Nah I went straight to bed, and did not check my phone until the next morning, which is when I saw my trip was listed as Garden Grove to Santa Ana (legit) and then Pasadena (not legit).
And the next day you called your credit card issuer and disputed the charge, right?
Both swilden's explanation and your link make perfect sense. Which makes me wonder why Matthew Green said this:
> 1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
Odd.
Confirmation bias at work, I think. Everyone is vulnerable to it, even brilliant guys like Matthew Green.
That citation doesn't support your claim that "the banking class is in a panic". It weakly supports the claim that "the current system depends on exponential growth", though the article says that demographic stagnation is a "headwind", not a hard obstacle.
1. Type the name of something on your system, press enter.
2. Mutter a few choice words under your breath and close the control panel or Microsoft Store app listing that opened instead of what you wanted.
3. Type the name of something on your system, use the mouse to click on it because it's actually the third item in the list for some reason.
Local and intranet search is actually a much harder problem than web search. The hard part of any search system isn't finding and indexing the data, it's figuring out which entries in the index are the best matches. With local search, this is trivial. You show all of the matches, in almost arbitrary order, and you're mostly fine. There's so little data that the user can almost always find what they're looking for. It's not great, but it works.
With web search, you have massive data volume, but the data is all interconnected, and those connections give you strong clues about which results are the most valuable and useful, so you put those at the top. This was Larry Page's insight in the mid 90s. You can get more sophisticated, but that one heuristic gets you most of the way.
With intranet search, there's too much data for the local approach to work, and too little structure for the Internet approach to work. Intranets tend to contain lots of disconnected documents and understanding which ones are the most useful really requires understanding both the contents of the documents and the goals of the seeker. This is really hard.
And, obviously, combining all three of these into a single search space is crazy hard to do well. We'll see if Microsoft has managed to pull it off, but I'm not holding my breath. Most likely they'll just manage to make it far worse.
What does that have to do with anything? If it's a shared computer each person would have to log into their own account. More than likely under their own profile.
Profiles address the issue, but the problem they're trying to address for users who don't use profiles is pretty clear. Jane is using the computer and has logged the browser in to her Google account, and has sync and web history enabled. Dick uses the computer and logs into his gmail account, then does does some browsing, thinking the browser is logged into his account, which has web history disabled. His browser use gets logged in Jane's web history, violating Dick's privacy in two ways: He didn't want his browsing logged at all, and depending on the relationship between Dick and Jane and and what exactly he browsed, may really not want it logged to Jane's account, where she can see it (though if this is the situation, he's an idiot for using a shared browser and not opening an incognito window, because local browser history is a thing).
Perhaps even worse, I said that Jane has sync enabled, which can include password sync. So Dick may inadvertently give Jane his passwords this way, too.
My bet (though I don't have any particular knowledge about it) is that this is not a theoretical scenario, that it has actually screwed a number of people which is why it came to the Chrome team's attention.
Making browser login track the login Google apps is an obvious solution to this problem. Perhaps there's a better one, though.
The correct title should be; Google's Attempt to suppress memo fails with massive Streisand effect.
True. But something to consider: You see from this how good Google is at suppressing information that outrages its employees. Add to that the fact that Google's employees include tens of thousands of the hardest-core geeks there are, who tend to hold the same sorts of positions on things as slashdotters. Then consider how likely it is that Google could keep its employees silent about all of the abuses that so many assume they must be guilty of. Many corporations could do it, but Google is not among them.
Perfection being impossible is no reason not to try. We try to invent better ways of structuring software so that we can reduce the amount of communication required, but will always have to talk. And we try to be better at communicating with people, but we'll never be perfect there, either. Don't accept the status quo, always try to make it better.
>it should be made clear to everyone that software engineering is not such a field. You can (and must) accomplish small things without talking to people, but to do anything of real significance communication is an essential skill.
Software engineering is indeed, such a field.
