whbboyd's recent activity

  1. Comment on Why the world cannot afford the rich in ~enviro

    whbboyd
    Link Parent
    I think I agree with where you're coming from, but I actually pretty strongly disagree with the way you've reframed it, because you've implicitly accepted trickle-down economics: the wealthy...

    I think I agree with where you're coming from, but I actually pretty strongly disagree with the way you've reframed it, because you've implicitly accepted trickle-down economics: the wealthy produce wealth, which they then (out of sheer benevolent generosity, I guess) share out with the rest of society, "retaining" some portion of it for themselves. In fact, almost the opposite is true. Labor produces wealth; the wealthy exploit existing systems of power to claim a (wildly) disproportionate share of that wealth.

    Maybe instead of "captured" or "retained", we could say "stole"? It's inflammatory, obviously, but seems more accurate than either other word.

    14 votes
  2. Comment on You can not simply publicly access private secure links, can you? in ~tech

    whbboyd
    Link
    I made a highly relevant comment on a different thread just last week. Tl;dr: I assert that there's not a clear-cut line between "public" and "private". In the context of this topic, tools like...

    I made a highly relevant comment on a different thread just last week. Tl;dr: I assert that there's not a clear-cut line between "public" and "private".

    In the context of this topic, tools like these operate on that grey area where there's confusion between systems about how "private" a resource is. The tools which generate these links assume they are private because they are non-enumerable and intended not to be shared; but other tools which handle the links assume they're not because URLs are, in general, not private data.

    I would argue the latter perspective is wrong-er (the generality may hold, but obvious exceptions are widespread; URL-embedded credentials, e.g. https://username:GJK4V3BVc9OPL8dc1YNu@example.com, blur the lines further), but it's tough to make a convincing case in either direction. Ultimately, the World Wide Web is, ironically, not well designed for widespread, international use.

    2 votes
  3. Comment on What irrational video game requirements do you have? in ~games

    whbboyd
    Link Parent
    Ooh, I can one-up your no fishing requirement: No minigames. I despise 'em. Every single one I've ever had the displeasure of playing is just a hard left into dumb, orthogonal mechanics that have...

    Ooh, I can one-up your no fishing requirement:

    No minigames.

    I despise 'em. Every single one I've ever had the displeasure of playing is just a hard left into dumb, orthogonal mechanics that have nothing to do with the game you thought you were playing. People make fun of Morrowind's stupid dice rolls for lockpicking, but it's still better than the minigames that came after. (And the game designers even realize this: a repeated quest reward is a macguffin that obviates the lockpicking minigame.)

    Fishing is definitely high on the list of obnoxious minigames, though.

    7 votes
  4. Comment on One in four school-starters in England and Wales not toilet-trained, say teachers in ~life

    whbboyd
    (edited )
    Link Parent
    It's not unexpected for kids in the four to five years old range to have occasional accidents, which I would definitely expect a preschool or kindergarten to be able to handle (help the kid clean...

    Only 50% of parents think that they are solely responsible for toilet training.

    Yikes. I'm wondering if there is any room for misinterpretation here?

    It's not unexpected for kids in the four to five years old range to have occasional accidents, which I would definitely expect a preschool or kindergarten to be able to handle (help the kid clean up, plan to have a change of clothes on hand). Is that being "partly responsible" for toilet training? It probably depends on how the question is phrased.

    Ultimately, for better or worse, public education of younger children is serving the purpose of childcare at least as much as it is education. If kids in a given age range are still toilet training, then yes, I think it's eminently reasonable that their childcare take part in that process.

    14 votes
  5. Comment on What is the most reliable and affordable form of storage medium to use as a backup drive for your computer? in ~tech

    whbboyd
    Link
    This depends a great deal on how much data you have to back up. Zero to tens of kilobytes: print it. Unironically. Print multiple copies on archival-quality paper with acid-free inks (or more...

    This depends a great deal on how much data you have to back up.

