't truly needed and was being outsourced to the companies that own the products since it wasn't providing much value. Take a look at Daniel's blog posts about CVEs for curl for what happens when you let them handle it.
How do you get your volunteers in the first place and manage them so you know it's time to get a new one if the quality of their work is slipping?
Yet so far no volunteer has emerged and people who do run CNA are pretty busy with it.
I think sneak would volunteer to do it since it is pretty simple according to them.
Any work people don't understand must be easy and replaceable by chatgpt. Just look at how easy people here think farming is.
Grok becoming an artificial nepobaby running the entire CVE program with zero oversight sounds so fucking funny I don't even care, PLEASE god make this real holy shit I can't breathe at the thought
There were some, short-lived, projects/groups trying to run their own processes. DWF is one that I recall, though it is dead again:
https://lwn.net/Articles/851849/
Who needs volunteers? Let AI handle it!
Found the blackhat
This is like saying the patent system is just an incrementing counter.
Have you seen the patents they have been giving out lately?
We have a 2tn deficit. If Congress wants to fund this, they need to make it mandatory spending and raise taxes.
That's a good idea to raise during the budget time or with some warning ahead of time. But even discussing the cost of CVE program itself is likely a waste of time and money. When trying to deal with 2tn deficit, looking at things that historically got ~$5M is just a distraction. And the lack of it may cost even more given how many existing agreements/contracts rely on cve to be a thing - maybe just in gov lawyers having to rewrite things.
Selling bonds is not the same thing as a family budget being in the red. Either you know this and you're making this argument in bad faith, or you don't and, well...
Or cut from $877B in defense spending instead?
https://usafacts.org/government-spending/
Listen, I hate the debt, but we have an income problem, not a spending problem. The military looks like a waste, but it does more than build bombs i.e research etc.
The issue we have is that republican every chance they get since the 1970s have cut taxes. And then blamed democrats for causing the deficits. We don't need smaller governments. We need a reasonable tax system that taxes people. It can be progressive like it was before we decided rich people just need it easier than poor people.
Yes, I will pay more taxes sign me up, especially if they can finally fix the roads and fund research. The problem is my taxes as a middle-class person go up and rich people get a tax cut. It's stupid. I like water provided by government utilities, I like planes that don't crash into stuff because there are air traffic controllers. These things used to work because we paid for them. When you buy cheap you get cheap.
Yeah republicans claim to want to run the government like a business, but the first thing a business should do when they have a deficit is raise revenue! And especially in the case of the US government, the the only barriers to doing that are self-imposed.
Military also employs a bunch of people who otherwise would be poor. Also provides a gentrification path for a bunch of previously poor people extending throughout their lives.
Yes, a big part of the size is because the military is a massive and horrendously inefficient jobs, education, housing, and healthcare program.
Don't forget all the beak-wetting that happens along the way when signing contracts etc. That's where an actual difference could be made.
I think people VASTLY overestimate the amount of graft in military procurement.
Lockheed only has a $100b market cap. Raytheon has $200b. General Dynamics $74b
The reality is that US defense spending pays American designers and American laborers high prices for their American effort. We pay basically the same prices for ammo and supplies and services as other countries.
When we pay $13 billion for an aircraft carrier, that's just what it costs to build a gigantic boat with nuclear reactors. The French paid $4 billion for their aircraft carrier, and a $12 billion Gerald R. Ford class is over twice as large as the Charles de Gaulle (40k tons vs 100k tons), and much much much more advanced.
Americans love to misunderstand the cost of military things. They will scream about the F35's $1.5 trillion "price tag", ignoring that the estimate is for 50 years of operations and maintenance as well as initial purchase. Actual purchase price is about $90 million a plane, which is reasonable. Which makes sense, since being not stupidly overpriced was a key point of the program. The operational cost is about $40k a flight hour, which is roughly the same as the F-14, another high tech superplane program.
40k per flight hour is actually extremely reasonable for an advanced aircraft - good luck trying to charter a large cabin private jet for cheaper.
This is an absolute pittance compared to the total budget. And considering the current administration wants a $4T tax cut they are not interested in trimming the deficit at all.
Yep, DOGE is a song and dance distraction. If they were serious about lowering the deficit they wouldn't have laid off ~12K IRS workers (whom show a 7x ROI per head.) They also wouldn't be asking to increase the military budget to $1 trillion per year. Trump has spent 1/3 of his days in office so far golfing; $30 million+ so far paid to Trump properties for the privilege of that. This is the biggest capture in US history and it's all out in the open.
Dear god, you don't just stop running government completely because you have a deficit.
Republicans control Congress, this is bait
Root cause: Layer 8 failure
https://www.computerhope.com/jargon/l/layer8.htm
The latest contract[1] (I hope this is the right one) for MITRE's involvement with CVE and CWE programs was USD$29.1m for the period 2024-04-17 to 2025-04-16 with optional extension of expenditure up to USD$57.8m and to an end date of 2026-04-16.
Seemingly MITRE hasn't been advised yet whether the option to extend the contract from 2025-04-16 to 2026-04-16 will be executed. And there doesn't appear to be any other publicly listed approach to market for a replacement contract.
[1] https://www.fpds.gov/ezsearch/jsp/viewLinkController.jsp?age...
I can't figure out why the hue and cry wasn't raised until the very last minute. Did they not know a month ago that they were running out of time? Is it standard practice for the government not to say they're going to extend the contract until the day beforehand or something?
I was at VulnCon last week, and an NIST representative said that there were no plans to cut CVE funding.
Right now, yes. You can pretty easily have a scenario where you’re talking to the agency you’re working with and they’re saying “we want to renew this, but we don’t know if they’ll give us the money in the end”.
So you’ll get a bunch of “hopefully this week” up until it expires.
[dead]
My tinfoil hat says they want to privatize this through one of the administrations friends. A disastrous decision here.
Why would they spend money to replace it? The idea is to weaken and destroy the US and its institutions. Giving Palantir money might mean that security improves, and that goes against their goals. They have already demanded that Russia stop being treated as a cybersecurity threat in other areas of the government, this is a way to ensure that systems are vulnerable to attack.
These sort of government services are always under attack by private organizations. The US Gov doesn't have to give Palantir or whoever a contract, they just cede the ground, give the right people a heads up, and then make the new subscription service a "recommended service provider" as a solid to whichever of Elon's circle gets the nod.
In the UK the some "entrepreneur" was after monetizing access to the Land Registry a couple of years ago. Apparently the free UK Gov service was not fit for purpose it needed a paywall to make it better. Nothing as globally significant as the CVE database, but you can see if the vultures are going after small UK Gov services, something like the CVE database is absolutely a chance to add to the executive bonus pool.
Exactly. The Trump admin is well on its way tanking the USD with tariffs and getting every country (including the penguins) mad at us. The rationalization given by the admin for tariffs (trade imbalance) make zero sense, and they haven't offered anything else.
Palantir is about to get a contract.
I thought that the point of the CVE database is to improve security, not wreck it?
s/is/was/
Or worse, NSO Group
Practically speaking, how much could it cost to maintain the CVE database?
Given its enormous value, isn't this something that the community, especially FAANG (MAANA?) could step up and fund as a nonprofit?
It looks like the decision has been reverted, for now at least: https://www.forbes.com/sites/kateoflahertyuk/2025/04/16/cve-...
It’s a reckless move to cut funding so abruptly, but taking a step back from the short-term chaos, it probably is an anomaly that this was government funded. All of private tech relies on it, and private tech is big enough to pay for it. I hope that the trillion dollar babies consider this an opportunity to pool together to form a foundation that funds this, and a bunch of other open source projects run by one random person in Nebraska.
> it probably is an anomaly that this was government funded
Companies can definitely fund it. But to be fair the gov, including NIST, also relies on CVE.
Ah yes the old “well can’t concerned citizens band together, form a committee, collect revenue and fund things that are in the common interest” answer you hear from small government types that makes me think you lot don’t really understand what government actually is.
Considering the large number of government agencies that have sponsored the program, no, I don't think it was an anomaly: https://www.cve.org/About/History
The US government itself uses the database, so there is a strong national security interest in it not being in private hands.
> it probably is an anomaly that this was government funded. All of private tech relies on it, and private tech is big enough to pay for it.
I mean doesn't big tech and the people they give salary money to pay taxes? Ground transportation companies rely on public roads and but we fund it because having the infrastructure is an economic multiplier.
I'm not arguing in favor of funding the CVE program, I just don't think that's a good reason.
Opinions vary on what the purpose of government is, but if you take the view that the government's priorities should be providing services that are impossible, inefficient, or unethical to provide privately, then I don't see the CVE program making the cut, when the tech industry is collectively flush with resources and has every incentive to form an industry consortium to take it over.
A modern Open Group, perhaps?
ah yes, let private entities pay for it. then when there is a vulnerability with one of those entities' software, they can pay a bit more to bury it!
The white house prefers chaos. This will certainly be a step in that direction.
What are the implications of this? No more centralized store of vulnerability information?
According to Brian Krebs: https://infosec.exchange/@briankrebs/114343835430587973
> Hearing a bit more on this. Apparently it's up to the CVE board to decide what to do, but for now no new CVEs will be added after tomorrow. the CVE website will still be up.
Basically when any software/library/whatever has a vulnerability, they have to communicate that out themselves, in some format.
If I'm developing a product built on 20 libraries, it won't just be a matter of scanning CVEs for major vulnerabilities any more, so I'm more likely to miss one.
"always update" doesn't always work, when to manage a product you realistically have to version pin.
So, while arguably true, there wont be a single source of truth of new cve's. It doesn't however mean there wont be.
I would imagine the only SANE option would be some kind of git repository where CNA's can collaborate. Probably run some code across to make the website that people can easily access.
It's going to be a mess.
They surprise is: they won't. This will weaken the West.
This is dangerously stupid.
This is deliberate. I just want to figure out the avenues of communication and coordination between trump admin and moscow so we can pin them down better.
[dead]
Is MITRE's CVE program redundant with NIST's National Vulnerability Database? I'm having a hard time telling how the two are related, or if NVD is simply performing the same service as MITRE.
NIST NVE relies on the CVE program. (vulnerabilities get reported, MITRE assigns CVEs and publishes them, NIST then copies that list and adds their own scoring etc to it)
Once they fire everyone at NIST, they’ll have that in common.
I'm surprised that it was USA's responsibility to fund this in the first place. Why weren't other countries providing funds?
The US has made at least hundreds of billions of dollars from it's tech companies and has had a dominance over global tech for a long time. The tech industry has brought a crazy amount of money and power to the US so it makes sense the US puts extra effort to support it.
The US isn't supporting it out of charity, it's good for US businesses to have someone coordinating this for everyone. Why would we want to rely on other countries to be supporting our tech sector? At least now we are subject to only the capricious whims of our own government, as little comfort as that is right now (if another country was funding it we would be relying on the whims of a foreign government, which isn't ideal when tech is the golden goose of your modern economy).
The CVE program was started over 25 years ago. It is very reputable (until yesterday) and it was very much in the interest of the US to be seen as the stewards of this.
The funding requirements can't be that high and I'm willing to bet that other countries and entities would have happily stepped up if they had the chance.
Up until recently CVE was very centralized and only in the last few years have there been steps in more decentralization with CNAs taking more responsibility, Red Hat as a CNA of last-resort etc. So, the cost of doing all of this work has already been shifted partially (!) away from the US but I have not seen any movement towards e.g. moving the program to a foundation which could have been done.
Personally I would conclude that it was the responsibility of the US to pay for this because they wanted to and it was in their best interest to control this program.
They have the chance to step up now. Every Comercial company that is supposedly so reliant on this for their very existence has the opportunity today. They can fund it.
What commercial company is going to "fund" this? It's such a strange idea, disconnected from the real world. You may as well say "companies can start doing road maintenance, as they are so reliant on them for their very existence."
And perhaps if there had been more than a days notice, some consortium could be pulled together, but who's going to pay? Why would private companies do this, how do they profit? CVE program was the roads that everybody could drive on.
The basic lack of understanding of how the world works is killing the US. Why do people think we have such a massive GDP? Where do people think that comes from? We've given control of everything in society over to our dumbest and greediest members that have no clue about how anything works.
Ask the person I was responding to:
> I'm willing to bet that other countries and entities would have happily stepped up if they had the chance.
>but who's going to pay?
The EU. They can have all the massive advantages that funding MITRE will give them. Why won't they step up to the plate? It's killing the EU and they have absolutely no idea how anything works. It's why they're a dying empire.
I will bet money that removing the cap from a bottle will be a hate crime in Europe before they start funding a institution like MITRE that actually functions.
I mention this in another comment. The infrastructure for an alternative is already partially in place.
In my opinion it's mostly the industry needing to adapt to a new setup that needs to happen. It was just "easy" to rely on what's already there. A lot of company policies need to be adapted etc.
Because, contrary to popular views, there is no "government of the world".
So, since the US government needed that (it provides security to US businesses), they organised and funded it (as everything else, with US taxpayers money, and savings from investors in US and abroad.)
Now, the US government decided to commit temporary-seppuku, so a number of things will happen:
* state-level government will use their local-taxpayer money to fund similar efforts (with duplication of effort), or share it with everyone
* another country or block of country will do it, and decide whether they want to "share". (I suppose Russia and China have more of an incentive to keep their CVE DB private, given their level of dis-integration with US economy ? EU maybe ?)
* an international, ad-hoc organisation is created to share the funding (something like NATO.) Multi-latteralism is not exactly in fashion this days, but if EU does it, it will be "international" by design since we're not really a federation ; so, states in "Southern Canada" are welcome to join.
* or none of that happens, the CVE db rots for a while, until a sufficiently embarrassing cybersecurity problem occurs, and the CVE db is deemed worthy of the "10% you need to bring back" by President Elon.
Pray your company, families and friends are never on the wrong side of the "reverse-Chersteron's fence".
It's a program the US government spun up to serve America's interests. Why would someone else pay for American interests?
Other countries have their own programs, some cooperating with the US, others separate. China has the CNNVD if you're interested in helping Chinese society safe. My government operates https://advisories.ncsc.nl/advisories to serve my country's interests.
Of course, the US is free to abandon their programme and rely on Chinese, Russian, and European vulnerability databases to keep their country safe. It does save them a couple of million after all!
Because USA was a superpower that can afford it easily. Taking the leadership in everything is quite cheap price to pay when the other end of the bargain is everyone else has to follow you.
Now of course USA is ceasing (voluntarily, by stripping down every international soft power effector in government) to be a superpower, to the great glee of dictators all around the world.
The "we can't afford being great" is a direct admission that USA is no longer a superpower. And is not going to become great again, just another nation again (at whims of China).
The nazis don't think that though, uh I mean conservatives. After they've burned down everything, they expect still to be a superpower somehow. Do they think they can just start a war with everyone who doesn't play ball? It's hard to comprehend what their rational is, if there is one.
I’m surprised that the world’s greatest universities are in the United States. Why weren’t other countries providing funds?
Don't worry, that will also end soon. Regimes that require political subservience from universities, like the current US administration, inevitably result in poor research capabilities in the long run.
It's a near certitude that Russia and China each have databases of exploitable software errors and prize zero days.
It was to the advantage of the US and allies to coordinate and lead in tracking and fixing such errors.
Multiple countries, companies, and individuals contributed finding and fixing bugs.
The administrative task of keeping track was one part of a greater picture, a part that came with first to be advised and other perks.
It's not that the US had a responsibility to take on the lead admin task, more that in past times the US saw an advantage to being at the centre of global action.
This is just another part of increasing US isolationism.
> It was to the advantage of the US and allies to coordinate and lead in tracking and fixing such errors.
From what I understand of the article, none of these allies were funding it.
> Multiple countries, companies, and individuals contributed finding and fixing bugs.
Clearly that itself isn't enough. Someone has to pay for maintaining this service. It appears that no one other than USA spent money in funding it.
Why would other companies pay for it if they had never been asked?
Why would it be shut down without asking for others to fund it, if it's some sort of burden on the US?
Programs like this pay for themselves many times over. There are only two reasons for cutting this: absolute idiocy, or active sabotage of the US.
Almost every other western country does fund their own databases, CVE was just significant because its the one central source of truth. its like a standard. Instead of having to coordinate with dozens of different registries every time you publish a vulnerability you just communicate with one instead.
Researchers also don't directly talk with MITRE they go through one of the intermediaries that assigns the number.
[flagged]
Funnily this was on the front page recently: https://seths.blog/2025/04/how-to-win-an-argument-with-a-tod...
Don't bother; they're a brand new user trying to cause trouble
In public spaces like this, though on the face of it the argument might appear to be with the toddler, it's also about batting down the idiocy and not letting it swamp out basic common sense and reason.
Bluesky has a different tact that also works: block and hide and don't engage. However in forums like HN, where earnestness and questions are so prevalent, leaving these baiting questions and statements unanswered instead leaves them as bastions of the mind rot. Because these toddler-level arguments are being repeated daily through propaganda channels all over the internet, and if they are never answered, the constant swarm of propaganda takes in even more people.
I do sometimes wonder how different HN would be if it had "block". Mind you I think few people are getting their propaganda from here, it's more likely to be downstream of other well-poisoners.
It's called providing leadership. Worth the money. China will happily fill the void.
I hate this whole disaster but why can't Europe step in for stuff like this?
Because they have their own programs for this already.
I guess that’s why I don’t get all the knee-jerk “China will step in” comments. Even if they did people wouldn’t have the same trust levels as they did with the former USA.
I’d trust a European version a lot more.
China will be able to fill some voids but ideologically they’re not fit to fill them all.
What I meant to say was that China will happily seize the opportunity to try to fill the void (whether it succeeds or not is a separate matter).
Phew, no new annoying CVE reports in my Docker images from today
Why is this sponsored by such an American gov entity?
I guess it's one of those things you never think about until it goes wrong.
The world would do well to move this kind of stuff out of the US quickly, just like ICANN and stuff.
Because gov infra also relies on CVE?
> In a stunning development
Who is still stunned by these things? They want you to be stunned; they want you to tell everyone else that you're stunned to spread feelings of terror and powerlessness. If you actually are stunned, you are stunningly ignorant. If you are not and still saying it, perhaps to emphasize your unhappiness, you are a 'useful idiot'. Either way, if you are saying it, you are a useful idiot.
You should have known decades ago: The GOP impeached a President for lying about sex; they fabricated intelligence to invade another country (killing thousands of Americans and 100,000+ Iraqis) - and that was all before 2004. They've voted almost unanimously, multiple times, to bankrupt the country (by refusing to authorize debt for existing obligations). Nobody (i.e., the Dems failed to) stopped them or made them pay a price, so why wouldn't they keep doing those things. (Edit: And if you object because the analysis criticizes one side and therefore you reject it as partisan, that's a big part of the reason nothing was done.)
This time they published Project 2025, telling you what they were going to do.
Project 2025 literally calls for dismantling the DHS. Seems pretty unsurprising that the CVE database wouldn’t be in the list of things they’d care to maintain in that process.
Long term its probably good to have a less US-centric world.
This is a chance for the EU to step up and take over. If the US government won't pay for the CVE program, the EU surely could. Many EU countries already run a program like this to server their own interests, and I believe the EU does as well.
If the US is willing to give up influence and control over the cybersecurity sector, we should accept that gift and use it to our advantage.
The title of this article is simply false. The CVE Program is a separate entity from MITRE and is most definitely not ending. The CVE Program has been acquiring assets from MITRE for years now. That is why the main site shifted from cve.mitre.org to cve.org. MITRE has always simply been the workhorse of the program, and now that is being shifted to others (CVE foundation, which has global representation).
