Yep. It's not an async vs not async thing. The way some people talk about it, you'd think the async keyword was at fault. It's all about whether a function is callable in some context.
Passing in the context as an argument or making it a global variable or returning a monad doesn't do anything to uncolor the function. What's the difference between `async function f()` and `function f(eventloop, callback)`? Only syntax.
Not to mention there's lots of colors unrelated to async, that most languages don't type at all. And if you use the wrong one, your program just doesn't work correctly at runtime. Thread-safe vs thread-unsafe. Blocking vs non-blocking. May throw/panic vs won't throw/panic. May fail/return null vs infallible.
> Passing in the context as an argument or making it a global variable or returning a monad doesn't do anything to uncolor the function. What's the difference between `async function f()` and `function f(eventloop, callback)`? Only syntax.
"Only syntax" is assuming, mistakenly, that syntax doesn't matter.
Also there is a big semantic difference there.. that being in one case you have the flexibility of the passed in parameters taking different forms vs. the static 'async' statement.
It is not strictly an async thing, but a general rule that additional keywords are less powerful than parameters in all cases. Ask any Lisp developer what the difference is..
Ante has some points on this issue: https://antelang.org/blog/why_effects. All of this is just different syntax in other languages and solved but the abstraction provided seems to be neater.
Yeah. You aren't allowed to set up a life insurance policy on someone else's life, or a fire insurance policy on someone else's home. For obvious reasons. But buying an event contract that pays if someone dies or someone's house burns down is fine?
> You aren't allowed to set up a life insurance policy on someone else's life, or a fire insurance policy on someone else's home
This isn't really true. Lots of people take out life insurance on others as a hedge for many reasons, small business partner is one. Same fire insurance, we had a case where someone pledged a building as collateral and we took out separate fire insurance on the building so we'd get paid out immediately.
I'm not sure where this false premise started but alot of people believe it.
The technical term is that you must have an “insurable interest” in what you insure. Both of your examples are people protecting their insurable interest. Ownership is the most common insurable interest, but there are many other ways to have one.
This is done because the insurance company wants you to prefer that the covered event doesn’t happen, which avoids some conflicts of interest.
These prediction market events don’t have the usual insurance interests involved.
Even if you have an insurable interest, moral hazard may arise - acting recklessly or other abuse, while knowing you are insured/covered. Somewhat similar to friendly fraud in retail/ecommerce.
Insurance normally has fine print about those things. Life insurance doesn't pay out for suicide. Fire insurance doesn't pay out if you intentionally burn your house down (the fire department also will investigate because even though it is their job they don't like risking their life fighting fires)
You can get insurance without the above provisions, but it will cost a lot more. Once in a while someone manages to collect on a claim for loss of their expensive cigars after they smoke them - but this is rare and usually not worth the cost.
This may vary by country, it isn't a subject I'm particularly familiar with, but at least in the UK that isn't true - many, I think most, life insurance policies here do pay out for suicide. There's just a period of years between the start of the policy and when suicide starts to be covered, to prevent people who are planning on killing themselves from being able to take out insurance just before doing so.
some life insurance policies pay out for suicide after an initial exclusion period. this is often six or twelve months. insurers can include it because suicide claims are relatively uncommon.
if there is evidence that someone took out the policy with the intention of creating a claim then the insurer may treat it as fraud and decline it.
Insurance doesn't exactly cancel that. Maybe in a theoretical world, perhaps.
For example, I have a decently-sized life-insurance policy. If buying insurance "exactly covered that", I would be indifferent to whether I lived or died. But I'm not. And I can't think of a policy-size that would make me so. Money is an imperfect substitute.
Less dramatically, I have really good auto coverage. The car itself is nothing special, and the coverage I have would make me whole (minus a very small deductible) But I am very much not indifferent to replacing the car with money, and it would take way more than the deductible to change my mind on that.
The hassle-value alone would go way over. And hassle-value is usually not insurable.
Insurance fraud is absolutely a thing--but the insurance company still wants you to prefer that the event doesn't happen. That it doesn't work perfectly doesn't really invalidate the point.
Unless you short the property. Essentially, sell it now on the bet that it will drop in value later. Then it burns down and you repurchase the vacant lot and return the property to the original owner.
> With an insurance this trick won't work, because the insurance company will notice what you are doing
This has worked well millions of times (and occasionally failed too with people ending in prison or with huge fines). Where I can agree however is that Polymarket makes that much easier.
I don't think any corporation "cares" about social issues, but, fwiw, polymarket isn't as ok with it as you imply. Polymarket reportedly detected the suspicious behavior, reported it, then worked with investigators to nab Gannon Ken Van Dyke.
