Software Engineering. Most software is basically just houses of cards, developed quickly and not maintained properly (to save money ofc). We will see some serious software collapses within our lifetime.
deleted by creator
In the news this week: https://publicapps.caa.co.uk/docs/33/NERL Major Incident Investigation Preliminary Report.pdf
This is unprecedented since, well, January: https://en.wikipedia.org/wiki/2023_FAA_system_outage
Y2038 is my “retirement plan”.
(Y2K, i.e. the “year 2000 problem”, affected two digit date formats. Nothing bad happened, but consensus nowadays is that that wasn’t because the issue was overblown, it’s because the issue was recognized and seriously addressed. Lots of already retired or soon retiring programmers came back to fix stuff in ancient software and made bank. In 2038, another very common date format will break. I’d say it’s much more common than 2 digit dates, but 2 digit dates may have been more common in 1985. It’s going to require a massive remediation effort and I hope AI-assisted static analysis will be viable enough to help us by then.)
Windows, Linux, FreeBSD, OpenBSD, NetBSD, and OSX have all already switched to 64 bit time.
Tell that to the custom binary serialization formats that all the applications are using.
Edit: and the long-calcified protocols that embed it.
So they have a year 202020 bug then
I get the joke, but for those seriously wondering:
The epoch is Jan 1, 1970. Time uses a signed integer, so you can express up to 2^31 seconds with 32 bits or 2^63 with 64 bits.
A normal year has exactly 31536000 seconds (even if it is a leap second year, as those are ignored for Unix time). 97 out of 400 years are leap years, adding an average of 0.2425 days or 20952 seconds per year, for an average of 31556952 seconds.
That gives slightly over 68 years for 32 bit time, putting us at 1970+68 = 2038. For 64 bit time, it’s 292,277,024,627 years. However, some 64 bit time formats use milliseconds, microseconds, 100 nanosecond units, or nanoseconds, giving us “only” about 292 million years, 292,277 years, 29,228 years, or 292 years. Assuming they use the same epoch, nano-time 64 bit time values will become a problem some time in 2262. Even if they use 1900, an end date in 2192 makes them a bad retirement plan for anyone currently alive.
Most importantly though, these representations are reasonably rare, so I’d expect this to be a much smaller issue, even if we haven’t managed to replace ourselves by AI by then.
an end date in 2192 makes them a bad retirement plan for anyone currently alive.
I can’t wait to retire when I’m 208 years old.
Omg we are in same epoch as the butlarian crusade.
Butlarian crusade
Butlerian Jihad, my dude. Hate to correct you, but the spice must flow.
Im just glad you got that reference
If you’re going to correct people about Dune quotes, at least use one from the book! “The spice must flow” doesn’t appear in any of them, it’s a Lynch addition.
Cars haven’t. A whole lot of cars are gonna get bricked.
How many UNIX machines in production are still running on machines with 32-bit words, or using a 32-bit time_t?
How much software is still running 32 bit binaries that won’t be recompiled because the source code has been lost together with the build instructions, the compiler, and the guy who knew how it worked?
How much software is using int32 instead of time_t, then casting/converting in various creative ways?
How many protocols, serialization formats and structs have 32 bit fields?
Irrelevant. The question you should ask instead is: how many of those things will still be in use in 15 years.
What is the basis for the 2038 problem?
The most common date format used internally is “seconds since January 1st, 1970”.
In early 2038, the number of seconds will reach 2^31 which is the biggest number that fits in a certain (also very common) data type. Numbers bigger than that will be interpreted as negative, so instead of January 2038 it will be in December 1901 or so.
Huh interesting. Why 2^31? I thought it was done in things like 2^32. We could have pushed this to 2106.
Signed integers. The number indeed goes to 2^32 but the second half is reserved for negative numbers.
With 8 bit numbers for simplicity:
0 means 0.
127 means 127 (last number before 2^(7)).
128 means -128.
255 means -1.Why not just use unsigned int rather than signed int? We rarely have to store times before 1970 in computers and when we do we can just use a different format.
Because that’s how it was initially defined. I’m sure plenty of places use unsigned, which means it might either work correctly for another 68 years… or break because it gets converted to a 32 bit signed somewhere.
so instead of January 2038 it will be in December 1901…
Maybe this is just a big elaborate time travel experiment 68 years in the making?
I am taking the week off, family camping, and cell phones off for that week in 2038.
My dad is a tech in the telecommunications industry. We basically didn’t see him for all of 1999. The fact that nothing happened is because of people working their assess off.
My dad still believes the entire Y2K problem was a scam. How do I convince him?
Well my dad does too and he worked his ass off to prevent it. Baby boomers are just stupid as shit, there’s not really much you can do.
Are there currently any that are showing signs of imminent collapse? (Twitter, maybe?).
Or what are the signs to look for those who are untrained in this field?
Is a website running on WordPress? That’s a system built on failed practices and is constantly attacked. It needs a serious overhauling and possibly replacement, but the software runs a huge majority of websites.
While most instances of WordPress you we’ll find in the wild are insecure and nothing more than bloated garbage. The CMS is actually fairly secure with minimal intervention if you properly configure it on setup and maintain software updates as they continually roll out patches for vulnerabilities as they are discovered.
If you turn off comments and the ability for new users to self-register and throw it on PHP 8.2 with a WAF and enable file write protection it’s actually very robust.
