jmccorm's comments

I read through the OneSearch Privacy Policy a few more times than I'd like to admit. Actually, I was inspired enough to take pencil to paper to illustrate the participants, what sensitive information flowed between them, when, and where. One potential exposure quickly jumped out at me as I ran through the flow of data surrounding an advertisement. Will OneSearch be able to deliver a winning advertiser's content (image, javascript, Wasm, iframe, whatever) without granting the advertiser any additional user information or session information (such as IP address, browser plugins, user agent, search terms, etc)? If so, how is this accomplished?

I believe that Verizon Media is being honest (at least from a literal perspective) in their OneSearch Privacy Policy, but I don't think that they're going out of their way to point out any known residual risks. It seems like the winning bidder (for advertisements placed on search result pages) ends up with a very healthy chunk of identifying information, and also what search terms you are currently using. Am I missing something with this one?

PS (and DDG too): The OneSearch Privacy Policy details some of the privacy implications in selecting an advertisement which matches your search results, but once an advertisement has been selected, it falls silent on any privacy concerns with actually delivering and displaying that advertisement to you. I think that's where they've got some exposure with browser-based access. Worth noting, this same issue might also be in play on DuckDuckGo. (I haven't looked into it.) If someone has publicly examined aspect of DDG in any depth, I'd appreciate a link to the article. If not, this seems like a very worthwhile security issue for someone to follow-up on.

Disclosure: These are my personal thoughts and they do not reflect an indirect commercial relationship that I have with OneSearch. I have no "insider" or unpublished information that is significant to this topic. Like most people, I too was unaware that OneSearch even existed before reading the article.

Cut-and-paste from the bottom of the OneSearch website: Powered by Bing™

Gamers are not a monolithic bunch. Many boycott efforts seem to be unsuccessful.

Yet I suspect the full-price coupon and checkout method used on their continuous flow of "free games" allows them to rack up an impressive game sales total at no actual customer cost. Were free games used to pump the sales figures?

Since you're here, I was curious about what you knew of the Atari 8-bit (Atari 800) ...tech demo? ...aborted conversion? ...fan creation?

It looks someone painfully down-converted a series of scenes from early in the game. The original sound seems completely thrown out. The system required trickery (usually hand-crafted) to gain more than 4 colors at once in high resolution. It's been a while since I looked at it, but I seem to recall the use of independently colored player-missile graphics (sprites) to bring more fidelity to the main character?

For reference: https://youtu.be/PCa_0nXvfDg?t=6

As someone who played it on the PC back in the day, the visuals were nothing short of amazing. Why? The whole experience was both different and beyond what other titles delivered. What made it so memorable for me? Consistently smooth animation even with large sections of the screen being updated from frame to frame. Its polygon graphics which were solid-fill and not wireframe, which was a big leap. They're right. Ordinarily, the early PC was a real turd when handling full-screen animation.

The sound wasn't ahead of its day, but it was still quite good, even with the PC speaker rendering music, alien language, and effects in a better-than-average rendition. Nobody had high expectations for PC-speaker output.

Only a few years after its release, it was sad to look back and not find that any new action games using similar methods. Did I miss any good knock-offs over the next few years of its PC release, or was it just as much ahead of the curve for years to follow?

Much of the public's understanding of cell phone tracking has centered around the cell provider, the telephone network, and big players like Facebook and Google. They're missing a big piece. The NYT is shedding light on this missing piece.

This article puts the spotlight on yet another group of companies and another tracking mechanism. These companies are small, virtually unknown to the public, and they're providing SDKs which others are building real and useful mobile apps upon. One example given was an otherwise legitimate weather app which pulls your location to provide local weather data. You grant the app access to your location information because it has a reason to have it, and it does something useful with the data.

The article introduces the public to what you probably already knew. Those SDKs can (and do) ingest that same location data for their own purposes. In the article, they find that the SDK provides your fine location data to a location services company (Cuebiq) for a total of twenty times over the course of an eight minute walk. Most users have no idea this is going on behind the scenes. They just see the weather app.

The article isn't attempting to dismiss other forms of tracking. It is trying to better introduce a new form of tracking that most people poorly understand, if at all.

I'd like to recognize the author for their unexpectedly accurate and complete historical recounting of the Atari 8-bit computer line. Well done! At the same time, I'm a little sad to see this go by without any real discussion on Hacker News. As the article mentioned, the machine had a bit of an identity crisis. Sure, it was a game machine, but it was just as much a hacker's personal playground.

The Atari 8-bit home computer line was a bastion of experimentation and homebrew software development. Free software was everywhere. The A8 was one of the highest clocked 6502-based machines of its day, and that extra processing power was often put to good use. The hardware lent itself unusally well to clever code which could exchange CPU cycles for other benefits such as enhanced sound, resolution, or colors. There were the published hardware specs, and then there were various software-driven enhancements that took the hardware even further.

