> WONG: However, Gerry says most of the major airlines in the U.S. eventually soured on fuel hedging. One reason - the Wall Street transaction fees to make these hedges got expensive.
> WOODS: Plus, Gerry says the airlines found that they could make money the old-fashioned way by raising prices. Today, none of the major airlines in the U.S. are hedging.
Hedging is one of those things that sounds cool but then when your service is x% more expensive than a competitor and you lose customers you just stop doing it. It's kinda like being on AWS; when everybody has an outage together nobody asks "oh what can be done differently".
> European carriers have hedged about 80 per cent of the fuel they need for this year and typically take out new hedges on a rolling basis to lock in future prices.
Almost every very large company that relies on commodities will have a treasury desk whose sole purpose is to work with future markets, its very common practice. It doesn't matter if one npr article has a anecdote, it exists.
Like if I look up home depot they talk about price volatility and that's the exact opposite of what a hedge produces. I'm honestly starting to doubt if they hedge at all; like why bother using Wall Street as an intermediary and just talk to your suppliers.
> [1] This was another historic quarter for lumber price volatility. During the first few weeks of the second quarter,
prices for both framing and panel lumber reached all-time highs before quickly falling from their peaks. As an
example, during the second quarter, framing lumber peaked at approximately $1,500 per thousand board feet
before falling over $1,000 to approximately $500. While pricing for both framing and panel has come down
from the peaks, the average price during the second quarter was still significantly higher than the same period
last year.
Inflation from core commodity categories positively impacted our average ticket growth by approximately
420 basis points during the second quarter.
Eh, while I do think you should go out and vote I'm not sure you can exactly say they're endorsing the status quo.
Take 2024 vs 2020 where turnout dropped 4% [1] and compare it to the 2025 NYC mayoral race where more people in 2025 voted for Mamdani [2] then voted in 2021 at all [3]. IMO, the horrendous turnout is a reflection of the horrendous candidates that run.
> not sure you can exactly say they're endorsing the status quo
That's not the intent. But de facto, they either have no or that effect. Particularly in primaries.
There is also a huge messaging difference between casting a blank ballot and not showing up at all. The presumption is you can safely ignore someone who doesn't vote for several cycles because they tend to keep not voting for novel–but consistently exculpatory–excuses each time around. You have to still pay attention to intermittent voters if you don't want to get caught wrong-footed by a wave.
> one of the chief complaints about policing over the last couple years has been the lack of traffic enforcement.
Which traffic enforcement though?
I really do not like the fact that lefts on red are not enforced. I have numerous times seen people run a red-red light infront of a cop car with no enforcement.
That said, people going 35 in a 30? Like I care. People weaving in between lanes? Yeah that seems much more dangerous.
It's a relatively new agency in name (2003), but it's not really all that new. It was formerly known as the Immigration and Naturalization Service (INS) and U.S. Customs.
A little know fact is that Biden deported more illegal immigrants then previous presidents with smaller budget and without killing them. He also deported higher amount if actual criminals in the set. So, you know, whatever before ICE is now was more effective.
Also, the abuses and violence are staggering. And they managed to deport or mistreat actual citizens, because they did not cared. Again, not effective.
Here is the problem - conservative and right wing people use "effective" as euphemism for "we want to see as much cruelty and abuse as possible".
Except they only won because UK was too busy spending money on a way to stop the French.
Like 1812 when the Brits weren't busy with the French they easily came in and burnt the US capital as punishment for burning the Canadian one. It's not that the British army suddenly got a lot stronger; they just weren't busy fighting on two continents.
That said, civil disobedience is largely pointless. We're in a capitalistic society so money is the name of the game. Rosa Parks did shit-all; it was the boycott of the bus system for 9 months that made the buses cave.
There is a super interesting and complicated discussion to have about the pragmatics and morality of concerted military action versus stochastic civil violence. Unfortunately, thread conditions on HN aren't conducive to it; the discussion will instantly devolve (via people joining in) to valence arguments about the cause of this or that campaign of violence. I genuinely think you'd need a moderation regime designed from the ground up to support a productive conversation about this topic, which, for good reasons, HN doesn't provide.
Honestly, it's not really that complicated. Americans (at least Pennsylvanians) born before, say 2000 were explicitly taught that violence is ok if it's against tyranny. Apparently, they stopped teaching that after 2010, so we're now in a post-natural-rights era.