At least when WordPress breaks you have WP-CLI to troubleshoot it
I work for a web hosting company. So many WP sites are out of date with plugins and core. I’ve dealt with many compromised sites. Granted there are auto updates on the WP side and the hosts service, it’s still pretty often.
I also work for a WH. Yeah most idiots don’t do basic maintenance which is why I just rename the dir as xxx.old make a new folder install core and then delete the blank wp-content an copy over the wp-content DB and wp-config.php from the borked install. Takes 10 min rather than 30 to update and fix. I call that the “Doctor Frankenstein” method
Mostly tge first sign is something like all old .doc files can no longer be opened. So some thing like.
Regarding Twitter: yes.
As a tech person outside Twitter, looking in: Twitter is metaphorically a huge airliner with one remaining engine, and that engine is pouring smoke.
The clown who caused the first four engines to fail has stepped out of the pilot’s seat, but still has the ability to fire the new pilot, and still has strong convictions on how to fly a plane.
That plane might land safely. But in the tech community, those of us fortunate not to be affected are watching with popcorn, because we expect a spectacular crash.
If anyone reading this is still relying on Twitter - uh, my advice is to start a Mastodon account. Or Myspace or something.
I can’t imagine the shit show it would be if that log4j vulnerability and software update hit Twitter in its current state. I could see shutting off all external web traffic until the overworked devs finish committing while being held up with a visa loaded gun pointed at their head.
Package management is impossible. When a big enough package pushes an update the house of cards eill fall. This causes project packages with greatly outdated versions to exist in production because there is no budget to diagnose and replace packages that are no longer available when a dependency requires a change.
Examples: adminJs or admin bro… one of them. Switched the package used to render rich text fields.
React-scripts or is it create react app, I don’t recall. Back end packages no long work as is on the front end. Or something like that? On huge projects, who’s got the budget to address this to get the project up to date?
This has to be a world wide thing. There is way to many moving targets for every company to have all packages up to date.
It’s only a matter of time before an exploit of some sort is found and who knows what happens from there.
That’s basically what happened with log4j or whatever that java bug was a few years ago. A lot of things still haven’t been patched.
As an everyday user of software who’s not a developer, this is not a secret. Nothing works well for any extended period of time.
Because it fit into an ecosystem of tech that is constantly evolving. Software as a whole evolves more quickly than most tech. You see the same effect in every other branch of engineering but just slower.
Example: They are having problems rebuilding a certain famous church in Europe that burned down because the trees that went into it are now all smaller. They can’t get a replacement part.
I just dealt with this about a month ago at work. A customer machine died and they wanted “an exact replacement”. I explained to sales that is all I need to hear to know this project is going to be a disaster. Parts go out of stock, the network stuff is not as backwards compatible as people think it is, and standards change. They went over my head and demanded the same machine. I get daily emails from our fabricators about the problems they are having. Engineering is not a once and done thing. You need to have the staff and resources to continue to make your product match up with the environment it is in.
Does leftpad count as a collapse?
I used to be a funeral director. The majority of outsiders were unaware of pretty much everything we did. Often on purpose because thinking of death is uncomfortable.
The biggest “secret” is probably that the modern funeral was invented by companies the same way diamond engagement rings were. For thousands of years the only people who had public funerals were rich and famous. It was the death of Abraham Lincoln that sparked the funeral industry to sell “famous people funerals at a reasonable price”. You too could give your loved one a presidential send off! The funeral industry still plays into this hard, and I’ve found many people are simply guilt tripped by society to have a public funeral.
Donate my body to the worst medical student in the
collagecollege. I’ll definitely be an F level carcass.I did my cadaver dissection last year in medical school, and you’ll probably be a better cadaver than you think. The worst one to deal with in the class was in the tank next to ours. The cadaver was 102 years old at time of death without a scrap of fat anywhere. The muscles dried out and fell apart almost immediately on dissection, and started growing mold over the winter break. The lab manager had to keep removing portions of the cadaver to try to limit the spread of the mold until all that group was left with was a head in a bucket of formaldehyde. The head, neck, and brain were the last dissections we did, so it worked out okay-ish, but I will never forget the absurdity of them ending up like a Futurama president.
You’re saying lean people make bad cadavers?
If they are very lean, yeah, it can be a problem. Having a bit of adipose to absorb some of the formaldehyde and retain some moisture helps to keep the tissues from drying out. Once the body tissues dry out, they’re basically mummified and dissecting them would be about as useful and easy as dissecting jerky.
For no reason whatsoever: if you received an email, activated by a dead man’s switch, that told you that the body coming in next buried treasure which you could find by solving a series of riddles, the first of which is respond to the email with what gum flavor was swallowed last, would you?
LMAO! This comment is so much better because you misspelled college. Made my day. 😂😂😂
I did no such thing.
My wife knows my wishes. My body is to be donated to the medical school of my university. If nothing else I get to help train the next generation of doctors plus my dead leaking asshole will shit on my university. Chaotic Neutral ftw.
In terms of funeral service I told her that she should do whatever she wants to mourn since I won’t be there it doesn’t matter to me. Knowing her it will be a traditional service from her homeland.
Same. I want to keep being a failure.
You didn’t talk about how coffins are sold for many thousands of dollars when they are just cheap plywood boxes that shouldn’t cost more than a hundred bucks and that serve no purpose other than to decay as quickly as possible.
While I do think expensive caskets are a waste of money, they’re actually one of the least marked up products sold at a funeral home! Typically, caskets and urns are sold for twice what they’re bought for wholesale. This is mostly because anyone can sell caskets and urns so they can’t have ridiculous markups or people will go elsewhere for them. Urns for example are almost always bought off Amazon instead of at a funeral home.
