If there are any Dropboxers here (drew—I emailed you a few weeks ago, but I imagine you're busy):
I went to prison for 18 months, my digital and physical life was stolen from me: https://news.ycombinator.com/item?id=45451567 applies to my Dropbox account (and Apple but separate problem); I just received the "your account will be going bye-bye" email. I have very important dead-mom-club stuff in there, and support is useless. :(
Edit: Thanks unofficial Dropbox support channel; thanks Drew :)
Edit edit: Try my luck with my Apple account now, I guess—Tim Cook, you busy?
Hi Josh -- Drew here -- our escalations team should be reaching out shortly. (Losing phone, 2FA keys, etc. can be tricky but they should be able to work with you and hopefully verify enough to get you unblocked.)
Well done, Drew!! And congrats on building an amazing company. Hope you'll get some rest before embarking in whatever is next.
Coincidentially, I know the new CEO, Ashraf Alkarmi; we met at AWS when he was launching Appstream, I believe back in 2013 if I'm not mistaken. It's funny to recognize a name. I am hopeful that he will do well as a CEO.
I actually don't think you are commenting about the casualness, but the usage of the term "stole". Correct me if I'm wrong.
I can say I view my own time in jail very transactionally and I have run into many people that don't understand that. They expect a sob story about how you were innocent, or how you turned your life around.
I don't think I'd ever say my life was "stolen" from me, but it definitely feels that way in the moment. Having a bunch of armed people come and throw you in a cage certainly leaves you with a new perspective to process.
Appreciate the context, however if I was to follow up on my own comment. You were sentenced to prison, I went to the grocery store yesterday. It's the casualness of the phrasing that is jarring.
They understand, they just don't care and shouldn't care. It is always jarring to encounter someone with a different life experience, but processing that is your business. They don't need to spend the rest of their life crafting their words to avoid making people uncomfortable.
It's the same principle as someone in public when they're disfigured. You just became aware of something traumatic that happened to this person, and it is totally understandable to feel uncomfortable. But they are just existing in public. They have no obligation to present themselves in a way that avoids making you uncomfortable, and doing that everyday of their lives would be exhausting and wasteful.
In that example it is immediately obvious that it would be inappropriate to ask them to cover up. But it's the same principle, either way.
Fair criticism. The tricky part though with any scaled service is that for every legitimate case like this, there are many more bad actors trying to hijack accounts through exactly this mechanism -- so account recovery has to be conservative by default, which means legitimate cases sometimes get caught in the friction. Not an excuse, but it's a hard problem at scale and not just e.g. a cost-cutting thing or not giving a shit.
> The tricky part though with any scaled service is that for every legitimate case like this, there are many more bad actors trying to hijack accounts through exactly this mechanism
I really wish more people understood this, especially on HN.
Account recovery flows are flooded with people trying to break into other people's accounts. It's going to be nearly impossible to make a system that can allow someone to recovery their account without also accidentally allowing someone to social engineering their way into someone else's account.
hey drew! fwiw it was actually NOT criticism of dropbox specifically - ive worked at and also run a company where this is the case - but for our smaller scale it is because we have support overwhelm and havent sufficiently figured out our own processes to triage everything well. not casting a stone here. you definitely have way more bad actor problems that mean you cant have nice things.
No indicator of AI writing is going to last forever. We really shouldn't over index on the oldest indicator (which is liable to decay first). People are starting to say "delve" more in verbal conversations. This treadmill will keep moving. Unfortunately we have little choice but to keep up with it.
(Hint: No, he's not replying with AI. Two hyphens are not an em dash. Even then there's no hint of it being an AI response. Also the person is actually the CEO of Dropbox, the very person this thread is all about. You only have to click his username to see his posting history to see he's not an AI bot posting endlessly, his last posts (prior to today) were in 2024.)
I was selling a GPU on Facebook marketplace during covid.
The description was that the card was good for gaming or “turning dinosaurs into clean money”.
Banned permanently and no way to ever reach a human.
I sold a rifle legally on an online auction site. The buyer was offered to pay with PayPal they were given the option to use. The buyer took that option, making me break PayPal TOS.
Banned permanently and no way to ever reach a human.
Banned from Venmo, absolutely no idea why. SO banned from Venmo, absolutely no idea why.
Banned permanently and no way to ever reach a human.
