souperk @ souperk @reddthat.com

Posts

15

Comments

246

Joined

2 yr. ago

IMO it's never about the tool, but who controls it. For example, nuclear energy is a neutral thing on its own, when used to generate power it's (arguably) a net positive, when used for bombing it's a net negative.

The same goes for algorithms, when they are used to save lives at hospitals it's a net positive, when used to harvest people's attention it becomes a net negative.

(For anyone interested, I have MAB algorithms in mind, they can be used to prioritize patients at hospitals, or make recommendations in social media. You can guess which application of the algorithm is more commonly used, well researched, and well funded.)

I tend to agree with your points.

The key idea for me is that everything is a dating app. Social media are a great place to get to know someone and become interested in them. However, there is no straightforward way to transition that interest into a connection or a relationship. That's what dating apps provide a way to broadcast your availability along with other parameters like your gender, age, location and interests.

An alternative would be toot on Mastodon or blog about that. That would inform people interested in your online persona that your dms are open for a chat. Of course, that comes with issues on its own...

Spam or unsolicited advances (aka dick pics) are a huge one, especially for women. One way to solve that would be for men do these kind of posts and women to react as they see appropriate. In an ideal society with gender equality, that wouldn't be necessary, but at the moment IMO it's easier to deal with men disguised as russian super models bating for your money, than angry men feeling entitled to your body.

Another issue would be the social repercussions of this information being publicly available. IMO that's easy to deal with since you don't have to tie your online persona to your real Identity. Also, you can have multiple online personas. Hopefully, society gets to a point where expression of sexuality is not taboo, until then there are safe ways to do it.

I feel you, it's hard to get things done, it's hard to track every thing that needs to be done, it's hard to maintain a balance when things are difficult at work.

The past I have pursued an ADHD diagnosis, and gotten medication. It helps a lot, it provides emotional stability and the ability to focus on something without getting distracted all the time. Task initiation is still difficult though...

I don't anybody has a perfect solution but there are things you can try:

1. Prioritize your mental health and not your work. It sounds difficult, I get it, if I don't get paid me and my sister aren't going to have food on the table. But, having a balance helps you be productive, which in turn helps you maintain a job.
2. Make lists, your brain will forget. Also, having things written sometimes helps with anxiety (though seeing the volume of things to be done can be intimidating)
3. Routines help a lot. It's hard to establish one, but once you do it make things easier. Remember to make them interesting, but don't depend on that. Your brain will get used and get bored easily, but you got stick to it, until you no longer have to think about it.
4. Remember to take a break. It doesn't matter how productive (or not) you were, you get tired from all this anxiety. Just allow yourself to be free a few hours every once in a awhile.

I used the refund money to buy Bose qc35 earbuds

I guess newer models are still good

Nope. The WF1000-XM4 have battery drain issues, and there is at least one explosion recorded...

Edit: To everyone saying they have XM4 or XM5 and see no issues, congratulations you are one of the lucky few. Just google "XM4 battery drain" and you will learn the Sony had to issue so many refunds they introduced new processes...

PS Boycott Sony until they address the issues. It's not okay for major producer to release a product with such a major flow and then look the other way.

1. Noise cancelling headphones and earbuds. By far the best quality of life improvement I have ever gotten from a single product.
2. Whet stones for sharpening knives. It's a fun process and my knives are in perfect condition.
3. Mobile phones.

Reminds me when dayjs decided to change the duration of a month during a random bugfix. I had to update so many tests...

Now I am going to share a horror story: Multitimezone Operational Calendars

Social interactions are totally draining for me, but I cannot understand a person until I had a face to face communication with them.

It's easy. First, we ask people to submit a copy of their ID, email, SSN, etc... Then, store them unencrypted to a purely secured database, the is accessible from a php service written 10 years ago.

No, they are using an ORM.

yay yay Musk is bad... BUT, and hear me for a second, I kinda agree that OpenAI has betrayed its goal to benefit humanity. Ulterior motive or not, I hope this gets somewhere.

The last year I noticed a lot of frontier research was being done by Chinese teams, so I assumed the opposite. Thanks for educating me.

I am sorry for your trouble. I am wondering if it's as regulated as here?

For example, here in Greece the government health organisation controls the stock of ADHD meds (Concerta, Ritalin and Strattera only) and decides which pharmacies receive deliveries and when.

ALL OF THEM! NO COOKIE IS LEFT BEHIND!

My high score is around 4 packets in around 20 minutes.

That's why I stopped buying cookies...

If you use a recent release of Fedora (last 2-3 years). Try disabling WiFi and/or Bluetooth before suspending. There is an issue with some hardware, especially adapters. It doesn't happen everytime, and it's hard to accurately reproduce. Also, the symptoms can vary from black screen to sudo being stuck.

It's a wild guess, but try to disable Bluetooth or WiFi before suspending.

It's doesn't happen with all hardware, but it is a knowing issue.

A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.

Even though, I have a decent background in software security, it's hard to decide on an encryption schema that's both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.

twelve factor app

Great resource!

Write database migrations in both directions so people can downgrade on failures.

Good point. Personally, I take backups before upgrades and restore if anything goes wrong. But, I understand how downgrading sometimes is just easier.

I have trouble coming up with a migration procedure that makes sense to me. I have the following in mind:

1. Provide init scripts that produce a schema that matches beginning state of the current major.
2. Provide major to major migration scripts.
3. For every major, provide minor to minor migration scripts.
4. Schema changes require at least a minor release.

Make it possible to configure your system via ENV variables, ENV files and config files.

I am bit worried about this one, environment variables can be a security concern. Specifically, I am not sure if I should allow providing secrets (like db connection strings) through environment variables. I am inclined to let people do what they want to, but issue a warning.

Make it possible to disable authentication to add Authelia or LDAP through the webserver. Make clear that this is only to be used for external authentication.

I am considering adding support for oauth through keycloak. My assumption is that if you are going to host your own LDAP, you can probably configure keycloak too. Do you think that makes sense?

Make it possible to run multiple parallel instances of your software without affecting the database consistency, e.g. for high availability or horizontal scaling.

Ideally, an instance shouldn't be big enough to need it. I know, famous last words, but in my case I think it's a bad problem to have. I am going out of scope, but I am wondering where is the line between discouraging large scale deployments and designing something pre-destined to obscurity.

Telemetry

Not even on my radar, thanks for bringing it into my attention 🙏

Great point, I always consider dependencies from a security perspective, but for management/setup sometimes I am like "the devops are going to figure it out"...

To clarify, would an example be supporting sqlite, so people won't have to deploy postgres unless they need to?

My plan is to offer a docker-compose configuration people can tinker with. I had the mindset that whatever happens in the container stays in the container, but your comment made me realize I should be mindful of other installation methods. Thanks 🙏