You're dead wrong. Programming can be done without communicating much with other humans, but only as long as the program is small enough to be created by a single person. Software engineering is programming at scale, creating large systems that no one person could produce, or fully understand, and it cannot be done solo.
You can't offend a computer. Debugging requires zero politesse.
Sure, but you can offend any of the other five members of your team, or any member of the dozen or so other teams with which you collaborate.
What you're talking about, requiring significant communication skills is an entirely different discipline: marketing.
You not only don't know what software engineering is, you also don't know what marketing is. That's somewhat understandable, I suppose, because in small companies the roles of product management, project management, marketing and sales are combined. In fact, all of these are unique disciplines with different skill sets. All do require communications skills, of different forms and degrees.
You mean insult women by manipulating them into choosing a career that clearly many of them do not want?
That's a very strange interpretation of the AC's comment. He was proposing to alter the career so that more women do want it. This may or may not be possible, but it's far from inconceivable that there are elements of the culture that has grown up around the career which women (on average) tend to find distasteful and to make it a career they don't want, but which are not actually core elements of the career itself. I suspect, personally, that there *are* core elements of the career which are less appealing to women, on average, but that fixing the cultural aspects will make it appealing to a somewhat larger set of women.
Do you think that, maybe, people with anti-social psychological makeups are drawn to a field where they don't really need to talk to anyone to accomplish something?
Sure, but it should be made clear to everyone that software engineering is not such a field. You can (and must) accomplish small things without talking to people, but to do anything of real significance communication is an essential skill. You can kind of paper over your anti-social makeup by working only with other people of a similar type, but that creates a closed culture that limits the pool of people you can draw on which creates problems for scaling, for problem solving (limiting the diversity of viewpoints) and for understanding the needs of your customer population, who are almost certainly not the same type of person.
People who are - I guess you can call them introverts - would simply rather not talk to other people.
That's not what an introvert is. Most introverts do like talking to other people, we just perceive it as an activity that takes effort and leaves us feeling drained and desiring some alone time to "recharge". A good conversation is enjoyable and worth the effort, but it does take effort. Extroverts feel energized by talking to people. They find doing things alone draining and they need to spend time with other people to "recharge".
Extroverts tend to be better communicators simply because they get more practice, but introverts can also be excellent communicators if they put the effort into it, through both study and practice. Similarly, extroverts tend to be better at understanding other people because they spend more time at it, but introverts are fully capable.
The other weird thing, it gives absolutely no recognition of the public domain, so public domain works can be taken out by a similar new work.
Cite?
Fair use has also been specifically limited to legally recognised libraries, archives and educational institutions.
I don't see that. I see the section about pre-1972 works (section 1401) that describes Fair Use for these works, and it only mentions libraries, etc., but references section 107 which defines Fair Use, and which the bill does not modify. Since it doesn't change sec. 107, I don't think it changes the scope of Fair Use.
On both points, if you were right I'd expect to see the ACLU and similar organizations complaining, but I don't.
So he downloaded it (copy on his computer) and posted it on Facebook (copy on Facebook). Also he's a total idiot. But Facebook made millions of copies, and they aren't a common carrier.
The DMCA's Safe Harbor provision (one of the few parts of the DMCA that makes sense, IMO), protects site operators from prosecution for infringement for content posted on their sites by users, as long as they take it down promptly upon receipt of a takedown notice. If this didn't exist, basically no site could host user-provided content.
However, it might be possible to argue that he only made two copies, and should only be prosecuted for those, not for the 6M. That doesn't help him much, though, since the maximum penalty for making those two copies is a $500K fine and 10 years in federal prison.
But I thought the law stated that criminal copyright infringement requires distribution for financial gain
No. Copyright infringement only requires distribution of a copyrighted work without permission. However, there is an escape hatch: "Fair Use". If you can show that your distribution fell into this category, then it's legal. The category is kind of fuzzy, though. The law specifies four factors to be considered when Fair Use determination is made:
1. the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
2. the nature of the copyrighted work;
3. the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
4. the effect of the use upon the potential market for or value of the copyrighted work.