Oh man, sorry to hear that. I had a secondary Dropbox account I used for a few small but important documents. At some point I somehow lost the 2FA factor, and I don't know how as I've managed to keep the 2FA for every other one of my services across multiple app/os/phone installs.
Anyway, I reached out to their support for help and they were utterly useless. I had a couple weeks of back and forth with them before giving up. I hope I never actually need those docs.
It's the digital equivalent of your house burning down, your devices are inside it, and you never bothered to bring the 2FA codes you definitely wrote down to the bank.
I have a moderately sized 2TB production database I have enjoyed using pgBackRest on, and was—this week—going to set it up on another 8TB database we have.
What's the next-closest thing? wal-g? barman? databasus? I only get to cosplay as a DBA.
We recently moved from Barman to pgBackrest. Our main complaints with barman were that incremental backups utilized hardlinks. Which was great, we could have our 7TB database backed up, and the next day, only 20GB in changes. But, when replicating that data to cloud storage, there is no concept of hardlinks, so now we had to push 14TB to cloud storage. Also, at least last time we looked a while back, file compression was only the WAL files, unless you used the newer barman-cloud-backup tool, which we did not.
Also, pgBackrest lets you do the majority of the backup from a physical standby, which is VERY nice for removing the load off production.
None of these seemed like issues, until we looked at pgBarman, and suddenly realized how nice that would be.
We just piped the backups through pigz for compression; rapidgzip also exists for parallelized decompression (or any other compression algorithm you’d like to use, of course).
I can beat you on the timing - I'd never used pgBackRest before, but started setting it up on a project about 2 hours ago, by the time I'd finished the README had been updated.
Not for PostgreSQL, but for MariaDB we run replicas in FreeBSD jails on a server with lots of ZFS space. The jailed Maria instances just stop every hour (so the DB flushes everything to disk), the host snapshots all of their data volumes, and then starts the jails back up. Within a minute or so they're fully caught up to the primaries again. Gives us months and months of recovery checkpoints.
It's great because it's a completely clean save from a shutdown state, so when we need a scratch copy of a database it only takes as long as cloning whatever snapshot we want (depending on how far back we need to to), then starting a scratch jail that runs from those clone filesystems. When finished, just shutdown scratch and delete the clones, it's like it never happened.
A previous company I was at did this on the primary. It always seemed to work, but no one was really comfortable with it, largely because there wasn't too much ZFS experience at the time and also because the process did not coalesce the database before doing it. I think it's still a valid strategy, but not one I have had time to verify thoroughly.
**Backup types**
- **Logical** — Native dump of the database in its engine-specific binary format. Compressed and streamed directly to storage with no intermediate files
- **Physical** — File-level copy of the entire database cluster. Faster backup and restore for large datasets compared to logical dumps
- **Incremental** — Physical base backup combined with continuous WAL segment archiving. **Enables Point-in-time recovery (PITR)** — restore to any second between backups. Designed for disaster recovery and near-zero data loss requirements
EDIT: It seem PITR has been added this March (for PostgreSQL)
I ran a sports streaming service ("pirated sports streaming service" ?). The US Government said I was making $250k MRR as a solo indie dev (I wasn't, but that's great validation). I'm pretty qualified to talk about this.
The shitty part about what Spain is doing is that it punishes its own residents who have nothing to do with piracy.
Sports piracy is fundamentally different than music or movie piracy. The Spotify analogy that gets tossed around is wrong. Steam is less wrong but still wrong. Music piracy got "solved" because the labels decided that some revenue was better than no revenue, and the math works when you have a bunch of product in your back pocket that cost you nothing to distribute; gaben made piracy slightly less convenient to those in developed countries.
Sports rights are valuable because they're exclusive and because they're live. In the US, there are blackouts around sports: if you're physically located in New York (at least, according to whatever IP address data vendor a platform is using), you're unable to watch the New York Knicks using league-sanctioned products. That's the US version of this—restricting access to the content itself to protect the rights holder's revenue. It's internal logic and fundamentally sound (though infuriating) if you're one of them.
This is without a doubt categorically worse. A blackout says "you can't watch this game" and Spain is saying "you can't access the internet while this game is on, whether you're interested in the game or not." It's as if the NBA convinced the DOJ to shut down half the internet every time a game was on, just in case.
