lrpublic's comments

Similar software with different usage models can be extremely useful and support mentoring and staff development.

I’ve been using tools like manictime and more recently the open source activitywatch to help junior staff learn how to manage their own activities.

I also use a paper based system similar to the emergent time tracker[3] for the same purpose.

The key difference in approach is these are tools are for the individual to use to record their own activities, either to later record in other tools like JIRA or simply to remember and review their work.

Time tracking and activity logging is really important for some businesses, but having a sensible approach from senior management is critical to avoid them becoming self defeating. When I ask my colleagues to log their time I set and expection that useful accuracy of more than 60% is unachievable.

Whenever a senior manager suggests that developers need to log more time in JIRA I tell them they are focused on the wrong data points and will end up with every developer logging a flat 8 hours a day - probably with an automated script. Maybe useful for billing but nothing else.

https://www.manictime.com/

https://github.com/ActivityWatch/activitywatch

[3] https://davidseah.com/node/the-emergent-task-timer/

- What do you think of breaking changes?

I think it is better to apologise and acknowledge for terms that are offensive rather than erase them.

While removing offensive 70’s TV comedy shows is probably a good thing to avoid perpetuating unhealthy stereotypes, preventing the use of 19th century literature is less helpful because we should not forget history.

True, but it is also true that slavery predates the colonisation of the Americas.

(British cultural reference - What have the Romans ever done for us? Monty Python. - https://m.youtube.com/watch?v=Y7tvauOJMHo )

But the issue at hand here is very important and should not be made lite of.

The first time I saw documentation guidelines was while working for a large US software house in the early 90’s. This was a marketing led initiative, along with very specific instructions about correct use of trademarks the guide was prescriptive about always using female pronouns.

Three decades later we still have significant gender bias in the industry but in my experience things have improved almost beyond recognition.

In that time, attitudes to race, gender and sexuality have advanced significantly in the US and European corporations. I still come across unacceptable attitudes and language, but open sexism, racism and anti semitism is almost non existent. Sadly this is not yet true in some of the emerging market countries I’ve worked in.

The use of language may or may not have contributed to this welcome change, but what was at the time called positive discrimination, a term that in itself is possibly no longer politically correct, did definitely draw attention to an issue that was otherwise not generally discussed at work.

The conversation about pronouns has moved on too.

My somewhat longwinded preamble does have a point, the language we use can make people think about issues they would not otherwise be aware of.

I don’t know if the terms master and servant are generally considered acceptable, my guess is master/slave is predominant because it is meaningful, short and easy to spell and in itself is not racist language.

I think that at least some of the corporate avalanche of support for the current protests is no less cynical and self serving than the political correctness in marketing of the early 90’s, but it will still result in positive change.

>A customer is an external stakeholder.

Customers used to have more choice, this made them highly valued stakeholders.

Before the era of permanent rolling mandatory updates and new releases customers (And IT managers) had to be convinced a new version had more value than the software it was replacing.

Windows Vista, DOS 4 And numerous other software failed to get traction because the value of new features was too low vs the pain points.

Now days the focus is on shareholder value not customer needs.

Locking in customers and maximising revenue is far more important than marking software better for the end user or IT teams.

I’m sure I’m one of many people here searching for the ultimate keyboard.

I missed the kick starter for the Keyboardio Atreus.

I’m looking forward to the launch so I can order one retail.

In short it’s a split layout ortholinear similar to the Planck.

Two killer features for me are Bluetooth (and wired) and QMK firmware that allows layers.

https://shop.keyboard.io/

Out of band could be as simple as ngrok, or cloudflare Argo - or as you suggest by a separate connection.

SSH is two factor - key + password and Argo,ngrok,wireguard to a VPS provide DDoS mitigation and attack surface concealment and reduction.

I think I’m missing what your product adds.

Can you explain how this is more secure than SSH to a bastion host via an out of band network?

With regard to Apple or Google recording the applications users install from the store I think there is indeed an opt in.

That is the comparison I was making with the new Windows package manager.

In order to use those you agree to terms in advance, and agreed to data processing. That is an opt-in.

A bigger showstopper is no support for removing packages yet.

It's not opt-in, so quite likely a breach of GDPR.

The telemetry in question seems to be logging what is installed, not just how the application is used.

Regardless of consumers willingness to provide feedback it's not a reasonable choice for a large software vendor to collect data from customers computers about competitors products.

I like scoop, and this is a show stopper for me.

"This project collects usage data and sends it to Microsoft to help improve our products and services. See the privacy statement for more details." from https://github.com/microsoft/winget-cli

It’s worth holding them to account - make a constructive complaint here. https://www.bbc.co.uk/contact/complaints/make-a-complaint

This is an interesting perhaps meta-relevant topic for HN.

How many of us bookmark or otherwise record interesting posts from here and elsewhere?

How many of us ever refer that accumulated digital memory?

I have about 7,000 links with notes accumulated over the last few decades.

I’ve read a lot of them, but the hard to acknowledge reality is that even with a refined workflow, recording my links in a near perfect taxonomy, to a repository with full text search and spaced repetition reminder cards, the things I remember are those that I took the time to read.

I suspect most people here has a comparable metric to share.

Maybe the best bookmark repository is nul:

From NHS advice on vitamin D referenced in my previous comment

“Some people will not get enough vitamin D from sunlight because they have very little or no sunshine exposure.” .. “ If you have dark skin – for example you have an African, African-Caribbean or south Asian background – you may also not get enough vitamin D from sunlight.”

Updated NHS advice on vitamin D from [1]

“ Coronavirus update Consider taking 10 micrograms of vitamin D a day to keep your bones and muscles healthy.

This is because you may not be getting enough vitamin D from sunlight if you’re indoors most of the day.

There have been some news reports about vitamin D reducing the risk of coronavirus. However, there is no evidence that this is the case.”

[1] https://www.nhs.uk/conditions/vitamins-and-minerals/vitamin-...

- cost, as well evidenced in other comments here. The hyperscalers are orders of magnitude more expensive than dedicated hosting or using collocation providers.

- lock in, all the hyper scalers want to sell you value add services that make it hard or impossible to move away.

- concentration risk, hyper scale providers are a well understood target for malign actors. It’s true they are better protected than most.

- complexity, if you think about how little time the hyperscalers have been operating in comparison with corporate IT they have created huge technical debt in the race to match features.

A couple that I’ve built - they are not commercially available.

I’d consider open sourcing something based on them if there’s sufficient interest.

Perhaps as an integration for one of the major players.

Or even a post Maldon. (English sea salt brand)

Trusting a central control server is the fundamental mistake here.

It creates a very high value target that is difficult to secure.

I prefer a model where the management commands are signed at a management workstation and those commands are pushed by the server and authenticated at the managed node against a security policy.