Some companies are already clueless when it comes to CVE management. Probably won’t see the effects immediately but give it a few more years for new generation of vulns to be created/found and we will be back to early 2000s level security.
Open season on American corporations for domestic and foreign hackers.
If program isn’t brought back then CVE database likely to be fragmented amongst the “private” CVE databases.
Sec Corp A has 700 well documented CVEs but Sec Corp B has 702 CVEs in their database since NIST funding pulled. What do corps do? Maybe some of them with massive budgets setup contracts with both to get “full spectrum coverage”. Maybe other non-technical companies that think of IT as strictly a cost will go with the cheapest or forego it all together.
Who knows maybe we get ~~~free labor~~~ open source community to pick up the slack?
This country with the orange man administration is quickly going to shit. Not in a “I dislike {opposing party} way” either. In a “I dislike authoritarian regimes” way.
I wonder what would happen to CVE program funding if Tesla and SpaceX would be zero-dayed to hell and back.
We will soon find out, probably.
I'm really curious about the "soon" part, though. What is the timeline for something very visible to happen, and still be directly relatable to DOGE ?
Just imagine if it happens in three years, after the midterms - someone will be able to blame the Dems for it :) !
Including this as a prime example, the overall trend seems to be that we're going back to the bad old days where a kid gets to code the entire security infrastructure because the CEO thinks he's smart and then the bugs are covered up with legal threats (because they were able to mislead the courts), obfuscation, while being easily discoverable by 3rd parties. Another example is the way the bug bounty gimmick is run and most researchers never disclose their findings nor are they patched in any consistent manner, plus the companies threaten to sue you for disclosing even if it's 100 years later.
So who will maintain it then? Either the EU or China I suppose. They can easily fund it.
Maybe the Dutch should go ahead.
ENISA in Europe has the mandate of building a EU vulnerability database for the NIS 2 directive anyway and it's coming soon...
And CIRCL in Luxembourg are providing vulnerability-lookup which can also assign IDs but in a more decentralized way: https://www.vulnerability-lookup.org/documentation/
VulnerableCode can help with discovery etc. https://vulnerablecode.readthedocs.io/en/latest/introduction...
So, parts of this are already in place and I assume this will be a big boost towards a new vulnerability ecosystem.
This sounds like good news, thanks!
Do we already have an ETA for the ENISA vulnerability database?
Us Dutch have https://advisories.ncsc.nl/advisories although a lot of that is just analysing CVEs and their impact on society.
An EU solution would probably be much better. Would suck for Americans, though, they'd need to get up early to meet European office hours.
One man appears at one position and so many things stop working in so little time
Yet, he is still praised and cherished. I can't comprehend how.
vibe coding could not have come at a worse moment.
I see this as the perfect moment to get into consulting - either development, or security. People were not sure what jobs AI will create: "GenAI babysitting" is one of them.
Just tell the AI: "Make this code secure" /s
So is this going to instantly break a bunch of tools like Trivy?
Reminds me of Trump's first term where he said if we stopped testing for Covid, we'd stop catching new cases and case numbers would go down. If you stop testing for vulnerabilities then vulnerabilities go down. Easy stuff.
That's exactly what they're saying about the HHS cuts and the measles outbreak.
What I don't get is why people make things up and then get angry at the thing they made up. Is there not enough real things to be angry at?
[flagged]
Anyone feel confident that the companies who benefit massively from MITRE are even now planning to step in and provide significant funding?
I didn't realize that CVE was funded by the DHS. Isn't it better for it to be independent and not funded by an intelligence agency?
It's enough of a public good to have a common advisory for vulnerabilities that FAANG should just kick it a few million a year. How much can it possibly cost to run this anyway?
FWIW, I've never understood why this sort of thing wasn't just directly handled by the NSA --- aren't they the group which should be tasked with cybersecurity?
I always suspected that "Department of Homeland Security" would lead to Banana-republic-like shenanigans --- could we defund them?
"National Security" doesn't mean you personally. It's the government only. There's a conflict of interest that immediately arises if a part of the DoD (who owns cyberwarafe, which uses vulns) maintains a public vuln database.
(Edited to be less salty, sorry)
I don’t think anyone trusts the NSA to run a program like this.
As a newly minted cynic, this seems like a cynical play to save someone's budget.
Step 1: Post discreetly to a forum with minimal information and an absurdly short deadline
Step 2: Phone your friend, the former board member, to make your case on LinkedIn
Step 3: Ring up a friendly journalist and give them a tip
Step 4: Reference the insuing chaos as justification for keeping your project funded
Note that the article carefully avoids pinning the blame on DOGE or the Whitehouse while heavily implying it. MITRE is technically a private entity, albeit a non-profit. And the very last paragraph of the article states:
> A CISA spokesperson told CSO, “CISA is the primary sponsor for the Common Vulnerabilities and Exposure (CVE) program… Although CISA’s contract with the MITRE Corporation will lapse after April 16, we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.”
To be clear, the point isn't to say that the CVE program isn't valuable, nor is it to say that it's good for a shenanigan like this to be necessary.
The point is that, unless you're directly involved in this subject (not impacted—involved), it's probably best to maintain a "wait and see" attitude rather than succumb to catastrophizing this news.
Have you seen proof that this is what has been happening? Your explanation is much more convoluted than "DHS cut funding, like the administration has said it is going to do".
These explanations are not mutually exclusive.
I think they are a little, but you didn't answer my question?
I think my post aged quite well, considering the resolution happened a few hours later, no?
Your post was implicitly invoking Occam's razor and so the premise of the question was about deciding which explanation to believe. I rejected that premise because it wasn't necessary to decide between the two explanations—they weren't mutually exclusive.
The only proof I had was that I've seen enough of these events resolve themselves very similarly to the way this one was resolved—which is why I was recommending a "wait and see" approach.
Call it wisdom or "lived experience".
How much does CVE cost to maintain and why must the US fund the entire thing?
The bureaucracy of internationalizing it would likely be more expensive than the current cost.
We can afford it.
Not with 36T in debt.
By that logic, we can’t afford anything.
Yes we can’t afford anything new. And that’s why we need to cut back. It’s unfortunate but our children are going to suffer. The debt is unsustainable at this point.
At this point it's not crazy to believe Russia is running the country
This level of stupidity seems pretty American to me
I guess their new business model is to sell zero days to the highest bidder
The private sector zero day market collapsed last year with Zerodium - corporate bug bounties, nation states in-housing offensive security operations, and the democratization of knowhow destroyed the Zero Day market.
Important update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.
Believe me when I say that DOGE is filled with smart people (I know a few of them).
Just because they're scattershot cutting doesn't mean they're stupid.
I guess I'm naive, but given the current situation, wouldn't a smart person resign from DOGE? If I were smart and highly employable, like these guys, I would not want to be associated with all the indiscriminate firings of DOGE.
I guess it depends on what you value.
I think it speaks a lot about a person who assumes "a smart person would resign from DOGE".
I can’t see any long term benefits for the US. It looks like the current administration is fine with chaos and disruption on an unprecedented scale.
Does anyone know what the CVE program was costing per year? I searched around a bit, but wasn't able to find the number.
I’m sure a much better private sector alternative will appear any day, in line with conservative dogma.
There are quite a few threads on hackernews that were cautiously optimistic about doge with, frankly, pretty naive libertarian takes about how the government works.
The government is not particular (in the sense of particularism) and cannot be easily tuned to fix particular problems; rather, its best solutions come through institutional procedure and design, such as the tension between the FAA and the NTSB that, at a first glance, would seem like obviously needless duplication and waste.
It is a broad, blunt, wasteful instrument to solve broad, blunt problems in a way that may not be the best but that work far, far better than alternatives that have been tried.
That the effort to treat government like a personal budget has ended up destroying important things is a sad inevitability of such efforts. I hope it goes remembered.
>I hope it goes remembered.
It won't be. Willful ignorance is a cornerstone of the movement. You can't lie about what you don't know. You can't have a bad take if you don't know. Upton Sinclaire said in the 1930's: "It is difficult to get a man to understand something, when his salary depends on his not understanding it." Now add to "salary" "identity", "relationships", "sense of belonging to the group". This is why critical, independent thinking, speaking truth to power, must be separately honored and encouraged by a healthy culture, because these attributes are by default mercilessly punished. (Physical courage and heroism are honored by a healthy culture for similar reasons.)
I mostly agree, although I really disagree with 'speaking truth to power' — I feel like the outsized reverence for this is exactly what got us into this mess. For YEARS, there's been a culture of celebrating opposition for opposition's sake, a performative stance of always positioning oneself against the perceived holders of power, rather than critically evaluating the actual accuracy or value of what's being said.
Democrats are repeatedly pilloried simply because they govern while the Republicans cosplay as a permanent opposition, and therefore became 'the power' to speak against. Governing inherently involves trade-offs, compromises, and complex realities that never match ideological purity. Thus, an atmosphere developed where people who engaged in governance—and therefore took responsibility for difficult, real-world outcomes—became easy targets for criticism that was more interested in the aesthetics of "truth to power" than in providing accurate analyses or constructive solutions.
As a result, "speaking truth to power" became a performance, disconnected from accountability or genuine insight. The loudest critics weren’t necessarily those with the most accurate or useful truths, just those who most visibly positioned themselves as opposing power structures. This reinforced public cynicism and undermined nuanced understanding of governance and policy, further obscuring genuine critique and necessary reforms.
I agree that "speaking truth to power" can, and has been, abused. Treated as an end unto itself it becomes mere contrarianism, and loses the "truth" part of the phrase. I mean it in its original sense: speaking up when it is dangerous for you to speak, particularly when you have evidence of misdeeds by the powerful (the lack of evidence is another pervasive issue with most online speech - mere allegation against those you don't like is enough, it seems, for most people). When the government can disappear its critics and optionally suppress news of the disappearance, then critics deserve praise and honor.
Maybe Europe should charge the US for access to their CVE databases.
Why cant wikipedia foundation step in? They have millions of dollars.
I’m betting CVE will get sponsored by a security company or Cloudflare.
Am I missing something or was this literally announced with less than 24 hours of warning that one of the critical components to the cyber security landscape was disappearing.
What the fuck are you supposed to do about this. This is something that should have had multiple MONTHS of warning in order to allow those who depend on the CVE infrastructure to plan what to do next with their security posture.
CVE-zero: the attack is coming from inside the White House.
Consider this part of the attack on the American infrastructure, economy, and society. Attacks do not abide by laws, official procedures, or come with warnings.
Bad guys helping out bad guys--it's what mobsters do.
dupe of a dupe https://news.ycombinator.com/item?id=43700258
I'm not sure, but the current article looks to have somewhat more information in it, so I've merged that thread hither instead.
Seems like a big miss on the part of DOGE?
How much was this contract worth?
If it was $5000/yr it's very different to if it's $5M/year for what amounts to little more than an instance of mediawiki.
$44M/year?
https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015...
Totally worth cancelling then.
Some volunteer will set up a GitHub pages and mailing list to fulfill the same duties.
Or 10 people will create that list and nobody will use any of them. The whole point here is that the CVE program had the network effect of being the defacto list of issues but now that's been pissed away.
Maybe change the headline now ? As-is the headline is click-baity. (spoiler alert: the contract has been extended)
Good. CVEs were the poster boy of goodharts law for the longest time. Most security vulnerabilities behind CVEs are utterly meaningless.
Ah! Another one to add to the following list:
- What disease did the CDC ever prevent?
- What improvement did the NHTSA ever bring to full self driving?
- What improvement in airline safety did the FAA bring?
- What good did FEMA do in any disasters?
I don't want to quip about how their achievements are invisible because they prevented the disasters that would have brought the spotlight on them, even when they were too underfunded to properly do their jobs. But I sure would like to see the people making these smart comments to give it a try and see how that goes. Then again, I have no complaints - at this rate, we'll get that chance soon.
Likening CVE database maintainers to natural disaster response teams and an entire country's medical board is quite the achievement in hyperbole, congratulations.
Anyway, my opinion is that CVEs have a very low signal-noise ratio and vulnerability databases in general should be revamped to try and fix that problem. The current system - I don't claim to know the root cause - is simply horrible. It could be the management, the entry requirements, some loophole perhaps, etc,. I also don't claim that this is the motive behind this move, I am just hoping it gets revamped anyway as a side effect (There's another article on HN floating around that says someone else has picked up the baton - good luck to them). I also don't care for your country's politics which you seem to be eluding to in your final paragraph.
Hyperbole according to whom? Clearly, this forum full of tech professionals seem to disagree with you. And I listed those arguments to show how hollow your own argumentation is - not to draw a parallel. But even with that straw-man, how did you decide that such a database has no serious utility to the governments and private institutions worldwide? And what's even worse is how some people belittle others' work without getting even the basic facts right. You neglected the fact that they were underfunded to begin with. So perhaps what's needed to improve their quality is to increase their funding, not cut it further. That's a trick used by some sleazy politicians to justify de-funding and privatizing useful endeavors like these. I find such excuses to be quite dishonest to begin with.
> how did you decide that such a database has no serious utility to the governments and private institutions worldwide
I did not. I said that the signal noise ratio has to be improved. I explicitly used the word "revamp". I know, hyperbole <= hot head => low reading comprehension.
> So perhaps what's needed to improve their quality is to increase their funding, not cut it further.
Sure, if that is the blocker, funding them more is fine by me.
> Good. CVEs were the poster boy of goodharts law for the longest time.
I guess this must have been by somebody else who thinks it's OK to shutdown CVE db because it isn't good enough for them.
> I know, hyperbole <= hot head => low reading comprehension
Try starting with the list in my first reply. Reading comprehension comes later.
> Sure, if that is the blocker, funding them more is fine by me.
Perhaps you should have started with that first before belittling their work. This is exactly what I have been saying all along.
> I guess this must have been by somebody else who thinks it's OK to shutdown CVE db because it isn't good enough for them.
Yes, shutting it down is completely fine by me, letting some other database take its place. It has a chance to be better.
> Perhaps you should have started with that first before belittling their work. This is exactly what I have been saying all along.
I very much intentionally criticised their work - I think the CVE system (the way it runs today) is garbage. You proposed a solution to this situation involving increased funding. I am fine with that solution. Just like I am fine with the solution "nuking it and starting afresh".
Europe needs to save the world!
For now, historical CVE records will be available at GitHub:
https://github.com/CVEProject
Just what is needed with an adversary during and asymmetrical trade war.
These four years are going to be the death of all of us.
I find it a little incredible people are still talking about "four years".
They tried to reject the election result and do a coup, and were rewarded for it by getting back into power. They are refusing to follow the law or the courts. They are sending people to gulags in foreign countries. All the checks and balances were destroyed last time. The party has been stripped of anyone who would fight the admin or reject this illegality. They have set up a power grab over elections.
There will not be free and fair elections in four years unless they are simply too incompetent to rig it, the rubicon was crossed long ago. Without mass protest that makes it impossible for them to hold power, American democracy is dead.
They have tried to do it, they say they want to do it, they have the ability to do it, they are actively doing it, and no one is stopping them. How are people still acting like in four years they are going to neatly hand over power to be prosecuted for their crimes?
I understand you have elections in two years, don't you ? I don't know if a complete reversal congress is possible.
That would be a good litmus test. "They" have not prevented special elections so far ; if "They" need to prevent the next one, whatever they try will happen then, I suppose ?
I'm British, but I think to expect free and fair election in the US in two years is to stick your head in the sand.
I don't see them preventing elections, but just rejecting or altering results that don't support them: the litmus test is already triggered: the special election in North Carolina has an ongoing court case trying to throw out ballots to allow the Republican to win.
They have also pushed a executive order claiming sweeping powers over elections which they will use as pretext to do this nationally. Blatantly illegal, but they have already shown they are ignoring the courts, so who will hold them to account? Mass civil unrest is the only thing left.
I missed the North Carolina part. Do you think the judges will play ball here too ?
If you can't vote your representative out of office, then, well, yeah, you're not really in a democracy anymore.
I guess you can always incorporate and sell bitcoins - then, you have a chance to buy your élections.
Or, admit that you now leave in a dictatorship, and thank your maga neighbors for that.
At some point, both Presidents Musk and Trump die of old age, and a window of opportunity for change opens.
Number one rule in opposing anti-democracy forces is to NOT OBEY IN ADVANCE.
We are going to have elections.
I'm not suggesting anyone give up on the elections: I'm saying prepare for the inevitable attempt to rig them. Voting alone is not enough, people must be ready for mass civil unrest when they throw out votes and claim victory.
Organizing mass protests isn't something you do instead of organizing electoral opposition. Even in countries that haven't had fair elections for a while, people generally still organize opposition and talk about how they're going to vote. The best way to ensure your opponents retain power is to go around telling people it's too late and they've already won.
I'm not saying people should not organise to vote, I'm objecting to the framing of "in four years this will be over" or "in four years we can fight this", if you are waiting for elections to solve this alone, that's a mistake. Elections alone won't be enough. It's not too late to do anything, it is too late for just voting against it to be enough.
I agree that elections alone aren't enough, but the question of whether you expect a chance to reset in 4 years affects a lot of strategic calculations. If you expect Trump will face democratic accountability in 2026 and 2028, it makes sense to focus on things like tariffs that a lot of voters will find mildly uncomfortable. If you don't, any energy you spend on things that don't produce mass mobilization is wasted.
War with China and doing enough reprehensible acts to stoke protests to declare martial law to stay in power indefinitely.
I feel like we're only a few weeks away from someone "home grown" experiencing an "administrative error." The slide into madness continues.
More like only a few days away, honestly.
Wait until they start a war against Albania.
[dead]
This industry relentlessly lionized Trump and Musk, elevating them to positions of power and handing them the power to destroy at will.
This is your moment! Enjoy it!
It’s astounding that the users here watched all the horrendous things going on and ignored them. But now the CVE numbers are gone it’s shocking and too far.
> It’s astounding that the users here watched all the horrendous things going on and ignored them.
Many most voted and most commented submissions were the other things.
Come again? This is Hacker News, a heavily moderated forum with a narrow focus. We don't discuss Israel or El Salvador here (unless it's tech related.)
I would hope the folks that frequent HN would not be so insular as to only read what happens on HN and not read any other news source.
If you’ve somehow missed Trump’s systematic dismantling of academic freedom or his disappearing of folks he doesn’t like, then we have a far bigger problem than the limits of what is discussed on HN.
Please, this place has permeated with Trump rage since before he took office. The only way you could think he was ignored is to not have read any comments.
Anyone who voted for Trump voted for this type of dumb action. This is a major loss for society and safety.
If there are any Europeans here, I'd love to make my vulnerability database that's accumulated from all linux security trackers and the CVE/NVD open source if I can manage to find some folks who'd help with maintenance.
Currently hosting costs are unclear, but it should be doable if we offer API access for like 5 bucks / month for private and 100 / month for corporate or similar.
Already did a backup of the NVD in the last couple hours, currently backing up the security trackers and OVAL feeds.
Gonna need some sleep now, it's morning again.
My project criteria:
- hosting within the EU
- must have a copyleft license (AGPL)
- must have open source backend and frontend
- dataset size is around 90-148 GB (compressed vs uncompressed)
- ideally an e.V. for managing funds and costs, so it can survive me
- already built my vulnerability scraper in Go, would contribute it under AGPL
- already built all schema parsers, would contribute them also under AGPL
- backend and frontend needs to be built
- would make it prerendered, so that cves can be static HTML files that can be hosted on a CDN
- needs submission/PoC/advisory web forms and database/workflow for it
- data is accumulated into a JSON format (sources are mixed non standard formats for each security tracker. Enterprise distros use odata or oval for the most parts)
If you are interested, write me on linkedin.com/in/cookiengineer or here.
Honest question: Does this not already exist?