While I typically avoid touching non-technical topics, I have the opportunity to chime in as another PA highschooler from the 90's, we absolutely were taught that, down to details in AP courses such as the impact of individuals like John Brown. While I'm not sure I'd have worded it precisely like the parent, the concept of "the four boxes of liberty" and the progression thereof was certainly understood and conveyed. (There was substantial study of the labor rights movements and conflicts/resistance therein as well)
I went to Jesuit high school in Chicago in the early 1990s. There's a lot more to say about all of this stuff and nothing wrong with what you just said, but to hash it out any further, we'd have to attempt a philosophical discussion about violence in a forum that (unavoidably, and to the consternation of its moderators) has reward circuits wired around hyping up action.
Since your point seems to be that not all the founding fathers parent was referring to were actually slave owners do you have a claim for a rough ratio? I think that would be interesting and would be a more informative thing regardless of where on the scale it lands from "everybody but Adams" all the way up to "only a big names like Washington, Jefferson".
To a first order approximation half the founders were from New England (no slavery) and the other half were from Virginia (no realistic chance of being important/rich enough to be a signatory without owning slaves). So call it 50-50
Eh, the only way to secure your Rust programs it the technique not described in the article.
Vendor your dependencies. Download the source and serve it via your own repository (ex. [1]). For dependencies that you feel should be part of the "Standard Library" (i.e. crates developed by the Rust team but not included into std) don't bother to audit them. For the other sources, read the code and decide if it's safe.
I'm honestly starting to regret not starting a company like 7 years ago where all I do is read OSS code and host libraries I've audited (for a fee to the end-user of course). This was more relevant for USG type work where using code sourced from an American is materially different than code sourced from non-American.
If you host your own internal crates.io mirror, I see two ways to stay on top of security issues that have been fixed upstream. Both involving the use of
Alternative A) would be to redirect the DNS for crates.io in your company internal DNS server to point at your own mirror, and to have your company servers and laptops/workstations all use your company internal DNS server only. And have the servers and laptops/workstations trust a company controlled CA certificate that issues TLS certificates for “crates.io”. Then cargo and cargo audit would work transparently assuming they use the host CA trust store when validating the TLS certificates when they connect to crates.io. The RustSec DB you use directly from upstream, not even mirroring it and hosting an internal copy. Drawback is if you accidentally leave some servers or laptops/workstations using external DNS, and connections are made to the real crates.io instead. Because then developers end up pulling in versions of deps that have not been audited by the company itself and added to the internal mirror.
Alternative B) that I see is to set up the crates host to use a DNS name under your own control. E.g. crates dot your company internal network DNS name. And then set up cargo audit to use an internally hosted copy of the advisory DB that is always automatically kept up to date but has replaced the cargo registry they are referring to to be your own cargo crates mirror registry. I think that should work. It is already very easy to set up your own crates mirror registry, cargo has excellent support built right into it for using crates registries other than or in addition to crates.io. And then you have a company policy that crates.io is never to be used and you enforce it with automatic scanning of all company repos that checks that no entries in Cargo.toml and Cargo.lock files use crates.io.
It would probably be a good idea even to have separate internal crate registries for crates that are from crates.io and crates that are internal to the company itself. To avoid any name collisions and the likes.
Regardless if going with A) or B), you’d then be able to run cargo audit and see security advisories for all your dependencies, while the dependencies themselves are downloaded from your internal mirror of crates.io crates, and where you audit every package source code before adding it in your internal mirror registry.
You are getting distracted by domain names, your Cargo.lock files already cryptographically address the source code. Either make sure all your Cargo.lock files contain no known-bad hashes, or make sure all your Cargo.lock files contain only known-good hashes. Maybe also mirror the .crate files for the absolute worst case scenario of crates.io going offline.
A large number of security issues in the supply chain are found in the weeks or months after library version bumps. Simply waiting six months to update dependency versions can skip these. It allows time to pass and for the dependency changes to receive more eyeballs.
Vendoring buys and additional layer of security.
When everyone has Claude Mythos, we can self-audit our supply chain in an automated fashion.
You don't need vendoring for this, Cargo.lock already gives you locked-dependencies until you run `cargo update`. There is an ongoing RFC to support having cargo intentionally only use library versions that are least X days old:
> WONG: However, Gerry says most of the major airlines in the U.S. eventually soured on fuel hedging. One reason - the Wall Street transaction fees to make these hedges got expensive.
> WOODS: Plus, Gerry says the airlines found that they could make money the old-fashioned way by raising prices. Today, none of the major airlines in the U.S. are hedging.
Hedging is one of those things that sounds cool but then when your service is x% more expensive than a competitor and you lose customers you just stop doing it. It's kinda like being on AWS; when everybody has an outage together nobody asks "oh what can be done differently".
[1]: https://www.npr.org/2026/03/27/nx-s1-5759203/fuel-hedging-on...
reply