-
Kinda surprised that reddit - a site which hosts rougher parts of the internet - has not had a Head of Security until 2.5 months ago?
-
-
-
-
-
-
-
I’ll add to mulander’s hypothetical that this happened in all kinds of big companies with significant investments in security. They were breached for years without knowing they were compromised. They started calling them “APT’s” as a PR move to reduce humiliation. It was often vanilla attacks or combos of those with some methods to bypass monitoring that companies either didn’t have or really under-invested in. Reddit could be one if they had little invested in security or especially intrusion detection/response.
-
-
-
-
-
-
Because reddit is not hosting financial data or (for the most part) deeply personal data that is not already out in the open, I would assume that they are not that interesting a target for hackers looking for financial gain, but more interesting for
peoplescript kiddies who are looking to DOX or harass other users.-
Many subreddits host content and discussions that people don’t want to be attached to. The post even appreciates that and recommends deletion of those posts.
I find it telling that you go out of your way pushing people interested in gaining personal data in the script kiddie corner. Yes, SMS based attacks are in the range of “a script kiddie could do that”, which makes it even worse.
-
-
-
-
-
I think with the .NET Standard and more streamlined feature set across non-Windows environments, C# / .NET could be viable going forward. It has been a while since I last used it, but it could probably benefit from some basic CLI tools tailored for unix-like systems (considering a lot of those Ruby developers are sitting on Mac computers most likely and developing for Linux environments) - if C# already has this, even better.
I think a strong, multi-platform option in using VS Code for .NET programming might also open up the market. The biggest blocker is probably public perception coupled with the “MS tools first” history, meaning you can use nginx, Redis, Postgres and other tools, but SQL Server and IIS integration will work out of the box with ease.
-
With waterfall, sure you can get a lot done with a beaming goal post in the distance, but is work done on the wrong things considered throughput? Agile should help resolve issues that crop up along the way, and as such throughput might be a bit less, but the idea is that you can change focus and direction as programs get tested, whereas with waterfall you’ll finish a product fast, only to realize that you have to undo a lot of the work done to get back to a place where you can change it. This grossly oversimplifies the whole process, but that is the ups and downs. The agile upside is better direction and “correct” throughput, at the cost of project visibility into the future.
-
Depends on how you do waterfall, just like it depends on how you do agile.
With waterfall you can still have all those things agile does, weekly meetings, burndown charts, even sprints. The important thing behind waterfall is that right at the very beginning you have a complete description of everything the program will be doing. When you do the programming, you do all the programming. Once it’s done you test it and make little adjustments where things are going wrong. Once you did the testing, you hand over to the customer and do the next project.
In comparison, Agile asks you to regularly interact with the customer and see if the requirements evolved or changed, things that might happen when the customer sees the application evolve. You don’t do that in Waterfall.
Waterfall can be immensely powerful when deployed under the right circumstances. As does Agile.
I would also disagree that agile gives you more correct throughput, Waterfall can be just as good if your customer gives you a good handover. But this depends entirely on the customer.
-
Mini-waterfall is agile in the large, and I think mini-waterfall is kinda underrated, especially in teams where the same people work together frequently over a long period:
“We all understand what this is, it’s going to take us 3-5 weeks, we might have a few questions along the way, but it should be done by about October”.
That can actually work out pretty well.
-
I think we are pretty much in agreement. Waterfall puts a lot of responsibility on the customer knowing exactly what they want and how they want it, and some good architects that can create a specification that matches this. If all that is in order, waterfall should win hands down, and the testing at the end should be minor (some graphical design, a few discrepancies, etc.)
Where agile wins is if this is not the case, which unfortunately often happens. In cases where you are not producing for a customer (such as internal product development), it can also be hard to know in advance how a feature works out and you want feedback early and often. Agile then is better, to avoid working in the wrong direction and “correct the course” often, since there is no “X marks the spot” for crossing the finish line.
