The direct disclosure of urls and ports is insane. Wonder if they would be as irresponsible if it was MSFT, OpenAI, Anthropic, etc.
PS: Not defending DeepSeek for bad practices, but still. Nothing irresponsible here.
PS2: It is marked as resolved, I went directly to the vulns due to the title of the post.
If someone wants to configure an unauthenticated access from the Internet, they have to do the following extra steps:
- enable listening to the wildcard address;
- remove IP filtering for the default user;
- set up a no-password authentication;
It is possible to ignore and turn off all guardrails that the system has by default, but it needs extra efforts. However, it's possible that someone copy-pasted a wrong configuration file from somewhere without knowing what is inside, or do something like - listen to localhost, but expose ports from Docker.
A use case for direct database access exists, and is acceptable, assuming you set up a readonly user, grant access to specific tables, limit queries by complexity, and limit total usage by quotas. This is demonstrated by the following public services:
In this way, ClickHouse can be used to implement public data APIs (which is probably not what DeepSeek wanted).
ClickHouse has a wide range of security and access control restrictions: authentication methods with SSL certificates; SSH keys; even simple password-based auth allows bcrypt and short-living credentials; integration with LDAP and Kerberos; every authentication method can be limited on a network level; full Role-Based Access Control; fine-grained restrictions on query complexity and resource consumption, user quotas.
But still, according to Shodan, there are 33,000 misconfigured ClickHouse servers on the Internet: https://www.shodan.io/search?query=clickhouse This can be attributed to a high popularity of ClickHouse (it is the most widely used analytic DBMS).
When you use ClickHouse Cloud, which is a commercial cloud service based on the open-source ClickHouse database (https://clickhouse.com/cloud), it ensures the needed security measures, improving strong defaults even more: TLS, stong credentials, IP filtering; plus it allows private link, data encryption with customer keys, etc.
1. Enable SQL-driven access control and account management for the default user.
2. Log in to the default user account and create all the required users. Don’t forget to create an administrator account (GRANT ALL ON *.* TO admin_user_account WITH GRANT OPTION).
3. Restrict permissions for the default user and disable SQL-driven access control and account management for it.
ed: I was wrong!
> The Wiz Research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure.
Assuming everything mentioned in the article was fixed before publication, I don’t see an issue with it.
But if serious company that seems to offer services to seemingly plenty of serious customers acts this way, I'd not want to be their customer, if they seem to have such a cavalier attitude, disclosing stuff without even a sniff of "we notified the company about the breach".
> By default, the ClickHouse server provides the default user account which is not allowed using SQL-driven access control and account management but has all the rights and permissions. The default user account is used in any cases when the username is not defined, for example, at login from client or in distributed queries
This seems... very antiquated as a default? Clickhouse is relatively modern, first released in 2016, long after people were finding unauthenticated MongoDB servers left and right. Why not design it that starting a server requires at least a user-provided password in a config file? And then, even if that password was shared amongst all DeepSeek devs, at least it wouldn't be publicly accessible.
e.g. "You are, in typical HN style, minimising the problem into insignificance" and "love how this is getting ratioed by egotistical self confessed x10 engineers". This is the sort of thing commenters here are asked to edit out of their comment, and when they don't, it's correct to downvote them (even though your underlying points may otherwise be correct).
That's an incredibly bad assumption. To have defaults assume that you are on a protected network (what does that even mean? like what permissions are assumed just because you are on the same network? admin?) is just bad practice.
Like, when a DeepSeek dev uses these systems as intended, would they also be seeing the columns, keys, etc. in English? Is there usually a translation step involved? Or do devs around the world just have to bite the bullet and learn enough English to be able to use the majority of tools?
I'm realizing now that I'm very ignorant when it comes to non English-based software engineering.
That is precisely what happens. It is not unusual for code and databases to be written in English, even when the developers are from a non-English speaking country. Think about it: the toolchain, programming language and libraries are all based on English anyway.
However, a few years back it became common for most datasheets to be available in mandarin and english, and this year most PCB fabrication houses have gained support for putting chinese characters onto a circuit board (requires better quality printing, due to more definition needed for legibility).
Now there are a decent number of devices where the only documentation is only available in mandarin, and the design process was clearly done with little or no english involved.
Not everything changes though - gold plating thickness is measured by the micro-inch. Components often still use 0.1 inch pin spacing. Model numbers of chinese chips often are closely linked to the western chip they replace, the names of registers (in the cpu register sense) are often still english etc.
For some kinds of software, localized names make a lot more sense, e.g. when you're dealing with very subtle distinctions between legal terms that don't have direct English equivalents.
There are some business concepts that are very unique to a place (country-specific or even company-specific) with no precise translation to the English-speaking world, and so I sometimes prefer to keep them in their native language.
There is some merit in asking your question, for there’s an unspoken rule (and a source of endless frustration) that business-/domain-related terms should remain in the language of their origin. Otherwise, (real-life story) "Leitungsauskunft" could end up being translated as "line information" or even "channel interface" ("pipeline inquiry" should be correct, it's a type of document you can procure from the [German] government).
Ironically, I’m currently working in an environment where we decided to translate such terms, and it hasn’t helped with understanding of the business logic at all. Furthermore, it adds an element of surprise and a topic for debate whenever somebody comes up with a "more accurate translation".
So if anything, English is a sign of a battle-hardened developer, until they try to convert proper names.
I did try my hand at a translation tool, as it was all i18n up proper. Watched one guy blow coffee through his nose when I demo'ed - and the 'BACK' navigation was the French word for a persons back or something like that.
Depending on the company culture and policy, the most common thing to see is a mix of English variable and function names with native-language comments. Occasionally you will see native-language variable and function names. This is much more common in Latin character set languages (especially among Spanish and Portuguese speakers) in my experience; almost all Chinese code seems to use approximately-English variable and function names.
I'm a native English speaker, but from looking at various code bases written by people who aren't, I gather that it's basically this. It wasn't too long ago that one couldn't even reliably feed non-ASCII comments to a lot of compilers, let alone variable and function names.
Yes, that's what we did and do.
Depending on the project, I do use german variable names and comments at times, but stopped using all special characters like öüäß, they mess things up, despite in theory should just work fine.
Nowdays even chrome dev tools come in german, but experience shows, translated programming tools (or any software really) usually just have the UI a bit translated. But any errors you encounter or any advanced stuff will be in english anyway. And if you google issues of your translated UI, you won't find much, so better just use the original version.