Factor 1 is what you're thinking of. Use that is clearly non-commercial in nature but is for nonprofit educational purpose can be Fair Use. "Can be" because the other factors also have to be considered. In this case, it wasn't ordinary commercial use, but it wasn't for "nonprofit educational" purposes either. Looking at factor 2, this work is clearly intended to be used commercially by the copyright holder for commercial gain. Regarding factor 3, the doofus posted the entire thing. Regarding factor 4... it's hard to say whether this really resulted in fewer theater visits, rentals and sales but absent any other evidence the court is probably going to assume that at least some significant percentage of people who watched it on Facebook didn't pay to see it and otherwise would have. Given the very large number of views, that translates into a negative effect on the market value of the work.
Also, the doofus' comment that this was going to make him famous shows that he was expecting some sort of gain from it, which could potentially be characterized as commercial.
Bottom line, if he'd tried to argue Fair Use, I don't think there's a judge in the country who would have bought it.
The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.
Fine. So check for that instead and mark domains with non-locale or lookalike characters.
Would only work if it the characters allowed were defined in a standard, and we added some mechanism for domain owners to specify what locale is allowed for URLs in their domain. As it is, there's no way to distinguish the legitimate from illegitimate URLs. You could pick some rules that would be right 99.9% of the time, but would incorrectly penalize legitimate URLs
The mistake is made, URLs are what they are and they're not a trustworthy indicator, not even to people who know what they're doing much less the vast majority of users. URLs are broken and can't be fixed. I'm not sure what we should do instead (and neither is the Chrome team; they're experimenting), but we need something.
In other news, Android users are mysteriously finding their Location Services and Google history settings turned to the 'on' position, even if they had previously manually turned them off./s
Just in case anyone is confused, this did not happen.
Not sure why I have to point this out, but the US employees are in the same boat. Plus, Amazon treats them like crap.
Is this true of the office workers who might have access to bulk data? The stories about low pay and bad work environments have all been about people working the warehouse floors. Judging by the job offers from Amazon that have come my way, what you say isn't true of professional and managerial positions.
The only thing Amazon is pissed of at here is that they're not the ones turning a profit selling the metrics. It's just a matter of employees stealing and reselling company property. That's all. The story is no different from (and no more interesting than) McDonald's employees cooking and selling fries for themselves.
The interesting part is that Amazon employees have access to the data. Why is that? Why does any employee have access to any user data that they don't directly need to do their job? Customer service reps should only be able to access data for individual accounts, not bulk data. Engineers building the systems should have access to no user data at all. System administrator access should be split: Most sysadmins should have access only to encrypted data, but not the keys used to decrypt it. The admins that store and manage the encryption keys should have no access to user data. In the rare cases where someone does need access to both keys and data (or to explore the RAM of running production systems; this includes crashdump analysis), everything they do should be audited by someone from a separate organization with no connection to the admin doing the work -- and the auditors should be randomly audited as well.
The first rule of securing corporate data is to understand that insiders are the primary threat. Not because they're likely to be dishonest; if you hire carefully and treat them well, they overwhelmingly won't be. But risk is the confluence of a set of factors, including motivation, skills and access. The group of people with the best skills and the most access are your employees, making them the primary threat. Plus, if you defend effectively against insiders, outsiders have almost no chance.
Slashdot Mirror
Nah I went straight to bed, and did not check my phone until the next morning, which is when I saw my trip was listed as Garden Grove to Santa Ana (legit) and then Pasadena (not legit).
And the next day you called your credit card issuer and disputed the charge, right?
Both swilden's explanation and your link make perfect sense. Which makes me wonder why Matthew Green said this:
> 1. Nobody on the Chrome development team can provide a clear rationale for why this change was necessary, and the explanations they've given don't make any sense.
Odd.
Confirmation bias at work, I think. Everyone is vulnerable to it, even brilliant guys like Matthew Green.