    • Zero to tens of kilobytes: print it. Unironically. Print multiple copies on archival-quality paper with acid-free inks (or more realistically, a laser printer), then store them in separate dark, dry locations. We know a lot about how to make paper last a long time, since we've been doing it for an order of magnitude longer than we've had digital data to back up. If you need to back up binary data or want more than just the textual representation, base64 it first. OCR is pretty good for this sort of purpose these days.
    • Up to single-digit gigabytes: burn it to optical media. Get archival-quality disks if you can; general consensus is that the benefits over good "regular" media are marginal, but it's much harder to accidentally buy utter garbage, and the media is cheap enough regardless that the gouging doesn't really matter. Burn multiple copies and store them in separate dark, dry locations.
    • Up to a few terabytes is currently probably best handled with live spinning-disk hard drives in a redundant array. Unpowered drives will last longer than live ones, but you won't know when they fail; live drives can report on their own health, and the system that contains them can monitor for otherwise-silent data corruption. (For this reason, I will hard disagree with @guttersnipe on the use of ZFS: it is best-in-class at detecting this sort of corruption, and given that it is actually free software despite Sun and Oracle's idiotic license shenanigans, getting locked out of the on-disk format is unrealistic.) The easiest way to offsite this volume of data is definitely cloud backups.
    • Greater than a few terabytes is into tape backup land. Tape media is extremely cheap, but the equipment to read and write it is quite expensive, so (at least as of the last time I looked into it at all) it doesn't make sense for smaller volumes of data.

    Also, obviously, your use cases will play into this; if you need your backups to be online or regularly-updated, then you're looking at a NAS or cloud storage solutions. A single external backup drive can work, if you regularly test it to make sure it's still readable.

    18 votes
  6. Comment on HP wants you to pay up to $36/month to rent a printer that it monitors in ~tech

    whbboyd
    Link Parent
    They can jack up the price on consumables because the customer has already sunk the cost of the printer. Getting off Mr. HP's Wild Ride requires buying a whole new printer. With a subscription,...

    They can jack up the price on consumables because the customer has already sunk the cost of the printer. Getting off Mr. HP's Wild Ride requires buying a whole new printer. With a subscription, once the subscription period is up, if they don't like new terms, they can just not renew and mail the printer back.

  7. Comment on What's the matter with men? They’re floundering at school and in the workplace. Some conservatives blame a crisis of masculinity, but the problems—and their solutions—are far more complex. in ~life.men

    whbboyd
    Link Parent
    …but women are employed at something like ten thousand times the rate, so while it's pretty obvious what point "conservative demographer and economist Nicholas Eberstadt" is trying to make, he's...

    the conservative demographer and economist Nicholas Eberstadt points out that men are now employed at roughly the same rate as in 1940, back when America was still recovering from the Great Depression.

    …but women are employed at something like ten thousand times the rate, so while it's pretty obvious what point "conservative demographer and economist Nicholas Eberstadt" is trying to make, he's pretty obviously cherry-picking and decontextualizing statistics to do so.

    9 votes
  8. Comment on HP wants you to pay up to $36/month to rent a printer that it monitors in ~tech

    whbboyd
    Link Parent
    The obnoxious aspects of owning a printer are, to most people (I think, I'll definitely grant that my personal printer ownership is highly nontypical and so I'm extrapolating), dealing with...

    The obnoxious aspects of owning a printer are, to most people (I think, I'll definitely grant that my personal printer ownership is highly nontypical and so I'm extrapolating), dealing with unreliable printer hardware and worrying about consumables (and especially the cost thereof). Consumer printers are unreliable because they are literally built as cheaply as is capitalistically possible, and consumables are spectacularly overpriced because they're subsidizing the impossibly cheap printers. A subscription model eliminates the incentives that lead to those: the company doesn't want to lease unreliable garbage that they have to replace on their own dime, and the costs of consumables are wrapped into the subscription cost and can't just be jacked up separately.