So english it is.
(And it is the lingua franca in most parts of the world anyway)
When I interact with it by asking it a question in Spanish, the parts between the <think> ... </think> are in English before it goes on to answer in Spanish.
Give it a try in your favourite language.
I went on to ask it if it "thinks" in English, Spanish or Chinese but it just gives the pat answer that, being an LLM, it doesn't think in any language.
It also helps on the rare occasions some random notes evolve into a proper project that will have to be in English eventually anyway. There is no need for an extra translation step between initial idea and final product. All my vague hobby gamedev ideas are in English for instance.
That said, many developers might still prefer Turkish for naming DB tables, fields, variables, types and so forth if that’s the preference of the team. It wouldn’t be an exceptional situation. It’s quite easy too since Turkish also uses a Latin alphabet. May not be as easy or preferable in Chinese.
This way, you don't have to change keyboard layout while writing code.
Anyway, you're forced to learn some English when doing any real software development.
This makes some of their infra work and common misconceptions a little bit ... esoteric. So, English is crucial not just to do the job but to get best practices and CS info in general. It really helps a lot.
I mean we're kind of an outsourcing hub so it makes sense. Even some of our companies outsource further to the east so you really can't avoid it.
PS: I remember quite a while back when Wargaming's World of Tanks became a big thing they had to translate everything from Russian to English because they wanted to get foreign developers involved as well. Never heard of the reverse happening.
See also: aviation.
As programming languages keywords and APIs are written in english, it just looks better to keep it that way for identifiers and internal doc, the other way causes a dissonance for me which feels unconfortable.
Not only that. All of the code I (not a native English speaker) write, even if only I will ever see it, is in English - comments too. And I'm pretty confident all my colleagues do that too.
Might be different for languages with large population of native speakers (Croatian is just a few mil so we're more exposed to it), but you still can't avoid using English for tools / libs / docs / research papers / stack overflow...
That's how it goes, at least around Europe. People know English as a technical jargon (similar to legal French and Latin in English) and can juggle enough to get around documentation, but I've been in companies where I was the only fluent English speaker (and we're talking startup stuff). That gave ma a bunch of cool opportunities though, being pulled in every other meeting as the designated translator.
I do occaisonally find code with variable names in other languages, but it's very rare, for the most part if you want to code, English is the way.
I've also seen a few devs who used Hebrew variable names but spelled in English (`shalom` instead of שלום).
English is the universal language in programming and software engineering, much like Latin was the universal scholarly language in the past. Sometimes even to the extent that the language starts leaking from the code and technical documents, reports, etc. are being written in English, often just because the people working close to the software are more familiar with the terminology in English than in their native language.
Even when you install e.g. Debian today and select Not-English as the system language, you might be surprised to see that GCC actually has i18n'd error messages, at least for some languages. Same for coreutils. I doubt anyone uses that intentionally, and they're probably not very up to date, but it does exist... kinda.
https://en.wikipedia.org/wiki/Non-English-based_programming_...
However, I suspect it's a honey pot.
Don't forget Shenzhen is a stone's throw away from Hong Kong where English is widely spoken.
Yes, coding in english is the standard.
It just makes things A LOT easier in terms of debugging, researching, reading examples from documentation, etc etc. I don't even understand my (boomer) colleagues who straight up refuse to learn english and get angry when they can't find solutions with german search input
That.
There's also a huge mental switching context cost when you try to have code mixing, say, french and english together:
size_t taille;
site_t taille_domaine;
size_t length;
size_t domain_length;
But we pretty much all name our functions/methods/variables/etc. and write our comments in english.
FWIW when I code I actually both think and count in english.
- Dev infra, observability database (open telemetry spans)
- Logs of course contain chat data, because that's what happens with logging inevitably
The startling rocket building prompt screenshot that was shared is meant to be shocking of course, but most probably was training data to prevent deepseek from completing such prompts, evidenced by the `"finish_reason":"stop"` included in the span attributes.
Still pretty bad obviously and could have easily led to further compromise but I'm guessing Wiz wanted to ride the current media wave with this post instead of seeing how far they could take it. Glad to see it was disclosed and patched quickly.
- Password authentication (bcrypt, sha256 hashes) - Certificate authentication (Fantastic for server to server communication) - SSH key authentication (Personally, this is my favourite - every database should have this authentication mechanism to make it easy for Dev to work with)
Not very popular but LDAP and Http Authentication Server are also great options.
I also wonder how DeepSeek engineers deployed their ClickHouse instance. When I deployed using yum/apt install, the installation step literally ask you to input a default password.
And if you were to set it up manually with ClickHouse binary, the out-of-the-box config seal the instance from external network access and the default user is only exposed to localhost as explained by Alex here - https://news.ycombinator.com/item?id=42871371#42873446.
forced us to use an alternative, and paywalling security features in an "open source" product didn't make us feel comfortable for a long-term investment like a db
https://github.com/ClickHouse/ClickHouse/pull/68634#issuecom...
If you do this and the company you're conducting your "research" on hasn't given you permission in some form, you can get yourself in a lot of hot water under the CFAA in the USA and other laws around the world.
Please don't follow this example. Sign up for a bug bounty program or work directly with a company to get permission before you probe and access their systems, and don't exceed the access granted.
Complete database control and potential privilege escalation within the DeepSeek environment without ANY authentication...
For most people, bash is not a tool for interacting with the computer, it is how they express their frustration with the computer (sometimes leaving damaged keyboards).
There you have, the real face of Big Tech. Extinguishing the competition by locking a service behind a portal provided for free, then starting to milk the users, is not enough for them... they will also fight dirty, really dirty.
Seems like the kind of mistake you would make if you are not used to deploying external client facing applications.
Not only that, this was a "production-grade" database with millions of users using it and the app was #1 on the app store and ALL text sent there in the prompts was logged in plain-text?
Unbelievable.
[1] https://www.reuters.com/technology/cybersecurity/openais-int...
A large scale DDos is being directed against deepseek.
US big tech wants to quench the competition.
If you're releasing a major project into the wild, expect serious attention and have the money, you get third parties involved to test for these things before you launch.
Now can we get back to discussing the real conspiracy theories. This is clearly a disinformation piece by BigAI to add FUD around the Chinese challenger :-)
No one is here as far as I can tell. But if you've ever been a software engineer who is required to work with someone purely from an ML lab and/or academia, you'll quickly discover that "principled software engineering" just isn't really something they consider an important facet of software. This is partly due to culture in academia, general inexperience (in the software industry) and deeply complicated/mathematical code really only needing to be read by other researchers who already "get it", to a degree.