That citation doesn't support your claim that "the banking class is in a panic". It weakly supports the claim that "the current system depends on exponential growth", though the article says that demographic stagnation is a "headwind", not a hard obstacle.
the banking class is in a panic because the current system depends on exponential growth
Cite?
More like:
1. Type the name of something on your system, press enter. 2. Mutter a few choice words under your breath and close the control panel or Microsoft Store app listing that opened instead of what you wanted. 3. Type the name of something on your system, use the mouse to click on it because it's actually the third item in the list for some reason.
Local and intranet search is actually a much harder problem than web search. The hard part of any search system isn't finding and indexing the data, it's figuring out which entries in the index are the best matches. With local search, this is trivial. You show all of the matches, in almost arbitrary order, and you're mostly fine. There's so little data that the user can almost always find what they're looking for. It's not great, but it works.
With web search, you have massive data volume, but the data is all interconnected, and those connections give you strong clues about which results are the most valuable and useful, so you put those at the top. This was Larry Page's insight in the mid 90s. You can get more sophisticated, but that one heuristic gets you most of the way.
With intranet search, there's too much data for the local approach to work, and too little structure for the Internet approach to work. Intranets tend to contain lots of disconnected documents and understanding which ones are the most useful really requires understanding both the contents of the documents and the goals of the seeker. This is really hard.
And, obviously, combining all three of these into a single search space is crazy hard to do well. We'll see if Microsoft has managed to pull it off, but I'm not holding my breath. Most likely they'll just manage to make it far worse.
Making browser login track the login Google apps is an obvious solution to this problem. Perhaps there's a better one, though.
Here's a better analysis, by an engineer on the Edge browser team: https://textslashplain.com/201...
What does that have to do with anything? If it's a shared computer each person would have to log into their own account. More than likely under their own profile.
Profiles address the issue, but the problem they're trying to address for users who don't use profiles is pretty clear. Jane is using the computer and has logged the browser in to her Google account, and has sync and web history enabled. Dick uses the computer and logs into his gmail account, then does does some browsing, thinking the browser is logged into his account, which has web history disabled. His browser use gets logged in Jane's web history, violating Dick's privacy in two ways: He didn't want his browsing logged at all, and depending on the relationship between Dick and Jane and and what exactly he browsed, may really not want it logged to Jane's account, where she can see it (though if this is the situation, he's an idiot for using a shared browser and not opening an incognito window, because local browser history is a thing).
Perhaps even worse, I said that Jane has sync enabled, which can include password sync. So Dick may inadvertently give Jane his passwords this way, too.
My bet (though I don't have any particular knowledge about it) is that this is not a theoretical scenario, that it has actually screwed a number of people which is why it came to the Chrome team's attention.
Making browser login track the login Google apps is an obvious solution to this problem. Perhaps there's a better one, though.
Many corporations could keep their employees silent about abuses, but Google is not among them.
The correct title should be; Google's Attempt to suppress memo fails with massive Streisand effect.
True. But something to consider: You see from this how good Google is at suppressing information that outrages its employees. Add to that the fact that Google's employees include tens of thousands of the hardest-core geeks there are, who tend to hold the same sorts of positions on things as slashdotters. Then consider how likely it is that Google could keep its employees silent about all of the abuses that so many assume they must be guilty of. Many corporations could do it, but Google is not among them.
Perfection being impossible is no reason not to try. We try to invent better ways of structuring software so that we can reduce the amount of communication required, but will always have to talk. And we try to be better at communicating with people, but we'll never be perfect there, either. Don't accept the status quo, always try to make it better.
What you describe is the ivory tower ideal. In practice, stuff is never that clean.
I have people skills! Everyone pretend I'm valuable as a developer! Haters!
Perhaps you should be in sales.
Nah, tried it briefly, didn't like it. I have a lot more fun and make a lot more money as a SWE.
>it should be made clear to everyone that software engineering is not such a field. You can (and must) accomplish small things without talking to people, but to do anything of real significance communication is an essential skill.