    The biggest obvious mismatch is that I suspect most people's printing is extremely bursty (for example, I do probably 95% of my printing around tax season), so an "n-pages-per-month" model doesn't match well.

    This relies on the price being set appropriately, of course. (As someone upthread pointed out, B&W printing at a library or print shop is incredibly cheap, cents per page.) And on the company not mining its customers' printing data for monetization, which is why I don't think HP can do it. And it may not be for everyone. But I don't think that, generally speaking, a household-scale printer lease deal is a universally bad idea.

    10 votes
  9. Comment on HP wants you to pay up to $36/month to rent a printer that it monitors in ~tech

    whbboyd
    Link Parent
    Yeah, I thought this was interesting, because for the first roughly half of the article, I was just like "this is a corporate printing contract but scaled down for a household". The former are...

    Yeah, I thought this was interesting, because for the first roughly half of the article, I was just like "this is a corporate printing contract but scaled down for a household". The former are super reasonable and uncontroversial, so why are Ars and commenters so averse to the latter?

    …And then the second half of the article clarifies: it's adware (ad-equipment, maybe?), apparently scanning the documents you print and selling data about them (and your LAN…?) to ill-defined third parties.

    But, like, it seems like there's a decent product here, waiting for almost literally anyone other than HP to produce it.

    17 votes
  10. Comment on What watch do you wear daily? in ~hobbies

    whbboyd
    (edited )
    Link
    A Timex Expedition North [mumble mumble] 41mm. It hits the following criteria (in rough priority order): Quartz movement. My watch is a timepiece first and foremost. Mechanical watches are neat...

    A Timex Expedition North [mumble mumble] 41mm. It hits the following criteria (in rough priority order):

    • Quartz movement. My watch is a timepiece first and foremost. Mechanical watches are neat (they actually are), but a $10k Rolex keeps worse time than the $10 F91W someone else in this thread posted.
    • Reasonably small. Some men's watches are freaking enormous, and I find that unattractive (I have kind of slender wrists) and also inconvenient (they catch on clothing and I constantly bang them on things around me).
    • Classy enough to wear in formal situations, but
    • with full Arabic numerals so I can read it. (I am terrible at reading analog watch faces with pips or Roman numerals. Don't know why. It's a me thing, but it is a thing.)
    • Sapphire window. I cannot tell you how many acrylic or quartz windows I've scratched. (I mean, it's as many as previous watches, so, like, not more than half a dozen. =P)
    • At least token water resistance. Will I dive with it? Definitely not. Will I swim with it? Maybe. Will I wear it in the rain? Absolutely yes. 100m is probably an order of magnitude deeper than I will ever take it, but better too waterproof than not enough.
    • Reasonably priced. This watch was roughly $150 when I bought it.

    The solar power is fine, though replacing watch batteries on occasion doesn't really bother me. (I do have to think about it through the winter, because a full charge of the internal battery lasts a few months, and it's entirely possible for it to spend a few months in a row tucked under a sleeve when it's cold out.) I like having the date complication, but I don't like having to adjust it ~ semimonthly. (Perpetual date is trivial in software, but I assume relatively complex to implement with a mechanical date window. Ironically, the F91W wins this one, too.)

    Before this watch, I wore a Pebble Time Round (RIP). I liked it, but I don't really miss it. The major differences from my current watch:

    • I scratched the glass window, like, immediately after getting it. =(
    • Getting notifications on my wrist was nice. I hide notification contents on my phone's lock screen but pushed them through to the watch, which was convenient.
    • Similarly, screening calls without digging a ringing phone out of my pocket was nice.
    • Switching between info-dense and classy watchfaces was nice.