Not an excuse but rather an explanation for _why_ such an otherwise impressive team might make a mistake like that.
I haven't worked with serious ML engineers, but having worked in large webdev there's usually a team involved in these projects, including senior none devs who would ensure the correct checks and balances are in place before go live. Does this not happen in ML projects? (of course there are always exceptions and unknowns that will slip through, I don't know if that was the case here, or something else)
i suggest you guys don't do that also
this industry in china is so young, many devs and orgs don't understand what will happened if they shutdown the firewall or expose their database on the internet without a password
they just, can't think of it, need someone to remind them
I would recommend that. Bitwarden is a pretty good open-source password manager. You can install it as a plugin in your browser, so it can fill out your password for you so you don't have to manually copy and paste.
As I understand, the finish reason being “stop” in API responses usually means the AI ended the output normally. In any case, I don't see how training data could end up in production logs, nor why they'd want to prevent such data (a prompt you'd expect to see a normal user to write) from being responded to.
> [...] I'm guessing Wiz wanted to ride the current media wave with this post instead of seeing how far they could take it.
Security researchers are often asked to not pursue findings further than confirming their existence. It can be unhelpful or mess things up accidentally. Since these researchers probably weren't invited to deeply test their systems, I think it's the polite way to go about it.
This mistake was totally amateur hour by DeepSeek, though. I'm not too into security stuff but if I were looking for something, the first thing I'd think to do is nmap the servers and see what's up with any interesting open ports. Wouldn't be surprised at all if others had found this too.
https://platform.openai.com/docs/api-reference/introduction
Right there in the docs:
> Now that you've generated your first chat completion, let's break down the response object. We can see the finish_reason is stop which means the API returned the full chat completion generated by the model without running into any limits.
Regarding how training data ends up in logs, it's not that far fetched to create a trace span to see how long prompts + replies take, and as such it makes sense to record attributes like the finish_reason for observability purposes. However the message being incuded itself is just amateur, but common nonetheless.
> The Wiz Research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure
I did the same a while ago, an education platform startup had their web server misconfigured, I could clone their repo locally because .git was accessible. I immediately sent them an email from a throwaway account in case they wanted to get me in trouble and informed them about the configuration issues. They thanked me for the warning and suggestions, and even said they could get me a job at their company.
Wiz folks are notoriously shady. They cross the line a ton. They did this to Amazon and Microsoft to make a name among other. Super unethical.
Their product isn't terrible but their sales people are just terrible. Completely off-putting. Most of them are idiots from zscaler.
Likewise, there may be Chinese laws were violated. However, outside of China they are a moot point.
DeepSeek & users that had data exposed here should be thanking Wiz.
They are getting DoS’d by us gov too so they were only trying to help /s
But also one those of us actually working on foundational AI saw coming a mile away when most of the top research of late has been happening in Chinese labs, not American or European ones.
Can't wait to see what this boneheaded President's tarrif on TSMC does to this situation.
I don't understand the rage. This is good for everyone. Competition is what drives innovation and they even open sourced it! If you want to outdo them, learn from them. Don't just try to cry louder, it's embarrassing for everyone.
Can you please provide a source? Genuinely curious as this would be fatal to the US economy. Imagine working 2 years to get out from Covid chip shortages only to hammer progress down with tariffs.
NVIDIA's stock has been super bubbly—all DeepSeek did was set off itchy investor trigger fingers that were already worried about its highly inflated price.
DeepSeek uses H100s and H800s. They'll likely have reasons to buy more now, and America will want to compete even harder, buying more chips.
American companies are still way ahead as well, but they're just getting more competition. This will be healthy.
Tesla barely even sells but the stock just won't go down. Boeing orders have fallen massively and they're posting massive losses each quarter, and management shows zero desire to improve the situation. But the stock has basically stabilized since the initial catastrophes.
a) For inference, cheaper and faster compute will increase total inference spend, because the end-user products will work better and people will use them more.
b) For training, the big labs will continue to spend because we have yet to see diminishing returns to scale - in fact, we have in the past year unlocked a new dimension to scale up training-time compute - doing more RL after pre-training to improve reasoning capabilities. Since current SOTA models are not yet smart enough for all the tasks people want to use them for, this means that any efficiency gains will be used to further improve performance. In the current competitive environment, even with DeepSeek's work, it's near-impossible to imagine OpenAI, Anthropic, Google, or Meta deciding to cut the compute budget for training their next model by an order of magnitude. They will still incorporate DeepSeek's techniques into their next model, but use them to squeeze even more performance out of the compute they have, and will keep purchasing as much compute as NVidia will sell them. Expect this trend to continue until there are no more returns to scale anymore.
https://youtubetranscriptoptimizer.com/blog/05_the_short_cas...
Personally, I know I've lost a lot of street cred amongst certain work circles in recent history as far as my thoughts of 'shops should pursue local LLM solutions[0]' and the '$6000 4-8 tokens/second local LLM box' post making the rounds [1] hopefully gives orgs a better idea of what LLMs can do if we keep them from being 100% SAASlike in structure.
I think a big litmus test for some orgs in near future, is whether they keep 'buying ChatGPT' or instead find a good way to quickly customize or at least properly deploy such models.
[0] - I mean, for starters, a locally hosted LLM resolves a LOT of concerns around infosec....
[1] - Very thankful a colleague shared that with me...
"This is good for Nvidia" is the 2025 version of "this is good for bitcoin"
A lot of people want to poke at Chinese weakness wherever it’s exposed because Americans are used to being the best and also unconscious racism. When Japan was about to overtake the US the US pulled some similar moves and that is partly what’s responsible for japans current economic funk. It’s unlikely these moves will work on China.
Obviously i am disappointed regarding this, but people really blow this out of proportion imo. Rumor is this was a side project for some employees at a hedge fund. you think they specialize in security and software application best practices? i’m not exactly surprised that it’s insecure.
The really crazy thing is that anyone gives ANY company sensitive data to train on. regardless of which country the service is running in. That’s what’s actually crazy.
This whole thing should be an eye-opener to most people.
To ask an honest question, who gives a crap if a Chinese company manages to grab data that many of the usual Silicon Valley suspects have had all along and have been incrementally updating? How is this a "threat".
To pile on another gripe, why the hell does every single media outlet point out the "Tienanmen Square" question?