-
-
-
My personal experience from the last two jobs (as both interviewer and interviewee), was that interviewing in a relaxed manner (drinking coffee, going for a walk) and talking about prior experience, challenges and current interests in technology, tools, etc. works quite well. It cannot replace actual coding ability, for a lot of people having a conversation rather than a test seems to be a better indicator of potential (if not necessarily raw skill).
This does require the interviewer to be in a good state of mind and does not lend itself well to “bulk” interviewing, but for small companies looking for a few good candidates I found it to work well.
-
I think this vastly simplifies what a good developer is - someone who takes a 9-week course might be great a having someone tell them
"Implement this simple specification EXACTLY"with a bit of micro-management, but they won’t be able to expand the domain knowledge of a user or client into a viable solution. In general, I think great developers are great at taking a human problem and solving it using technology - just writing code does not really make sense unless you are writing tutorial-like CRUD interfaces for super simple cases.
-
cpnielsen
2 months ago
|
link
| on:
Tips for surviving the Windows desktop if you hack UNIX all day?
I use Cmder with the built-in SSH agent, and it works pretty much like Terminal on OS X (or equivelant on Linux), along with git and other cygwin ports of linux command-line tools. Of course it requires that you can install anything in your environment.
I have only ever used mIRC on Windows, but it was back in the days of Quakenet and games chat, so I can’t talk much about how it works as a productivity tool - it can be modified A LOT, so likely you can find something that works (and it should work with links and other modern stuff).
-
Finished up with a client so I’ve had a lot of free time to work on my novel, Farisa’s Crossing. I think there’s a good chance (over 90%) of my having it ready for an April 26, 2019 launch. We’ll see where it goes.
A few job interviews. Really looking for something stable and interesting, although there’s seems to be a very high Planck’s constant (or perhaps I am a small-mass particle) which makes it rare to find both.
Last week simplified the rule set for Ambition. Going to run some simulations with more realistic players (i.e., more intelligence than “random legal”) to make sure all the changes make sense, although I feel pretty good already.
-
Are you looking for an interesting problem space or interesting problems? I am currently working as a developer on a platform for preschool institutions (nurseries, kindergartens, etc.) and while it seems boring on the surface, we have a ton of interesting challenges (also owing to a nice tech team that has a lot of lee-way in technology). If you had asked me 1 year ago if this area would be something I would be working in, I would have said no. Just a thought.
Book sounds super-interesting. Anywhere to sign-up for a release e-mail or similar notification?
-
I’d be interested in talking to your company about their work, for sure. I’m capable as a data scientist, engineer, and manager. I’m in the DC area and can’t move (my wife’s job is here). And I can only work 9–5 (that is, not insane startup hours) because of my writing schedule.
I’ll reach out privately about the book. I’m going to recruit beta readers (between 10 and 20 is ideal) between now and September (with the book ready by then but a full read “due” in January). The time commitment at an average reading speed is about 1.5 hours per week (it’s a big book; projected WC is 220k, which is the main reason I’ve decided to self-publish it) over 16 weeks.
-
-
No, we are not in the US per se (except for a few “beta” customers), so it’s unlikely you will have come across us - https://famly.co.
-
-
-
-
Apartment: Good progress on the last bits - last baseboards done, touchups everywhere and hung up a chandolier inherited from my grandmother and it looks great! I was never much of a handyman prior to this, but I keep finding hidden talents - turns out you can get very far with some googling and a bit of help from the old man ;)
Job: Still working on the last bits and pieces of proper monitoring for our Kubernetes cluster. We run a AWS-based setup with all the bells and whistles set up, and we need an equivelant setup for our Kubernetes-based cluster (application monitoring, alerts, etc.) Slow progress, but learning a lot along the way.
-
I enjoy coding well enough, but the real joy is in problem solving - figuring out how to approach a problem, with what tools, data stores, technologies, etc. It is also a two-edged swords, since a lot of problems can be (theoretically) solved in the design/specification phase and then it is “just” the implementation part. Often enough it happens that the design was lacking and that a lot of other, often interesting, problems arise during implementation which gets me back into the joy of problem-solving.