The products with the highest markups were insurance based. Estate Fraud insurance (if someone steals the dead person’s identity, the insurance company will pay any costs involved in correcting it) and Travel insurance (if you die on vacation, the insurance company will pay any costs involved in bringing the body home). Both of these insurance policies had real costs of about $10 or $20. They’re often sold for $300 to $500.
That’s what keeps the hit show “Coffin Flop” on the air, as long as CornCob TV is able to broadcast. Just clip after clip of naked dead bodies busting out of shit wood and hitting pavement.
Not so fun story:
One of my first jobs when I was barely 18 was with one of the big funeral home/cemetery providers in the US. It was positively horrible, and not for the reasons most people think.
As a new hire, you’d start on the cold-calling phone banks, which was bad enough. Nobody wants a cold marketing call from a cemetery. But it got worse from there.
After a month on the phone bank, I’d done well enough to be promoted to field sales, which meant going to the most impoverished areas of town to follow up on the appointments the phone bank had made, basically trying to scare poor elderly people into handing over what little they had to ‘pre-plan’ for their deaths, with the pitch that if they didn’t, their family would suffer.
After a few appointments it was clear I didn’t have the stomach for that, so they moved me to on-site sales, which was somehow worse.
On-site sales included helping to host the Mother’s Day open house at the large main cemetery. They set up a greeting station at the entrance with refreshments and ‘in memorium’ wreaths that could be bought by bereaved family (on that day, mostly children of the deceased, but also mothers who had lost their children, some at a very young age). It sounds like a kind thing to do, because many young mothers/fathers coming to visit were so distraught, they hadn’t stopped for coffee or thought about flowers.
I was not stationed at the welcome station. I was a ‘roamer’, meaning I was one of several staff expected to meander through the graves and check on families graveside – to ask if they needed anything and to upsell them pre-planning packages for themselves or their other children. I am not kidding, we were expected to do that.
I had to be prodded to approach my first mark (a young couple ‘celebrating’ the woman’s first Mother’s Day at the grave of her several months old child, and I couldn’t stomach it. It felt barbaric, to even try to sell someone who could not stop crying at the grave of her young child. I couldn’t do the pitch, obviously, and backed out as soon as possible, then hid by the skips behind the main building until the end of the day when I quit.
I’ve done many jobs in my life, including cleaning bowling alley toilets, but I’ve never been asked to do anything as vile.
I’ll bet everyone in the funeral industry can guess which company I’m talking about.
I also had the pleasure of working for Service Corporation International. Thankfully solicitation of funeral services is banned in Ontario, Canada. So no cold calling or bugging people at cemeteries. Their way around it was to hold seminars about Last Wills at places like retirement homes. If someone had a funeral related question the staff would get them to sign a form agreeing to a phone call or visit from a sales person.
The pre-arrangement sales people were all on commission and it made them very pushy. The pitches were so manipulative I couldn’t listen to them. Our government is throwing around the idea of banning commissioned sales in funeral services as well because of it. Some other Canadian provinces have already banned it.
Their practices are so scummy, I’m surprised they’re still allowed to operate at all in Canada. Glad they can’t do their worst in Ontario, that’s a small win.
You’re right about their abhorrent manipulation – I still have binders in storage from my sales training; I should dig them up and post some of it. It’s still, 35 years later, the most disgusting emotional manipulation I’ve ever seen. After all these years, it’s only got worse in the US from what I hear.
You were supposed to ask them to relive their most recent familial death experience under the guise of polite conversation, then hone in on whatever detail was the most unpleasant, and hammer home how if they didn’t buy a package, their children would go through worse. Have they considered how much emotional and financial pain they would cause if, god forbid, they died tomorrow? Don’t take time to think about the money you don’t have, because every hour of delay raises the chances your kids will be left with a financial mess when they’re grieving you. You’re basically heartless for doing that to them.
The graveside pitch was even worse. It’s so sad you lost your baby last month, but what if your six-year-old died tomorrow? Are you prepared for that? Like jesus, I can’t imagine the paranoia a grieving family faces after losing one child, constantly afraid for their remaining child. Let’s rub salt in that wound and scare the shit out of them for a few thousand dollars. It should be illegal everywhere.
deleted by creator
How online ads actually work.
Very simplified TLDR: you visit a news site. They load an ad network and tell it “put ads here, here and here”.
The ad network now tells 300 companies (seriously, look at the details of some cookie consent dialogs) that you visited that news site so they can bid for the right to shove an ad in your face.
One of them goes “I know this guy, they’re an easy mark for scams according to my tracking, I’ll pay you 0.3 cents to shove this ad in their face”. Someone else yells “I know this guy, he looked at toasters last week, I want to pay 0.2 cents to show him toaster ads just in case he hasn’t bought one yet.”
The others bid less, so that scam ad gets shoved in your face.
That’s extremely simplified of course. https://en.wikipedia.org/wiki/Real-time_bidding has a bit more of an explanation.
And how you’re tracked online. I’ve worked on Google ads accounts every day for a decade and I don’t see you,the user, and your data.
I just click “female, 50+, likes home decor, uses a phone” and then a little business I work with bids 10% extra on you because they think you might be interested in their new autumn wreaths they’re super proud of, and Google think you fit that box I ticked.