The whole thing has just become embarrassing. I honestly can't fathom what worse China could do with my personal info than the likes of say, Meta. I'm not saying I would enjoy it, but I just don't see how it could be more harmful than the Silicon Valley status quo.
Given how closely major US tech companies are now affiliated and partnered with the US Federal government, arguably the direct potential threat from them to US citizens may well be higher than from across a very big pond.
People trot out "I'd rather our guys spy on me than them" a lot, but that's putting a lot of faith in your local government. Conversely, who do you think has more to fear from their logged prompts on DeepSeek, US or Chinese citizens?
It is a threat to WallStreet and Silicon Valley. It just broke the illusion that they're kings of tech.
> why the hell does every single media outlet point out the "Tienanmen Square" question?
Sour grapes, but also the media cannot report anything about China without showing its anti-China bias.
No it isn't (well it probably is too). This is the rather naff nation state bollocks in play.
You have either or both of "some bigger boys found a more efficient way of doing something I thought I was good at" and "I've wet myself".
[0] https://www.spiegel.de/international/business/we-know-where-...
https://news.ycombinator.com/item?id=41678840
The joke is these companies build systems that can tell them how to implement better security, they simply don't care.
I doubt it very much that it only was that and not massivly backed by the Chinese state in general.
As with OpenAI, much of this has to do with hype based speculation.
In the case of OpenAI they played with the speculations, that they might have AGI locked up in their labs already and fueled those speculations. The result, massive investment (now in danger).
And China and the US play a game of global hegemony. I just read articles with the essence of, see China is so great, that a small sideproject there can take down the leading players from the west! Come join them.
It is mere propaganda to me.
Now deepseek in the open is a good thing, but I believe the Chinese state is backing it up massivly to help with that success and to help shake the western world of dominance. I would also assume, the chinese intelligence services helped directly with Intel straight out of OpenAI and co labs.
This is about real power.
Many states are about to decide which side they should take, if they have to choose between West and East. Stuff like this heavily influences those decisions.
(But btw. most don't want to have to choose)
Alibaba has Qwen. Baidu, Huawei, Tencent, etc all have their own AI models. The Chinese government would most likely push one of these forward with their backing, not an unknown small company.
# Please install OpenAI SDK first: `pip3 install openai`
from openai import OpenAI
client = OpenAI(api_key="<DeepSeek API Key>", base_url="https://api.deepseek.com")The client facing aspect isn’t the problem here. This linked article is talking about the backend having vulnerabilities, not the client facing application. It’s about a database that is accessible from the internet, with no authentication, with unencrypted data sitting in it. High Flyer, the parent company of Deep Seek, already has a lot of backend experience, since that is a core part of the technologies they’ve built to operate the fund. If you’re a quantitative hedge fund, you aren’t just going to be lazy about your backend systems and data security. They have a lot of experience and capability to manage those backend systems just fine.
I’m not saying other companies are perfect either. There’s a long list of American companies that violate user privacy, or have bad security that then gets exploited by (often Chinese or Russian) hackers. But encrypting data in a database seems really basic, and requiring authentication on a database also seems really basic. It would be one thing if exposure of sensitive info required some complicated approach. But this degree of failure raises lots of questions whether such companies can ever be trusted.
You're reciting a bunch of absolute numbers, without any sort of context at all. $5M isn't the same for every company. For example, in 2020, it seems High Flyer spent a casual $27M on a supercomputer. They later replaced that with a $138M new computer. $5.5M sounds like something that could be like a side-project for a company like that, whose blood and sweat is literally money.
> But this degree of failure raises lots of questions whether such companies can ever be trusted.
This, I agree with though. I wouldn't trust sending my data over to them. Using their LLMs though, on my own hardware? Don't mind if I do, as long as it's better, I don't really mind what country it is imported from.
This is not fair. Is OpenAI, for example, including the CEO paycheck for the model training costs?
Zero evidence that the above statement is true, and weak evidence (authors' claims) that it is false. Have you read their papers even?
https://arxiv.org/html/2412.19437v1#abstract https://arxiv.org/pdf/2501.12948
I'm sure you were just mislead by all the people including Anthropic's Dario parroting this claim, but even Dario already said he was wrong to say that and semi analysis already clarified it was a misunderstanding of their claim, which was 50,000 H series, not 50,000 H100.
But the software? Absolute disaster.
When people say DeepSeek is a side project, this is what I assume they mean. It's different when a bunch of software engineers make something with terrible security because it's their main job. With bunch of academics (and no offense to academics), software is not their main job. You could be working on teaching them how to use version control.
Can we stop with this nonsense ?
The list of author of the paper is public, you can just go look it up. There are ~130 people on the ML team, they have regular ML background just like you would find at any other large ML labs.
Their infra cost multiple millions of dollar per month to run, and the salary of such a big team is somewhere in the $20-50M per year (not very au fait of the market rate in china hence the spread).
This is not a sideproject.
Edit: Apparently my comment is confusing some people. Am not arguing that ML people are good at security. Just that DS is not the side project of a bunch of quant bros.
So maybe not a side project, but if you have ever worked with ML researchers before, lack of engineering/security chops shouldn't be that surprising to you.
OP means to say public API and app being a side project, which likely it is, the skills required to do ML have little overlap to skills required to run large complex workloads securely and at scale for public facing app with presumably millions of users.
The latter role also typically requires experience not just knowledge to do well which is why experiences SREs have very good salaries.
Data breaches from unsecured or accidentally-public servers/databases are not unusual among much larger entities than DeepSeek.
We're not talking some poor college students here.
You can fault them for disclosure practices though :-)
>The Wiz Research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure.
It seems like Wiz told deepseek and deepseek secured this vuln?
We all agree this kind of leak should be disclosed. However normally security researchers don't just leaks specific URL and etc. This may be what the parent is referring to.
If your information is sensitive, do not use an LLM by public API - absolutely all of your data is being stored and processed. For all of them.
Downvoted - because of course the CCP wouldn't want all of this data, that's preposterous. What would they even do with it? /S
Kinda like how your comment was grey within 1 minute, despite stating an objective truth.
Sure, this is to be expected given the billions and billions of dollars at stake but like - that money is gone lol. DeepSeek isn't going back in the bottle, nor is open source AI in general.
No worries. :)
> Does this not happen in ML projects?