- https://vulnerability.circl.lu/
- https://osv.dev/
- https://vuldb.com/
And a few others?
https://www.enisa.europa.eu/news/another-step-forward-toward...
> https://euvd.enisa.europa.eu/
They already did it. Great!
Maybe we can ask them how to contribute to their software, as it seems to be proprietary at the moment?
edit: lol, their manifest.json is still the React boilerplate: https://euvd.enisa.europa.eu/manifest.json
Their database seems to also only contain fairly recent CVEs (up until 2019? some CVEs are missing...) and not before that
To quote the article
All major powers have at least one each, some few for different parts of bureaucracy. Most of them are probably minimum budget operations just rsync-ing US CVD but they exist.
We can only hope they will get enough exposure now so they can get funding to fix stuff.
Other authorities: https://www.cve.org/programorganization/cnas
The CVE program is really important. This Administration is truly the example of the D.O.G.E. - Department Of Gaffes and Errors
This is (without any irony) the first useful thing I see from ENISA.
OSV is made by Google/Alphabet and therefore also prone to Trump intervention (see Gulf of Mexico executive order).
The circl.lu might be actually a potential cooperation partner.
(Vuldb is down right now)
you've slept just 3 hours? Go back to bed..
Maybe just a toilet break (see the bio): > Fun fact: All my comments have been written on the toilet. I don't use social media anywhere else.
Taking TDD to a level it’s never been before
Yep, toilet and now back to bed :D
https://xkcd.com/1369/
hmm? it's already daytime in Europe where he's located
The EU should just buy MITRE. Move it to the EU and make it a EU based project.
I don't think the EU has any interest in this. They've been aware of the risk of relying on the US for software security for years, but AFAIK there have been no efforts to do anything about it. Maybe the current situation will kick some butts into gear ...
Off topic: your username is very appropriate given the situation.
I thought exactly the same until
https://euvd.enisa.europa.eu/
Appeared on the front page, with © 2005-2024 by the European Union Agency for Cybersecurity.
This is just an example of US cultural defaultism.
https://www.enisa.europa.eu/topics/vulnerability-disclosure
>They've been aware of the risk of relying on the US for software security for years, but AFAIK there have been no efforts to do anything about it.
Indeed. Just as Germany knew their economy is vulnerable to Russian gas and did nothing about it, even after the 2014 invasion of Crimea. Just as the west knew moving their entire manufacturing sector to one country would make them vulnerable, but choose to ignore it because it was too profitable.
I never EVER saw politicians act proactively for the good of the nation or the people, all they do is act reactively after the shit hits the fan to control public opinion and blame someone else to make sure they get re-elected, that's it.
Once you realize our rulers aren't competent at their jobs or acting in the peoples' best interest, it all makes sense. They're in it for the grift and to enrich their monopolistic friends in the private sector, to make sure line goes up in the next quarter, that's it.
Yes, I know there are good politicians out there who care and fight for their local communities, but they never make it to rule at national or international stage and actually change the rotten system because the status quo doesn't allow that.
> I never EVER saw politicians act proactively for the good of the nation or the people,
This is almost certainly because those cases don't make the news.
Yup.
Politicians react to the public when it stands up. Otherwise it will follow other agenda's.
That is why it is critical to have an informed public. When journalism has to compete with corporate owned Fake News and Entertainment, journalism dies, and democracy will follow. Then, add the spy business of Big Tech in the mix, with algorithmic silo's. The people don't even realize they are locked up in a jar, where they live on a diet of cultural engineering.
Now, pause a moment and think about what happens when you add AI-models to the mix. Your daughter, your neighbor will be totally brain-wrecked.
>When journalism has to compete with corporate owned Fake News and Entertainment, journalism dies, and democracy will follow.
Which journalism are you referring to? The one owned by Rupert Murdoch? The Washington Post owned by Jeff Bezos? MSNBC? CNN? Are they better just because they're owned by different billionaires and interest groups?
I got news for you, the journalism you knew died a long time ago.
American independent journalism seems to be dying (unfortunately) but I think in Europe there are several large news organizations reporting on things that matter in a relatively independent fashion, at least a lot more independent than what we see happening in the US (I'm thinking of e.g. The Guardian, Le Monde, I could also name a couple of Dutch news sources, but they would mean nothing to 95% of the readers here).
That is not news to me (see my post history). The information landscape in America is segmented, and works to keep the Big Picture out the frame. To quote myself:
As an English speaker, you have one option and that is to read The Guardian.They do where I live, but those are drops in the bucket compared to the industrial scale theft(wealth transfer) the central government operates.
Well, in the United States it doesn't make the news.
It's certainly because they have a belief based in ideology, not fact.
Perfect exmple of the "one-deep" conservative response.
PP is looking for a pattern, finding, and abstaining from questioning or contextualizing it:
Engaging only with the first or most obvious layer of an issue—never going deeper into context, nuance, or systemic causes.
The quickest counterexample that comes to mind is Elizabeth Warren's Consumer Financial Protection Bureau. It has returned billions to American citizens.
I'm gonna have to stop engaging with you here if you start a comment by accusing someone to be a conservative.
If your first reaction is putting people into political/ideological camps in order to make their arguments weaker and easier to attack form a holier than though political/ideological angle, it's game over for me as I like to judge actions objectively based on the outcomes, not conservative vs democrat, left vs right, etc. since corruption and incompetence is colorblind.
I don't care which side of the political isle did what, I'm pointing at the systemic failures of the entire system built like a house of cards by all political parties, which collapsed as no thought was put into building it, and only chased short term profits at the expense of long term security. Trying to finger point a single political side only detracts from the issue which is the classic "divide and conquer" tactic politicians have been using to deflect blame and get away with it.
The death of Occam's razor, because protecting one sensitive person's tribal political identity is more important than solving the problem.
It is damningly simple, the root cause beneath far too many issues our advanced civilization faces: we have a global adult immaturity issue, species wide. The leaders that are crony capitalist and widely populist are in truth terribly immature public figures. Our incredibly short sighted (also an immature behavior) news and analyst media pretends to be adult while never really having any solutions that are not plain school yard bullying and tribe glorifying. And the public is only allowed outsider fringe opportunities to include their voice in these public non-debates. We do not produce adults anymore, we produce a civilization of Lindsay Lohans that think they are adult men and women.
If capitalism is allowed to operate without regulation, it corrodes.
If government is allowed to operate without regulation, it corrodes.
The pattern is clear. Unchecked power imbalances are bad for everyone, but the folks at the top of a power imbalance generally advocate for it, and change the environment to ensure their power and reduce everyone else.
What is that aspect of humanity that causes unchecked power to imbalance anyone and everyone? I'm saying it is unchecked immaturity. Recognition is step one. If the species identifies en mass there is an unchecked immaturity issue in adults, a huge amount of it will evaporate, and people will be given an excuse to start calling other adults on their immaturity. Harsh, but necessary as the immature are actively justifying destroying people all over the place.
Let's say you're right and people's immaturity immaturity is the issue.
The problem is, if you try to check people's immaturity and call it out, you get labeled a bigot, a fascist, or a $fobe.
So people's immaturity is a consequence of the modern toxic positivity and cancel culture the west has bred where you aren't allowed to say anything that might hurt someone's feelings, so people grow up in a bubble of fakeness that's detached from real world issues.
You're pointing out the end effect but not the cause that has led to that.
I'm trying to create a recognition of immaturity as an adult problem issue, and if that recognition takes place then society will generally recognize the issue, and that becomes internalized as an issue people understand.
The goal is not to call people out, the goal is recognition as a real, active issue at the root of a lot of public figure behavior. Those behaviors need to be called out, and those public figures shamed for their immature behaviors and immature opinions - which non-public figures then mimic in ordinary life. Which is an immaturity that I do not expect to be called out, which sound like you're focusing.
Beneath the immature world view and attitude is self deception, a far harder issue to call out. That self deception is caused by religious claims of answers to unanswerable questions. To accept an unanswerable question's "answer" from another is a self deception, driven by anxiety and fear. Life has uncomfortable unanswerable questions, and facing those unanswerable questions is a critical part of becoming mature - there are no answers to these questions about what happens or if there is an afterlife. By supplying answers to these critically unanswerable questions, religions create immature individuals that are in fact trapped within the cult of that religion's reasoning, which tends to be terribly immature in far too many logical manners. Then you get morons.
>I'm trying to create a recognition of immaturity as an adult problem issue
Adults don't just spawn into the world like characters in a video game. They're raised and educated into adulthood by the previous generation parents and political regimes. So if you want to point the finger for the issue with current generation, point it at those who raised and cared for them, as it was their job.
>and if that recognition takes place then society will generally recognize the issue, and that becomes internalized as an issue people understand.
The issue with your logic is that you assume society can recognize issues and acts rational to issues, when in fact it does not.
Society selectively chooses what it recognizes as issues, based on emotional manipulation and tribal behavior.
It is also the job of an individual. Immaturity is a choice. A choice to be adult or not to be an adult, and to pretend one is an adult when they are not is also immature. It's a vicious cycle each individual is in full control, despite their awareness of it.
Ah yes, great strategy. After they've been fucked over by a generation of bad parenting, bad governing, bad education and bad economics, go and tell them it's their fault and how they should pull themselves up by their bootstraps.
What could go wrong? I'm sure they'll vote rationally and responsibly and not in a vindictive way to watch the system burn to the ground. /s
“A society grows great when old men plant trees in whose shade they shall never sit.” — Greek Proverb
What our society did instead was cut down the tree to save money on upkeep and increase the value of their property. Sorry, but you reap what you sow.
Of course children will react with emotion, which is why the only alternative is to treat them as an adult. Point out they can end the cycles they were born into by identification and effort. There is no other way, it cannot be done for them.
Germany had with under the best deal for gas possible with Russia, I don’t understand the sentiment calling it a vulnerability. There is still a working pipeline available and Russia stated clearly if would continue delivering gas, if Germany wants to.
Except what Russia states and what Russia does are only aligned when it serves Russia. Russia stopped delivering gas through NordStream 1. After that, Germany took note of the danger and decided it would do better without that dependency.
https://www.aljazeera.com/economy/2022/9/2/russias-gazprom-k...
> Germany took note of the danger and decided it would do better without that dependency.
So they just swapped dependencies. And it's not that the new dependency will have no strings attached.
Diversifying while keeping russian energy in the loop, as part of a risk-management strategy, would make more sense. Completely cutting off russian energy just gives more bargaining power to their new energy provider.
If we put half the effort into shoring up our institutions and reinforcing our shared norms and cooperative values as we are into "de-risking" everything, right now, and all at once, we'd all be in a much better place. Overnight we all just accepted that this new transactional, mercantile, hostile mentality was the way of things and the only way it can be. This is a self-fulfilling fatalistic prophecy and is going to move us backwards into a much worse, less prosperous world, empowering the bullies and the tyrants even more.
Greed got us here. There's a rules based world possible where Russia sells gas to Germany. Russia did not transform from an free and democratic society with respect for human rights and the international community into an authoritarian dictatorship overnight; we turned a blind eye to this when it suited our short term economic needs and that is how we allow ourselves to sleepwalk into the situation we are now. Had we held first to our principles we'd have either had the impact the neoliberal trade focused policies were supposed to eventually deliver or at the very least not ended up with dependencies that gave such governments leverage and eventually blow up in our faces. Had we instead put human rights first and foremost we would not have created and empowered these monsters.
Same thing with Trump's reelection in the US. By all rights in a functioning democracy Trump should be sitting in jail right now along with the January 6th insurrectionists. The Biden administration had 4 years to prosecute, but felt it was not politically expedient to do so. Likewise what is left of the GOP within the republican caucus right now faces a similar choice between short term benefits and upholding the principles which nearly everyone in congress and even the Trump administration has previously claimed they would uphold.
> Had we held first to our principles
*our alleged principles
Something can't be called a "principle" when it is only selectively applied.
> There is still a working pipeline available and Russia stated clearly if would continue delivering gas, if Germany wants to.
You conveniently leave out that minor detail that it was RUSSIA who stopped the gas.
Germany tried hard to keep it going, even making a sanction-exemption or a Siemens turbine repaired in Canada, which according to Russia was needed. Only that when they were to receive it nothing happened, gas stopped anyway.
Nordstream 1 which had if I recall correctly one working turbine left and went into inspection during which an oil spill was noticed and the restart of the service was postponed. Shortly after Nordstream 1 Pipeline A + B and Nordstream 2 Pipeline A was been blown up. It’s up to debate if the oil spill which was uncovered during the inspection which postponed the gas delivery was a political move. The turbine, which underlies sanctions, should have been still in transit during that time and even if delivered useless.
There is still Nordstream 2 Pipeline B intact available to deliver gas and it uses Russian made turbines compared to Nordstream 1.
The whole discussion is very special to say the least if you leave out that some adversary blow up the infrastructure.
Russia refused to accept the turbine! It was in Germany, and Russia blocked the delivery.
"Moskau blockiert offenbar Weitertransport von Nord-Stream-1-Turbine" ("Moscow apparently blocks further transport of Nord Stream 1 turbine") -- https://www.rnd.de/politik/russland-blockiert-offenbar-weite...
I'm German, I followed those developments closely at the time. Russia refused to deliver gas! The blowing up of the pipes happened quite some time after that!
You also don't mention that German Gasprom, which controlled German gas reserves, emptied them just before the war! -- https://www.faz.net/aktuell/wirtschaft/gas-speicher-in-deuts... (German, paywall), -- https://www.zeit.de/news/2022-01/21/ungewoehnlich-leere-gass...
That shows that Russia prepared for using gas as an economic weapon against Germany especially well before they even started the war.
From the Zeit article:
German
> "Die Gasflüsse über die deutschen Grenzen sind unüblich niedrig für diese Jahreszeit - mit Ausnahme von Nord Stream 1, die sind konstant hoch", sagt Fabian Huneke. Es sei verwunderlich, dass vor dem Hintergrund der hohen Preise und der hohen Nachfrage die Gaslieferkapazitäten Richtung Europa so wenig genutzt würden. "Wenn Gazprom sich marktrational verhalten würde, würden sie die Gaslieferungen nach Europa auch durch die Pipelines, die durch Belarus und die Ukraine führen, verstärken." Den Grund für dieses Verhalten sieht der Energiemarktexperte in der Ukraine-Krise.
English, translated by Google
> "The gas flows across the German borders are unusually low for this time of year - with the exception of Nord Stream 1, which are consistently high," says Fabian Huneke. It is surprising that, given the high prices and high demand, the gas delivery capacities to Europe are so little used. "If Gazprom behaved in a market-rational manner, they would also increase gas supplies to Europe through the pipelines that run through Belarus and Ukraine." The energy market expert sees the reason for this behavior in the Ukraine crisis.
The transport of the turbine was accompanied by sanctions and each party didn’t wanted to get punished, awaiting exemption documents for delivery. As the article already states in the headline and further acknowledges in the content Russia was not refusing to get their turbine back but waiting for documents themselves which the article beautifully conceals with the little word ‘apparently’.
The unusual low gas storage reserves at the beginning of the year 2022 in Germany with 45% compared to usual 75% while Nordstream 1 is delivering at full capacity could be related to the sanctions which lead Poland to stop transit through the Jamal pipeline and other transit routes through Ukraine and possibly gas market trade activities. Having just the ‘economic weapon’ argument is lacking, especially in regard that Russian gas is still to today reaching Germany and it is in the interest of Russia to deliver.
> Moskau
Tangentially... how did the German name of the city/region get into _that_ form? Is it a loan from English?? Germany and Russia have been closely entwined for centuries.
Wikipedia has a comment which appears to make no sense:
> The [old] form Moskovĭ has left traces in other languages, including English: Moscow; German: Moskau; French: Moscou; Portuguese: Moscou, Moscovo; and Spanish: Moscú.
Seems its actually (in both German and English) developed from older Russian forms, and Russian shifted afterwards again: https://en.wikipedia.org/wiki/Moscow#Etymology
But all of the older forms include a /v/. How did that drop out of every language except Portuguese?
(There is an English term Muscovy for the region, but wiktionary suggests that it derives from the formal name given to the region in international Latin rather than deriving from Russian. In that case, a /w/ would also generate a letter V, so there's no explanatory power.)
U, v and w are all derived from the same letter v, for which no distinction existed in latin (same for i, j and y).
Apparently, when different languages started to make the distinction, they picked a different letter combination: ov, ou, ow, au, ú, etc. probably depending on the local way of pronouncing the word.
Same for latin ivvenis, modernized to juvenis, which gave young, jeune, jung, joven, etc.
The letters "U", "V", and "W" are all derived from the same letter, the Latin "V". The sounds /u/, /v/, and /w/ are different.
We're talking about a period many centuries after Latin phonology might have been relevant. The word doesn't come from Latin. Old English has no confusion between [v] and [w] to begin with; [w] is part of the phoneme /w/ and [v] is part of the phoneme /f/. In Middle English there's a distinction between /f/ and /v/, where we see French-derived words like village and vine distinguished from English-derived words like fill and fire, and from French-derived words like fine.
So what happened?
> Same for latin ivvenis, modernized to juvenis, which gave young, jeune, jung, joven, etc.
Please don't just invent things that sound good to you. Young and (German, I assume) jung don't come from Latin either.
> U, v and w are all derived from the same letter v, for which no distinction existed in latin (same for i, j and y).
Again, please don't just make up random non-facts. Latin has no letter J. It does recognize Y, as the Greek letter upsilon, which it distinguishes from all Latin vowels. The fact that Romance languages name "Y" the "Greek I" should have been a hint of this. You can hardly read any Latin that mentions Greeks without running into it; compare Pyramus, Thucydides.
Except that Russia did not deliver (not any meaningful amount anyways), when the pipelines were still intact. And yes, they pretended to be willing, firing off a series of excuses sufficiently transparent to make it clear between the lines that it's a demonstration of power. Get your history straight: "Russia stated clearly if would continue" has between zero and negative value.
NordStream 1 had been stopped from Russian side for nearly 4 months before this, with constantly shifting goal post excuses.
>I don’t understand the sentiment calling it a vulnerability
MFW German leaders and HN commenters see no vulnerability in this.Someone please stop the planet, I wish to get off, my sanity can't handle this level of stupidity anymore.
[1] https://natoassociation.ca/a-timeline-of-russian-aggression/
> Someone please stop the planet, I wish to get off, my sanity can't handle this level of stupidity anymore.
News from an American here, on an antidepressant and deathly fat from stress eating:
I’m worried about the eventual welfare of those protesting. I’m hearing that people of color are being told by their pastor to stay home rather than protest so as not to risk being used as scapegoats.
My family and friends are divided and still dividing over politics. I recently was crazily ranted to by big-personality entrepreneur immigrant that told me his story of how easy it was to come to the states, rags-to-riches, and how they were supporter of the administration because “they don’t want to pay taxes for illegals”. Part of the half of the U.S. that supports the administration isn’t just brainwashed, but has a very strong, angry, and desperate look, and the other part says “just wait four years and it will be over”, but it won’t; before the election, this party used gerrymandering and legal action to ensure that election, then post-election replaced election officials and many government officials.
The DOE is claiming anti-semitism and the need to have viewpoint diversity to deny funding to schools that are known for their open viewpoints.
And yet somehow I’m still surprised when they kill the CVE program.
It’s an ever-escalating circus of chaos, because our administration thinks this was needed to ensure U.S. interests, because those vulnerable in the U.S. were manipulated by outside actors and internal power-hungry politicians and zealots, and all is spun to just feed into the chaotic nationalism that is trying to one-up every other dictator that has ever lived.
To top all of this off, AI, which I use daily, will take my job before I retire, and I have no backup plan.