And that’s advanced marketing for most businesses. Most businesses won’t even get into the audience side of things and they’ll stick to keywords: they’ll show you an ad because you searched for “autumn home decor” and that’s all.
Google take advantage of most advertisers by saying "let us be in charge of your keywords, and how much money you spend, our AI is smarter than you and you don’t have time!"And most businesses just use the automatic stuff because they don’t understand it, and it’s true, they don’t have time… so then Google takes your “autumn wreath” keyword and shows your ads to someone looking for “Christmas trees”, because they’re both seasons and they’re both plant related, right?
And then the small business gets charged $1 by Google to show their autumnal page to someone who wasn’t interested and left right away.
My job is to help these businesses actually make an advertising account that doesn’t fall for all these little bear traps that Google sets all over their ads interface. They weren’t there 7 years ago, but things have been getting worse and worse. Including third party sales companies like regalix, hired by Google to constantly call you and telling you to trust the automation and spend more.
::hugs my PiHole::
I’d be interested in finding out why some of the ads I see (mostly in Android games I play where I voluntarily watch the ads for in game rewards) are so badly matched to me. I’ll get ads in Spanish when I only speak English. I’ll get ads for dating sites when I’ve been married for over 20 years.
Very few of the ads seem to be anything I’d even remotely consider. Not that I mind too much. I ignore the ads (sometimes even muting them) and do other things until they stop playing and I can get my rewards. Still, those very mismatched ads seem to be badly placed. Is it just that nobody else is bidding for this ad spot so “let’s play this Spanish ad for toilet paper” wins the rights to advertise to me?
Inside almost every arcade cabinet is a Dell Optiplex running Windows 7, or 10 if its really recent. There’s no such thing as an arcade board anymore, they’re all Dells, or sometimes those HP mini PCs, usually with the protective plastic still on.
Daytona even uses a Raspberry Pi to control the second screen. SEGA intentionally ships those with no-brand SD cards that consistently fail after 3 months. It’s in their agreement that you’ll buy another card from them instead of just flashing the image onto an SD card that won’t break.
The Mario Kart arcade cabinet uses a webcam called the “Nam-Cam” that is mounted in a chamber with no ventilation, which causes it to overheat and die every few months, so of course you’ll have to replace those too. The game will refuse to boot without a working camera.
Oh yeah also all arcade games with prizes are rigged. All of them. We literally have a setting that determines how often the game will allow wins.
Truth
The past decade of the tech industry has felt very snakeoil-y.
INB4 “It always has been.”
If you’re good at building hype and have some connections, you can attract all sorts of investors hoping to get in on the ground floor of the next big thing.
Dan Olsen’s NFT video from a year ago summed it up well, I think (link). People with money to invest today want to repeat the insane growth in wealth brought about by computers, the internet, social media, etc. So they will basically gamble on any new ideas that have an air of plausibility to kick off the next boom.
I think it started with registry cleaners.
Those weren’t really pushed as a get-rich-quick scheme, which a lot of the hustle seems to be currently.
Oh, you’re thinking of crypto to junk. Nah, Fudge That.
What’s sad is there are plenty of actual problems out there that could be solved with software. Most of the time they’re not that ‘sexy’ and management is so blinded by greed that they throw away all the good opportunities.
Do you have any examples of problems currently lacking a (plausible) software solution?
scared laughter
It is kind of hilarious that airplanes are seen as being safe and reliable, when if they were given the same factor of safety as most other consumer goods, they’d never get off the ground from being too heavy.
I do NOT recommend you do this, but if a ladder says it is designed for 300 lbs, then it should carry 1200 lbs. 4X is a fairly common factor of safety for things like ladders where people’s lives are in jeopardy. Most other items are usually 2X. (I want to point out that there are qualifications to this… static loading and dynamic loading are totally different things. Also a simple point load is not the same as a cantilevered loading condition. A new piece of equipment is not the same as one abused on the job for the last 10 years. All these things will dramatically affect safety ratings for things)
I’d say the difference is that every single part of an airline is carefully rated though. Everything that’s supplied for use on an airline is expensive because of all the regulations.
A ladder may be rated for 1200 pounds, but nobody inspects every single use-case for that ladder and ensures that the entire system always has 4x safety. Once you buy the ladder it’s up to you what you lean it up against, etc.
I like to use https://explainxkcd.com/2030/ since I get the title text, an explanation, and comments.
Works fine in Brazil, shit is audited every single year by universities and other especialists, only rightoids scream that it’s bad and only when they lose.
Supermarket employee here. We have a “fresh” fish counter selling stuff like whole mackerels and raw salmon fillets and the like.
Each and every one of these has been frozen at least once - this is a mandatory health hazard prevention thing (to kill off parasites etc) and also basically the only food-safe way to transport them in great quantities over long distances without them going bad. They get delivered frozen solid, get thawed behind the scenes and then put on display / on ice for customers to buy. And then they’re lying there all day long until someone happens to buy some … people still treat the pre-packaged fish from the frozen foods aisle as a second choice, even tho those have NOT been lying around half-thawed in the open air for 10 hours straight.
Long story short, “fresh” fish from the counter is less fresh than the frozen stuff, despite customers commonly believing it to be the other way around.
I’ve worked with massive customer databases of over a million people multiple times in jobs I’ve had. And while each company has spent tens-of-thousands of dollars in cyber security to protect that data from outside hackers, none have given any fucks at all about who accessed it internally or what they do with it.