    I don't wear my watch to sleep, so charging it nightly wasn't a big deal for me. I am really not interested in the current crop of smart watches:

    • A sometimes-off screen is an absolute dealbreaker. I don't care how good you assert your "gesture" recognition for screen on is; I must see the time every time I look at my watch, irrespective of preceding motions or if I'm even wearing it.
    • A proprietary phone app is an absolute dealbreaker at this point. Gadgetbridge or nothing.
    • The vast majority of them are large, clunky, and ugly.
    6 votes
  11. Comment on Journalist Tim Burke faces charges under the US Computer Fraud and Abuse Act in ~tech

    whbboyd
    Link Parent
    This is not as clear-cut as I think you would like to think. For example: suppose I control the domain example.com, and I place a file at the root whose name is a random UUID (for example,...

    if a URL is accessible if I can just type it in, that’s authorized access if you ask me.

    This is not as clear-cut as I think you would like to think.

    For example: suppose I control the domain example.com, and I place a file at the root whose name is a random UUID (for example, ef3d276e-c3e2-4a7e-86ac-1032dc2051de) and am careful not to link it from anywhere and share the link only with authorized persons. We would consider that secure, even though anyone with the URL could access it, because there's no way to arrive at that URL short of unauthorized sharing or a web server exploit. There are too many UUIDs to enumerate them all, so knowing it a priori is required.

    "But Will," you say, "that's far too easy to leak. We should insist on requiring credentials separate from the URL!"

    Well…

    So, suppose I move my secret file to index.html, and set up HTTP basic auth to access it. Good enough, right? Well, HTTP URLs support credentials embedded within them (e.g. https://username:GJK4V3BVc9OPL8dc1YNu@example.com). If I drop that in a link on my public, search-engine-indexed homepage, it would be tough for me to claim access from following that link was "unauthorized".

    Ultimately: to access any given resource, some amount of secret and some amount of non-secret information is required. Whether or not an access is "authorized" is a question of how much secret is needed, and how credibly that information is "secret". The "quality" of secrecy (for lack of a better word…) might inform the latter, but isn't otherwise germane.

    (FWIW, I think interpretation of the CFAA veers far too far in the direction of considering the barest fig leaf of secrecy to be protective. For instance, if instead of random UUIDs, I used sequential ones starting from 0—e.g. 000000-0000-0000-0000-00000000001—is that secret? Practically speaking, the idea is farcical. Legally speaking, its much less clear-cut. And that's leaving aside the serious need for carve outs for good-faith security research.)

    4 votes
  12. Comment on Kagi Smallweb [a website where each visit shows a random indie/small website, e.g. personal blogs] in ~tech

    whbboyd
    Link Parent
    I noticed that, too. I wonder if it's a source bias: setting up and running a "small" website (even if you go the Blogger or Wordpress route) is a disproportionately technical endeavor compared to...

    I noticed that, too. I wonder if it's a source bias: setting up and running a "small" website (even if you go the Blogger or Wordpress route) is a disproportionately technical endeavor compared to posting on social media, and so the smallweb is inherently more technical than the Web as a whole.

    8 votes
  13. Comment on Kagi Smallweb [a website where each visit shows a random indie/small website, e.g. personal blogs] in ~tech

    whbboyd
    Link Parent
    They obviously know who you are. Their assertion is that they don't record searches in a way that they can be linked back to the account that initiated them. Sort of necessarily, we only have...

    They obviously know who you are. Their assertion is that they don't record searches in a way that they can be linked back to the account that initiated them. Sort of necessarily, we only have their word for that, but they don't really have an incentive to do otherwise and the risk to their business and reputation if they did and got caught would be existential.

    14 votes
  14. Comment on Are there any affordable digital compact cameras out there with a zoom lens? in ~tech

    whbboyd
    Link Parent
    In general, if cost is a concern and there's not some other reason to insist on new, I have found that used photography equipment hits a much better price/performance tradeoff than new....

    In general, if cost is a concern and there's not some other reason to insist on new, I have found that used photography equipment hits a much better price/performance tradeoff than new. Yesterday's pro/"prosumer" gear is way better than today's amateur gear.

    4 votes
  15. Comment on Those free USB sticks in your drawer are somehow crappier than you thought in ~comp

    whbboyd
    Link Parent
    I dunno, the orange site is one of the few fora in the world where I could imagine people having worked at so many failed startups they are unironically tired of the standard failure modes… In any...