Many a person (the article's author included) developed their talent for hardware, software, and troubleshooting back in those days. Computers have gotten so much better over the years, but we're still trying to recapture the hands-on learning that was a significant byproduct of this and other classic computing platforms.

Also related, for those who don't recognize Chris Crawford (an Atari employee that was mentioned in the article), you might also recognize his name as the founder of GDC, the Game Developers Conference.

Another trick (not seen in this example) is when you already have a specific candidate you want to promote or hire, listing a job with the very specific and unique set of products and skills that few candidates could hope to match so exactly.

He and the rest of the MOS team’s efforts had such an amazingly positive impact on the lives of myself and so many others. NOP (EA) in peace, Chuck.

Many people want to create a better Facebook. Open source software, by itself, won't get you there. A piece of the puzzle is missing.

Forget the article's focus on the PC. I think the real question they're reaching for is this: out of all the ways the Internet could have ended up, we arrived at this broken model for online services. The exploration is interesting, but in the end it seems like a cry for help or a call for action.

We need to make the jump from code based projects to service based projects which are done entirely for the public good and not for financial self-enrichment. In most cases, the basic mechanism which allows you to scale your own service is missing... unless you're willing to bill your customers up-front or help exploit them behind the scenes.

So here are the questions: Can we graduate from code based projects to service based projects? How do we contribute code and operate an online service for the public good, at scale, and without compromising our users in the process? Is it possible to make this an easily repeatable process? Is this a significant cure for much of the quiet exploitation behind many of today's "free" Internet services?

I personally remember witnessing the exploit of reused credentials as far back as the 80s in the days of modems and personal BBSes. Here we are almost 40 years later and seeing the same problem, except with high speed live video streams from in and around a user's home. WOW!

It's always nice to find a reply on HN that captures so much of what you wanted to say. I came to that same perspective from a non-financial Fortune 50. After Y2K was when a very good chunk of those who got CS degrees for all the wrong reasons (didn't have the raw talent or personal interest) got weeded out. I've seen the same thing happen in other industries with a bust/boom, such as petroleum.

Anyhow, OP doesn't sound like someone who's into CS for all the wrong reasons. I personally wouldn't get focused on FAANG as the next step, but if they're already going to an elite university, resume building with FAANG seems reasonable enough.

Above all, having a real interest in what you're doing is one of the greatest multipliers to your efforts... and your enjoyment.

I look at it the same way I do a new technology on our mission-critical systems. It starts with a tag of 'unsafe' or 'unstable' until it is given time to prove itself out in the real-world.

Sure, we might not get to geek out over the best and latest software and standards, but we're not going to bleed over the leading edge when it fails. I'm happy to give it more time to demonstrate its various modes of failure.

In a year or two, I'll revisit turning javascript.options.wasm back on in FireFox. And if by that time it proves that it is trustworthy and necessary? Yes, I'm quite happy to enable it!

I've gotten a long ways in my technical career from being able to ask sensitive questions. (In the business environment, I've focused more on them being "critical questions".) It has been really great for me, and I've tried to make it as painless as possible for others. It started simply enough.

For real business reasons, there are things that I either needed to know, or I needed to be confident that the other person either had the answer to or were were putting some serious thought to. I wasn't asking sensitive questions just to embarrass them. I expected them to give me an honest answer (and I helped make that easier if an honest answer wasn't forthcoming on its own). I learned that I could trust my team not to take any of my questions out of context, and they learned that I would never try to take their answers out of context either.

Here are the big takeaways as best as I've been able to pin them down: it is all about trust, personal motivation, and intention. These complications are multiplied by the number of participants (even in situations where one person is asking a question and one person is answering the question, but multiple people may be listening). The process is quick and painless when the trust between the participants is high, the personal motivation (at the cost of others) is low, the level of trust between everyone is high, and there are just the two people. (Can it get better than that? Surprisingly, yes. Consider when one of the participants is a benevolent all-seeing and all-powerful diety.)

I have to admit, I haven't read the full article. I'd be curious what dimensions of trust they recorded and how well it coordinated with their results.

If you've developed all those factors between all the participants, you can ask just about anything with the minimum of time wasted. As one or more of these factors break down, the more complicated the conversation becomes. Or the more process you need to introduce to smooth over the wrinkles. "Hey, I don't mean to embarrass you, but on the Johnson account it is more important to get an accurate documentation than to show any kind of regular process. See? Here is where we've been capturing this for everyone, and this is what's done with the information." (So then you see how something like transparency comes into play.)

I think it makes sense when you look at it in those terms. You also need to be asking questions work asking, and sometimes you're going to be asking questions that you don't want or need the answer to yourself. You might be asking to build up trust within a group of people, or you might be asking because you know that several people really would benefit from knowing something that they're too conditioned to do on their own. (This is where I started. And the key is that even if a question is confrontational, you must never ask in a confrontational tone. The tone of your voice and the content of your words have to reflect that you're asking because you need to know. Nothing personal, just business.)