That being said, I like to have varied tasks so I often do customer talks, help out colleagues on various issues and try to be not “just” a programmer. It still stays mostly within the realm of “Software Development”.
-
We used to do “What I did -> What am I doing”-standups, and they generally meant each person spent 2-5 minutes explaining their current task, issues and who it related to. In the end, people could only vaguely remember what other team members were doing, save for those they were directly collaborating with.
We recently have been doing something different:
- Tell us if you are experiencing any troubles (just raise the flag, no live troubleshooting).
- Tell us if you are blocking anyone or are being blocked by anyone (and resolve it after).
- Tell us if you think you will make your sprint or whether some tasks will have to be pushed.
Our sprints are two weeks long and we have a concrete sprint task planning at the start, a loose “what is coming next sprint”-meeting (1 hour max) in the middle of the sprint and a retrospective at the end (3 notes per member, usually they group together and we talk about 1-3 major points). All in all I think we are fairly productive and everyone is on track most of the time. You still have to deal with under-specified tasks, over/under-estimating task time and such, but I should think those cannot really be avoided ;)
-
Normally, I’d say this is off-topic for lobste.rs but the writer IS pretty entertaining and I LOL-ed at
Sure, Google and Facebook and Apple do have to worry about this, because they’ve domiciled their foreign HQ’s in Ireland so that they can shelter all that foreign revenue from US taxation. Karma’s a bitch.
Also, way to go to break that stereotype about Canadians being polite doormats.
But for those of us here who are lawyers (or are close to the law, preferably not on the broke-the-law side) how accurate is this position?
The thing with collecting the taxes reminded me that Amazon now collects state taxes. I’m totally ok with this, but it is a state law Amazon is having to comply with, without which they would have to cease operations in that state. So I’m surprised that easyDNS can serve UK customers without collecting taxes - they must be violating UK law, right?
I also see, in principle, how this translates to having to start obeying contradictory laws. Say the Saudis say women can’t access the internet and all internet providers now have to track gender of the user. What happens to a US based company that is prohibited from denying services on the basis of gender. I guess they’ll have to create a new company in Saudi that’s a wholly owned subsidiary but is a Saudi company and so on and so forth.
Ah the joys of being one big happy planet.
-
I guess they’ll have to create a new company in Saudi that’s a wholly owned subsidiary but is a Saudi company and so on and so forth.
Or they just don’t trade in Saudi Arabia.
That’s an option for many people dealing with the GDPR: If you don’t have a website in Europe, or a business in Europe, and you don’t trade in European data, then the GDPR doesn’t apply to you. However Facebook – even if they weren’t in Ireland does trade in European data by selling advertisements to European businesses.
They could choose not to- they could refuse to do any business with any company in Europe. This kind of structuring would probably make them safe, but it’s not realistic: There’s simply too much money in Europe.
-
They would have to cease trading with any company AND not have any European “customers” (users). Having the data of any entity (person or company) that resides in a European country makes you liable according to GDPR.
Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.
-
I think the point is that if you have no company footprint in EU, not business partners there, etc, then the GDPR is unenforceable against you. Yes, they can sue you in an EU court and bring a judgement against your corporation, but if your corporation will never have any footprint there then there is no power to enforce the judgement.
-
-
Having the data of any entity (person or company) that resides in a European country makes you liable according to GDPR.
Ehm… no.
The “data subject” is always a European citizen, a person, not a company.
Can you point me to the GDPR article that lead you to this conclusion?
-
You are completely right in that sense. However, companies who are handling personal EU data will make any company, that they in turn hand (parts of) that data to, liable (and require a data processor / data manager agreement). As you say, handling data for a EU company that has no personal data is not liable to GDPR, but it is a slippery slope because handling pay slips, staff management, etc. will very often have personal data.
-
-
Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.
An IP Address isn’t “personal data”, a name isn’t “personal data”, even a login name isn’t “personal data”. What exactly are the circumstances that you believe you would be “slipped” some personal data without realising it?
-
Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.
What exactly are the circumstances that you believe you would be “slipped” some personal data without realising it?