Consistently? No. At the level of e.g. OpenAI/Anthropic? It is mandatory. These are not just research labs, they're product (ChatGPT, Claude) companies. These American companies have done a reasonable job at hiring for all sorts of skillsets to keep things well rounded.
Perhaps DeepSeek hasn't learned this lesson yet... Or, well - it could be far more complicated than that. Speculating is only so useful with so little information.
I don't claim it is all staged. The researchers seem genuine. But they can be good researchers and still said yes at some point to big government help, if smart chinese government employes recognized their potential.
Neither end is terribly useful. Unfortunately, the $5.5M number is for the latter.
Hopefully it's just posturing, but either way it's utterly asinine yet about par for the course what I would have expected from this administration.
This wasn't narrow minded folks doing this. Shit happens.
This includes salary for ~130 ML people + rest of the staff, company is 2 years old. They have trained DeepSpeek V1, V2, R1, R1-Zero before finally training V3, as well as a bunch of other less known models.
The final run of V3 is ~6M$ (at least officially...[1]), but that does not factor the cost of all the other failed runs, ablations etc. that always happen when developing a new model.
You also can't get clusters of this size with a 3 weeks commitment just to do your training and then stop paying for it, there is always a multi-month (if not 1 year) commitment because of demand/supply. Or, if it's a private cluster they own it's already a $200M-300M+ investment just for the advertised 2000 GPUs for that run.
I don't know if it really is $1B, but it certainly isn't below $100M.
[1] I personally believe they used more GPUs than stated, but simply can't be forthcoming about this for obvious reason. I have of course not proof of that, my belief is just based on scaling laws we have seen so far + where the incentives are for stating the # of GPUs. But even if the 2k GPUs figure is accurate, it's still $100M+
Is that true? No idea. But there isn't zero evidence.
Both Volkswagen and Subaru have leaked his DNA in the last few weeks? Dude gets around.
From the mouth of Liang Wenfeng, co-founder of both High Flyer and DeepSeek, 18 months ago:
"Our large-model project is unrelated to our quant and financial activities. We’ve established an independent company called DeepSeek, to focus on this."
https://www.chinatalk.media/p/deepseek-from-hedge-fund-to-fr...
They literally did, though? They were resolved before publishing.
Responsible disclosure normally means you wait up to 90 days so they can fix it, before you disclose it to the public. In this case, it was fixed immediately, so they disclosed it to the public immediately.
Which is another thing it seems Chinese corporations do better than American ones.
It's a little bit better if only the comments are in Swedish but it's still annoying...
Luckily it's very rare.
Bonus point when the people who decided to use English words are also all proud of their "DDD" architecture.
Based on my experience in Norway, it is common to use English but there is also not a complete surprise to find code in Norwegian either.
I remember looking at code written by a Norwegian government agency many years ago, and asking why they used Norwegian names for functions and variables. Didn't everyone use English? The answer was that they had so much domain specific terminology that it is not only hard to find English equivalents, it was so ingrained in the business logic that they don't want to risk any confusion and legal consequences. If a function was named validateFoo, then "Foo" had a single shared understanding.
I've also experienced a similar situation in an English context where the concept is renamed on UI, while everywhere in the code it uses the old name. Then things are starting to mix with each other and then a new concept is introduced with the old name...
Fun times.
The OpenAI API is basically the gold-standard for all kinds of LLM companies and tools, both closed and open source, regardless of whether the underlying model is trained on OpenAI or not.
DeepSeek-R1-Distill-Qwen-1.5B, DeepSeek-R1-Distill-Qwen-7B, DeepSeek-R1-Distill-Qwen-14B and DeepSeek-R1-Distill-Qwen-32B are derived from Qwen-2.5 series, which are originally licensed under Apache 2.0 License, and now finetuned with 800k samples curated with DeepSeek-R1. DeepSeek-R1-Distill-Llama-8B is derived from Llama3.1-8B-Base and is originally licensed under llama3.1 license. DeepSeek-R1-Distill-Llama-70B is derived from Llama3.3-70B-Instruct and is originally licensed under llama3.3 license.
Some people like to complain that the stock market is very short termist, and valuations never reflect what happens in the long term. And here you complain that the stock market doesn't focus solely on short term pain, but is looking to some potential futures.
If you are afraid of the potentially unlimited downside to a short, you can buy an out of the money call option as an insurance. Or instead of shorting directly and insuring that, you can also buy a put option, which gives you the right to sell the stock at a specific price.
If you're from Europe knowing Latin definitely gives you a deeper appreciation of a bunch of stuff.
It's a useful way of formalising verb conjugation and tenses which is common across the major European languages. Something they all take for granted but I watch my poor mother's mind melt when she tried learning German as a Chinese speaker. Especially as a lot of these forms are looser and more forgiving in English.
A lot of vocabulary has its origins in Latin and biology and medicine still like to borrow from it.
It's niche but only today I was playing some Mozart on the piano and saw "M. S." where I was meant to cross the hands and I considered for a sec and guessed it must be mano sinistra (forgive the declension) even though I've never learned Italian thanks to Latin.
Latin would have been used pre-Renaissance. Our grandparents might have still had to learn it as a part of an educated person's toolkit, but it was long not intended for communication anymore back then.
From what I remember, there was a divide between Catholicism and Protestantism, where some of the smaller countries that followed Protestantism used German as a common language due to its origins. I think knowledge of German in Norway was something that was expected of students attending the universities until the mid 1900s (due to geopolitical changes)
https://chatgpt.com/share/679b43af-e770-800a-92ee-b27bd87194...
Some organizations have some form of Enterprise Architecture group that governs technology and ensures that there is discipline though the maturity and scope varies. I would say most organizations are completely devoid of that type of supervision and oversight.
It's unfortunately far too counter to "move fast and break stuff" that startup space tends to be enamored of, because they tend to want you to do things safely and try to avoid a "Front page of the New York Times" type of security event.
I think they correctly believe security failures are at most a short term PR problem as far as the market is concerned.
>The Department of Justice today announced the revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA).
The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.
... It is special.
There was over a trillion dollars wiped from tech stocks lol, in a massive win for consumers and the planet. You can't say this is like Flappy Bird or something.
For sure. This one was pretty clear though. It's exactly what you'd expect when a moat evaporates overnight.
Even if tech stocks recover in 2 weeks (doubt) an open source model comparable to o1 with a 50x efficiency gain is still not just another app. Which means there will be bad actors with a special interest in spreading narratives on every relevant forum...