I’ve literally exported the entire customer database in two different jobs, dropped the CSV into my personal Google Drive (from my work computer), and worked entire databases at home.
No one has ever known I’ve done it, cared, or checked if I have any customer personal data when I quit.
Sounds like they didn’t spend any money on Cyber security’s team to properly implement it then…data exfil %100 would have been picked up by any real DLP solution and even barebones heuristics based EDR would have thrown a red flag as well.
Haha, please. You’re talking about machine learning when the best any business is using is antivirus. You forget, Boomers are still running big business and IT departments are running security.
It’s perfect world vs. real world my dude, and real world puts out tender for the cheapest solution.
It sounds like you’ve been working for Mom and pop shops then, and they’re not having audits done. Companies with millions of customers will usually either have in house secops or an mssp handle everything. Point being is, without audits then insurance usually will not be approved for PII loss or they flat out will not work with the company at all. It even more so with HIPAA laws.
I’m with the above commenter. I’ve worked at many companies of various sizes, from small local shops up to international corporations, including at least one contractor for the US military.
Every one of them had rules and policies and training on security, to varying degrees. But at every one of them, I’d find some vulnerability, or instance where someone was neglecting security. Each time, I’d bring it to the attention of someone in management. Each time (with one company as exception), those warnings would be “heard” and “passed up the chain”, and then nothing would happen. Only one company in 20 years of work actually fixed a security issue I found. And no company I’ve ever worked for was leak proof.
In my experience, until it threatens to cost a company much more money in losses than it would cost to fix the problem, but said problem will not get fixed. That’s profit motive. And often it seems they’d rather roll the dice until a loss occurs, and then (maybe) fix the issue.
I’ve worked at plenty of companies with exfil protection and people still did this. One has 100 devs and 500 total employees
Sounds like the company doesn’t have a clue about cyber security then. Tens of thousands is a piddling infosec budget for anything but a tiny company. Also, Insider threats, malicious or otherwise, should always be on an infosec professional’s radar.
Companies not giving a shit about cyber security is probably not a secret but it is still pretty common, I think, so nobody should be surprised when there are major breaches.
Infosec is usually seen as an expense that cuts into profits. Assuming top level management and the board give a shit about security that’s great but often the risk isn’t fully appreciated at the top or is managed poorly.
Adequate infosec requires a company to have very mature processes across the board in IT (and likely beyond). C-level “buy in” isn’t enough. If the C level management and board doesn’t actively demand it, infosec will lose out to myriad other priorities every time.
The big tell is the org structure. If the CISO reports to the CEO, great. If they’re reporting to the CIO, CFO, etc., that can cause conflicts of interest. It can still work. If there is no CISO or they are the same person as the CIO, or if infosec reports several levels down in the org–beware!
Yeah, if I did what he did, I’d be in jail. I would be caught quickly.
There are only a few ways to get immediately fired from my employer, and that’s one of them.
This exact scenario is in our annual training. Also I wouldn’t be able to in the first place because we block those kinds of sites. Even if we didn’t they would likely detect it and come a-knocking lol.
That sounds highly illegal depending on what’s on the databases.
Lol same here. Some for ecomm, but the most egregious was underwriting PPP loans. There was a database none of us could access after the loans were underwritten and sent to processing. But most of those documents came in thru the portal and we had to download that package and combine it with anything we got in email… Tax forms, IDs, and all the most sensitive personal info as a lot of businesses that applied were sole proprietors. All those documents say on my local HDD and I catalogued them in case they were needed again.
None of that was handled securely, it was on my home network with no VPN, and after the project was over very suddenly I sat on that laptop for 6 months until they sent a return label. I was a good worker but it was a mass hire and not a lot of vetting that happened.
IT in the EU:
Due to some EU laws, there has to be a “cookie consent” dialog on every website that uses cookies. I would estimate that more than 50% (probably too low) of these popups are cosmetic only and it doesn’t actually matter if you click accept or reject.
Wow that suck. I always spend time turning off every legitimate consent button. So I get cookies anyway?
You could set your browser to clear all cookies when you close it. That does mean you have to keep logging into sites every time you open the browser again, but with a password manager that’s not really a problem.
You don’t need cookies to stay logged in anymore. You actually don’t need cookies for anything.
gdpr is a different thing than the cookie law, refusing consent is a real thing that everyone in the industry spent a hell of a lot of time and effort implementing to the letter because the fines for companies are way too large for anyone to ignore
There’s plugins that will do it for you (with the max privacy settings so you don’t have to worry about getting tricked by phrasing).
I even have one on my mobile browser.
Is there one for iOS browsers? I mostly use firefox on ios
No, it’s only for regular Firefox, and Firefox on iOS is just reskinned safari (so no plugins).
What’s it called, friendo?
Ghostery is what I use on my phone (alongside other stuff like uBlock origin)
Thanks friendo!
Yeah probably.
Use this: https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies And combine it with this: https://github.com/Cookie-AutoDelete/Cookie-AutoDelete
I’ve set it to delete cookies on domain change.
Most of these consent pop ups are designed to be insanely annoying to the point where you just click accept all on a long list of cookies for individual things and they are not even grouped
https://addons.mozilla.org/en-US/firefox/addon/consent-o-matic/
Handles most of this for you.
It’s sad that for some of the more obnoxious offenders where you need to individually opt out for each ad partner they carry it still may take the addon 30+ seconds. Imagine how long it would take to click everything manually. And that stuff is illegal by the way: rejecting everything must be just as easy as accepting everything. If I come across such a site I typically just avoid them from that point forward.