Yeah, you are being pedantic. The clear meaning is that you're not just allowed to insure arbitrary properties.
If you wanted to correct a misconception, you should provide a better, more complete understanding, not just express frustration about a misconception that doesn't even exist outside of an uncharitable reading.
In this case, that means refining the point to the more accurate model, that you need an insurable interest -- i.e. reason you don't want the event to happen, even knowing you'd get a payout[1]. Your counterexamples only work as such because that exists![2] If you want to fix all the people who don't have your superior understanding, that would have been a great way to help them out.
>I'm not sure where this false premise started but alot of people believe it.
It exists because it's approximately true: you can't get insurance on 99.99999% of buildings in the world because you have no insurable interest in them. And any time someone could correct that false premise, they probably just complain rather than providing the complete understanding -- exactly the choice you just made here.
To be clear they had explicitly written in the contract from the start that death didn't count. And they paid out the full amount - just not to the same betters they would have if he had left office alive.
There are a lot of things short of death that we don't want to encourage either. There is a huge grey zone here that I frankly don't want to entrust to private entities.
I've seen contracts on whether California will burn this summer.
Any bum defending these contracts is to me either a shill or way too dumb to understand the concept of incentives.
Oh and there was an Israeli journalist that got life threats because he reported that an Iranian missile struck some place in Israel, and apparently there was a huge bet on it on polymarket.
Funny how average HNer is opposing Flock cameras that solve real crimes by covering it up as a "freedom" yet completely fine regulating contracts with hypothetical incentives.
Remember how things ended up when insurance policies on loans you didn't hold were allowed... I think there is quite a lot of good reasons to ban those sort of bets.
In German law, any contract, including bets, is void if it is “sittenwidrig”. For example, if your wager in a bet is to become one’ slave in case you lose, this bet is void.
I suppose they never specified the wager. But, given the topic is prediction markets and the topics of the bets, I thought it was implied that the wagers would be exclusively in money. With that in mind, is there any example of a law against specific topics being betted on?
Nope. "We're just an intermediary between people" is a 100+ year old yarn that casinos and bookies have been trying to spin. If you're presenting a point of entry to a betting line and taking a cut, congrats, you're the house. Doesn't matter if you adjust the betting line manually based on intuition or algorithmically based on betting volume. Sometimes it doesn't get enforced because of corruption, but if this was the case, then why aren't there tons of independent unregulated poker casinos where players just play against each other? If you facilitate and take a cut, you're the house.
My phrasing was poor, but they do so generally in a very good faith fashion. It's not just a wink wink rake type thing. For instance there are no fees at all on the most popular and high-volume markets - geopolitics and world events. And not only are there are no fees even on smaller markets for market 'makers' - people who put up an offer, but they provide a percentage of all fees collected from market 'takers' back to the makers, as a means of encouraging liquidity.
What the hell are you talking about? You are absolutely not allowed to bet on whatever you'd like with another individual. Depending on what you're betting on (for example, the price of a stock or the throw of a card), it falls under varying different regimes. This is highly regulated and has been for most of the whole of human history.
Yes, there are de minimis exceptions. Your office NCAA pool, for example, is often legal, but it has nothing to do with what we're talking about and is also irrelevant to a business facilitating it via 18 U.S.C. § 1955.
In Spain in elderly caring homes there was a tradition to bet on Bingo matches for simbolic prices (barely one or two euros, enough for a coffee and that's it). It was legalized on paper recently, but technically everyone turned a blind eye.
It was, believe it still is, somewhat similar in Australia, where the game Two Up (https://en.wikipedia.org/wiki/Two-up), which was a wartime favorite among soldiers, was implicitly or allowed on Anzac Day despite being gambling.
There's many true crime cases where the spouse took out multiple life insurance policies then did the killing to earn money. It's a bounty. We should care about the effect in practice.
Why is that missing the point? Loading it twice, possibly with different values, is the intended behavior. It's only undefined because the C spec doesn't specify the order of the loads (unlike most other languages which have a perfectly well-defined order for side effects in a single expression).
No I'm just repeating what the original comment said, which is that it's explicitly UB:
"5.1.2.4.1 says any volatile access - including just reading it - is a side effect. 6.5.1.2 says that unsequenced side effects on the same scalar object (in this case, x) are UB. 6.5.3.3.8 tells us that the evaluations of function arguments are indeterminately sequenced w.r.t. each other."
If function arguments were sequenced with respect to each other, it wouldn't be a problem.