Frankly, that sentence sounds a lot like FUD, but IP addresses and names are personal data according to GDPR.
-
Frankly, that sentence sounds a lot like FUD,
“FUD” means “fear, uncertainty and doubt” and refers to a specific kind of marketing campaign where the goal is to spread enough misinformation about a subject so that people are afraid of engaging further with a subject.
Telling people they’re going to be accidentally breaking the law for being connected to the Internet is FUD. Please stop spreading it.
but IP addresses and names are personal data according to GDPR.
False.
The GDPR doesn’t mention IP addresses at all. It never once says that a “name” is personal data.
The ICO (GDPR Regulator in the UK) even gives the example of Names not being personal data:
By itself the name John Smith may not always be personal data because there are many individuals with that name.
-
It never once says that a “name” is personal data.
Dude, you really need to read the law:
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
I urge anyone using your consulting to hire a competent European lawyer instead.
-
That doesn’t disagree with what the ICO said.
The key language is an “identified or identifiable natural person”.
If you can’t identify a natural person with it, and you have no normal business practice that would enable you to do so, it’s not personal data.
For a consistent ruling of this, see opinion 4 which teaches that a dynamic IP address cannot identify a person. Why would anyone think a name would?
I urge anyone using your consulting to hire a competent European lawyer instead.
I do the same. I’m not a lawyer. I’m an SME who tells companies what they can do, and then invites outside legal to review my advice. I’m significantly more expensive than a European lawyer (in billings), but companies who want to understand what exactly can they do need someone like me instead of some guy on the Internet.
-
If you can’t identify a natural person with it, and you have no normal business practice that would enable you to do so, it’s not personal data.
For a consistent ruling of this, see opinion 4 which teaches that a dynamic IP address cannot identify a person. Why would anyone think a name would?
Because you cannot know if a specific name can be used to identify the user.
You just need one identificable name to violate the GDPR for that user.
Your “normal business” practices means nothing in this regards.
Article 33 explicitly states that:The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.
This means that a company is accountable for any personal data leak, be it due to a bad employee or a smart hackers crew using a zero day.
The law says that any information that can be used to identify a user directly or indirectly is personal data. And it includes data related to “one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
So if a company holds my dynamic ip address with the time of my connection in its database and a third party can use these informations together to learn my identity (as the ISP that assigned me the IP could do) these information are personal data.
Same for a login name, if somebody can identify my identity with the couple username + host, that username is personal data per GDPR.
I’m not a lawyer.
Neither do I.
But I can read a law as any other European citizen can do.
What you said about name and IP is simply misleading.
I’m significantly more expensive than a European lawyer
Really, I have no doubt.
If that is the problem I can suggest pretty expensive and competent European lawyers.
But while I have no economic interest in this, as an European whose personal data are protected by the GDPR, I’m not happy to read you give technical advises without a minimal understanding of the law.
I’d like to have a list of the companies taking your advices, to avoid using their services.
-
What you said about name and IP is simply misleading.
The court decision you’re referring to (and you should read it, since it’s clear you haven’t) considers an IP Address and timestamp identifying to the ISP, since they can look up their customer’s name.
You just need one identificable name to violate the GDPR for that user.
That is nonsense.
Go away troll.
-
You just need one identificable name to violate the GDPR for that user.
That is nonsense.
That is the GDPR law. Literally. Article 4.
If my name is unique, and your db store my name, you are holding my personal data.
The court decision you’re referring to considers an IP Address and timestamp identifying to the ISP, since they can look up their customer’s name.
And if an ISP employee breach into a system and get the IP Address and timestamp of the users, she will be able to identify such people and gain sensible informations about them from the system.
Now, if the system’s controller don’t notify the European users about the data breach, thinking he is not collecting personal data subject to the GDPR, he will violate the Article 33.
Go away troll.
Fine, I guess I can not convince you to admit a mistake on this topic as it seems a good source of revenue.
But please, try to read and understand the law. It’s pretty simple and clear.
-
You just need one identificable name to violate the GDPR for that user.
That is nonsense.