90% of the time^1 there’s at least a Cancel or Reject button. Sometimes you even get to pick which categories right there without it being two or three levels deep.
1 based on my highly scientific method of pulling numbers outa mah butt
That doesn’t sound realistic. There are real fines for non compliance and it’s trivial to find out what cookies you have.
You usually first get an injunction with some time to fix the issue, little risk of immediate fines.
So there is little reason to implement a working consent dialog unless you get a legal notice to do so. When the law came out we got a lot of such notices over the lack of the dialog, but after a usless dialog was implemented, it stopped.
Guess lawyers aren’t that tech savy or have better things to do.
If anyone is interested in a good read about the active changes coming to Cookie Law in the future: https://www.itpro.com/network-internet/web-browser/369894/the-cookie-law-is-finally-crumbling-good-riddance
Wasn’t a good read for me. A boring intro and then some speculation about possible new laws in the future, and Google Topics API mayybe making cookies obsolete.
Security theater.
EU, can you just make that shit go away? I am so goddamn tired of clicking cookie dialogs I could puke. kthxbye
Check out this add on that automatically decline data tracking popups https://addons.mozilla.org/sv-SE/firefox/addon/consent-o-matic/
Ok
I forgot the link, lol.
50% seems conservative lol
deleted by creator
deleted by creator
you should easily be able to give a few sources
I have plenty, like close to 100 pages where I personally implemented the useless dialoge. But I’m sure not going to taddle on them.
But if you want to go hunting for it yourself: try small wordpress sites or other small self-hosted blogs.
This obviously won’t be true for websites of major corporations.
deleted by creator
Aww you, stop it.
Can you not at least rat out the major sites? Surely you don’t have any moral qualms with that
I really don’t want to, I think it’s a rather stupid law that is both annoying and ineffective.
Most “bigger” offenders I found in the wild were medium sized local news sites and I really don’t want to cause them any legal trouble.
But as someone else said, it’s rather trivial to find. You really just need a browser with dev-tools.
You know you could just report them yourself right
Yes indeed. I just don’t want to. It’s a silly law.
So you don’t want to report a company for breaking the law? What have they ever done for you?
Outsourced IT provider here:
90% of businesses have basically zero IT security. Leaked passwords in regular use and no process or verification for password resets. As soon as someone complains that 2FA or password rotation is difficult it gets dropped. Virtually all company data is stored on USB keys, plaintext hard drives and on staff’s personal home devices.
The reason they’re not constantly having their data stolen is because no-one cares about the companies either.
I have worked in the gaming industry and let me tell you that in some game studios most of the people involved in making the games are not gamers themselves.
Lots of programmers and artists don’t really care about the final game, they only care about their little part.
Game designers and UX designers are often clueless and lacking in gaming experience. Some of the mistakes they make could be avoided by asking literaly anyone who play games.
Investors and publishers often know very little to almost nothing about gameplay and technology and will rely purely on aesthetic and story.
You have entire games being made top to bottom where not a single employee gave a fuck, from the executives to the programmers. Those games are made by checking a serie of checkboses on a plan and shipped asap.
This is why you have some indie devs kicking big studio butts with sometime less than 1% the ressources.
Afaik even in other “similar” industry (e.g filmmaking) you expect the director, producers and distributors to have a decent level of knowledge of the challenges of making a movie. In the video game industry everyone seems a bit clueless, and risk is mitigated by hiring large teams, and by shipping lots of games quickly.
Private mental health providers in the US are pretty unsupervised and have a conflict of interest in that they make more money by keeping their patients/clients unwell, which can lead to negligence and abuse. The only thing keeping in line is the possibility of someone informed and insightful enough to report them to the licensing board or pressing a lawsuit.
For example, if a provider has poor integrity, it is in their best interest to not treat depression, but rather help the patient/client feel good for the moment. What the patient/client experiences is that they feel better when they see their provider, so they become dependent on their provider. This ensures the provider a reliable source of revenue.
Another issue is that masters level therapists, while capable of providing treatment for simple cases such as a clear depressive episode, are not properly trained to conduct thorough assessments for complex cases, meaning they can misdiagnose quite easily. Complex cases would be better treated by a well-trained psychologist that can conduct thorough psychometric assessments that are quite sophisticated and take lots of time to analyze. These services are costly and the vast majority of insurance policies won’t cover them.
Relevantly, yet another issue is insurance for mental health. Most insurance policies that pay for mental health services pay low, so the care you receive can be substandard since the more effective providers are charging what they’re worth in a market economy. One example that comes to mind is Better Help. They pay providers insultingly low, like around $30/hour, while effective providers are charging ~$150/hr out-of-pocket. That means that when someone uses Better Help to obtain care, they’re getting the bottom of the barrel therapist.
Lastly, the majority of family and marriage therapists aren’t properly trained in narcissistic emotional abuse. This can mean that therapy would not only be a waste of time, but can make things much worse as they can help the narcissist abuse the victim even further. Narcissistic abuse is quite complicated and requires a relationship therapist that specializes in that to properly assess and help the victim escape.
Tips: If you have been seeing a therapist for 12 sessions, and you haven’t realized any considerable long-term changes, find another therapist. Also, if your therapist doesn’t call you out on your bullshit, let’s you ramble about tangential matters, or focuses on helping you overcome specific weekly struggles, rather than helping you develop skills and restructure deep cognitive matters to address them yourself, find another therapist. An effective therapist would develop a clear treatment plan with you that aims to meet objectively measurable goals within a certain time frame.