Any data center project currently under way or with plans to open within the next year or two has already place orders with NVidia or will do so very soon. Due to demand and lead times, you have to order to critical parts and systems today if you want to have half a chance of receiving them a year from now. Hardware supply lines are long and complex. I like to say that you cannot run a compiler and end-up with a warehouse full of chips.
The next fundamental reality has to do with competition.
Suppose company A foolishly decides to build a data center with only 10% of the chips they originally wanted based on the hype around DeepSeek. In the meantime, company B sticks to the plan and, perhaps, decide to take add the 90% of chips data center A did not take.
The net result will be the company A will be absolutely destroyed by company B. They will have nearly twice the compute capacity, which will translate to a huge competitive advantage across many fronts.
In other words, the selloff is, at best, ill informed. Market forces caused FUD. The smart one's took it as an absolutely massive buying opportunity. All you have to do now is wait.
Everyone just starts repeating the same things until people believe them as fact.
The "sell off" was basically nothing. Who cares that the NVDA went back to the price it was in October then bounced in the after market one day.
It is a complete non-story. Even at the bottom of the "sell off" it was still up 20% from the end of summer.
Listening to any news makes people less informed about the world in 2025. We are way past Gell-Mann amnesia. That was for the newspaper. "The news" in 2025 is really a strange kind of mass confusion engine. The more news a person consumes the more confused they are about the world.
The reality is that your average "civilian" stock investor, speaking in very generalized terms, is supremely ignorant.
I don't say this as a pejorative BTW. I am supremely ignorant of the inner workings of the pharmaceutical industry. Because of this, I do not invest in that sector. I have no way to understand any of it at a depth sufficient for me to make informed decisions. I'd be throwing darts at a board.
That is precisely the situation with lots of investors in the chips, electronics and software worlds. They don't know what they are doing. They have no clue whatsoever about the business cycles and realities of making these things, selling them, bringing them to market, competitive landscapes, implementation, etc.
And so, they are blind and reactive. If they stay in panic mode, we might very well see NVidia stock get down to $100. Frankly, I am actually rooting for that. I want all of these fools to get off the stock. And I want to load-up on it some more. They don't understand business (in general) enough to understand the relationship between DeepSeek and data centers, planned and future. They don't even stop to think about the reality that nobody in business who isn't a fool is going to use an AI service in China or developed by China. If they are hyperventilating about TikTok, I cannot even imagine what it would be like if all AI queries go to servers in China or are answered by models trained in China. I love China for all they have achieved, but it is no secret that they are not an open society at the level of most western societies.
I think we just have to wait until the sheep stop running before sanity will return to the field. They are getting hurt very badly. It's sad to watch.
You need a software first agile mentality from the leadership of the company on downwards and these legacy companies just dont have it.
It's been an absolute disaster, with billions of dollars spent to produce delayed, buggy software.
Agile workflow for frequently updating non-critical software in devices that happen to be cars? Sure.
The problem with software companies is they’re bad at hardware for the same reason.
User experience companies can be good at both. Maybe not as good at hardware as a hardware company, maybe not as good at software as software companies.
Apple’s the obvious example, but Google, Garmin, heck even Starbucks are also good examples. Start with the user experience, build hardware of software or whatever else is needed. Specializing in a tool has value, but limits you to that tool.
I can release a website with a list of known bugs. Do any govt allow release of cars with known bugs?
Safety-critical firmware is scrutinized fairly well (not because it's not a side project, but because of regulatory constraints combined with the small scope allowing the car manufacturers to treat it as a fungible good), but other software is not, even broken feedback loops interacting with that firmware.
If I could walk everywhere the rest of my life, I would.
function czyWybranoPsa() {
var isPies = false; var bil_dod_psy_arr = [17, 18, 19]; // psa, psa-asystenta, psa-przewodnika
$(".bilet_dodatkowy").each(function(idx, elem) { if (bil_dod_psy_arr.indexOf(parseInt($(elem).val())) > -1) { isPies = true; } });
return isPies; }
To maintain optimal efficiency, a Flyweight is used for the "Hello, World!" string, preventing redundant memory allocation. The Proxy regulates access to the print function, ensuring only authorized modules can invoke it. The Composite structure organizes potential multiple output streams, making it easy to expand the system beyond just console printing. A Factory of Factories, or MetaFactory, oversees creation of our AbstractFactories to maintain consistency and scalability.
Before execution, Encapsulation hides implementation details while Cohesion ensures the PrintHandler remains single-responsibility. Loose Coupling ensures that changing one component won’t break the system. Interfaces dictate behavior, and Abstract Classes provide reusable codebases. Dynamic Dispatch selects the appropriate OutputStrategy at runtime.
To enhance modularity, a Decorator wraps the PrintHandler for additional formatting options, an Adapter ensures compatibility with different logging frameworks, a Memento preserves state in case a rollback is needed, and a Facade simplifies access for higher-level modules. The Chain of Responsibility delegates different logging levels, while the Command Pattern encapsulates the printing request for possible queuing or delayed execution.
By adhering to Open-Closed, we can extend our print functionality without modifying core logic. Liskov Substitution ensures all output strategies remain interchangeable. Interface Segregation ensures smaller, focused contracts. Dependency Inversion prioritizes abstractions over concrete implementations.
Finally, SOLID principles uphold scalability, reusability, and maintainability. UML diagrams map out relationships, Sequence flows depict interactions, and Design Contracts enforce constraints, ensuring the system remains adaptable.
After all this, we simply call PrintManager.getInstance().print("Hello, World!"); and marvel at our masterpiece.
US is the prominent trade freedom proponent champion until it does not suits them
Also US is the prominent democracy proponent champion until it does not suits them
And also US is the free speech freedom champion until it does not suits them
It's all just dirty politics, in the end none of the people in power care if selling such technology feeds a monster or not, as long as they get their bags of money.
Given what we know about the PRISM program, it's a distinction without much difference.
Remind me of the list of US tech CEOs who were at (and paid for!) the inauguration?
While I agree with you overall ... have you heard of Mar a Largo?
As long as you're reasonably confident that the bugs don't pose a safety issue I don't see the problem.
Which brings us neatly to OpenAI
Luckily if you are intelligent enough to read Dutch learning English is a walk in the park.
If anything, r1 makes even more GPU demand likely, since it mitigated or at least delayed the risk AI hit a dead end (in which case, ceasing development may actually make sense).
Unless AI is a bubble, and it pops, I can't see the demand for compute going down.