Despite all of this, I have the will to live, to support those whom I love (even the crazy ones), and to try to make the world better. I continue to pray for direction on all of this.
Follow the money...
"German journalist dubbed the ‘Putin connoisseur’ had secret book deal with Russian oligarch" - https://www.icij.org/investigations/cyprus-confidential/germ...
"Russia's best friends in Germany: AfD and BSW" - https://www.dw.com/en/russias-best-friends-in-germany-afd-an...
"12 Germans who got played by Putin" - https://www.politico.eu/article/blame-germany-russia-policy/
The sources you mention are straight out of a propoganda handbook. Not worth the read and hugely fabricated fake sensational news.
Politico, ICIJ and Deutsche Welle are hardly unknown fringe sources with shady backgrounds
Instead of countering a single fact, you labeled the whole thing. That’s usually how people protect a narrative, not challenge one.
[dead]
[dead]
This should be work for the ENISA: https://www.enisa.europa.eu/
https://www.enisa.europa.eu/topics/vulnerability-disclosure
They have a tender going on tracking best practices: https://www.enisa.europa.eu/procurement/vulnerability-disclo...
So they will take 12 months to select for the tender...18 months pondering on the report...and in 3 years they make a tender out for a solution...
oh but you forgot the mandatory time before they even start considering the tender.
looking at average speed of bureaucracy in EU it will take roughly a year to set date for a meeting that will set the date for actual meeting which will decide if this will go forward or not....
(if you think i'm joking - i'm basing this on proposed EU initiative for nuclear power which started with setting a date of meeting to setup a meeting to draft an agenda)
Sir Humphrey ran that meeting if I recall correctly
The five stages of creative inertia: https://youtu.be/PcghKtd-yP0?t=23
100% - I wonder if this is partly by design.
I'm kind of thinking of Frank Herbert's BuSab here...
MITRE is a non-profit. All the EU has to do is reach out to MITRE and be willing to fund the project.
I know that they are a 501(c)3, but they have significant revenue and intellectual property, so in order to do the lift and shift, there would need to be some money changing hands to accomplish it. Not only that, but being owned by the EU gives the ability for MITRE employees to have the option to immigrate to the EU to protect against any retaliation.
I cannot believe I am typing that second sentence, but here we are.
> Not only that, but being owned by the EU gives the ability for MITRE employees to have the option to immigrate to the EU to protect against any retaliation.
According to which rule would "owning by the EU" result in an option to immigrate? Immigration is handled on a per country basis. I don't see how the EU provide such an option.
https://eur-lex.europa.eu/eli/dir/2009/50/oj
The EU has agreed upon programs in order to bring in, through an immigration policy, high skilled persons from non-member states. More importantly, working within the member nations, as to which member nation would want MITRE to be located within their borders, is not something that is a hard sell given that it has economic advantages for whichever state(s) onboard MITRE.
> The EU has agreed upon programs in order to bring in, through an immigration policy, high skilled persons from non-member states.
Where in this is the option that the EU provides an option to immigrate because the EU owns something?
I'm very well aware of knowledge workers. It's not something the EU can provide as an option. What you linked to is the legal framework around how EU members can provide such a thing.
That still leaves decisions on who to admit to states. As far as I can see its main effect is to allow people admitted to one country as highly skilled to travel to (not live in) other countries?
The EU can accomplish it with diplomacy. It’s unknown technology in America, but diplomacy and asking to work together is truly powerful.
> The EU can accomplish it with diplomacy.
Agree. It'll likely happen that way. Still, dislike the initial incorrect assertion.
[dead]
I think all the big companies that owe their ongoing business should band together and fund it. No way an organization like this should rely on just one sponsor.
I think that I'm in favour of pricing in externalities like this.
What cross-industry organisations exist that could coordinate?
Non-profit means (in this case) payed by somebody who does not have anything to say about the transaction. It would be better to pay for it so that people who are interested in this subject have a say.
This would be hilarious. That would be a good thumb in the eye to the current administration who complained long and loud about how Obama let ICANN leave US possession. Just imagine the campaign commercials in 2026,
>The POTUS transferred our cyber defenses to the EU
Ouch
Well, that's kind of the point? The current administration doesn't care about cyber defense, any less than it cares about protecting the environment, protecting consumers, having top-notch universities and research, foreign aid etc. etc. Actually, it takes pride in not caring about all of these things.
My guess is that they feel they are supplying something the whole world is benefiting from, and they believe that unfair. That ignores the fact that the US benefits immensely from this, and that they benefit domestically from providing that benefit more widely by getting a lot of free contributions from the outside. But the US foots the bill of those who do get payed, so its unfair...
This american admin doesnt seem to understand the benefits of leadership. Like being de facto currency, ability to operate while deep in debt, etc.
It's so unfair that I have an great job so I can treat my friends to dinner all the time! I hate being rich.
It's rather "I know I'm rich, but why do friends expect ME to pay for dinner all the time? It's so unfair!".
Its a bit like when you are a two-bit loser but have a private island where you can do whatever you like, and invite every celebrity you can find over to party every weekend, then start complaining that they haven't paid any of the island running costs and that they are all spongers because you are the main attraction of the island parties.
I find your analogy to be poor: is someone owning a private island and familiar with lots of celebrities a loser? I'd very much like to be such a "loser".
Another analogy: my friends and I often eat at the restaurant I own, and occasionally, I pick the tab. I complained angrily about it, and now they want to try out other restaurants or dine at home.
And at the best restaurants! And I get to choose the restaurant! And choose when we eat! And pick the appetizers, drinks, entrees, and desert!
So instead I will allow myself to be robbed and we'll all share the cost of a low-key restuarant. Or maybe let's charge each other to eat together, yeah!
Not to mention the administration aren't going to be held accountable for, or actually be impacted by, the harms that come for their actions.
> The current administration doesn't care about cyber defense, any less than it cares about protecting the environment
On the contrary, I would argue that they deeply care about the environment. The REAL point of all those tit-for-tat tariffs with China including with small mail/packages are to drastically cut cargo/shipping emissions. The threatening of annexation of Canada? That was really to get ~70% reduction in air passenger traffic BECAUSE they care about the environment. Same with creating a few high profile border horror story incidents against nationals from allied countries. The real point of it? Reduce transoceanic air passenger loads and save the environment. /s
You need to make that /s more prominent.
HN is extremely humour challenged. I suppose the majority fails to put a monetary value on it...
[dead]
Looks like some people are already getting things moving: https://www.thecvefoundation.org/
Try to talk to the people from the Sovereign Tech Fund, they have a history of sponsoring security relevant projects in the EU.
> Sovereign Tech Fund
It's actually been upgraded to the Sovereign Tech Agency now
And maybe the sidn fund?
Nlnet for opensource
Yes, maybe reach out to Michiel Leenaars from the NLNet foundation. But IIRC NLNet mostly funds shorter development tracks, not ongoing upkeep/maintenance.
Maybe something to bring up to one of these e.V.'s if it ends up being difficult to get started: Codeberg.org, nlnet.nl, ccc.de
+1 for ccc.de
Codeberg might be a nice cooperation partner for hosting the git repositories. Gonna write them!
I'm also visiting the local CCC chapters here this week, maybe it makes sense to have a separate e.V. where the CCC chapters are beneficiaries?
The main costs definitely not hosting and can be quite significant. MITRE had $2.37B revenue in 2023, most if it contributions. I don't know how much of it can be attributed to the CVE, but I assume it's not an insignificant part of it: https://projects.propublica.org/nonprofits/organizations/422...
There are already many security trackers, why writing a new one? The issue is paying people to handle the advisories.
I agree with you there. Before CISA got sacked / taken down, they were working together with the BSI and other CERT agencies on a vulnerability exchange format.
This might be the optimum time to implement CSAF and to lead by example when it comes to vulnerability disclosures.
We should host it and collect membership fee from people who need this data. This way we can make it resilient against lack of government support. I would love to pay 5-10EUR/month to use such a service.
I would email someone like Patch My PC they seem good stewards of stuff open source from my vague looking and they are good people. They may just host a clone of it that's open.
(Spain, doing storage and web hosting) What usually worries me the most is the administrative or management part, which I don't know how big would be for this project...
Try if you can find some help here https://openssf.org/
I’m interested to help! I added you on LinkedIn, so will message there after you accept. :)
Im also interested in helping
Depending on deployment strategy I could help with Kubernetes stuff.
Some cnas may also submit. Is this something you are open to?
The European, GDPR compliant subnet of the Internet Computer could suit your needs. The app would be decentralized out of the box and it can't be shut down by a single entity like a traditional cloud provider or nation state. Hosting 100GB costs about 500$ per year [0]. This is not a traditional hosting provider, it's a decentralized cloud. Reach out on the forum [1] or to me if this sounds like a good fit to you (I think it does, from your list of requirements).
[0] https://internetcomputer.org/docs/building-apps/essentials/c... [1] https://forum.dfinity.org/
Or just use a normal host where hosting 100GB costs about $60.00 per year.
As mentioned in the response to the sibling, I am not just talking about hosting the data, but also running the app. Ofc, with a lot of traffic the running costs would increase.
The reason for the higher price is that both data and running software is redundant and decentralized by design - no need to configure anything.
My 4TiB seedbox at home costs $5 in electricity.
Seems way overkill & unnecessary. Wouldn't the e.V. (foundation) especially with FOSS backend/frontend already ensure continued operation? Also if it's about redudancy/resilience it seems like good ol' torrent/ipfs or even a dedicated dht (if you really want to have fast updated content) would be much more efficient.
>FOSS backend/frontend
That phrase does not address where and how to host data and run software, and while I think an e.V. would be a great idea, it also does doesn't address it. So these concerns seem orthogonal to my input.
The IC Protocol is indeed about redundancy and resilience, but also about sovereignty and security, and it does not just host data (like torrents) but also runs software in a verifiable way (in particular, for every message you get from a dapp on the ICP, you get a certificate that proves that the majority of nodes in the subnet agree on the result).
In a nutshell, it's a platform that gives you many guarantees (security, redundancy, sovereignty) out of the box - as opposed to classical solutions which have to be composed of many different building blocks that need to be orchestrated to work together.
> runs software in a verifiable way (in particular, for every message you get from a dapp on the ICP, you get a certificate that proves that the majority of nodes in the subnet agree on the result).
There is no need for this though, by it's very nature CVE services are "authorities", that distribute fairly simple data. Also if it costs 500$ to keep it online it's not really giving you much more resilience than regular multi-node hosting and significantly less than torrenting which is effectively free for many volunteers.
I'm not European but I'd love to help.
messaged on linkedin fyi
Why EU?
Canada may be another friendly option
Canada’s been described as the Ukraine of North America.
Let’s not site global critical infrastructure within 150km of US land borders for a generation, please.
I don't believe I've heard that before.
As a Canadian, I can confirm it's nothing like what's happening in Ukraine.
Great idea. I'm interested in helping. I'll dm you.
[dead]
The AGPL is a nonfree (and nonsensical) license.
There’s nothing wrong with normal GPL.
Is there a non-free license approved by FSF and OSI and compatible with DFSG?
CVE was anti-American woke.
No, more seriously, just like with shutting down NOAA services, it seems the goal is to:
1. cut services (we saved taxpayer money!!)
2. at some point later: oh, we actually need those services
3. pay <insert your favorite vendor here, preferably one connected to Musk> to provide the service (see! we don't need to pay gov employees!!) (fine print: the vendor costs 2-3x the original cost). But by then no one is looking at the spending numbers anymore.
Slick moves.
And here lies the problem. Even from a libertarian perspective DOGE is counterproductive because maintaining a system is much more cost effective than starting it anew.
Especially when you cut something recklessly, figure out in month that you need back that capability right now and have very little leverage to negotiate with private providers.
When you look at the last cutting effort in the Clinton administration the difference in jarring.
Combine that with the fact that with a few exceptions DOGE has been cutting the most cost effective programs (i can’t think of a better bang for buck science program than NOAA) it’s saved very little vs the amount of pain it has caused.
Heeeeey but he runs Tesla like this and it's an hyper-valued company!!!1! He cannot be wrong, he is a genius!!
Now would be a great time for a major tech company to support them (or, even better, a consortium).
Meh. It's not like I was going to ask the facist autocracy about my software vulnerabilities.
Now the NSA can hoard more 0days and the general public suffers. Win win for this administration
It's more likely to boost the zero day black market. I don't know if I want to attribute this to idiocy (indiscriminate cost cutting), greed (contracts for their crony pals) or malice (hoarding and trading 0 days).
¿Por qué no los tres?
I don't know Spanish. So I used an online translator. I can see how greed and malice can go together. But idiocy? I don't know.
The trick is that there's more than one person involved in making these things happen. In this way, greed, malice, and idiocy can work hand in hand. Such is entropy.
Let me guess: Trump is going to make China pay for it.
Uh oh did someone CVE grok or twitter?
Mr. President, Do you want China to get the reports instead, or do you want the NSA to have a lead time where the vuln's are useful tools?
It seems phrasing it in the form of a joke was too much.
I was trying to convey (with levity/humor) WHY it should continue to be funded as well as the argument that should be made to the one currently in control of the spineless US Congress.
Yes, fixing the vulnerabilities is important. However what the government probably does gain from it is an inside advantage in the lead time for vulnerabilities to protect against, as well as to exploit on adversaries.
If you /s/China/Russia/, when asking Trump, it’s no longer a rhetorical question.
For those reading, a fair few of my recent posts were downvoted after this comment, and it was initially flagged.
If I violated some rule so be it, and I could care less about internet points, but it certainly feels like suppression of individuals based on individual posts which is a behaviour that could end up being the death of hn.
LOL this is Amazing... Holy shit
To the "I wish HN would stay out of politics" crew.
You can stay out of politics, but politics will always come and find you.
HN and founders will say "no politics here" on the regulated internet, drinking regulated water, eating regulated food, breathing regulated air.
Apart from the few maniacs On Here who seek out the unregulated intentionally. Raw milk (all those tasty diseases). "Research chemicals" (don't hear so much about that lately, but there were whole microdosing fads).
Banning raw milk is for health. Banning research chemicals is mostly an extension of the war on drugs. They aren't the same.
Raw milk is delicious, my ancestors have been drinking it for millennia.
Isn't this literally survivorship bias? Those who died early wouldn't have had offspring.
1 - https://en.wikipedia.org/wiki/Survivorship_bias
Not saying its a good choice for those whose ancestors didn't go through the selection process.
Your ancestors didn’t face bird flu.
That said, I’m for people being idiots. I’m just done paying for it. If you’re chugging raw milk during a bird flu epidemic and your family gets sick because of it, basic insurance and the public should only pick up the cost after you’ve declared bankruptcy.
Similarly I wish I could enact carveouts so I wasn't supporting peoples health problems related to commenting way too much on the internet, hackernews in particular.
Milk is my main drink. I don't drink beer or wine, it's mostly just plain milk for me. And while there is a substantial taste difference based on the % of fat, I have never seen a difference in taste between pasteurised and non-pasteurised. I actually bought a bottle of raw milk from a farmer just to try it. No negative effects, but it just tasted insipid compared to 5.4% fat milk I can get at the supermarket.
People who claim a taste difference between raw and pasteurised, I'd very much like to see someone taste the difference on the same cow's milk blind, before and after pasteurisation. I just don't think it affects the taste much, and certainly not as much as fat %.
And for people who claim health benefits, I would like to see a double blind study demonstrating those benefits.
I think the main difference is fresh. When I was in high school I stayed with a dairy farmer who brought in a jug of milk from the tank for breakfast after milking the cows. After that I can't drink regular milk.
Pasteurization does affect taste though. Around me there are two different dairies, one does regular pasteurization and one does vat pasteurization and I can tell the difference. There is ultra pasteurization which is just gross. I've never put unpasteurized head to head against equally fresh pasteurized though, and given what I now know I'm not going to.
I love ultra pasteurization. I'm lactose intolerant so I have to drink "lactose free"[1] milk and in Canada such milk is often UHT pasteurized since it has to stay on the store shelf longer (lower inventory turnover). It's amazing that we can, non-chemically, disinfect a dairy product in such a way that it will stay good for months even without refrigeration.
In Mexico I suspect that almost all milk is ultra pasteurized since it's not refrigerated in stores and has wicked-long expiration dates. It's also some of the best-tasting milk I've had so I think that flavour has more to do with some of the other milk processes (like skimming) and the livelihood of the cows rather than with how it's pasteurized.
[1] In practice this is just milk with the lactase enzyme added at some point during production.
I have no doubt that milk that is 15 minutes old tastes great. My question is if that jug of milk was divided in two and one half was pasteurised, would people be able to tell the difference? You're saying yes, I'm saying I'd like to see blind tests of people tasting both.
IF you read close you will see that I didn't say yes. I said that I don't know and am not willing to be part of such a blind test. I will state clearly that all the unpasteurized milk I had was less than an hour old and tasted great, while all the pasteurized milk was unknown age but likely at least a day old and tasted worse. Is it fresh or pasteurization that makes a difference is not something I know.
I don't know the details about ultra pasteurization. I just know anything labeled ultra pasteurized states gross.
Of course the above is subjective. Others have stated they prefer it. To each their own, but I will continue to maintain it makes milk taste gross.
What the cows eat matters for how milk tastes too. Cows can get sick. Udders can get infections. Milking processes (machinery) and its ease of cleaning can vary. Bacteria is everywhere. Pasteurization is a cheap, effective and has no real drawbacks. This whole raw milk thing is just silly and has become political for some silly reason.
You may be onto something about the different cows. This was while I lived in France temporarily. I had no idea that I was drinking raw milk. I was commenting how delicious it was and a coworker said "oh is that the stuff you have to boil". Me "wut". It was much better than the supermarket milk I could get.
The confounding factor is milk fat. In my experience higher fat milk just tastes better regardless of any other factor and milk straight from the cow will have up to 5% milk fat compared to 3.25% for "whole" milk. Try drinking a shot glass of 10% cream sometime, it's amazing.
It isn’t raw if it’s been boiled.
That’s pasteurized. At a higher temp than the supermarket stuff, even.
Might not have been clear. I wasn't boiling it because I couldn't read the french instructions.
And we enjoyed our milkborne tuberculosis, typhoid, scarlet fever, diphtheria, and septic sore throat thoroughly, too. The risks actually doubled the joys. Why does a supposedly enlightened society step all over my right to choose which eliminated diseases to bring back?
Oooh, ooh, oh, don't forget the brucellosis either.
But hey, I only get to enjoy this if the measles here in Texas don't get me first.
I'd consider drinking raw milk only if I was on a first name basis with the cow that produced it.
Otherwise I would at least demand it be fermented into kefir so the food microbes can muscle out the bad.
That won't make a difference. Bacteria is something you cannot see and so you have no idea what is on/in the cow.
It sure can make a difference.
Sickness caused by bacteria doesn't happen as soon as one bad bacteria (bacterium?) enters your body, a certain critical mass is usually required. This is very similar to the concept of "viral load" where a certain amount of viral genetic material needs to be exchanged before the viral infection can take hold.
The "beneficial bacteria" on your skin and in your gut make it harder for bad bacteria to take root in many different ways, one of them simply being they provide competition, "crowding out the bad guys".
Another way is that many, many, many types of antibiotics were originally discovered as metabolites produced by bacteria and fungi (examples include penicillin, streptomycin, chloramphenicol, and tetracycline).
And for completeness sake, milk kefir contains many Lactobacillus species that are also a natural part of the mammal microbiome (which makes sense when you think about it; Lactobacillus are named for consuming lactose, an ingredient of mammal milk).
And many of them died from doing so.
> Raw milk is delicious, my ancestors have been drinking it for millennia.