Software engineering is indeed, such a field.
You're dead wrong. Programming can be done without communicating much with other humans, but only as long as the program is small enough to be created by a single person. Software engineering is programming at scale, creating large systems that no one person could produce, or fully understand, and it cannot be done solo.
You can't offend a computer. Debugging requires zero politesse.
Sure, but you can offend any of the other five members of your team, or any member of the dozen or so other teams with which you collaborate.
What you're talking about, requiring significant communication skills is an entirely different discipline: marketing.
You not only don't know what software engineering is, you also don't know what marketing is. That's somewhat understandable, I suppose, because in small companies the roles of product management, project management, marketing and sales are combined. In fact, all of these are unique disciplines with different skill sets. All do require communications skills, of different forms and degrees.
You mean insult women by manipulating them into choosing a career that clearly many of them do not want?
That's a very strange interpretation of the AC's comment. He was proposing to alter the career so that more women do want it. This may or may not be possible, but it's far from inconceivable that there are elements of the culture that has grown up around the career which women (on average) tend to find distasteful and to make it a career they don't want, but which are not actually core elements of the career itself. I suspect, personally, that there *are* core elements of the career which are less appealing to women, on average, but that fixing the cultural aspects will make it appealing to a somewhat larger set of women.
Do you think that, maybe, people with anti-social psychological makeups are drawn to a field where they don't really need to talk to anyone to accomplish something?
Sure, but it should be made clear to everyone that software engineering is not such a field. You can (and must) accomplish small things without talking to people, but to do anything of real significance communication is an essential skill. You can kind of paper over your anti-social makeup by working only with other people of a similar type, but that creates a closed culture that limits the pool of people you can draw on which creates problems for scaling, for problem solving (limiting the diversity of viewpoints) and for understanding the needs of your customer population, who are almost certainly not the same type of person.
People who are - I guess you can call them introverts - would simply rather not talk to other people.
That's not what an introvert is. Most introverts do like talking to other people, we just perceive it as an activity that takes effort and leaves us feeling drained and desiring some alone time to "recharge". A good conversation is enjoyable and worth the effort, but it does take effort. Extroverts feel energized by talking to people. They find doing things alone draining and they need to spend time with other people to "recharge".
Extroverts tend to be better communicators simply because they get more practice, but introverts can also be excellent communicators if they put the effort into it, through both study and practice. Similarly, extroverts tend to be better at understanding other people because they spend more time at it, but introverts are fully capable.
The other weird thing, it gives absolutely no recognition of the public domain, so public domain works can be taken out by a similar new work.
Cite?
Fair use has also been specifically limited to legally recognised libraries, archives and educational institutions.
I don't see that. I see the section about pre-1972 works (section 1401) that describes Fair Use for these works, and it only mentions libraries, etc., but references section 107 which defines Fair Use, and which the bill does not modify. Since it doesn't change sec. 107, I don't think it changes the scope of Fair Use.
On both points, if you were right I'd expect to see the ACLU and similar organizations complaining, but I don't.
So he downloaded it (copy on his computer) and posted it on Facebook (copy on Facebook). Also he's a total idiot. But Facebook made millions of copies, and they aren't a common carrier.
The DMCA's Safe Harbor provision (one of the few parts of the DMCA that makes sense, IMO), protects site operators from prosecution for infringement for content posted on their sites by users, as long as they take it down promptly upon receipt of a takedown notice. If this didn't exist, basically no site could host user-provided content.
However, it might be possible to argue that he only made two copies, and should only be prosecuted for those, not for the 6M. That doesn't help him much, though, since the maximum penalty for making those two copies is a $500K fine and 10 years in federal prison.
But I thought the law stated that criminal copyright infringement requires distribution for financial gain
No. Copyright infringement only requires distribution of a copyrighted work without permission. However, there is an escape hatch: "Fair Use". If you can show that your distribution fell into this category, then it's legal. The category is kind of fuzzy, though. The law specifies four factors to be considered when Fair Use determination is made:
1. the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
2. the nature of the copyrighted work;
3. the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
4. the effect of the use upon the potential market for or value of the copyrighted work.