Even still, I hardly consider myself the master. I've never written anything down on this, but this is the 10,000ft view of what I picked up up over the years. If you've spotted something along these lines in a book or an article somewhere, let me know. I'd like to compare notes.

I can't tell if ICANN is trying to publicly clear their own name of any wrongdoing, or if all the added attention has woken them up to how seriously flawed this whole ordeal was (which either by policy or procedure they managed to miss) or both. None of those answers are satisfying. Here's hoping they do the right thing and kill the sale... but even then, I'd be concerned they'd restructure the deal and try again.

I thought ICANN was supposed to be the good guys? You know, the responsible managers of the Internet and providing solid governance which serves as the best argument against any kind of government intrusion? I'm hoping they didn't just grow bored with it and decide to get rid of it. As though it was some sort of dearly loved Google service with mild profitability and little-to-no opportunity for internal career development. ;)

Is Paleo "wrong"? Yes. Is it still better than the diet (the word "diet" as in "everything that you eat" not "weight loss food") than most Americans eat? Probably. But then it may be worse in terms of convenience or cost.

I owe it to Paleo, in part, to have resolved some long-standing medical issues that were attributed (at the end of a very long process) to a bad gut flora population. (I had the help of a wicked-smart new doctor who supported my own self-directed lab tests and self-experimentation where conventional medicine had already failed). This was all very much off the beaten path, and while they could look at my gut flora by ordering a stool stool analysis, he said they had very little measure to look at most samples and proclaim one as superior to another based on population). He could say some of these high-level metrics "changed". I really wish I hadn't missed HN's recent discussion on a gut microbiome article.

Paleo got me 90% of the way back to normal health. Yet when it failed, I was left without any explation why. Based on that, I looked for similar diets. I found and experimented with the Specific Carbohydrate Diet. The dietary choices turned out to be very close to Paleo, but the rationale was entirely different. And for me, the minor differences were everything.

With strict compliance, it got me over the fence on a consistent basis, but it demanded nothing less than 100% compliance to see those benefits. Setbacks were brutal at first, but eased over time. After half a year, I altered by microbiomd enough to handle a regular diet for days at a time. Yes, your mileage may and will vary.

So even if the basis for the Paleo diet is factually incorrect, I think it resulted in a better answer for some (and certainly not all). It didn't cure my ills, but it gace me a starting point to hypothesize if my food intake was making things better or worse.

My biggest takeaway way that biological experiments can be slow. It took over a month before I saw a gut biome change that allowed for minor cheating on the diet without apparent penalty.

CST-01: The World’s Thinnest Watch (0.8mm thick) https://www.kickstarter.com/projects/1655017763/cst-01-the-w...

I believe they ran into problems with their manufacturing partner, and also with some of their batteries bulging. They had very good intentions, but I believe the project became too big for this enthusiastic but novice team to handle. Also: Lots of failed components pre-assembly.

Too bad, really. A flexible e-ink watch embedded into a metal wrist band should have been achievable and quite a fantastic product!

I managed to swing one of those as an “Amazon Warehouse Deal” for $75, shipped. Honestly, it was nothing short of a steal at that price. The Coolest Cooler had just so many clever features and accessories, but it was anything but clever when it came to manufacturing costs with all the custom moldings, accessories, bulk. and weight.

Somewhere was a website which attempted to break those costs down. No question that the engineering team put functionality and features first and cost second. The company needed to sell in volume to survive, but the final cost was just too high for that to happen. They seemed to have been slowly clawing their way back, but I do believe them when they say that new tariffs were the final straw which killed the dream.

I am truly sorry for backers. They were sold on the promise of so many clever features never before jam-packed into in a single cooler. (The only thing I would have added were larger rear wheels.) But it just wasn’t the right product brought to life by the right company and at the right cost. Some backers were strung along for years and really got screwed.

Still, you better believe that I consider myself lucky. I’m going to keep this monster for the rest of my life. Now if I only could have gotten my “World’s Thinnest Watch” from 2013 that raised over $1M on Kickstarter and failed to deliver anything. I know how it feels, and it sucks. Kickstarter isn’t a store, but I swear that some projects do their damndest to blur that line, you know?

You’re absolutely right. Commonly referred to as “scorch” mode.

It seems like a slap across the face that they offer as a defense a 10% increase which compounds annually. That isn’t a defense... it is a stunning illustration of the problem! Even the cable companies would be jealous (while their own customers are cutting the cord left and right).

Worse, 10%/year isn’t a contractual limitation; it is but a statement of “intent”. It is nothing short of malfeasance to have sold a non-profit’s operations without sufficient safeguards. And to a private equity firm? Outrageous incompetence if not criminal in action.

His article doesn’t justify the transaction or allay reasonable concerns. In fact, he seems to be presenting the case for why this transaction is crooked if not criminal!