Before refrigeration most milk was made into butter, cheese and other products. Unless your ancestors actually herded the animals themselves they probably didn’t drink much raw milk.
not everyone's ancestors
Only about 1/3rd of the world. However by coincidence fluency in English correlates high with ability to drink milk as an adult.
Will all of these things be free of micro plastics and other contaminants?
If so, is there a signup page?
Wait these regulations haven't created total perfection? Better burn the whole thing down.
> regulated ...
not for long
The problem with discussing politics is that it gives you the kicks. Its very easy to get into a feedback loop and take things quite far off civility. I am also guilty of it, many times.
IMHO there needs to be a mechanism for breaking the loop and then we can have civil online political discussions. Unfortunately most places just ban it or ban those who got into the loop, either way its ugly.
IRL when discussing politics and things don't go badly its thanks to 3rd party who will moderate or calm down the heated debaters.
No thank you. I am absolutely uninterested in civil discussions with people who literally want to kill me and deport my good friends to guantanamo bay cuba. When you accept nazism you throw the concept of civil discourse out the window.
Having civil discussions with people who disagree isn't about politeness or acquiescence. Having political discussions per the same rules we use for technical debates, like steel manning, allows information to actually flow both ways. I'm up to four people now that I changed parties between 2020 and 2024. That doesn't seem like a lot, but if everyone was doing it it would make a difference. It took time. I had to non judgementally listen to their concerns and intuit the fears underneath. They were reasonable intelligent people operating off of propaganda mostly. The emotional hook had been set and used draw them further and further into false narratives that fed their fears and hopes. To think I am immune isn't realistic either. My triggers are getting used to pull me the other direction, to make me uncompromising, and to view those who disagree as inhuman. Some of that is game theory polarizing us, but some of it is the intentional result of the Kremlin's standard divide and conquer they have been using on us for over half a century. The antidote is calm conversations with voters who have been made scared about irrational things, and looking to see what fears we are being manipulated with as well.
> Having civil discussions with people who disagree isn't about politeness or acquiescence. Having political discussions per the same rules we use for technical debates, like steel manning, allows information to actually flow both ways.
What additional information do they need to get out there other than they want me and people like me dead? What additional information do I need to get out there other than I don't want them to do that?
The logical end state of this belief is a civil war. I assume that in lieu of trying to change minds you're buying guns and ammo and trying to organize like minded people into a militia to protect your safety? Cause if not, I don't really think you really believe that a significant fraction of the country wants people like you dead.
I'm in the process of emigrating to Europe since it's not safe for me and my family here.
Not sure which hated demographic you fall in, but I have friends that are suddenly being threatened by individuals who now feel free to expose their true selves. I can't believe almost half the population are like that though. Escape may be the best option for a lot of people at this point. My friend doesn't realistically have that option due to finances and skillset. I do think people who aren't in immediate danger can pull a lot of people supporting those fueled by hate away from their positions with calm dialogue.
In my experience as a chronic immigrant, most people are nice but there are some a-holes who would want to harm you or see you get harmed but they would not act unless they feel in power.
Therefore, most of the time you can just ignore them and your experience wouldn't any different than the natives who would also encounter a-holes for different reasons. The problem starts when someone in power to affect your life is one of those but in normal times you still can push back by questioning their actions as they still seek approval from the larger society.
The case with Trump seems to be the same with the case with Brexit: Those a-holes(not everyone who support those but a subset of them who are a-holes) start believing that they are in power and the society approves them therefore they can act on their instincts or plans.
I was working in London on the Brexit referendum day, some of our Spanish developers had trouble with people from their neighborhood right after the referandum.
Case in point: you have decided that those who disagree with you want to kill you, deport your friend, and are otherwise nazis. While a minority do, that isn't the majority.
I am (un)lucky enough to live in an area where I don't have to decide this. People are willing to say it out loud.
This argument went out the window long ago. You're not absolved of responsibility just because you voted for someone who wants to hurt people instead of hurting them yourself.
Quit turning the argument around. forget about "them" - what does it say about you when you cannot talk nice about people you disagree with?
People who voted for Trump are not stupid. They have real concerns that they do not see being met and so they are turning to something that while maybe not ideal is at least a promise of maybe better. Maybe it will be worse, but they don't see things on the right track as they were either.
I feel like by now those people you describe should have realized Trump is doing no good on those issues they supposedly cared about. And if they had even a tiny modicum of empathy, they should be scared shitless about the people getting disappeared.
The economy is shit, eggs are more expensive than ever but those same people that insisted those issues alone should decide the fate of the country don't seem to care anymore. Why?
People who voted for Trump weren't stupid, they've been molded into it by the most expensive proaganda apparatus that ever existed. Ask yourself, why isn't Trump's popularity declining in the face of such incompetency?
Now, what can a nice talk achieve that material reality failed to convince those people of?
That you think the president could do anything about the price of eggs (which are driving by fundamentals) shows that you are no better.
Then why did he run on that?? That's my whole point! Why did Fox News make this the central issue of the campaign? Why did he promise 100 times he would bring down egg prices? And why is he now pretending like the prices are down and lower than ever before???
And most importantly, why aren't there any Republicans that care he lied and continues to lie so shamelessly about it? On that and the thousand other issues he promised he would fix and did not deliver jack shit on.
My point is, they're completely detached from reality. No amount of polite discussion can bring them back. If you haven't realized Trump is a lying crook at this point, you never will.
You're prime example, you just shut your mind completely and said "he can't do anything about it" when 4 months prior you, like the rest of them, certainly would have been adamant Biden should go to hell for making eggs so expensive and that Trump would fix everything.
What do you mean I shut my mind - I never subported him for various reasons. I'm just stating his supporters are not as stupid as you think.
Why can't we talk plainly to each other anymore? Can we not talk in loaded statements and projection?
They have valid concerns, and taking steps to minimizing those concerns is just muddying the water in favor of those using political violence against people who don't deserve it.
There's a lot of counter-intel campaigns flying around all at once, and a lot of them are curated to infect brains of people who are willing to accept fascism.
"Well, they're not completely nazis... so you're wrong for likening them to nazis!"
"Well, you've decided to shut off discussion to people opening your mind about the impending fascism. That must mean you're not fit for discussion"
One the one hand, yes.
On the other hand:
“Historians have a word for Germans who joined the Nazi party, not because they hated Jews, but out of a hope for restored patriotism, or a sense of economic anxiety, or a hope to preserve their religious values, or dislike of their opponents, or raw political opportunism, or convenience, or ignorance, or greed.
That word is 'Nazi.' Nobody cares about their motives anymore.”
- Julius Goat
We had a word for people that voted for Nazis, agreed with Nazis, talked like Nazis but claimed they weren't Nazis themselves in the 40s. It was "Nazi".
What matters is that the current administration is disappearing people with no legal reasons, due process or possible recourse. Either you agree with them in which case fuck you, or you don't and you condemn them. There can be no compromise or civility when one side is so aggressive and dangerous.
See, its unlikely that its those people that you meet online and you won't be able to do anything to them anyway.
%99.999 of the time its usually trolls or people with good intentions(with wrong solutions based on wrong information or understanding of the situation). Trolls can be fun when they play with hypothetical scenarios and edge cases, conducting thought experiments.
You are also unlikely to change the views of the people with good intentions through discussion but they are very useful to understand what their motives so you can develop beter arguments or solutions. Also, you might find out that on some issues you are one of those with good intentions(but misguided understanding of the situation).
No thank you. I am absolutely uninterested in civil discussions with people who literally want to control everything I say and put my good friends into reeducation camps. When you accept communism you throw the concept of civil discourse out the window.
Democrats haven't put anyone into a reeducation camp as far as I'm aware. Your enemies are imaginary while the parent comment's enemies are all too real.
Yes, but the Republicans literally want to kill some minority groups. /s
Do you know how crazy this all sounds once you're outside of a specific left echo chamber? How is the hyperbole I employed any more unbelievable than that of the poster I was replying to? Another sibling comment to yours says that Trump is rounding up political opponents for a gulag. Nevermind that he has only rounded up non-citizen (most of them in the US illegally) because that's all he can do.
If you look at my posting history, it's wildly left-wing as little as 2 years ago. I've become completely disillusioned with the left after noticing how self-contradictory some of those ideas are and how the language of crisis is deployed to constantly smear their political opponents. Everyone the left doesn't like is Hitler and every policy they don't like is fascism. Give me break.
Edit:
For a little more elaboration, look at the speech codes and compelled "DEI pledges" that American universities have employed in the last few years[1]. How is this not speech policing? You might argue that these are private institutions, and maybe that's fair enough, but when the government pulls funding for crap like this the hyperbole and outrage persist.
Or look at Canada's bill C-63[2]. This bill aims to allow the possibility of life sentences for "hate speech"[3]. To me this is authoritarian. To many left wing commentators, it's another day at the office, I guess - meanwhile the Canadian right wing party is regularly called fascist[4][5] despite being basically in line with US Democrats on many issues.
[1] https://unsafescience.substack.com/p/the-last-four-years-wer...
[2] https://www.parl.ca/DocumentViewer/en/44-1/bill/C-63/first-r...
[3] https://bccla.org/2024/09/whats-in-bill-c-63-why-are-we-alar...
[4] https://medium.com/pigeons-peculiarities/pierre-poilievres-p...
[5] https://cultmtl.com/2025/02/pierre-poilievre-has-racked-up-e...
Oh good, "it's only non-citizens". Nevermind that they're still supposed to be protected by the constitution, then. Also, Trump said two days ago that he wishes to send citizens to El Salvador too [1]. Are we allowed to call them fascist or should we wait for that to be made illegal too?
Trump does not care about the law. SCOTUS, in a historic 9-0 ruling, commanded him to bring back Kilmar Abrego Garcia from El Salvador. He unsurprisingly did not comply. Yet you're still insisting he can't legally do X or Y so everything is fine. When has that stopped him, like ever?
If that's not fascism, then what is? What would it take for you to say "OK that's too much"?
[1] https://apnews.com/article/trump-citizens-prison-el-salvador...
Any argument where you can change a few words and it suddenly makes the opposite point was never a good argument to begin with.
In short: it doesn't convince you of anything, it merely reinforces your existing biases.
I understand you're trying to "both sides" an argument. What have you found that has achieved for you in the past? Do you change people's opinions with this?
I have found that no amount of online discussion has ever changed anyone's mind on larger issues. We're all pissing in the wind here.
Then why did you post that?
What you are saying is the fantastical kool-aid Fox News and alt-right media spin to you.
In the meantime, Trump is actually deporting people without due process to inhumane torture camps run by a dictator while openly bragging about it and defying court orders.
These two things are not the same.
> What you are saying is the fantastical kool-aid Fox News and alt-right media spin to you.
What I'm replying to is the fantastical Kool-aid MSNBC and alt-left media spin. I'm pretty sure the Republicans are not going to be rounding up and killing minorities despite hyperbolic descriptions like "people who literally want to kill me and deport my good friends to guantanamo bay cuba".
Wait, you're saying El Salvador is a dictatorship? From briefly glancing at Wikipedia I don't see any evidence of that. Why the need to smear another country just to make Trump look worse?
I don't think any Democrat has ever put anyone into reeducation camps. I may be mistaken though - can you cite some examples?
I don't think any Republican has advocated for a policy of killing minorities. The hyperbole of my post is the point.
Insane talk. Where is that communist political force seeking to open gulags? The Democrats? Hahahahah
Trump has a gulag in El Salvador, right now, that he uses to send his political opponents to. And you people are still making up fantasies to play the victim. Absolutely disgusting.
> people who literally want to control everything I say and put my good friends into reeducation camps
Then you shouldn't talk to Trump supporters as that's exactly what they want to do for anyone that disagrees with them, and last I checked, they're capitalists.
They are planning on abducting people off the street, completely ignoring the courts and denying due process, and sending them to another country where they're being deprived of their rights, again, with no due process and no (effective) judicial review.
I'd expect most right wingers would be against this, but the Orange in Charge's supporters seem to hew to the "well if you didn't do anything wrong you've got nothing to worry about" angle because it's something happening to people they think deserve it.
> but the Orange in Charge's supporters seem to hew to the "well if you didn't do anything wrong you've got nothing to worry about" angle because it's something happening to people they think deserve it.
This is literally the left wing reply when people complain about losing their job or their family for voicing the wrong political belief. "They deserve it, they should 'do better'."
There is a huge difference between losing your job and being black bagged, sent to El Salvador, and possibly killed.
Let's keep that in perspective.
The loop is intentionally being closed and sped-up by enemies of the USA who want to exhaust the USA in every way possible.
After the infekktion of 2015, moderators of Right-leaning discussion boards started amping up their censorship. Left leaning and moderate discussion boards still tend to be more moderate, letting most discussions in and censoring less.
Most of the time, one side is trying to play an equal field, while the other shits all over it and just yells "Winning!"
To play devil's advocate - it's horrible when gaming, programming, business or even porn forums get overrun by politics.
It's not that the political topics are unimportant but all my feeds just end up looking the same as each other and the same as a newspaper app. I hate election nights because of this.
I miss that, too, but the way we get there is by re-establishing democratic norms and boundaries. The United States is flirting with fascism, and globally we are seeing the fallout from that and the cascading effects of climate change, not to mention the impacts of AI on employment, surveillance and censorship, social media, etc. Keeping politics out of forums like the ones you mentioned is like keeping oxygen out of a space station.
Flirting? That was years ago. Fascism has its shit in U-Haul and is ready to move in.
Ready to move in, are we sure it's wallet isn't on the nightstand and the keys are hanging beside the door?
Nah, it's already almost done moving its stuff in.
If you are American and you voted for this guy -> https://www.reddit.com/r/leapoardsatemyface/
"porn forums" is a thing?
Porn forums are a thing. For example, this politician lost what should have been an easy election because someone found his old comments on a porn forum - https://en.wikipedia.org/wiki/2024_North_Carolina_gubernator.... Among other things he commented on the forum that he'd like to bring slavery back.
Honestly did not believe that people commented on porn forums before this incident.
http://twitter.com
They’re so much a thing that they came back the other way and overran politics itself in the North Carolina governor’s race last year
i would be surprised otherwise
Absolutely
Politics are also never discussed with any level of depth. At best, it each side throwing in their opening arguments and nothing more. More often you don't even get that and instead have attacking people directly, stereotyping, straw manning, and all sorts of logical fallacies. Discussion in such a situation does not happens, so either it is an ongoing war or some side wins and pushes out the rest. None of these outcomes would seem beneficial for here, and while I do think there would be some slightly longer form discussions here compared to most places, I don't think it would be enough to avoid the eventual decay.
Inverse devils advocate:
But look at it this way: I see the us political spectrum melting down into authoritarianism and you’re complaining you don’t need to be reminded of it.
A similar analogy would be if we are at your house, and it catches fire, and you complain that it is interfering with watching Netflix while I’m trying to call 911 for help.
From my perspective you are ignoring your own demise and from your perspective I’m just being annoying.
[flagged]
I think it's a stretch to suggest _all_ are, I'm not sure I could believe that a game like Super Hexagon is political. Would it be political to paint the tree in your backyard, or to draw a picture of your cat?
While I have absolutely no idea what the politics of Super Hexagon could be framed as, with regards to the paintings, yes. Having a tree, having a backyard, having a pet (or a cat specifically), these aren't universal across cultures and ideologies and can carry slight, subtle, political messages. Politics don't have to be intentional.
You could say that this is having political implications rather than carrying a political message, but the politics are still lurking in there all the same.
People trying to ignore politics are like fish trying to ignore water.
Not talking about politics is itself a political position (in favor of status quo).
Depends. We’re a small, very international startup and have a super strict “no politics” policy. Politics and work are not a good combination when you’re employing people from all over the world.
But I would not consider it a political statement to adopt this policy.
I think it exists two different general ideas of what politic mean.
For some (including me), politics are, following the oldest definition: 'how do I and fellow humans organize ourselves to live together' this often leads to a belief that everything is politics (for me it's true, but it's a belief, not a fact).
For other, I think that when they say politics, they think of geopolitics and partisanship, which is fair, because it's how politicians and political journalists themselves define politics. For this group, hopefully, not everything is politics.
So to me, this disagreement about wether or not all is political is often semantic rather than ideologic.
The disagreement is semantic and irrelevant in the sense the question at hand usually is which topics and opinions are forbidden at work.
The disagreement is semantic and relevant in the sense people who say no politics at work believe their categories of politics and not politics are obvious.
The disagreement is ideological in the sense ethical concerns about products or customers are designated political often.
Politicians, political journalists, and people who say no politics at work do not define politics as geopolitics and partisanship.
Your statements are incoherent. Politics is decision making and power relationships within groups of people. It is 100% a political statement to adopt this policy as it exercises power over a group. You cannot function as a group without politics. "Where do y'all want to go for lunch" is also politics, as it involves group decision making and power relationships (Do you go to the vegetarian place? Do you avoid the spicy place?) It's a completely banal decision but it is still politics.
If what you want is a "don't piss off your coworkers by discussing topics unrelated to work that you know will annoy people" policy, that is fine, but don't pretend you are not engaging in politics.
The politics of saying "no politics" is that you are drawing some line that separates some political issues into "politics" and others into "not politics". Because to truly avoid all politics is impossible; even if you believe banal, purely intra-personal politics are not political so much of the basic organization of a business & capitalism are politics. "Should we allow remote work" for example is a deeply political question that ties deeply into discussions about the rights/value of neurodivergent & disabled people in the workplace. To say 'I don't believe in God' is a deeply political and dangerous statement in some parts of the world, but fairly banal where I live. To contrast, in Indonesia, it is technically _unconstitutional_ to not believe in a "one and almighty God"
I wish people were at least honest about "no politics" to mean "lets avoid to unsafe, potentially divisive issues relative to our geographic location, and take the basic tenets of neoliberal, capitalistic society to be assumed". And yeah, that is a more than reasonable policy. Its a difficult policy in international spaces, because its very hard to not trespass that line when political contexts differ so strongly across the globe
> The politics of saying "no politics" is that you are drawing some line that separates some political issues into "politics" and others into "not politics".
I find someone's heuristics for deciding which category a statement falls into chiefly turns on if they agree with the statement. If they agree with the statement then it is not political, and if they disagree, it's political.
> take the basic tenets of neoliberal, capitalistic society to be assumed
Well, then any discussion about an illiberal oclocratic executive (such as 47's) should be fair game...
"Politics" is a stupid word because everyone has a different idea about what it means and so they all talk past each other.
The word “politics” is vague, and that only makes banning political discussions worse if it only becomes political when the higher-ups don’t like it.
Say your company has a possibility of working with some client company who is directly or indirectly involved with cause X. If it is “political” to talk about not working with them because of X, but it is “not political” to talk about working with them, then you see what I mean.
It doesn’t have to be a destructive conversation: one employee might say we should avoid them, but you might say we need to work with them because we need the money now and can drop them later when we are in a better place. Other employees could talk how cause X is not that unethical for reasons. If someone balks at a point of view incompatible with theirs and is incapable of expressing a viewpoint in a way that respects other views, maybe that someone is not mature enough and next time your HR can avoid that type.
Many people that ban political discussions miss the irony that it's a political decision.
Yeah exactly, the same people who shout the loudest about "everything is politics" and want to talk about it at work would go apeshit if someone at work said "I'm not comfortable with abortion", etc. HR would quickly be called and shut them down.
First, “no politics” is not a political statement to me, more of an implicitly adopted political position.
Personally, if I have a personal political position and my colleague has an opposite one, I don’t see why we can’t talk about it. If you have a workplace rule about no politics during working hours, you better have this rule for all non-work discussions at work, or I personally would feel uncomfortable.
— If politics talk happens at work too much and affects productivity, then it is a problem, but then it is a problem with any non-work topic.