Note: I am not a therapist. I have just worked in the mental health field and have friends that are therapists.
Burning waste qualifies as recycling.
I used to work for a specialty waste company. We would brag about our ability to recycle better than any of our competitors. Because we would burn most of the waste.
This pertains to the US:
A lot of people are unaware of cancelation lists, and a lot of providers don’t really advertise that. When I was a casemanager for adults with severe mental illness, I would always ask to have my clients added to the cancelation list, and this would often get them in much sooner.
Also butted heads with a receptionist last year when my client was literally experiencing congestive heartfailure and she wanted to schedule him like 1.5 months out to see his specialist about having a defibrillator implanted. I said it was unacceptable and said he needed to be added to the emergency openings I know the providers reserve. She got a look on her face and said “But I need to get provider approval for that…” I told her “I think you better talk to the doctor then.”
Specialist eventually came over to scheduling and asked what was going on. The receptionist said what we wanted and asked if she would approve it, with a real dismissing inflection. The specialist said “Oh my god, yeah of course he’s approved for the emergency list…”
Some of these things are just so overlooked/unknown by the general public. And sometimes you’ve got to be assertive and stick with your guns to be treated fairly and get the attention you deserve. Especially now more than ever. Our healthcare system was bad before, but it’s been so strained ever since covid…
The healthcare system can be a nightmare for average people functioning well. It is so much worse for the population experiencing severe mental illness/with cognitive disability. This barrier for care plays a significant role in the reduced life expectancy in the disadvantaged population I worked with.
Patients suffering from severe mental disorders, including schizophrenia, major depression and bipolar disorders, have a reduced life expectancy compared to the general population of up to 10–25 years. This mortality gap requires urgent actions from a public health perspective in order to be reduced. Source
If anyone reading this has family or friends with severe mental illness or trouble with intellectual functioning, you may want to offer some support for doctors appointments. Honestly, everyone would benefit from having another person in their appointments for support and as a second set of ears.
Anyone reading this with severe mental illness, don’t be afraid to reach out for support. If you don’t have a social support system, there are services out there to help. Try to find social services in your area to get some help navigating thru all the bullshit. And don’t give up hope.
Always like to share this website with free evidence-based resources that I used all the time with my clients. I personally benefitted from the material as well.
Also butted heads with a receptionist last year when my client was literally experiencing congestive heartfailure and she wanted to schedule him like 1.5 months out to see his specialist about having a defibrillator implanted. I said it was unacceptable and said he needed to be added to the emergency openings I know the providers reserve. She got a look on her face and said “But I need to get provider approval for that…” I told her “I think you better talk to the doctor then.”
Specialist eventually came over to scheduling and asked what was going on. The receptionist said what we wanted and asked if she would approve it, with a real dismissing inflection. The specialist said “Oh my god, yeah of course he’s approved for the emergency list…”
I’m not sure I understand what happened here. Was this all just because the receptionist didn’t want to ask for approval because it seemed like a hassle?
Yep… at least that was my guess. Didn’t want to pull the specialist back out of what she was then doing/didn’t want the hassle. But I was adamant that we weren’t going anywhere until she checked.
Some people are just finicky and I can’t really say for sure what her deal was, but her demeanor was just rude and like she didn’t have the time of day to give us…
What a fucking bizarre attitude to have when working in healthcare. Laziness in that area can cause deaths.
It’s more prevalent in the industry than you’d like to think… Burnout is often linked with lack of empathy.
I worked exclusively with adults whose illness was severe enough that they were residing in various residential care facilities (RCFs) and assisted living facilities (ALFs) in my region.
I was a 3rd party and a mandated reporter and I can’t tell you how many times I hotlined facilities and did internal/DMH/DHSS reporting/assistance with investigations. Misallocation of Client funds was a common problem (especially at specific RCFs), medication errors/stealing Residents’ meds, neglect of facilities/cleaning, improper nutrition, and abuse and neglect were all too common…
At first I thought the same thing when I started that position, wondering why someone like that would even take those positions. But people are complicated and often shitty. Some people like to power trip, some people want to take advantage of the disadvantaged, some people’s self-care is so neglected by being over-worked that they no longer have the capacity, and some people are just assholes…
This just makes me sad. :(
There’s so much wrong with the system and so much that could done to improve it, but I don’t want to frame it here in a hopeless sort of way. Our treatment options and accessibility continue to improve, social stigma of mental illness has improved tremously in the last decade or two, and there’s no reason to think further advancement won’t continue. But acknowledging the current shortcomings and feeling sad and angry about it are important to drive that positive change.
I’m in total agreement. What we need is fully nationalised healthcare, with direct political participation from the people.
Reduced mental function definitely includes dementia; my mom had Parkinson’s disease and definitely needed my help and advocacy and memory.
Accounting is a goddamn mess. There’s lots of mistakes in accounting, finance, banking, etc but we’re supposed to act to outsiders like they never happen. Publicly traded companies (US) get audited every year, but no audit company would give a paying customer a failing grade. New grads are funneled into working for public firms - the 10 or so companies that cater to the world’s audit, tax, and consulting needs. They’re supposed to teach discipline, but in reality they only teach you security theater. You’re worked to the bone until you either burn out or agree to perpetuate the system to keep your job.