Project Stargate is some large fraction of that, and of course Softbank is no stranger to losing money on overestimating demand (for example, WeWork). To be fair, China has a lot of overestimation of demand too (for example Evergrande). The other is that rapid competition leads to overinvestment by all parties.
https://www.wsj.com/tech/ai/sam-altman-seeks-trillions-of-do...
And money 5 years from now is simply worth less to markets than money 7 years from now.
I certainly would not, or it would take me a significant amount of time to do properly. I have been a full stack dev for 10 years. Now take that one step further to someone whose only interaction with a development is numpy, pandas, julia, etc…
You are, in typical HN style, minimising the problem into insignificance.
This is /not/ a “stick it behind an aws load balancer and on one of their abstracted services that does 99% of the work for you” - that would be less difficult.
E: love how this is getting ratioed by egotistical self confessed x10 engineers no doubt. Some self reflection is needed on your behalf. Just because /you/ think you would be capable, does not mean that the plethora of others would be able to.
What likely happened here is an ingress rule was set up wrongly on iptables or equivalent.. something many of your fellow engineers would have no clue about. An open dev database is rather normal if you want something out of the door quickly, why would you worry about an internal accessible only tool’s security if you trust your 10 or so staff. Have a think about the startups you have worked in (everyone here is a startup pro, just like you are - remember!) and what dire situation your mvp was in behind its smoke and mirrors PowerPoint slide deck.
Yes this was disastrous for PR. No it is not a problem solved in its entirety entirely by learned engineering experts like yourself.
Oh here. A comment from ClickHouse saying there is a legitimate reason why this will have been configured this way and happened https://news.ycombinator.com/item?id=42873446
There was a recent comment which said along the lines of “I used to watch figure skating, seeing them race around and spin, and think no big deal. It was only when I went on ice that I realised how difficult and impressive what they were doing was” - this is exactly the trap SWEs are most guilty of. — /this/ is what you learn as a staff level.
>An open dev database is rather normal
Not open to the internet it's not! Internal network, perhaps.
>someone whose only interaction with a development is numpy, pandas, julia, etc
This person should be aware of their limitations and give the task to someone who knows what they're doing.
There are many in the software engineering field which could not satisfy a request of this nature, for any reasonable form of "asked them to".
I don’t know if you are in agreement with me or not
https://venturebeat.com/offbeat/how-volkswagen-used-software...
Considering how much manufacturing and science etc. has fully migrated to metric, even in the US, this seems bizarre to me.
Recently there has been a shift to metric in EDA software, so you'll see often see multiples of 2.54mm, and packages are switching to metric for the fine-pitch stuff. Often you'll have spacing in both units in the same design.
1 the anticipation and answering of possible objections in rhetorical speech.
2 the representation of a thing as existing before it actually does or did so, as in he was a dead man when he entered. Compare with analepsis: the destruction of the Vendôme Column and his part in it are foreshadowed in moments of haunting prolepsis.
I've yet to see one of these in the wild, but it sounds cool to me and I would like to see it.
There's something of a problem the CJK languages have in not being able to do abbreviations or acronyms, so in Japanese you will occasionally see a couple of Latin letters standing out because that's much shorter than an inconveniently translated word.
I mostly encounter this watching anime, and I feel it stands out more than it should. It's not just the sudden shift to an entirely different family of glyphs - the overall typography feels off. There's room for improvement here.
It’s that ugly vertically-stretched serif typeface - the one used on those little gold-coloured “QA” stickers that used to be everywhere on/in consumer goods.
This changed with IC SMD packages. It's now mostly even 100-micrometers.
SMD passives seem to be in a state of limbo, but mostly still using inches. Mouser lists resistor size codes as both inch and mm. It's a bit confusing.
They build whatever hardware (in store) or software (mobile / back end) is necessary to give the user experience they want.
But you’re absolutely right — we can lump their mediocre coffee into hardware, or call it “goods” as a third category that you also don’t have to be the best at if you’re a UX company.
In general, these things happen, and are not restricted to pre-Internet times - in fact, I most often see it in random webshit SaaS developed in Europe - things like, say, food delivery - Pyszne.pl and pizzaportal.pl (defunct) come to my mind. Those sites tend to be well-localized, so they seem like local businesses targeting the national market. But then you accidentally look at an URL deep in ordering form, or the ordering form breaks and you pull up dev tools to fix it, and suddenly you realize the SaaS operator is actually German or Swedish or Dutch, and they're just deploying the same platform across the EU, with a really good localization polish.
function czyWybranoPsa() {
var isPies = false; var bil_dod_psy_arr = [17, 18, 19]; // psa, psa-asystenta, psa-przewodnika
$(".bilet_dodatkowy").each(function(idx, elem) { if (bil_dod_psy_arr.indexOf(parseInt($(elem).val())) > -1) { isPies = true; } });
return isPies; }
;)
Old habits die hard I guess...
So we're good. :-)
It isn't uncommon to find german variable names in codebases that predate web 1.0 or linux.
Now that I think about it, german is especially good at creating words by concatination. So "arrival time" should just be the single word "Ankunftszeit" - "ankunftZeit" feels a bit off.
- English: verbing and nouning. All languages have ways of introducing new words, but only in English I've seen it accepted as something anyone can casually do in a throwaway manner. Have a noun but want to talk about the (contextually) default action related to the noun? No big deal, just stick an "-ing" or "-ed" to its end and carry on. I adore this feature.
- German: word concatenation you mention, it's a killer feature. And then there's the peculiar grammar that puts the most important verb at the very end of a sentence, giving you stuff like "Gegen die hohen Preise für Gas, Strom und Treibstoff will die Regierung etwas machen", meaning "The government wants to do something about the high prices for gas, electricity and fuel", but structured as "<tone> <stuff> <blah> <blah> <subject> <stuff> do something". So not only you need to listen to the end of a sentence to know what it's about, but you can actually zone out a bit early on, catch the last few words, and still recover the meaning. I'm sure one could write an interesting signal processing take on this.
(If anyone knows examples of such unique/special "skills" for other languages, I'd love to hear about them!)
Not if you think of it as Hungarian notation.
Literally the arrival time of the train
Very interesting! I'm sure you have a source for this claim?
This myth of DS being a side project literally started from one tweet. DeepSeek the company is funded by a company whose main business is being a hedge fund, but DeepSeek itself from day 1 has been all about building LLM to reach AGI, completely independent.
This is like saying SpaceX is the side-project of a few caremaking bros, just because Elon funded and manages both. They are unrelated.