— If it causes heated debate, ruins morale, and makes people dislike each other, then it is a problem, but then it is a problem with any topic that causes heated debate. For some people it’s golf, for some philosophy, for some music. How many topics should be banned?
Are you from the US? In the last 15 years it has become impossible for two people to reasonably disagree over political positions because of how much vitriol is thrown around on the attention markets—even if both individuals themselves are rather tame. When having an otherwise normal political opinion makes you a racist bigot or a beta cuck because the opposition is so determined to get their way at any cost, no, you can’t just talk politics at work and have a cohesive team. Someone will feel oppressed.
Work is about making money. Politics is a distraction unless there’s an issue that directly affects the business. Then it’s fair game. Like this one. Many teams of individuals will have to figure out how to navigate this situation so discussing it in context is apropos and can be done objectively.
> When having an otherwise normal political opinion makes you a racist bigot or a beta cuck because the opposition is so determined to get their way at any cost
If someone calls me a racist bigot or a beta cuck, that is a problem. That problem also has nothing to do with politics. It has to do with someone not being emotionally mature enough or equipped to handle a discussion with someone who has different views, or someone having a mental breakdown.
I am not from the US, but I had enjoyed some reasonable conversations with people from the US (among other countries) with very different views, and I was never called names. There are awkward moments when you have to hear something you don’t agree with, but that is most of life if you ever interact with people.
The key is to be like an HTTP server: liberal in terms of what you can accept, but strict with what you put out there.
> Work is about making money.
You have just thrown another political position into the mix, I hope you realize that?
> It has to do with someone not being emotionally mature enough or equipped to handle a discussion with someone who has different views, or someone having a mental breakdown.
Any moderately sized company is practically guaranteed to have a few people like this. So getting into these discussions has a high risk of becoming an HR issue as tempers flare and conversations become vitriolic.
There's also the issue that the company founders and leadership have political opinions of their own that might inform company policy and any political opinion to the contrary may be perceived as pushback from a "troublemaker".
> getting into these discussions has a high risk of becoming an HR issue as tempers flare and conversations become vitriolic.
Here we can forget that IRL face to face people are much less likely to be offensive to each other. If they get to literal name calling and aggression, sure, that’s an HR issue, HR gets paid to sort this out, doesn’t it? I don’t see how politics is different from any other topic on which people can have strong opinions.
> There's also the issue that the company founders and leadership have political opinions of their own that might inform company policy and any political opinion to the contrary may be perceived as pushback from a "troublemaker".
That is why “no politics” is somewhat dishonest. In my view, either blanket forbid all off-topic talks, or don’t censor by topic and handle fights if they arise. There can also be softer guidelines about how to behave at work without an actual ban of any topic.
Or censor by topic specifically and honestly.
I agree with your ideal. I used to be one of those people who would just talk about whatever in any context assuming everyone was mature enough to have academic discussions and not get personal. Political viewpoint is a protected class in the US. But we all saw what happened to James Dramore. Real consequences for holding a political opinion that allegedly made him “unemployable at Google” where his politics were so threatening to the established order that Google just couldn’t operate with him in the mix. You’d think G has the most mature employees… and either they do but humans are just toxically unable to hold differing opinions, or they don’t and therefore have to maintain a safe space for the comfort of their sensitive workers.
The silliest part: what was his thesis? Well that using race and gender based quotas during hiring and leveling made Google less competitive. Certainly not a privileged white male tech bro just barreling through the company on a racist bigoted spree leaving tears in his wake. There is more interesting discussion to be had here about how the Civil Rights Act has been weaponized in the US and companies feel they have a legal obligation now to prove that their systems don’t yield “unfair distribution of protected classes”, or whatever the actual wording is. And how that is at odds with a world where you can openly discuss politics at a company without fear of falling afoul of the Chief Diversity Officer (ffs, there are executives installed to maintain the order now). And related: just look at how pockets of people respond to Trump’s second term insisting that he’s a fascist dictator and anybody who doesn’t see it is a de facto fascist. But I digress.
Nobody wants to bet their job on being on the losing end of a kafka traps and thought terminating clichés.
I am torn.com player which is a MMORPG as far removed from politics as can be. But when large part of dev team are ukrainians that were suddenly unable to work from clearly political reasons you can't ignore it.
How do you define politics? For example, are employees allowed to be LGBTQ? Are they allowed to mention their relationships to colleagues?
Being straight is also pretty much political at this point. With the way it's being slipped into the culture (all that trad stuff, images of lifestyle to aspire to, etc.) and has become (has always been perhaps) a part of political messaging and campaigning, heterosexuality is political. Even within the heterosexuality itself and its expressions, there's still politics - "what's the right way to do it" and such. (not saying this like 'oh those poor straight people' but just that, it is all, all political)
For what it’s worth, I completely agree, I just thought LGBTQ was a clearer example because of how different it is seen in different parts of the world, and how it is at the same time an inescapable part of many people’s identity.
For a lot of people on HN, a ban on politics discussions in the office is impossible because we have to deal with software licenses.
One might argue that it's even more important to discuss international politics these days, considering how interconnected the world is and how so many countries seem to be facing many of the same issues.
You would have been cancelled if you said this between 2014 - 2019 at the peak of it all.
At least now you can say it out now without being downvoted into oblivion.
No it’s not. It’s a position that comes from experience of knowing that it’s a complete waste of time because nobody’s mind is being changed.
Further, there are entire segments of political groups who just want to assume your beliefs like a political straw man so they can denigrate you.
It’s an unhealthy waste of time and that doesn’t truly hit you until you invest the time in talking to an otherwise rational person, provide the closest thing to proof of your perspective in a situation and then watch them deny it anyway.
> it’s a complete waste of time because nobody’s mind is being changed.
What you said can be true if you approach the discussion with an attitude of “I want to change everybody’s mind” instead of trying to get to some agreement and truth.
Not only stating an opinion is compatible with a constructive discussion that could lead to a mutual adjustment of opinions—in fact, stating your opinion is a precursor to having a discussion that can change it.
> It’s an unhealthy waste of time and that doesn’t truly hit you until you invest the time in talking to an otherwise rational person, provide the closest thing to proof of your perspective in a situation and then watch them deny it anyway.
The magic happens when one person realizes that another, obviously sane in every other way person can think very differently about topic X. Repeated exposure to alternative views from other people in your circles leaves no alternative except to adjust your own opinion on topic X.
Thing is, it’s tricky or impossible online. Aside from a handful of well-known people with some reputation or infamy, most of us only know each other as handles with no context. On the Internet, no one knows you are a dog or a basement dweller who lives with his parents and could never hold a job. Meanwhile, access to a group of like-minded people is always at your fingertips when you are online. However, when you are in a company of people who clearly are similar enough in what they achieved, in their choice to work for the same company, maybe good in their software engineering skill, etc., it makes their opinion something that may count.
Not being able or willing to freely exchange and consequently converge on opinions with people whom you routinely meet in real life, and only discussing said opinions in your respective online bubbles, strikes me as a path to having more and more divergent, incompatible, extreme opinions (which I rather suspect might have been happening a lot in recent years).
> Repeated exposure to alternative views from other people in your circles leaves no alternative except to adjust your own opinion on topic X.
I have not found this to be true when it comes to politically aligned beliefs.
Maybe don’t always just take their word for it. Some (most?) people will continue to express their view vocally, but the fact of encountering an opinion from someone they otherwise find a reasonable and sane person will cause introspection and adjustment, and maybe in a different group they would express an adjusted opinion. Most people are always affected by others (excluding sociopaths or other unusual cases).
In person when you can communicate tone and know there is a level of mutual trust, I would generally agree.
Over the past few years I’ve even begun to wonder about that though.
>> No it’s not. It’s a position that comes from experience of knowing that it’s a complete waste of time because nobody’s mind is being changed.
I think the issue is that when people debate someone, they want to "win" by having the other side accept defeat. You are right, that rarely happens, especially in politics.
However, as someone who has participated in countless formal debates, I'll share a secret: your goal in a debate isn't to convince the person you're debating. It's to convince the audience. And that happens quite frequently, even if it's not immediately visible to the debate participants.
That is certainly a valid point, especially in formal debates.
You don't need to completely change someone's positions for it to be worthwhile. This is a thread about something that has directly to do with HN's usual tech topics, and it would be hard to not talk at least a bit about the political aspects.
Incorrect, not talking about politics does not signal any political affiliation.
I think the "everything is political" statement is technically correct but practically useless. In the workplace the discussion is mostly about allowing or disallowing politics that are irrelevant to the business.
No it’s not. It’s having discipline to not pollute unrelated conversations with your politics. I am very against the status quo but I don’t complain about it to a bunch of anonymous usernames on a forum focused on technology.
You can believe something without proselytizing.
Technology and the consequences of using technology are inherently highly political.
New or improved technologies shape communities.
Ignoring that is a political statement as well.
Just see how online media has changed discourse, how Amazon changed retail business, how business analytics change the way businesses work, how always being connected changes relations, ...
When developing technologies one can be Wernher von Braun "(where the rockets land and whether they contain explosives is) not my department" or one can consider consequences.Both are a political position, with consequences.
>Technology and the consequences of using technology are inherently highly political.
So what stance does The Art of Computer Programming take on communism?
Knuth in the wake of the Iraq war and the Abu Ghraid crimes asked some "Infrequently Asked Questions" which are of course highly political. He kept this page linked on top of his home page. And in 2022 he wrote a postscript with more political questions.
https://www-cs-faculty.stanford.edu/~knuth/iaq.html
I didn't ask about Knuth.
I asked about the book. Everything is inherently HIGHLY political, thus this should be an easy question.
Perhaps you are exaggerating. At least, my original comment was “not talking about politics is a political position”, not “everything is HIGHLY political”.
However, yes, some people would say that, for example, almost everything is political to some degree. I don’t know if I agree with them entirely. In case of Knuth, they would probably say that the choice of what to write about in the book (just like the choice of whether to be a computer scientist in the first place) cannot be divorced from his politics. Like the choice of someone to work in nuclear science or environmental science or “anything that pays good money” is informed by individual’s political positions. “Politics is water” is a great metaphor.
Between the four books there is a lot of paper being printed, with chemicals which have to be sources somewhere.
But a bit more serious there are different angles to this:
One is that the formalization Knuth did, is basis for the way other research on computer science has been setup.
His work on TeX as part of writing the books has great impact on how scientific reports are being written, which themselves have consequences.
And then there is all the consequence while implementing technology. How optimisations by better algorithms enable data mining, replacing manual labor, ...
Now of course impact differs. Not everybody is building V2 rockets (as well as Saturn rockets) like von Braun did, but there are many wheels in the machinery.
I myself am a small wheel in building database engines. The software is used by sports clubs to manage their members, shop owners to manage their inventory, companies to run their ads and air craft carriers to replicate strategic data across the ship, so that if one part is damaged, the other can still operate. If I were to leave, the organisation would continue developing, but the work has impact.
That’s a very narrow redefinition of both technology and politics, and even there it’s only a step away from discussions about how automation affects millions of jobs, how daily lives are shaped by what’s allowed by the software which large companies or governments build, or how amassed data can be misused in ways which wouldn’t be possible without efficient algorithms.
Is communism the only political topic? Or does whether or not The Art of Computer Programming talk about accessibility in software not constitute a political opinion?
> having discipline to not pollute unrelated conversations with your politics
Discipline isn’t found in hiding. Someone who cannot discuss politics without polluting conversations isn’t disciplined, they’re unpracticed in conversing and thinking through their views.
Things are often inherently political.
> You can believe something without proselytizing.
You can talk about politics without proselytising. Why should discussing a topic even invoke the words like “belief” and “proselytising”?
Not only stating an opinion is compatible with a constructive discussion that could lead to a mutual adjustment of opinions—in fact, stating your opinion is often a pre-requisite to having a discussion that could lead to it being changed.
The magic happens when person A realizes that another, equally sane person B can think very differently about topic X. At that point, the person A has to either 1) write the person B off as crazy (not so easy when that person is obviously sane in every other way), or 2) realize that there may be something to it and ever so slightly adjust own opinion on topic X, or at least become more tolerant.
Not being able or willing to freely exchange and converge on opinions with people whom you routinely meet in real life, only discussing them online in your respective bubbles, is a sure way to having only more and more wildly incompatible and divisive opinions, and I suspect it is exactly what has been happening in recent years.
It's in favor of not having relationships break down in your community/company.
Only a small percentage of people are able to handle fundamental disagreements calmly and without it bleeding over to other interactions.
Will the SE and sales guy work as well together if the former knows the latter donates half his commission money to organizations that help kill babies?
I have friendly relationships with a few people who have political opinions some of which are opposite to mine.
> Will the SE and sales guy work as well together if the former knows the latter donates half his commission money to organizations that help kill babies?
A friend of mine is a vegan. Anywhere he works, to him, most of his coworkers not just help kill conscious beings that have self-awareness and feel pain, they literally eat them. Does this mean talking about what you have for lunch should be banned? Does this mean he should throw a fit any time he talks to a non-vegan?
Incidentally, we sometimes have good debates about the nature of consciousness, the effectiveness of individual veganism on reducing suffering, utilitarianism and deontology, vegan food options, etc. I feel being converted and I don’t mind it.
> Anywhere he works, to him, most of his coworkers not just help kill conscious beings that have self-awareness and feel pain, they literally eat them. Does this mean talking about what you have for lunch should be banned?
You're making the opposite case of what you think. Your Vegan friend is avoiding taking about politics constantly because they're not bringing up the fact that everyone is consuming the flesh of innocent animals every time they go for lunch. If they started talking about the politics and beliefs of veganism at every meal shared with coworkers, I think it would have a negative impact on those relationships.
He does not bring up consuming products of animal suffering (including egg and milk products) directly, but he does order vegan food, which is enough to make a point (for me at least).
What he is doing by expressing his philosophical position simply through his order is turning me subsequently ordering something with eggs into a philosophically loaded action as well. That, of course, shifts my opinion on the question.
I am making the point I am making: if we worked together, we should be free to discuss veganism or paleo diet (which I have discussed with a coworker previously) whenever either of us wanted, and he demonstrated being an adult about it when we do. If he asked to not talk about it because it made him uncomfortable, then we wouldn’t. I do not see why political discussions have to be different.
Turning the question around, will the SE and sales guy work as well together if the former knows the latter donates half his commission money to FSF while the other is hard advocate for commercial software?
Politics are across all layers, including at technology decisions.
but letting > the SE and sales guy
never find out about their shared passion is kind of cruel, too?
It's not uncommon for one side to come out with their position/interpretation/belief whether it's passion or not.
Maybe at a work function, team party, conference, etc.
It’s really a question of time and place. There are many foundational topics in life, such as politics, religion, and philosophy. But it’s not always helpful or appropriate to discuss them in a particular setting.
That said, HN already has an extremely wide range of subject matter, so I wouldn’t say politics should be out of place here. It can, though, become a divisive distraction that disrupts other conversations, so I can appreciate that some limits are needed.
> People trying to ignore politics are like fish trying to ignore water.
Like fish, most people do ignore it until it turns foul.
Ignore politics entirely maybe, but people who are tired of hearing the exact same extremist reductive opinions over and over again everywhere aren't necessarily ignoring politics. Yes we know it's all because conservatives are fascists and corrupt and Russian agents and liberals are communists and in bed with the Chinese, etc., not caring to hear about it again is not surrendering the battle of good vs evil.
For me, ironically, the worst casualty of "politics" infiltrating everything is... politics. I mean the respectful and reasoned discussion of politics. Not that it was ever in great supply, but now it is non-existent.
> The ancient Greek understanding of an “idiot” referred to someone who was a private citizen or a person who did not actively participate in public life or politics.
This quote is essentially unworkable. Everything you say, or choose not to say, inevitably advances some political perspective over another.
What we should really aim for is thoughtful, civilized, and maybe even aesthetically pleasing discourse. That’s what educated people strive for.
Trying to “avoid politics” is like collecting seashells while a tsunami is rolling in.
It's scary how widely this varies between different communities. On Reddit, /r/politics is mostly people acting like they're auditioning for the writers' room on one of those late-night talk shows, whereas /r/ukpolitics and /r/australianpolitics are almost exclusively people making insightful, analytic comments.
Oh really? I will check all of them, thanks for the hints!
Agreed. Those who don't care about politics are doomed to be ruled by those who care.
Moreover, avoiding politics is impossible. It's all around you. Labor, entertainment, food, housing. Burying your head in the sand will only get you to have your ass in the air.
Maybe "be polite" should be a better rule than "avoid politics".
Everything is political now by design. It's meant to reach into every facet of society and community and restructure it.
Everything was always political. Laws, the economy, conflcit. How is any person not affected by these? The government is responsible for all or a large part of how a country functions.
People who say "I'm not political" are deflecting to avoid conflict
One of the benefits a working democracy conveys to its citizens is that they largely don't have to care about politics. They can trust that government action is relatively consistent over time, that laws will be enforced fairly enough, that their property will be protected to a reasonable degree, that the currency will be reasonably stable, that the roads will be maintained, that some public transport will be available, that sudden wars won't erupt around them, and so on.
That's what makes working democracies successful. But it seems that it also makes democracies vulnerable because people don't realize they have these benefits because they live in a working democracy. They start to think these benefits have nothing to do with politics and are just the way things are, like the laws of nature.
Interestingly, I believe that the reality is exactly the opposite: on the political regimes' spectrum of democratic -> authoritarian -> totalitarian only the middle one doesn't require people's participation. Both democracy and totalitarism need to be actively maintained by significant part of the population, otherwise they converge to the "natural" state of things - authoritarian order. None of the stuff you listed (fair laws, property rights, etc.) occur naturally once it has been set up at some point in past. That's why they talk about "checks and balances" all the time, and they are impossible without active participation.
Yeah, I should have phrased this better. When I said that
>citizens (...) largely don't have to care about politics
I didn't mean that it wasn't harmful if they didn't care; I meant that there was no clear, immediate incentive.
>I meant that there was no clear, immediate incentive.
What about tariffs, that causes price increased. What about changes to the law, like congestion pricing in NYC
What distinction are you making between authoritarian and totalitarian here?
I think the most significant distinction is exactly that:
Authoritarian - leaves people alone in general as long as they stay out of politics. Examples: 90% of regimes throughout human history. Almost all post-soviet countries, almost all of Middle East and Africa, Singapore, etc.
Totalitarian - forces people into actively participating in leader's political goals and penetrates the daily life. North Korea, USSR, Nazi Germany, Fascist Italy.
>Authoritarian - leaves people alone in general as long as they stay out of politics.
Directly, yes, but their policies still affect people.
For example, if an authoritarian leaders enacts economic decisions that damage the economy everyone is affected.
If I pay more for goods and services due to Tariffs aren't I being forced to participate in the leader's political goals?
The distinction is fuzzy, but I think what is meant here is more directly political. In a totalitarian system, it is considered important for everyone to know and openly and regularly support state ideology with words and deeds. In the least totalitarian but authoritarian system, the state just wants apathy and obedience from its citizenry.
So it would be totalitarian leaning for a leader to make a speech (watching is mandatory btw) saying that buying foreign is anti-patriotic and generating social censure, in addition to the tariffs, for people seen with foreign goods.
>it is considered important for everyone to know and openly and regularly support state ideology with words and deeds.
People literally do this on social media and they aren't even being forced.
As for the remainder, I do see the forced part but I'm not sure of how meaningful that is. If I don't agree with Trump but I'm forced to watch his speeches what does this do?
As for supporting state ideology, while not forced, there are hats, bumper stickers, flags to identify yourself
Imagine Trump forced everyone to wear his MAGA hat. What effect does it have? I don't think being forced to do this and that has much value
> People literally do this on social media and they aren't even being forced.