Factor 1 is what you're thinking of. Use that is clearly non-commercial in nature but is for nonprofit educational purpose can be Fair Use. "Can be" because the other factors also have to be considered. In this case, it wasn't ordinary commercial use, but it wasn't for "nonprofit educational" purposes either. Looking at factor 2, this work is clearly intended to be used commercially by the copyright holder for commercial gain. Regarding factor 3, the doofus posted the entire thing. Regarding factor 4... it's hard to say whether this really resulted in fewer theater visits, rentals and sales but absent any other evidence the court is probably going to assume that at least some significant percentage of people who watched it on Facebook didn't pay to see it and otherwise would have. Given the very large number of views, that translates into a negative effect on the market value of the work.
Also, the doofus' comment that this was going to make him famous shows that he was expecting some sort of gain from it, which could potentially be characterized as commercial.
Bottom line, if he'd tried to argue Fair Use, I don't think there's a judge in the country who would have bought it.
A Knife is a wedge combined with a class 2 lever.
A club is a class 3 lever.
Most likely, this was an update to the Settings app.
You seem to have missed where they said:
"..., I even have 'automatic system updates' turned off..."
The Settings app gets updated from the Play store like any other app. Well, like any other pre-installed app.
The Chrome team believes that URLs are the Phisherman's friend. IMO, we made a mistake when we allowed general Unicode URLs. We should instead have defined for each language the precise set of characters allowed, and required every URL to use characters from a single language.
Fine. So check for that instead and mark domains with non-locale or lookalike characters.
Would only work if it the characters allowed were defined in a standard, and we added some mechanism for domain owners to specify what locale is allowed for URLs in their domain. As it is, there's no way to distinguish the legitimate from illegitimate URLs. You could pick some rules that would be right 99.9% of the time, but would incorrectly penalize legitimate URLs
The mistake is made, URLs are what they are and they're not a trustworthy indicator, not even to people who know what they're doing much less the vast majority of users. URLs are broken and can't be fixed. I'm not sure what we should do instead (and neither is the Chrome team; they're experimenting), but we need something.
Most likely, this was an update to the Settings app.
In other news, Android users are mysteriously finding their Location Services and Google history settings turned to the 'on' position, even if they had previously manually turned them off. /s
Just in case anyone is confused, this did not happen.
Not sure why I have to point this out, but the US employees are in the same boat. Plus, Amazon treats them like crap.
Is this true of the office workers who might have access to bulk data? The stories about low pay and bad work environments have all been about people working the warehouse floors. Judging by the job offers from Amazon that have come my way, what you say isn't true of professional and managerial positions.
The only thing Amazon is pissed of at here is that they're not the ones turning a profit selling the metrics. It's just a matter of employees stealing and reselling company property. That's all. The story is no different from (and no more interesting than) McDonald's employees cooking and selling fries for themselves.
The interesting part is that Amazon employees have access to the data. Why is that? Why does any employee have access to any user data that they don't directly need to do their job? Customer service reps should only be able to access data for individual accounts, not bulk data. Engineers building the systems should have access to no user data at all. System administrator access should be split: Most sysadmins should have access only to encrypted data, but not the keys used to decrypt it. The admins that store and manage the encryption keys should have no access to user data. In the rare cases where someone does need access to both keys and data (or to explore the RAM of running production systems; this includes crashdump analysis), everything they do should be audited by someone from a separate organization with no connection to the admin doing the work -- and the auditors should be randomly audited as well.
The first rule of securing corporate data is to understand that insiders are the primary threat. Not because they're likely to be dishonest; if you hire carefully and treat them well, they overwhelmingly won't be. But risk is the confluence of a set of factors, including motivation, skills and access. The group of people with the best skills and the most access are your employees, making them the primary threat. Plus, if you defend effectively against insiders, outsiders have almost no chance.