Again, you can easily google the name of the authors and look at their background, you will find people with PhD in LLM/multimodal models, internships at Microsoft Research etc. No trace of background on quant or time series prediction or any of that.
From the mouth of the CEO himself 2 years ago: "Our large-model project is unrelated to our quant and financial activities. We’ve established an independent company called DeepSeek, to focus on this." [0]
It's really interesting to see how after 10 years debating the mythical 10x engineer, we have now overnight created the mythical 100x Chinese quant bro researcher, that can do 50x better models than the best U.S. people, after 6pm while working on his side project.
[0]: https://www.chinatalk.media/p/deepseek-from-hedge-fund-to-fr...
https://www.pekingnology.com/p/ceo-of-deepseeks-parent-high-...
TDLR Highflyer started very much as exclusive ML/AI focused quant investment firm, with a lot of compute for finance AI and mining. Then CCP cracked down on mining... then finance, so Liang probably decided to pivot to LLM/AGI, which likely started as side project, but probably not anymore now the DeepSeek has taken off and Liang just met with PRC premiere a few days ago. DeepSeek being independent company doesn't mean DeepSeek isn't Liang's side project using compute bought with hedge fund money that is primarily used for hedgefund work, cushioned/allowed to get by with low margins by hedgefund profits.
The point is, the team actually doing the DeepSeek work are working on this as their exclusive project, have been hired exclusively for this etc.
They aren't doing this on the side of their main quant job, and destroying U.S. researchers just as a hobby as the myth would have us believe.
However, i'm not sure that them being LLM researchers compared to quant researchers changes the dynamic of their relaxed security posture.
It does not indeed, but that's not the part I was commenting on.
The mythologizing around deepseek is just absurd.
"Deepseek is the tale of one lowly hedgefund manager overcoming the wicked American AI devils". Every day I hear variations of this, and the vast majority of it is based entirely in "vibes" emanating from some unknown place.
It's fascinating that a couple of years and a few competitors in, the DeepSeek moment parallels it so closely.
Then again, it's my opinion that "law" isn't "law" if one has enough lawyers
And yes, it's posturing if you wax on from such a pedestal without even reading the first paragraph of the article, which addresses your legitimate concerns.
See e.g. FizzBuzz Enterprise Edition https://github.com/EnterpriseQualityCoding/FizzBuzzEnterpris...
I’m working for a company that’s doing things in typescript using IOC and dependency injection everywhere. It pervades the minds of Americans such that they walk and talk like a parrot parroting that book.
What Americans don’t realize is that those patterns are arbitrarily made up. It’s as arbitrary and localized as the Japanese having to bow for politeness. There’s nothing intrinsically hugely beneficial for following this style. In fact, modern languages push against it. Languages like golang and rust are examples. Even JavaScript was an example although recent es6 syntax makes patterns more easier now
I think you will find most Java programmers were using these patterns before they came across the book. The language naturally leads you in that direction. The book just put a name on them.
It's also a status symbol.
The smaller the language pool is the stronger this effect is. Japan is large enough that it's less guaranteed. Places like India and Indonesia that have a lot of internal languages end up using English as a lingua franca (+) as well.
(+) latin term!
[1] https://yandex.ru/project/browser/streams/technology (RU only)
(someone who had to learn english to do programming)
If the stack overflow examples are in English, you might as well use it. That's also why JavaScript is maybe a better choice than Typescript even if Typescript is better.
relying on machine-translated documentation or limiting yourself to only using libraries written in your native language would be a huge impediment.
load "*",8,1
and back then I didn't understand what load means any more than I understood what ,8,1 means, I just knew that if I press this sequence of letters it will start summer olympics.
Sure you can, if you know Java, which is its own language distinct from any natural language.
Conversely, you can't program in Java if you know English, but not Java.
> A for-loop has to be written in English??
No, it has to be written in Java. It's true that Java keywords are mostly themselves borrowed from English (often by way of C++ or other computer languages rather than directly) with a use in Java that has some connection to the meaning in English, so its probably easier to learn Java if you already know English (even before considering that there is probably more and better documentation in English than other languages), but that's not the same as English being a requirement for programming Java.
They translated the keywords. Even if you've programmed in proper programming languages for years without knowing English, all the regular keywords to get stuff done you will know in English. And you won't be able to do a single thing in Excel coz none of the keywords work.
One good thing I guess: You can honestly say when they ask you "hey, you know how to program computers, right? Can you help me with this problem in Excel" and you can honestly say: Nope, can't, no idea how that works. See it doesn't even have a simple IF.
Example: https://easy-excel.com/excel-in-other-languages/excel-formul...
Come to think of it, I wonder if there are language concepts that don't map to English that artificially restrict what we can program?
For example would programming U->D, R->L in Chinese (vs L->R, U->D in English) result in easier to read programs somehow?
Would being able to program using iconography (like a bunch of FE languages) result in more "screens" of text to aid understanding?
> voted for Hamas
It looks incredibly hypocritical to much of the world, and I can see why.
What an incredibly awful comment to make after so many kids have gotten blown to bits by Israel as some sort of justification.
Same sorts of stuff were said about Irish people during the Troubles btw.
An American woman visiting Berlin - intent on hearing Bismarck speak - obtained two tickets for the Reichstag visitors' gallery and enlisted an interpreter to accompany her.
Soon after their arrival, Bismarck rose and began to speak. The interpreter, however, simply sat listening with intense concentration. The woman, anxious for him to begin translating, nudged and budged him, to no avail.
Finally, unable to control herself any longer, the woman burst out: "What is he saying!?" "Patience, madam," the interpreter replied. "I am waiting for the verb."
'Aan die hoge brandstofprijzen zal de regering iets gaan DOEN'.
If I say it in my local dialect, it will sound a lot like German.
Speaking of unique skills, I find French very unique as well. "His life" translates to "sa vie" because vie happens to be female. "what is it" translates to "qu'est-ce que c'est", a _seemingly_ random concatenation of shortened words, in spoken form it is only 3 syllables!
'T_PAAMAYIM_NEKUDOTAYIM' is the PHP parser's name for the '::' double-colon/scope-resolution-operator token; it means 'T_DOUBLE_COLON' in Hebrew, hence related parser error messages mean "Unexpected double-colon/scope-resolution-operator found". There was some controversy in the PHP community in 2013 about keeping the non-English naming as it was widely considered confusing to users.
Java was released in 1995.