I think applying the authoritarian-totalitarian distinction in a democracy gets weird because democracies like totalitarian systems but unlike the archetypal authoritarian system expect the average person to engage in politics. So it's not a straight spectrum from democracy to totalitarian with autocracy in the middle.
And if someone forces everyone to wear their symbols, then it becomes obvious who the open dissenters are, and it becomes hard to tell who is neutral, who is enthusiastic, and who is silently dissenting, everyone looks like a supporter and people may start becoming more supporting simply because of apparent social consensus.
Anyway, here's what Wikipedia has to say. Maybe it clears up
> In exercising the power of government upon society, the application of an official dominant ideology differentiates the worldview of the totalitarian régime from the worldview of the authoritarian régime, which is "only concerned with political power, and, as long as [government power] is not contested, [the authoritarian government] gives society a certain degree of liberty."[6] Having no ideology to propagate, the politically secular authoritarian government "does not attempt to change the world and human nature",[6] whereas the "totalitarian government seeks to completely control the thoughts and actions of its citizens",[5] by way of an official "totalist ideology, a [political] party reinforced by a secret police, and monopolistic control of industrial mass society."[6]
https://en.wikipedia.org/wiki/Totalitarianism#Definitions
>One of the benefits a working democracy conveys to its citizens is that they largely don't have to care about politics
The citizens elect the government so how can you not care about poltiics?
Well, a bit. A part of liberal democracy is that elections don't matter that much. The losers can trust that they aren't going to be arrested, have their property confiscated etc. The established system like the courts, constitutions separation of powers and other anti-majoritarian things will prevent most extreme measures. And in at least some political systems, it is expect that no matter what some minimally competent people will win and govern not that differently from what the election loser was going to do.
And remember voting is not mandatory and a lot of people don't vote. Those people are ultimately letting others decide, and a lot of them are hoping the voters are going to pick well, or at least decently.
>The losers can trust that they aren't going to be arrested, have their property confiscated etc.
Is that what people are worried about? What about the economy, civil rights, wars, etc.
I'm very confused about your argument. Is it that who you vote for doesn't matter because they won't personally attack you and the policies of whatever politician won't harm you?
>lot of them are hoping the voters are going to pick well, or at least decently.
Considering how the popular vote is almost always close to being split (you know like +10/-10) why would a non voter have that trust when from their view it's a coinflip
You had asked "how can you not care about poltiics?" which implies there's some force driving people to care about the outcome. Similarly "why would a non voter have that trust when from their view it's a coinflip" is effectively the same question.
If someone doesn't particularly care about the outcome given the available options then it follows that how close or far the odds are isn't going to matter to them.
> Is that what people are worried about? What about the economy, civil rights, wars, etc.
It's important to be clear about the context. There's the thing, and then there's the thing relative to the election where only a few outcomes are possible once the ballot has been set. It is possible to care deeply about the former but not particularly about the latter, either because all options are either good enough or pointlessly bad from your perspective. And of course it is also possible to simple not care (ie be emotionally invested in and go about broadcasting your opinion to others) about the things you listed to begin with.
It's also important to keep in mind that "not caring" can be at odds with "ought to care", although that is obviously a subjective third party judgment.
> Is that what people are worried about? What about the economy, civil rights, wars, etc.
I meant this more like what people could be worried about. In a functioning liberal democracy, there are things people usually don't worry about, which allows some people to just ignore politics. Sure the economy is an issue, but there isn't a serious communist contender in the election or a candidate wanting to start wars of conquest.
Imagine this election. Candidate A you think will deliver GDP growth of 2+-0.5%. Candidate B you expect to deliver GDP growth of 3+-2% growth. No other big difference between them. Maybe you prefer A, maybe you don't, but in the end you'll probably be relatively fine either way.
Now imagine this other election. Candidate A hates your ethnic group and you are likely going to be fired from your government job or worse if he wins. Candidate B is from your ethnic group and will do reverse Candidate A. Now the point is that this sort of election isn't supposed to happen in a functional liberal democracy.
Consequences are rarely this extreme, and even when they are it's not a product of personal or group targeting just a general policy like "ban fracking", which means even affected people can still carry on with their lives.
And also this is one of the reasons elections "work" at all. If the losers think they will be chased by the state after losing, there's no reason to participate in the election, might as well arm up before the polls and take your chances in the battlefield and/or negotiate directly with the other side's elites.
> I'm very confused about your argument. Is it that who you vote for doesn't matter because they won't personally attack you and the policies of whatever politician won't harm you?
> Considering how the popular vote is almost always close to being split (you know like +10/-10) why would a non voter have that trust when from their view it's a coinflip
My point is that it's a coinflip between two acceptable choices. Some of those nonvoters would be literally undecided if asked who they prefer. It may matter, but not that much. And even if it does, it may matter in a way where the consequences are hard to predict or not obvious.
>The citizens elect the government so how can you not care about poltiics?
I don't think there's a direct correlation between the ability to vote and caring about politics. People usually care about politics when it affects them negatively. I would guess that most people in most democratic systems don't have strong negative experiences with their governments and, thus, are not incentivized to care about politics.
Note that I'm not making an argument that they should not care. I think they should, but the very system that allows participation probably also decreases the incentive for most people to participate.
>. I would guess that most people in most democratic systems don't have strong negative experiences with their governments
Opinion polls about political parties and leaders seem to always hover near the bottom end, at least in the US [1]
[1] there are always bumps after elections (change), war (nationalism), and tragedy (group sympathy)
And yet the Republicans have campaigned on tearing down government for my entire life. And people treated me like a fool for believing them.
Alternatively people who say “I’m not political” are benefiting from the status quo and political direction of things (long term, not necessarily short term). They frame inaction as apolitical.
It is apolitical for any reasonable definition of the term "political". That doesn't mean you don't benefit, or that it's a responsible choice, or anything else. It just means you aren't engaging in political activity - attempting to convince those around you, to gain influence, etc.
> People who say "I'm not political" are deflecting to avoid conflict
A great truth. Even isolating yourself from society like a hermit is still a political decision: you are rejecting society as it is, and prefer to live in your own solo society. That's politics.
I don’t think that’s totally accurate. If I live as a hermit but perform my civic duties like voting and paying any taxes, I don’t see how choosing to live in solitude is anything more than a lifestyle choice.
I don't think he was saying it's more than a lifestyle choice just that your still involved, a non action is an action.
> Even isolating yourself from society like a hermit is still a political decision
That is a nonsensical definition of that term. It implies that literally any action you take falls into the set "political" instead of outside of it. That defeats the purpose of the term. The point of qualifiers is to differentiate between different sorts of things.
Obviously the intention of the person using such a term is to distinguish between things. Thus such a rebuttal amounts to intellectual dishonesty by intentionally misinterpreting what was said.
[dead]
When this is discussed, what's being meant is that everday party politics are spilling out and overwhelming a project's or industry's individual, internal politics, which are often a completely disconnected meta.
Appealing to "well everything is connected" I'm not sure is useful. It's interesting from a semantics perspective the first few times you come across it maybe, then swaps around into being plain frustrating, then lands on just missing the point.
Finally, I think people who want to stay out of said party political meta I think are doing a pretty big favor to their mental health, and I really can't fault them one bit for it. No coincidence either.
Two things:
"Party politics" is ill-defined, and so a "no politics" rule becomes an arbitrary hammer that bosses can use to smash employees. If I say "I'm going to get a COVID vaccine this afternoon" is that discussing party politics? In the UK, where I live, the vaccine was provided by the government, so I'm implicitly discussing the actions of the government. That is under any reasonable definition a discussion of politics.
"everyday party politics are spilling out and overwhelming a project's or industry's individual, internal politics" is how "no politics" rules are usually justified, but this was not what happened in the poster child cases of implementing "no politics" rules (37signals, Coinbase). 37signals in particular tried to spin it this way, but it was the actions of a group within the company approved by the founders that caused the problem. (Coinbase was just completely incoherent from the start. Their mission is something like "End economic inequality" which a reasonable person could take to mean anarchist or communist discussion is on topic.)
There's no way to define any modality of politics such that someone like you won't come around and start going off about how it's a leaky segmentation, and is actually just an excuse for censorship.
Every artificial segmentation of the real world is leaky. Just like the recognition that politics is everywhere, this too is not actually inquisitive. It's like arguing that stairsteps are chairs. They can be, but that doesn't make the word "chair" ill-defined.
> but this was not what happened in the poster child cases of implementing "no politics" rules
There is no such thing. These may be notable cases in your cohort, for me it's the first time I heard of these. And I've seen my fair share of these rules.
What's the purpose of a "no politics" rule at work? Is to stop people starting shit with their coworkers, or is to give those in power an arbitrary hammer to apply to those without power in the organization?
If it's the former, 1) it should be just that and 2) it isn't needed because it's never ok to start shit with coworkers that is unrelated to work. If someone spends all their time starting shit, whether about politics (however that is defined), sports, food choices, clothing, or anything else you can just fire them. No need to have a "no politics" rule.
I think it's more simple. Just avoid any conflict. As you pointed out "don't start shit" already covers this but they specifically call out politics because some might not think it would cause offense.
What if you speak about something with no intention of creating conflict, but a few people around you get riled up? You haven't done anything wrong yet the divisive topic isn't a good fit for the workplace.
Some employees either can't or won't see this, hence rules such as "no politics".
The covid vaccine example is a good one in terms of something in everyday life that is politicised.
It is also illustrates the problem with discussing politics in an international forum. The KCL study of covid conspiracy theories (carried out during the pandemic) found that in the UK young people and those who identified as left wing were more likely to believe conspiracy theories. I am pretty sure this is significantly different from the US. Also matches things I have heard (e.g. my daughter met people at university who refused the vaccine because "we don't trust the Tories".
It is pretty common for Americans to assume that the Conservatives are equivalent to Republicans, and Labour are like the Democrats, which is very far from the truth. It has always been far from the truth but the reasons why change - e.g. in the 80s Thatcher and Reagan were not far apart, but that that time Labour were far to the left of the Democrats (actual socialists).
> I think are doing a pretty big favor to their mental health, and
It your mental health is harmed while defending your political views it's possible your views are the issue.
For example if my view was that "domestic animals shouldn't be abused and penalties increased for such crimes" I wouldn't have mental health issues discussing this.
The vast majority of people will get stressed talking to people they think are evil or against their values. Someone breaking down in tears because another person says they "don't give a fuck about the bloody Gazans" is not behaving particularly unusually.
The views don't matter as much as how strongly they are held.
I understand this happens and I agree but there's two options.
1. Avoid talking about politics
2. Learn to control your emotions when discussing politics even if you have a strong view.
I think 2 is a better solution otherwise the worse things get the more people will avoid talking about it.
It's worth the effort because, based on your example, if you really cared about the people of Gaza you need to stand up and defend them, not avoid the topic due to how uncomfortable it makes you feel
> Someone breaking down in tears because another person says they "don't give a fuck about the bloody Gazans" is not behaving particularly unusually.
it might be reasonable if you have personal close links to Gaza (e.g. you are worried about family who live there), but otherwise it OUGHT to be very unusual.
> it might be reasonable if you have personal close links to Gaza (e.g. you are worried about family who live there)
That's another problem with political discussions at work - you're often not sure why someone has a particular beliefs and so it's hard to know whether disagreement will be taken as an abstract difference of opinion or as an attack on their family, friends, or homeland.
"I don't care if people in Gaza die"
"Wait, you don't give a shit if like 10k families are killed?"
"No, no, it's like I don't care from an abstract point of view"
Why?
Funnily enough, one of the UK's odder, more intense, and probably mentally ill domestic terror campaigns was carried out by anti-vivisectionists.
(https://en.wikipedia.org/wiki/Stop_Huntingdon_Animal_Cruelty)
Were they anti vivisectionists? Or animal testing opponents who called animal testing vivisection?
So if I now said some intentionally asinine garbage, e.g. about how dogs need to be disciplined, shown who the pack leader is, and sometimes that necessarily involves a beating, and how if you disagree you're woke, that wouldn't make you very understandably very distraught?
Because it would make me pretty distraught, and I don't think that it's because anything is wrong with the idea of not abusing animals.
Even doing this mental exercise for the sake of this conversation is already extremely frustrating for me. And I don't think this should surprise you, or is anything strange or unusual.
Actually yeah if someone stating their views in a context that doesn't directly impact you leaves you "distraught" I'd say you have an emotional issue on your end. That said, in the real world people commonly have those and avoiding the situations that trigger them is perfectly reasonable.
Let's just be clear that something can be commonplace while also being a personal issue.
I guess people getting extremely worked up in controversial threads are all just exceptional cases like I am then.
My entire point there was that this is not exceptional in the least. People having emotional issues is quite common!
Incidentally, the response you're exhibiting here - a reflexive emotional rejection as opposed to critical thought - is closely related to the phenomenon being discussed here. That exact response is often (but not always) what leads to people becoming distraught in the first place. It's an emotional feedback loop.
Examining the context we see something of a dichotomy. That mental health being harmed by political discourse is likely to indicate a problem with personal views versus that being normal and expected depending on context. I'm presenting a third viewpoint tied to the example you provided. The idea that it is related to an emotional issue which is largely independent of personal views, that this is a relatively common thing to encounter, and that people should not be criticized for taking steps to mitigate personal issues.
In other words, I am largely agreeing with you but going on to point out that it's a personal issue deserving of long term work.
I mean I think The Republican Incumbent was chosen specifically as a tool because he is so extreme, pervasive and demoralising and creeps into everything. Definitely by Russia, maybe also by our "friend" in the ME. Although it's not that reported on they are on friendly terms.
Disaffection lends itself easily to creating a Russia-style society. This all feels pretty Dugin-esque, and his proposition (return to values, reject interest/hope in politics because it is always flawed anyway, bind together under the state) fits perfectly, and is finding prominence at the perfect time.
Just my opinion, but to me this seems far more akin to Dugin than whatever Curtis Yavin is pushing
What is "ME" referring to?
"Middle East" is the usual expansion, and fits in context here.
The "friend" could be Israel or some person like Mohammed bin Salman.
Given the treatment for supporters of gaza, almost certainly Netting-yahoo
Everything already was, you just didn't recognize it because it was to your benefit / in your interests.
Agree, but it goes both ways, with technology (that many of us here have helped create and maintain) also reaching out into every facet of society and community, many times in close symbiosis with the political powers that be, to the detriment of said society and community.
Not 100% sure what I wanted to say, maybe that said politics (and the political as a whole) wouldn't have invaded almost our entire lives without the help of technology.
That's because we got reliant on the funds from government. Maybe it's time to break the dependency.
> That's because we got reliant on the funds from government
Not we, some people got reliant on the funds from government. It is always at the cost of someone else. The tax the rich and bourgeoisie mentality is what led to Mao Zedong and Stalin, but no-one wants to learn about history anymore.
Tax the rich mentality also led to the "golden age of capitalism" of the 1940s, 50s, and 60s. The tax rates on the wealthiest in the US at that time were huge, and that money went into job programs, housing assistance programs, construction projects, etc.
Stalin and Mao were both cults of personality being driven by a young, disaffected population who were so sick and tired of the status quo that they were willing to murder and burn and kill and destroy and didn't really care about what came after.
That should sound very familiar right about now.
The problem is not political topics, it is how people discuss them.
It's exhausting because of https://en.wikipedia.org/wiki/Firehose_of_falsehood
That's a massive issue. Every topic is so polarized that it's as if it's evil vs. good.
But I think people are waking up, because things they took as non-political god given right is being made political and taken away.
I view the archive.org, Wikipedia, CVE program, and Linux Kernel to all have had discussions on HN about how to they should be funded. Is that kind of politics the kind that people wish that HN stayed out from?
No, but the "everything is political" people are not capable of making that distinction. Which is probably why everything seems political to them.
> that distinction
What is the distinction?
Yep. It's also true of people who think they can simply move out of the US and that "solves" the problem too. America's problems are still (almost) everyone's problems too.
True. But it's much less of a problem outside. For example, does the gun culture in the US affect the rest of the world? It sure does. You can guess where most of the illegal weapons come from. But we rarely even think about getting shot while at school or on our way to the groceries.
What people mean when they say this is that they don't want to engage in party political and/or tribal political discussions. They don't want to do this because it just means rehearsing talking points.
People are not dumb. They know that politics is everywhere but they want to live and love and talk about things that are interesting.
Exactly, and on the flip side many people who want to "talk politics" mainly want to shout at the outgroup and pick public fights.
> the "I wish HN would stay out of politics" crew.
Sadly, this crew includes the site's moderation.
Technology without politics is a pipe dream, even the FOSS licenses depend on politics.
ah yes, losing the... CVE database is truly the wake up call to get engaged in politics.
I mean sorry but I'm not sure if you're being ironic. It sounds like something you'd read on ngate
100% agree, staying out of politics has been a luxury not everyone has, it's totally unavoidable now.
Apolitical person: Ugh politics is so dumb
Same person: Why is the world organized in such a dumb way?
HN can stay out of politics just fine for the most part. If a political topic comes into tech we can talk about it then, and stay out of other crap that insufferable people drag in because "there's no such thing as being neutral" or whatever.
There's politics and there are facts.
Trump voters are stupid. This is a fact.
Right or left leaning, that's politics.
[flagged]
"You can stay out of politics, but politics will always come and find you."
No, it's just recognising that it is silly to talk about politics, as certain views are just downvoted.
Of all places I find this one the most shielded from this behavior as long as you're civil.
It's true that HN insists on and respects civil behavior. But HN doesn't always remain impartial in terms of downvotes, flagging and removal of comments when it comes to some topics that are inherently political. There was one such overtly political thread recently where some of the opposing comments were flagged and removed. Those comments were not even as inflammatory as the news article itself. It indicates that HN does have a majority political bias that they're not hesitant to impose up on the discourse.
I'm not going to go into specifics of the topic because I don't want to start another episode, though I do have the complaint that such actions distort the discourse unfairly to one side. And I also understand that political biases are human nature and that they can never be fully eliminated. But at the same time, it would be harmful to pretend that the discourse on HN is apolitical, balanced or that it shields you from that sort of censorship. Imagine making a good-faith counterargument, only to have it flagged and removed because the opposition doesn't like it. And when asked, you get cited a point in the CoC, except that it's not applied uniformly and impartially in that thread. Makes you wonder what the purpose of flagging is at all! That will just put certain groups at an undisclosed disadvantage and lets harmful stereotypes flourish without any challenge. All we can do is to be forthright about this fact and try our best to have a civil debate.
Not keeping politics out of our lives is the reason we’ve ended up with a totalitarian fascist dictatorship. If politics is forbidden, people have to just make up their own minds and vote for what makes sense to them, instead of banding together and slowly intensifying to the most radical extremes in bids to outdo each other.
Everytime you discuss politics on the internet, you entrench the current administration.
I understand how you get here, but you haven't considered what would be required in practice to "forbid politics." Banning speech would be where you would have to start, and by the time you were finished Walter Freeman might grow a bit faint.
Fascinating logic. The victims are at fault. If only they did something different the abusers would have never had to abuse them.
Forget everything you know and consider that it might be a misguided and risky negotiation tactic.
Disclaimer: This is not business advice and should be read using Cartman’s voice.
Step 1: Announce publicly that you are not renewing your contract.
Step 2: If the market has viable alternatives or the service you are negotiating isn’t that hard to replicate, other actors will manifest to fill in the gaps, especially if your business is attractive. (E.g., The top comment is building an alternative; other comments point to alternative services.)
Step 3: Congratulations, you now have leverage for a significant discount with your previous provider because they face the real prospect of losing your business entirely to a competitor. If the competitor is private, you can even double dip by investing in their company before attributing them the contract.