And the only reason it continues to work is society’s social contract agreeing that it has to work because we don’t have any other options. All it takes is the rumors that the idea is failing - like in the silicon valley bank run - and we’re all out of luck. With the speed of information these days all it takes is a few minutes for a situation to spiral out of control. It’s bonkers.
I got into accounting because I enjoyed bookkeeping in high school. Now that I’m in it I refuse to work for anything larger than a mid sized, non public company.
So basically, everyone is full of bullshit and lying to keep the system working.
Why am I not surprised?
Social security would be a ponzi scheme if it wasn’t done by the government. System only works because new younger people are “convinced” to put in money to pay the old in hopes that new younger people will pay them in the future.
The social security liability is currently 23 trillion. If no new people started paying in and everyone wanted to cash out, they couldn’t get a dime.
We are 33 trillion dollars in debt. 33 trillion.
If we as a country ever tried to cut spending and save money to pay that down, our economy would collapse so fast.
Social security was designed to be that way, it’s not a secret or anything. It’s how the system was set up and it’s how it is supposed to work. Today’s workers fund today’s retirees.
Except it was built with the assumption that everyone would continue to have 2.5 kids, and skilled immigrants would keep making the US home, and the economy would keep growing and growing forever, and retirees would die off a couple of years after they retired.
All the base assumptions on which the system were built were shaky. People are having fewer kids, so there’s less money coming in. Retirees are living longer so they need more benefits. People who paid hundreds of thousands into the system during their lifetimes are requiring millions in benefits at the end of their lives. But, people are having fewer kids and so the bottom of the pyramid is shrinking.
More immigration would help, but we’re just too damn racist
The government wants to carry a debt, because everyone who is owed money by the government is incentivezed to support it.
I thought paying into it wasn’t optional??
Bro this is the fucking world! It’s just smoke and mirrors. Like the commercials. Everyone at McDonald’s smiling and happy and loving their job. Then look at reality.
That’s every job, every field. It’s just held together by duct tape and bubble gum.
It’s just held together by duct tape and bubble gum.
🔥 Hot take: Applies to the mainstream tech industry too in my eyes… an abundance of unstable implementations and hacks that can break at a moment’s notice - all prettied up with a fresh coat of paint so it “looks and feels new” to sell a new license each year or give the user a reason to keep paying that subscription. No value added whatsoever.
Fintech, construction (Solidworks, Autodesk), media & design (Adobe CC), Microsoft (Windows, office), the whole lot
Adobe and Microsoft should be dismantled. Both are some of the worst monopolies in existence!
This here is the best comment to address the OP question. Just to be clear, I 100% agree: every job, every field is just held together by duct tape and bubble gum.
Not everywhere. I work in one of those jobs (facilities management for a building with critical infrastructure) and we’re very thorough and do our jobs well.
However, I know some of our other facilities phone it in.
I didn’t mean my comment or the OPs to be an aspersion on how well anyone does their job. It’s more a comment on perception vs reality. For example, look at how many people came to observe and realize how many US government operations are held together through gentlemen’s agreements (aka duct tape and chewing gum) that Trump was able to dismantle simply by not agreeing.
Ah, I see what you mean. If my coworkers and I suddenly decided to stop giving a shit, there’s not much that would prevent that as long as we don’t let it get too bad. A lot runs on trust.
Our company has mechanisms to try to force us to do a good job, but that just means working towards the metrics rather than the spirit of our job. Often doing our job well means knowing when to ignore the red tape.
So I think you’re right, the whole world runs that way, it’s an intractable problem.
There is an open joke at the corporation I work at that there are about 5 people who if they quit at once the company would be under within a few months. I really do not think it is wrong.
I work with financial analysts and accountants at work. we swing from “holy shit the sky is falling” to “wow we have more budget in this than we realised” in a few months, meanwhile the guys in the field do the exact same job and the relatively fixed revenue stream keeps coming in
Ehh, so a counterargument is we now have “control audits” aka soc1 type2 audits that test whether management fix their stuff without external eyes. That hasGREATLY increased the fidelity of all public companies. Yeah mistakes happen, but the controls get pretty robust after only a few years.
Accounting, just like economics, likes to pretend it is a hard science when in reality is it close to reading tea leaves.
Technically not my industry anymore, but: companies that sell human-generated AI training data to other companies most often are selling data that a) isn’t 100% human generated or b) was generated by a group of people pretending to belong to a different demographic to save money.
To give an example, let’s say a company wants a training set of 50,000 text utterances of US English for chatbot training. More often than not, this data will be generated using contract workers in a non-US locale who have been told to try and sound as American as possible. The Philippines is a common choice at the moment, where workers are often paid between $1-2 an hour: more than an order of magnitude less what it would generally cost to use real US English speakers.
In the last year or so, it’s also become common to generate all of the utterances using a language model, like ChatGPT. Then, you use the same worker pool to perform a post-edit task (look at what ChatGPT came up with, edit it if it’s weird, and then approve it). This reduces the time that the worker needs to spend on the project while also ensuring that each datapoint has “seen a set of eyes”.
Obviously, this makes for bad training data – for one, workers from the wrong locale will not be generating the locale-specific nuance that is desired by this kind of training data. It’s much worse when it’s actually generated by ChatGPT, since it ends up being a kind of AI feedback loop. But every company I’ve worked for in that space has done it, and most of them would not be profitable at all if they actually produced the product as intended. The clients know this – which is perhaps why it ends up being this strange facade of “yep, US English wink wink” on every project.