That is the GDPR law. Literally. Article 4.
Stop trolling. The GDPR never uses the string “identificable”
If my name is unique, and your db store my name, you are holding my personal data.
The ICO disagrees. They’re the one responsible for regulating me (I’m in the UK) and they’ve given no further guidance on the subject. It is however consistent with their other positions on identifying personal data.
And if an ISP employee breach into a system…
What exactly do you think the normal person should think the risk is of someone who works at an ISP breaking into their website? You’re being absurd.
Stop trolling.
-
-
-
-
So they are both off-topic in this thread.
The ICO’s opinion is all that matters.
Not yours.
But, actually, I think that everyone can compare your statements with the GDPR text and can easily see how rooted are your advises.
Yes. I’m telling people don’t panic, and you’re shouting panic; pointing to articles you haven’t read with interpretations that isn’t shared by the regulators even most professionals working in this space.
Then there’s that weird thing you’re saying about ISP employees breaching people’s sites…
Go away.
-
-
-
-
-
-
-
-
-
-
-
You’re not.
Having a European visit your website doesn’t necessarily mean you have any extra burdens.
If you don’t trade with Europeans and aren’t trading data specifically about Europeans[2], then you aren’t in-territory.
If you don’t know who they are, cannot find out who they are, and the information you have doesn’t through your normal business practices identify a natural person[2], then your data is not material.
I still cannot see how you can collect personal data accidentally if you know what personal data means, or what the GDPR is attempting to accomplish. The law doesn’t talk about “users” or “platform” in this way, and the regulators do not provide guidance in ethereal cases like yours.
[1]: For example, if you sell targeted advertising on your website and allow your buyers to break down by Geography, then you’re in-territory.
[2]: That last one might seem tricky, but it’s designed to catch companies who make behavioural profiles of people using cookies and IP addresses. If you’re not doing anything like that, then you’re probably fine, but I’d need a specific example to say.
-
through your normal business practices
Please @cpnielsen, compare this to the definitions for “personal data breach” in Article 4 of GDPR:
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
and to the definition of “personal data” in the same article:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Neither definitions cite in any way the use you do of the personal data in your business practices.
A certain set of data is personal indipendently from the use or the inferences that you can do about them.
Any information relating to an identified or identifiable natural person is personal data.
-
Did you mean to tag me or was that meant for @geocar? Either way, I think we agree.
To examplify my point: Let us pretend you are Bookface. You explicitly block any European user from signing up for your site (and since you opened on the day of the GDPR launch there are no users already signed up). Because your blocking is not perfect, Gerard from France stumbles across Bookface.com, signs up and gives you his full name, e-mail, date of birth and street address. You are now subject to GDPR as you are holding personal information about him. You can try to ignore it, and actual enforcement might be difficult (especially for individual cases), but the EU is very clear on this: You are subject to GDPR.
Depending on how you use this data and whether it is required for your platform to operate, you may have to ask Gerard to explicitly opt-in (or not use the service at all, if presented at sign-up).
-
Did you mean to tag me or was that meant for geocar?
Comment was for both of you.
But I realized by his last answer, that @geocar is not talking about GDPR as generally applied in Europe for European citizens, but about the UK reception that protect UK citizens only.
This explains his lack of understanding of the GDPR, but it also means that you can (probably, IANAL) safely take his advices for data relating UK citizens. Not for data relating to other Europeans.A relevant example is the name of a user (or her IP Address) that are notoriously personal data according to the European GDPR, but that, according to geocar, are not to be consider as such in UK.
To examplify my point […]
Yes, we agree.
In your example, once the data of Gerard are in your system, you are subject to GDPR. Even if Gerard agrees on the processing you do, you have several obligations in his regards, such as assuming proper security measure to protect his data and informing him if his data get disclosed by an accidental data breach. You should read the law for a full list of the obligations.
And, AFAIK, you can only avoid such obligations by completely removing Gerard’s data from your system (including from logs and backups).
I encourage you and everybody else to read the law. It is really clear and well written.
And while a competent European lawyer might help, anybody in good faith can easily understand it.