    I dunno, the orange site is one of the few fora in the world where I could imagine people having worked at so many failed startups they are unironically tired of the standard failure modes…

    In any case, my suspicion is that a lot of these wrong-word substitutions come from phone autocorrect, with ones that happen often enough self-reinforcing as people mindlessly repeat them. While there are about a billion obvious confounders, my observation is that this error pattern has risen sharply with the explosion in people using phones on the web.

    4 votes
  16. Comment on Boarding patients in the emergency department while they wait for available beds is a significant problem that increases avoidable US deaths in ~health

    whbboyd
    Link Parent
    "Bed" is an abstraction. It doesn't mean the physical piece of furniture someone lies on; a "bed" in a hospital is the resources required to house and care for a single patient. That does include...

    "Bed" is an abstraction. It doesn't mean the physical piece of furniture someone lies on; a "bed" in a hospital is the resources required to house and care for a single patient. That does include the furniture, obviously, as well as the space to put it, but also includes staffing (both nursing, physicians, and support staff), infrastructure, even stuff as abstract as food service capacity. The limiting factor in most hospitals these days is staffing (since inpatient medicine has become incredibly unpleasant during and since the pandemic).

    8 votes
  17. Comment on Why car insurance in America is actually too cheap in ~finance

    whbboyd
    Link Parent
    Most likely both. Medical care is a huge direct cost of car crashes, but it's certainly not the only one (and cars are getting more expensive, leading to higher property damage liabilities), and...

    Most likely both.

    Medical care is a huge direct cost of car crashes, but it's certainly not the only one (and cars are getting more expensive, leading to higher property damage liabilities), and indirect costs can easily dwarf even that. Putting a dollar amount on the value of a human life is of course an exercise fraught with peril, but no plausible methodology is going to come up with less than a six-figure amount.

    7 votes
  18. Comment on Any other developers also strongly resistant to adding secondary data stores to their software? in ~comp

    whbboyd
    Link
    Adding an additional data store is the same as adding any other dependency; there are costs to adding it, benefits to adding it, costs to writing the functionality you need yourself, and benefits...

    Adding an additional data store is the same as adding any other dependency; there are costs to adding it, benefits to adding it, costs to writing the functionality you need yourself, and benefits to writing it yourself. There's no magic rule for evaluating these tradeoffs, but I've always found thinking about it explicitly in terms of tradeoffs to be helpful.

    In your case, the costs of adding additional infrastructure are pretty steep. There's operational cost to keeping the service running, knowledge cost to understanding how it works (well above e.g. introducing a new library to your application), cost for the hardware for the service to actually run on. From the situation you've described, I would definitely use Postgres and not introduce new infrastructure for message queueing—but, I would make very, very sure to totally encapsulate the view into the message queue to the application, so if there's a need to migrate later, it's as painless as possible.

    (Postgres is a surprisingly great message queue, though. Just sayin'.)

    Just to flagrantly advocate for the devil for a second, though… it's pretty likely that your application already has secondary data stores. Every nontrivial server application I've ever worked on does. Does your application store objects in S3 or the like? Use temp files? (This can really easily happen without your knowledge.) Talk to other services or a stateful UI? Think for a second about whether de facto you've already given up on internal consistency in your application. That can definitely influence the weighting of adding another. (For instance, if you've already forfeited consistency between services, that immediately becomes much less of a concern.)

  19. Comment on Russian who boarded flight from Copenhagen to Los Angeles last November without ticket, passport or visa has been found guilty of being a stowaway in ~transport

  20. Comment on God and the unreasonable effectiveness of mathematics in ~humanities

    whbboyd
    (edited )
    Link Parent
    The discovered/invented debate is absolutely not a settled philosophical question, FWIW. Here's a decent Reddit thread on it.

    The discovered/invented debate is absolutely not a settled philosophical question, FWIW. Here's a decent Reddit thread on it.

    3 votes