But actually, maybe the original comment is wrong. Presumably "indeterminately sequenced" and "unsequenced" mean different things, although I don't have a copy of the standard at hand to check.
Yeah, when naming your language, it's important to keep mind the expectations of people seeing headlines about articles about your language on blog aggregation sites :^)
Now I'm thinking about "Smalltalk by Example" and "Slang by Example"
So true. I haven't checked out the CPU start9 is using (so please don't read this as an attack on them), but so much RISC-V hardware advertises itself as "open", but when you look up the SoC, it's only partially documented, only works with old forked vendor kernel, only boots with forked uboot, has GPUs and NPUs that are completely undocumented and have no open source driver (or only an open wrapper around a big firmware blob)...
If you're into travel blogs YouTube will serve you an endless barrage of videos with photoshopped thumbnails, exclusively containing fearmongering about whatever country or city they're visiting. This has been going on since pre-AI times.
On social media, you'll see plenty of AI-generated videos of members of $GROUP acting badly. One way to make people hate each other even more.
It's been known for a decade+ that platforms paying by engagement / interaction incentivizes people to post things that cause strong negative emotions. Fear and hate sell in the algorithmic engagement economy.
> Expecting people to hold off on disclosure of something harmful
That's not what they said though. They said "please consider notifying the maintainer/vendor before publishing your findings, even if you intend to publish right away" (emphasis mine)
I do think hitting "send" on the email to the responsible party immediately before publishing (or at least notifying them as quickly as you can afterwards) is a smart thing to do. I mean, why wouldn't you? My concern was more about the "Not having a bug bounty or dedicated email address does not make it OK to go public immediately" comment. It can sometimes be difficult to track down the right person to notify and so when the risks to people are high enough whichever one you can accomplish the soonest is probably where I'd start.
Depending on the severity of the issue. Emailing support with a draft of the blog post and waiting even a couple of hours for a response so they can fix it first would have been more responsible than dropping the blog post to the whole wide world and catching Mullvad with their pants down.
Why wait for a couple of hours for a response while people who could protect themselves are getting harmed? It's especially true when you don't know if the maintainer/vendor will get back to you at all, or if they even check their mailboxes regularly.
The priority should be on protecting users, and not helping the company responsible for the vulnerability save face, or give them extra time to spin up their PR team, or get a head start on a patch.
When the risk to users is low, or when there's really nothing users can do to protect themselves anyway I'd agree with you. In a case like this where the risk to users can be extremely high, and the moment they are made aware of the problem there are steps the user can take to eliminate that risk, the safety of those users should outweigh inconvenience to the people responsible for the vulnerability
The problem is how do you notify users? What are the chances that a Mullvad user is going to happen across this blog post? Of the entire world of Mullvad users, somewhere between 0 and 100% of their users is going to read it and be in a place to do anything about it. If I were to make up a number though, I'd guess it's somewhere between 1 and 10% of Mullvad users. On the other hand, by telling Mullvad first, so Mullvad can fix their system first, closer to 100% of Mullvad users get the fix before attackers figure out the issue.
Mullvad fucked up. They should been as inconvenienced as thru possibly could be too fix the problem promptly! The issue is irresponsible disclosure hurts more users than it helps.
> What are the chances that a Mullvad user is going to happen across this blog post?
It's not as if the odds of new would-be exploiters seeing it are any better. It helps that the people who are at the most risk tend to have their ear to the ground already because they know what's at stake.
When the risks are this high you have to assume that it's already being actively exploited. That means that already there are more attackers who know about the vulnerability than there are users who know about the mitigation.
All you can do at that point is let as many users as possible know how to protect themselves while Mullvad figures out how to fix the issue on their end, writes and puts out the update, and the remaining users get around to updating their systems. You can't save everyone, but hopefully you at least gave some people the chance to save themselves.
Just like human typesetters who mucked around with silly metal cubes were replaced by more efficient word processing software, human writers who muck around with silly words will be replaced by AI. Future writers will work at a ~higher level of abstraction~ :sparkle:
"Claude1, find the most popular topic online", "Claude2, write a blog about that", "Hmm hmm good, but can you make the title more punchy?", "Claude1, fact check and report back to Claude2"
Passing in the context as an argument or making it a global variable or returning a monad doesn't do anything to uncolor the function. What's the difference between `async function f()` and `function f(eventloop, callback)`? Only syntax.
Not to mention there's lots of colors unrelated to async, that most languages don't type at all. And if you use the wrong one, your program just doesn't work correctly at runtime. Thread-safe vs thread-unsafe. Blocking vs non-blocking. May throw/panic vs won't throw/panic. May fail/return null vs infallible.
reply