-
-
-
-
-
-
-
-
So I’m surprised that easyDNS can serve UK customers without collecting taxes - they must be violating UK law, right?
I would imagine there is an amount of “Okay, so come and get it” involved with the VAT taxes and other laws. There’s no mechanism for enforcement of that decision if you hold no assets within EU member states. Now, the EU could attempt to block access to that website, but we all know how effective that is.
If you can’t hit someone with a stick what incentive do they have to follow your orders? Especially if there is no reward for doing so other than a pat on the head? Doubly so if following those orders is a pain in the butt.
-
-
-
The way to detect a true lobste.rs topic is to find one whose title you barely understand, which has one upvote and which has few replies. The replies, however, are substantial, mind opening and mind blowing. After reading the comments you can go back to the article and perhaps understand the title. To understand the article you might have to write some code yourself.
That’s how we started out.
I’m not that much of an old grouch to deny people their party line talk, but frankly, there’s still that YCombinator powered bar fight site, right? Why clone it here?
That said, I’m okay with a writeup like this appearing once in a blue moon. But I do find myself aggressively hiding stories more and more.
-
The way to detect a true lobste.rs topic is to find one whose title you barely understand… To understand the article you might have to write some code yourself.
It’s an amazing high standard.
But I’d say it would exclude 99% of the posts here and anything related to law, privacy, practices and culture.
Also I’d have some issues at posting anything I wrote myself, because I only write about topics I understand myself.
-
-
-
-
-
But why everyone blame npm and “micro-libraries” as the main problem in js? Aren’t all other languages (except C/C++) has the same way of dealing with dependencies? Even in conservative Java installing hundreds of packages from Maven is norm.
-
Something to consider is that JavaScript has an extreme audience. People who barely consider themselves programmers, because they mostly do design use it, or people just doing tiny modifications. Nearly everyone building a web application in any kind of language, framework, etc. uses it.
I think the reason there is so much bad stuff in JavaScript is not only something rooted in language design. JavaScript isn’t so much worse than other popular bad languages, it just has a larger base having even more horrible programmers and a lot of them also build some form of frameworks.
Don’t get me wrong, JavaScript is not a great language by any stretch, but blaming the ecosystem of a language who certainly has at least a few of the bright minds designing and implementing (working at/with Google, Mozilla and Joyent for example) it should not result in something so much more unstable.
Of course this doesn’t mean that it’s not about the language at all either. It’s just that I have yet to see a language where there isn’t a group writing micro-libraries, doing bad infrastructure, doing mostly worst-practice, finding ways, to work around protections to not shoot yourself in the foot, etc. Yes, even in Python, Rust, Go, Haskell and LISP that exists.
Maybe it’s just that JavaScript has been around for ages, many learned it do so some animated text, they wrote how they did it, there is a ton of bad resources and people that didn’t really learn the language and there is a lot of users/developers that also don’t care enough, after all it’s just front-end. Validation happens on the server and one wants to do the same sending off some form and loading something with a button, updating some semi-global state anyway.
JavaScript is used from people programming services and systems with it (Joyent, et al.) to a hobby web designer. I think that different approaches also lead to very different views on what is right and what isn’t. Looking at how it started and how the standards-committee has to react to it going into backend, application and even systems programming direction probably is a hard task and it’s probably a great example of how things get (even) worse when trying to be the perfect thing for everything, resulting in the worst.
On a related note: I think the issue the community, if you even can call it like that (there are more communities around frameworks rather than the language itself, which is different from many other scripting languages) doesn’t seem to look at their own history too much, resulting in mistakes to be repeated, often “fixing” a thing by destroying another, sometimes even in different framework-layers. For example some things that people learned to be bad in plain JavaScript and HTML get repeated and later learned to be bad using some framework. So one starts over and builds a new framework working around exactly that problem, overlooking other - or intentionally leaving them out, because it wasn’t part of the use case.