There's always a cost even if there doesn't seem to be one, credibility is measurable in markets and when it bite I think we'll all be in rough times.
[dead]
[dead]
Man, I just can’t even muster the snark I usually have for these sorts of boneheaded decisions.
This sucks, plain and simple.
I can't believe what a bunch of bollocks this administration is. I couldn't believe it the first time, and this time I thought "Well at least I'm ready, it will be a lot like last time" and it's so much worse
> it will be a lot like last time
A lot of people seemed to have had this theory, despite all the evidence to the contrary.
There wasn't any evidence, that's the problem.
It was all opinion. Trump said a lot of stuff before this election, but he said a lot of stuff before his first one too.
When people disagreed on what he might do, it was all guesses. There was no evidence to base anything on. Would his second term be restrained by people around him like in his first? That would be an evidence-based extrapolation. Would tariffs be all talk and little action, like in his first term? Extrapolating from evidence, they would be. But 2025 isn't 2017. Things would be different, but how? It's all guesses.
It's only hindsight that is 20/20.
It's insanely naive to have thought a second Trump admin would not be worse in every possible way. Did you pay attention at all to what was going on with SCOTUS? Project 2025?
Saying "there wasn't any evidence" is borderline bot-speak. Anybody who thought Trump 2.0 was going to be like the first round was simply not paying attention at all and anybody telling others it wasn't going to be like the first admin is either a Russian troll, the mainstream media, or just plain irresponsibly ignorant.
"Nobody could have foreseen this" is about the dumbest take I think I've seen so far.
[flagged]
I didn't claim any of those things were specific to Project 2025.
We've known about RFK Jr all along so yes, if somebody is surprised by the secretary of health being anti-vax, that somebody is irresponsibly ignorant. If that somebody also claims that nobody could have foreseen this, or that prior to him being picked they were fond of reassuring people that "there's no way it'll be that bad"... yeah I'd 100% associate that with the type of behavior becoming of a Russian troll.
I find it really weird and cringey that you're bringing up ego. I don't feel like I'm smarter than everybody else, nor am I claiming to be, nor do I see how any of my comments could even be construed as such. To say this is about me thinking I'm smarter than everybody else is to imply that I'm relishing in the fact that I "foresaw what others couldn't", which is just... an insanely idiotic thing to say. I'm not a sociopath. And for what it's worth, I know plenty of people who also saw this coming.
To be clear, it's a tragedy that so many people were ignorant of what a second Trump admin would be capable of, but that's not really the point I'm trying to make; I am specifically taking issue with your insistence that it was somehow impossible for anybody else to foresee this.
Best of luck in life.
> I find it really weird and cringey that you're bringing up ego. I don't feel like I'm smarter than everybody else, nor am I claiming to be, nor do I see how any of my comments could even be construed as such.
Then you should re-read your comment. Calling people "insanely naive"? "Bot-speak"? The "dumbest take"? "Irresponsibly ignorant"?
And you really think you're not trying to portray yourself as smarter than everyone else who didn't see this coming?
Your comments are insulting, provocative, in bad faith, and do not belong on HN.
I was trying to make a reasoned point that no, most reasonable smart people didn't expect the Trump administration to be anything like what it is now. I don't know of anyone who predicted this. Your claims to the contrary are simply rewriting history. You're calling people ignorant, when you seem to be the one with the faulty memory.
I hope you can learn a little humility. Good luck to you.
Sorry, but this is a very misguided take. He tried to do all the same things his first term, but enough people around him kept him in check. Now, he explicitly got "yes" folks around him and purged the career folks who'd uphold the Constitution. He's emboldened like a child who just learned they can command the world to do their bidding without restraint.
It's one of the worst takes I've ever seen, and there are a lot of bad takes out there.
Even the premise of their argument is silly -- "evidence-based extrapolation" lmao that's not how politics work at all.
[flagged]
Well your theory would seem to be directly contradicted by the fact that he's been musing about figuring out ways to have a third term.
> Hindsight 20/20? Oh, I saw all of this, and I knew all of this would happen.
Great. So I assume you made massively leveraged bets to short the stock market and are now rich?
Or maybe you didn't, because talk is cheap, and you didn't actually know anything. Because nobody knew anything.
> Stupid Americans.
Please take this kind of talk elsewhere. Trump didn't even win 50% of the vote. But regardless, insulting entire nationalities is never called for.
> So I assume you made massively leveraged bets to short the stock market and are now rich?
I did expect the stock market to go down, and sold quite some stocks at high point before the recent turndown.
I didn't place massive leveraged bets, because I am not an idiot.
> Great. So I assume you made massively leveraged bets to short the stock market and are now rich?
> Or maybe you didn't, because talk is cheap, and you didn't actually know anything. Because nobody knew anything.
Wait. Your argument for why people weren't prepared for a second Trump admin being worse is... that they didn't think to get rich off of it?
A lot was lost in the midterms and Supreme Court appointments.
Hopefully these 4 years energize people to vote. I know protesting and direct action and so on are also important, but the gradient is not negative for voting for every office you can vote for in every election.
I'm scared that elections won't be secure, especially with the way the Republicans are trying to (arguably unconstitutionally) wield federal power to force individual states to change their systems in abrupt ways.
I fear the situation either ends badly or in a bloodshed. They aren't respecting the courts, so assuming they will accept defeat in elections is naive.
Maybe that's the only way that people can learn.
People can learn once the world puts most of its money into education.
The unfortunate part is that education is often also part of propaganda and spinning history for said propaganda. These days I wish education had a bigger emphasis on history and history should be looked at from different angles, like how the same thing is being taught from different angles.
>These days I wish education had a bigger emphasis on history and history should be looked at from different angles, like how the same thing is being taught from different angles.
It does. In higher education.
You cannot force someone to learn something. The mean-spirited bully not paying attention in high school history class and barely getting a C- to graduate didn't exactly learn anything about nuanced topics like "The Nazis didn't start the holocaust right away" and "Fascism is inherently incompetent, and that makes it so much worse"
If parents raise their kids to not consider education important (and millions of parents in the US have always done just so, we have an insane level of anti-intellectualism in this country), you won't get educated kids.
Every time someone says "I wish school taught <X>", plenty of schools EXPLICITLY DO THAT, and it doesn't work, because the person complaining was one of the kids crying "When will I ever use this" instead of paying attention.
The same adults who complain that school didn't teach them "critical thinking" are upset that school didn't walk them through the process step by step, as if you can't balance a check book with fucking basic algebra you learn by 4th grade. Meanwhile, 90% of the uproar about "new math" ends up being parents who can't even manage to understand basic word problems, you know, things which take critical thinking to work through?
I've had people complain that school should teach them how to calculate a mortgage, which is funny, because those people sat next to me in Precalculus as we literally did mortgage calculation problems.
The USA is struggling with multiple generations of people who have insisted that education is not only useless, but a liberal agenda, or even a devil-run plot to distract you from god. It's insane.
No. Look at the bloodshed in the Middle East. Man is a bad animal.
They need something that will actually make them remember long-term if we're to learn anything.
> Hopefully these 4 years energize people to vote.
This euphemism has to end. I think you mean: "Hopefully these 4 years energize people to vote Democrat".
Why not just say it plainly instead of using supposedly non-partisan language? This neutral phrasing seems to be an appeal to a "silent majority" that agrees with you and disagrees with Republican leadership. What if that silent majority doesn't exist?
You're right in that it's possible that the silent majority doesn't exist.
But personally, the reason I believe it does exist is two-fold:
1. The "My vote won't change anything" rhetoric only ever gets expressed by left-leaning people.
2. Only left-leaning people require endless purity tests for their political candidates and will refuse to vote for anybody that they don't think is the perfect candidate. These are the ones that talk about being fed up for having to choose between the lesser of two evils, then look like a Surprised Pikachu when Trump wins.
> This neutral phrasing seems to be an appeal to a "silent majority" that agrees with you and disagrees with Republican leadership. What if that silent majority doesn't exist?
Then we are on course to lose our spot on top of the world, and I should probably plan to get laid off. Idk, I get what you mean, but not agreeing with Democrats (I don't really agree with them much) and wanting a stable country with a good economy are way different things. I can hold my nose and vote for someone who doesn't actively try to tank the economy, the same way many conservatives (especially religious ones), held their nose and voted for Trump
> Hopefully these 4 years energize people to vote
You are assuming there will be next elections that are free, fair, and matter.
Trump says a lot of things that ultimately doesn't matter, but he has also said, and is the type of brute to believe it, that he intends to stay in power. He and his cronies have successfully dismantled the checks and balances that should have prevented him from doing they, legally. IMO the only way he leaves the White House without stirring trouble is in a casket.
Let's pray that his health suffers, in that case. I am so unbelievably tired of reading the news and seeing another pillar of civilization dismantled.
I would rather that he stays alive for the rest of his term. I am more scared of the damage that could be done by Vance. Trump is inept and easy to manipulate, but is fairly predictable in his actions. Vance and his technocrat bros could cause a lot more damage on the other hand. I'll take the devil we "know".
[dead]
Yes, the next elections are all I have to look forward to really.
Given the current government has blown off an unanimous 9-0 supreme court decision, right now I can't feel too optimistic there will even be more elections.
I think there will be more elections, but I think they will be fraudulent, because I think Trump has shown he is adept at turning things around and then trying to pretend that what he's doing is analogous to what the other side has done.
For example, a lot of people have forgotten, but the phrase "fake news" originally came about in the wake of the 2016 election about all the (actually false) misinformation that was spread on social media in the run up to the election. Trump adeptly then co-opted the term, so any news he didn't like he could just call it "fake news", and who was to say any news he called fake was any less fake than what people were calling fake before?
My guess is the 2028 elections will be marked by fraud, and then when people protest or object, Trump and the Republicans will just say "Hey, you called all those Jan 6 protesters traitors and said the election was secure, how is now any different? Now you're all the traitors."
The only belief that gives me hope these days is "History will judge the complicit."
[flagged]
> Trump tells them they are OK. They are worthwhile.
The chasm between what Trump says (and what the propaganda says about him) and what he actually does is astounding. Most of his fans are completely uninformed of what he says and does. We've never had a president (and cabinet) with more conflicts of interest. He's been a pioneer at abusing power; tariffs on Canada because of a fentanyl crisis... give me a break!
We never ever told people they are losers for wanting a better life. One of the most popular candidates for the Dem ticket was Bernie Sanders. He actually wanted to cut our biggest budget line items and spend them on the things people worry about the most (healthcare, something most Americans worry about being able to afford).
Trump is a literal billionaire. How is him telling the sons of people who used to do manufacturing that they're okay any better than a Harvard educated lawyer saying he feels for them (Trump and Vance are both Ivy League educated, btw)?
I also want Americans to have a better life. I also think we spend way too much elsewhere instead of at home. A lot of Democrats think that and drive policies for that. Trump may care about that too, but you can't vote for who makes you feel good. You have to learn how to vote for who will actually improve your life. We are the rulers of America, we have to understand our economy, our government, etc. No one is going to do it for us. I'd much rather vote for someone who talks down to me and will deliver stability than a guy who hypes me up and tanks the economy
> The Democrats say "we feel your pain" Fuck them, truly. Voters do not want some Harvard educated lawyer to "feel their pain".
Yeah, apparently they want some billionaire who doesn't pay his taxes, who was given millions by his daddy, and who famously stiffed small business contractors at his buildings, to say he feels their pain.
That said, I actually upvoted your comment because right now it's heavily downvoted but I actually think there is an important point behind your comment. It may feel insane to me, but Trump is so beloved by his base because he was the first one to really acknowledge their anger and give it validity. "Make America Great Again" is a slogan that works because a lot of people have seen their financial and social position deteriorate over the past 30-40 years and they want to go back and they want someone to blame (even if going back is impossible and they're blaming the wrong people). Trump understood this, the Democrats didn't, or worse, branded anyone who harbored some of this anger as a bigot. This is basically how all fascist leaders come to power - the parallels with Mussolini are uncanny, right down to having a minor body part shot off in an assassination attempt.
Relevant recent example to me: a lot of folks can't understand the hypocrisy about bitching about inflation under Biden, but then saying "we'll hunker down" in response to the expected inflation from tariffs. The difference is the Trump base believes he is taking them "back to the promised land", and for better or worse Trump is definitely a man of action, so they're more willing to put up with temporary hardships if they think the direction is right. With Biden and the Dems, they just believe they'll get more of the "slow slide."
> Trump is so beloved by his base because he was the first one to really acknowledge their anger and give it validity. "Make America Great Again" is a slogan that works because a lot of people have seen their financial and social position deteriorate over the past 30-40 years and they want to go back and they want someone to blame (even if going back is impossible and they're blaming the wrong people).
I agree. And they're not wrong to want to go back or blame someone. We can "go back" in terms of increasing the QoL of our populace. Idk, the Democrats were always clear about wanting to uplift people. Obamacare and Medicare for All were extremely clear policy positions meant to uplift the common man. Eliminating student debt (a policy I don't agree with) was also obviously positioned to help people improve their economic and social standing.
I don't know why people say Democrats missed this and Trump saw it? The Democrats won on slogans that capitalized exactly this sentiment. Obama's "Hope" and "Yes we can" are obviously in a context where people didn't have hope or questioned whether we could.
I think he just got lucky against bad candidates, and we ascribe way too much to his branding and the other garbage. Clinton's branding was about HER (i.e. I'm with her), not about THE PEOPLE (biggest political branding mistake in the 21st century imo). And Harris never had the popularity to go to to toe with Trump.
Idk, I think people are mad, but I think the Democrats have spoken to that more authentically and proven themselves to actually do things that help the common man than Trump ever has
The Democrats were always constrained by what's reasonable, whereas Trump has been able to promise the sky, even though delivering it means the sky is now falling.
[dead]
[flagged]
[flagged]
[flagged]
[flagged]
Oh! It will be even more fun when the entire infotech and infosec industry starts seething soon. Then the rest of the world will just make alternative arrangements and move on, leaving the US behind because they can't be trusted anymore. HN's reaction is just a small taste of things to come.
[flagged]
[flagged]
[flagged]
if only there were 188 other countries and an entire private sector in each one that could fund this thing they are also affected by
Trump stupidity hurts the country and world.
But maybe this is an opportunity to do CVE better.
> But maybe this is an opportunity to do CVE better.
Okay, how? This sounds like looking for lemonade in a genocide.
> This sounds like looking for lemonade in a genocide.
It really doesn't. This level of catastrophising has no point. It would be nice if CVE continued to exist, but it wasn't close to perfect, and perhaps it can continue in another form. There's no particular reason the US taxpayer has to sponsor global security threat tracking any more than any other taxpayer or customer.
This is also a myopic argument against funding standards bodies that support the internet.
The point of having a global, shared database is a single, authoritative (more-or-less), semi-vetted repository that can hold vendor accountable externally without digital amnesia or downplaying issues, and global unique identifiers. If that takes an international nonprofit funded by bits of the free world who are okay with investing in commonwealth infrastructure, so be it. Those who don't understand what they're destroying so casually are ignorant, and possibly evil if they do understand.
> This is also a myopic argument against funding standards bodies that support the internet.
No, it's the opposite. Things like this shouldn't be in the hands of a single government. They should be independent and funded by many parties. The part of your message that isn't catastrophisation is agreeing with exactly what I'm saying.
only one country pays but all benefit from it. It should be funded by all who benefit like UN.
I thought most people in the US wanted the UN to have less control over this stuff? Remember the talk about moving control of the Internet to the ITU (International Telecommunication Union)?
The EU, the EU and all bodies that remove a nations sovereignty should be removed entirely. Brexit was good, but the UK government made it meaningless. The UN chokes and strongholds it member states.
The CVE program is already a public-private partnership, which is BAD. CVE's board has people from Microsoft, Github, CrowdStrike, etc. Public-private partnerships are how the US government gets away with things a State should not be able to do: via private contractors. The US government has also run programs like Vault 7. The NSA has a vested interest in vulnerabilities not being made public until the US can fully exploit them Internationally.
The merger of state and corporate interests seems to be everyone's favorite overused word of the decade.
I'm sure that a hundred other countries will step up to fund it. But have you given any thought about why the US was so willing to sponsor it alone in the past?
Good, less government involvement is better for everyone.
Why is the government responsible for CVEs again?
Every now and then the government decides to fund things. Public schools, roads, police, firemen, GPS, NOAA, cybersecurity, government cheese, etc.
"the government" aka "We the people". It is in all our interest. This is like asking why the government is responsible for roads.
> This is like asking why the government is responsible for roads.
Thought experiment:
If roads were built by private companies, could a Government justify the expense maintaining a database of all the potholes?
Yes, as it would be a public good to everyone to be able to know where the potholes(that aren't profitable to fix for these private companies apparently) are so they can avoid them.
They might take a step back and realize that it would be more cost-effective to just own the roads, in which case your thought experiment ends where we are, because where we are was a place reasoned to(to an extent).
Doesn't the government use those software (private and open source) to handle private information of citizens and other sensitive information? And what about their contractors? That alone justifies maintaining such a database.
Pot holes do not enable fraud, ransom schemes, data breaches, denial of essential services to millions of people, and so on.
National (technological) security?
It's not. The CVE board members include representatives from CrowdStrike, Microsoft, Github Security, LP3, F5, Panasonic, NIST.
Everyone crying about "Oh no! This government institution is going away! Private companies would never do this! They would use it for financial gain!"
Um.... It's already run entirely by private entities via government money. It's the literal definition of a "Public Private Partnership." You know, that way the US government get away with doing a lot of shady stuff via non-government contracts who are totally not state actors /s.
There seems to be little reason for the US government to pay for this since it is vital information that a lot of companies rely upon.
Some form of a foundation or NGO could be given a reasonable endowment from the industry to operate the CVE program.
O am quite hesitant to trust the DOD to keep track of software vulnerabilities. Some parts are developing and exploiting vulnerabilities. And given a fresh feed of what people find, and usually a delay from notification until publication, which may sometimes just be a bit longer of a delay, would allow the DOD to weaponize the vulnerability for their own use as well.
I don't see why this should be publicly funded, so I don't really see an issue with this. The industry benefits from having a CVE database, so the industry should fund it.
There are going to be all kinds of messed up incentives if this is funded from industry.
True, although Google's Project Zero seems to be run pretty well.
Different goals, not cve related.
Like there aren't any messed up incentives with it funded by the government? Um, Vault 7? Snowden? PRISM? Did you literally just forget the past two decades of domestic spying and the NSA withholding critical vulnerabilities they were currently using?
Like what?
No, "the industry" is all of us alive in the 21st century who depend on software to make material decisions and to be resilient to attacks and tampering. We were all funding it, and now surely we will see some big tech company now assume responsibility from the federal government (please god don't let it be Oracle...)
so "all" should pay, not only US taxpayers.
That would be an improvement. Perhaps the UN should fund it.
Don't open source developers and users of their software also benefit from the CVE database?
If it were privately funded, what incentive would these private companies have to track bugs for these open source projects that don't make money?
Because secure systems benefit the public generally, not just the corporations that make a profit operating those systems.
The industry won’t want to fund it. It’ll want to profit from it.
The insane number of downvotes you’re getting for saying basic common sense stuff, it’s why we should push for stricter political rules here in HN.
You didn’t say something wrong or controversial, just an opinion. Some ideologies love to pay things with other people’s wallets, and they’ll do whatever they can to pursue this.
Especially the L guy who downvoted this after 10 seconds. get a life
So you trust industry now?
Same question would be for government funded agencies.
No, because the gov funded agencies don't have a personal stake in the outcome.
That's why industry regulating itself doesn't work, and why government regulations exist.