Before it was DMCA notices (useless) -> lawsuits (whack-a-mole, check TorrentFreak) -> ??? -> infrastructure-level blocking. (I'm an outlier for many reasons but we won't go into those.) Each step is more destructive and less effective than the one preceding it. Spain has reached the end of the playbook, thanks to political interests: ban the internet!
Fans are the product. La Liga's real customer is Movistar, who pays roughly a billion euros a year for exclusivity so they can bundle it into packages nobody would pay for otherwise. The IP blocking isn't an anti-piracy measure—I'd argue there is no such thing as anti-piracy but that's a different thread. The IP blocking is a signal to the next bidder: the government will protect your exclusivity at any cost, even if that cost is the country's internet.
I’m not sure, but they do sell some pre-hydrated gums and usually call them “perfected”. They are largely buying in commercial quantities and re-packaging for restaurant-scale use with their gums because a lot of the bigger ingredient companies that make the best products won’t sell in smaller than 50 lb (or sometimes even much larger) increments.
Pre-hydrated gums are usually just hydrated and then spray dried ones.
I've used their "perfected" xanthan gum which is a separate SKU from their regular xanthan gum. At least for gum arabic they seem to only offer one SKU, so I'm guessing it's not prehydrated.
I was in federal prison with Sebastien Raoult, one of the ShinyHunters guys. We were in the same unit and talked regularly.
I was about mid-way through my bid when another inmate told me "new guy in B3 is a another hacker." I got really excited—I'd have someone to talk shop with, at the very least.
My takeaway from him was that they're a bunch of contemporary "script kiddies" with a lot of time on their hands.
My dad spun up my Pentium Deschutes (400MHz!) machine the other day. Same hard drive from when I was 10 years old. “clouds.psd” was on the desktop.
I still remember retiring that computer. The first thing I did when I got my Pentium IV chip a year later was download Macromedia Dreamweaver. Did me well.
Claims Dang is using AI, and that other people are using AI even though most of the flagged post predate popular AI products. Really destroys the whole EM-Dash === AI thing.
which never should have been a thing,
because it was obviously wrong
yes AIs is more likely to use em-dash,
but that is just one, by itself very insufficient, indicator.
it's like hip size. In average over the populations
they are wider for woman. But the effect is too small
to classify the gender of a hip bone by it's size.
(Like for a specific age range and ethnicity, the difference
in median is like 1" or so, while there is a >10" difference
between 5%-percentile and 95%-percentile. Varying by gender
in difference and exact distribution.) Well I guess em-dash
are more an indication for AI then hip size for gender... lol
So if EM-Dash is good proof of AI usage, and people who we can see didn't use AI / or predate AI being popular, are flagged, then that undercuts it by a lot.
I tend to mostly use dedicated servers from Hetzner for my own projects and for my client's projects. Whenever they explicitly want US servers, I tend to go with Vultr's dedicated servers which been serving us well for many years.
I've read several reports from customers saying that their customer service is really bad. Difficult to know with online reviews of course. Does anyone have positive stories to share? I am looking at Australian hosts specifically and Hetzner doesn't have any data centers here.
We use them heavily for test boxes and running experiments. Standard off-the-shelf machines are provisioned almost instantly, and never had any problems.
More custom stuff (eg 100Gb/s NICs) takes a bit longer, but they've always been super responsive and quick to sort out any issues!
The price / performance you get from something like their AX162 is just crazy, although unfortunately with the whole RAM / NVMe shortage the setup fee has gone up quite a lot.
Using them for production for years, never dissapointed.
What you should be aware of is their new exploration of s3 storage. I mean, the s3 works and everything but it's still too eaely - the servers are kind of slow and sometimes fail to upload/download. They are still tuning out the storage architecture. The api key management is kind of too primitive (although much more headache free than configuring aws), and the online file browser is lacking
But for vps servers - they are battletested veterans
I went to prison for 18 months, my digital and physical life was stolen from me: https://news.ycombinator.com/item?id=45451567 applies to my Dropbox account (and Apple but separate problem); I just received the "your account will be going bye-bye" email. I have very important dead-mom-club stuff in there, and support is useless. :(
Edit: Thanks unofficial Dropbox support channel; thanks Drew :)
Edit edit: Try my luck with my Apple account now, I guess—Tim Cook, you busy?