-
there are more communities around frameworks rather than the language itself, which is different from many other scripting languages
In general I tend to agree, but at least at some time ago I am pretty sure the Rails community was larger than the Ruby community. The Django community in Python also seems to be quite big vocal, but probably not larger than its language community given that the Python community is overall way more diversified and less focused on one particular use of the language.
-
-
A lot of Java frameworks predate maven - e.g. Spring was distributed as a single enormous jar up until version 3 or so, partly because they didn’t expect everyone to be using maven. I think there’s still a cultural hangover from that today, with Java libraries ending up much bigger than those in newer languages that have had good package management from early on (e.g. Rust).
-
-
In technical terms, npm does not differ much from how python does package management. Culturally, however, there are a big difference in how package development is approached. Javascript has the famous
left-padpackage (story). It provided a single function to left-pad a string with spaces or zeroes. Lots of javascript libraries are like it, providing a single use case.Python packages on the other hand usually handle a series of cases or technical area - HTTP requests, cryptography or, in the case of left-pad, string manipulation in general. Python also has PEP8 and other community standards that mean code is (likely to be) more homogeneous. I am using python here as that is what I know best.
-
-
-
-
Something I’ve been wondering about (and this is probably the wrong forum to ask about) is whether or not doing this would result in employees or executives having issues if they go to Europe?
-
-
I think the question is something along the lines of “could a company be prosecuted for violations of the GDPR if its employees visit or work in Europe”.
I assume the answer is “no”, as long as they’re not actually doing business in Europe. (Which would be the primary reason to have employees there, but with the increased prevalence of remote work, it’s not necessarily the case.)
-
-
“It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”
https://www.eugdpr.org/gdpr-faqs.html
So if you are working in the EU, your company would probably need to comply with GDPR, as they likely has personal information on you in their systems. I guess it comes down to how lawyers would interpret “residence”. Enforcable? Idk.
-
-
-
Suppose I work for a company in Canada and that company flagrantly violate’s the GDPR. I later leave the company and move to Europe.
Is it possible for Europe to come after me personally, instead of (or as well as) the company?
What if I’m the CTO? CEO? Owner? Just an employee but directly responsible for the GDPR violations?
What if I don’t leave the company and just go to Europe on a vacation?
-
Is it possible for Europe to come after me personally, instead of (or as well as) the company?
This is the entire point of the legal fiction of a “corporate person”. If a corporation is doing bad things, you go after the corporation. It’s very rare that anyone within the company directly is charged with a crime unless they’re knowingly and intentionally violating something. GDPR is fairly lenient with remediation and other things.
What if I don’t leave the company and just go to Europe on a vacation?
They’d more or less have to issue a warrant for you, and you would know.
-
-
-
-
-
I am starting work on a hobby, web game development project. I have a bunch of design documents scribbled over the years, and I am currently looking into what I want to use for the backend stack (leaning towards python and graphQL, but it may change). For the front-end I haven’t done any research yet, so any recommendations for good front-end frameworks (game-specific or not) that makes supporting a tile-based, scrollable map would be very welcome.
The game is inspired by HoMM, implemented as a tick-based system (every X hours you get resources, movement is done, etc.) in a shard-based world (image 100 players in a huge map). The idea is to have a game you can log into every 3-4 hours for 10 minutes during the day (8AM - 8PM or similar), in short a game I would have time to play myself. It will have a greater focus on diplomacy, zones and sovereignty to make it more interesting (only taking some basic concepts from HoMM).
-
I was one of the people primarily responsible for setting up Kubernetes at work, and there are definitely pros and cons. Bootstrapping everything, getting networking running, making sure you’re running the right versions, what flags to set for your api-server and kubelets, etc. is all a lot of trial and error. We were additionally constrained in that we could not use any of the “built-in” clouds such as Azure or GCE, and the documentation is lacking for the from-scratch versions. One of the things that really helped was Kelsey Hightowers “Kubernetes the Hard Way”: https://github.com/kelseyhightower/kubernetes-the-hard-way.
That said, for developers using kubernetes, it is pretty neat. You get free service routing, namespace abstraction, automatic configurable rollover deployment, a vault for secrets and more. Role Based Access Control gives you fine-grained control over who can access what, where and how (with the headache that most of the resource names and verbs are not listed anywhere). If you are already using Docker images (in whatever capacity), the jump to kubernetes is a 30-line YAML file and a few commands, and being able to “bundle” containers in pods is one of the better ideas kubernetes got.
Personally, the biggest frustration is the blazing pace of everything. What was best practice yesterday is deprecated tomorrow, in an effort to try everything and settle on the “best” solution. If I could fast forward kubernetes development 2 years and then use it then, I think it would be a much more smooth experience.
-
How does one license software so that the hobbyist or lone pro or small company can profit from it while dissuading usage where the gained efficiency would only garnish the pockets of the lords (see 100x salary vs average worker kind of nonsense)?
-
AGPLv3 ;)
-
I think the most successful model is that of open-source + enterprise licenses/versions, with the latter usually including some consultancy hours and more that you buy as a package. Companies of the size where they need it can afford to pay it, where everyone can use the open source version free of charge, like any other project.
The “downside” is that you need to create a company around the software to monetize it, but I think that it can be quite rewarding to work, for pay, on an enterprise version where 90% of the code is shared as open source.
-
-
The best way to combat this is to not answer the questions for password reset at all. Use a password manager, and when a company asks something like “what was the name of your favorite teacher” give an answer like “zod the destroyer 7899” and never mention or tell anyone about this. Even if someone knows your favorite teacher, it won’t help them.
-
-
Unfortunately you do need to be a bit careful with this. It’s possible (however dumb) that these answers are stored in plaintext and then presented to the user either as-is (multiple choice) or partially obscured (complete this name).
If an attacker is trying to get through the reset process and are confronted with “What’s your mother’s maiden name? a) Jones, b) Smith or c) F32djsb/.$%” they might have better than 1-in-3 odds :-)
-
I’m partial to being born somewhere like: Earth Sol System Orion Minor Galactic Arm Milky Way Galaxy
And my favorite pet sometimes has ended up being something like: Leeloominai ekatariba tchai ekbat de sebat
And favorite colors being Steve.
I just plug all that crap into my password manager so that all my random “copy something from an open webpage” answers don’t go away.
-
I do this (except the answers are randomly generated) and it turns out it mostly doesn’t matter. I’ve had to call services that use them and talk to customer service representatives. They’ve asked me the questions, along with other identifying information, and I told them that I didn’t know the answer. All I said was that it was probably random junk. They just ignored it and continued to deal with my problem.
What’s even more interesting is that rep on the phone would admonish me for forgetting the answer, telling me that they ask these things for my own security. It didn’t seem to register, even after I mentioned it, that it obviously doesn’t since I just bypassed them.
-
-
-
-
Not that you nor I can do anything about it here and now, but that practice should be heavily discouraged. The whole point of security questions is to answer stuff only I know. Which also makes 90% of the currently available choices (“Mother’s maiden name”, “First pet”, etc.) really poor choices. Allow me to make my own question and answer, and it should improve handily for some people, whereas people who fall back to the default questions are no worse off.
-
-
-
Majority of work has been working on models for applying public funding for invoices in kindergartens, and discovering the shocking amount of edge cases and hoops accounting has to jump through to account for late applications, wrong calculations, etc. There is a huge gap between what I thought was the “correct” way and the way people actually do it, stemming both from my ignorance and how people are stuck in certain ways - some cases are easily solved on paper by a human, but is very hard to model.
It’s been both frustrating and a great learning experience, and it makes me wonder what else we do to account for people doing things “incorrectly”, for various meanings of incorrect.
We use cron for task scheduling, and then we have a Kafka queue where all events are added (made by task scheduling and otherwise) and then processed by a number of different “workers” depending on the category of tasks. We used to use Amazon SQS, but it’s fairly slow and not 100% reliable (messages would get dropped for no reason).
As for Celery, there are a lot of pitfalls so make sure you test everything thoroughly if you go that route.
beatis the task scheduler,workeris the runner, but each requires their own unique process.