faul_sname
Fuck around once, find out once. Do it again, now it's science.
No bio...
User ID: 884
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
While I sometimes entertain goofy social arrangements to solve this problem — could you livestream Dad working on excel spreadsheets at daycare to get kids organically playing at number problems?
N=1 but my dad was a programmer and some of my earliest memories are of him writing cool little simulations and letting me play with changing numbers in them to see how the results changed. And some types of programming still feel like play to me now.
So I suspect the answer is "yes" (at least as long as the spreadsheet manipulator appeared high status, but I expect that wouldn't be a problem because "the person everyone is paying attention to" is pretty strongly correlated with status).
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
Yeah, yeah, so it would cost some money, give me your Paypal, and I'll be happy to chip in.
Patreon link is right here. Currently it pulls in $212 / month.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
Well written.
I could say that for Blues, the problem is that your math might be wrong, and that for Reds, the problem is that you think you're in control, that your accounting of the variables actually correspond to reality in some meaningful way such that you can do math with them. I could say that Reds have a fundamental belief that death is deeply natural and that Good Deaths exist, and Blues, to a first approximation, view death itself as a pure negative and see death, at best, as a lesser evil in exigent circumstances.
And saying any of those things, I would expect Blues to disagree vociferously on all counts and throw out all sorts of reasons why I was wrong and uncharitable.
I have pretty blue tendencies, and this seems like a pretty good and fair summary of my views, rather than something I would vociferously disagree with.
Definitely some wisdom in the "yeah but all those calculations are actually bullshit" reminder though. All models are wrong, some are useful, many are harmful if you forget the ways in which they are wrong.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
I'm trying to fill a position at work right now. A sys admin role. I want to ask that gas mileage question during technical interviews but I'm afraid the people who will get it right will be so insulted that they can't believe I'm asking this
... switch out the variable names? E.g. "Every time the server reboots, it has to pull down a 450MB file over a 30MBPS connection before it can start serving requests. The server drops any requests that come in before it finishes booting. Assuming the system gets 3 requests per second, how many requests are dropped every time the server reboots?"
There's so much work to do that we need smart people for and so few smart people.
There are 8 billion people. Half of those people have above-median intelligence. While the number of very smart people, as a fraction, seems very small, the absolute number of such people is mind-bogglingly large.
That suggests one approach might be to try to get a large group of IQ>130 people together in one location for the purposes of advancing the state of knowledge of the universe, maybe in a small city that is specifically focused on supporting those people. Since it's a city dedicated to the study of the universe, I propose calling it a "universe city".
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
You can go to your custom CSS settings and add
@media (max-width:480px) {
p {
font-size: 16px;
}
}
which will bump the font size from 14px to 16px on mobile devices (technically "narrow screens" not "mobile devices" but that's just how it is in web dev) only (cc @George_E_Hale).
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
As long as Ginger does not benefit specifically by doing things which are intended to cause people to falsely believe that Scarlett did the thing rather than her, I think Ginger is fine.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
And does this describe anyone anywhere at all?
Yeah, it describes you. You just said it did, and you obviously wouldn't lie on the internet as flamebait.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
I mean is it crazy that you can't build a car, slap a Rolls Royce logo on it, and sell the car? It's not a "being a notable person" issue, it's a "having a personal brand" issue.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
5mo ago
you obviously can't stop some man eerily similar to you from acting in a hardcore pornography
You can't, but my understanding is that if you are a notable person, and if the producer of the pornography chose to use someone with your likeness because of the value that your personal brand adds, and if you have not given your permission, and if they are in one of the 35 states with prior case law about such things, you might have a pretty strong case. Though IANAL so TINLA.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
No one thing Sam Altman has done sticks out as evil
The non-disparagement agreements tied to an NDA on the topic of said non-disparagement agreement, tied to retaining your equity weird not-quite-equity compensation, with no mention of said clause at hiring time, seems surprisingly pretty clear-cut
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
Countries have tried economic incentives and mostly failed or slowed the decline
Have they tried economic incentives that are at least a 2 digit percentage of the opportunity cost of having additional children?
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
Stressed working women raise less healthy, less intelligent children who are more likely to have behavioral problems
I presume by this you mean "mothers being stressed causes their children to be less healthy and less intelligent" rather than "those women who are likely to have less intelligent, less healthy children are also more likely to be stressed". Do you have a source and an estimate of the effect size? Based on the sorts of things I've seen (example), the effects exist but are usually quite small. For example, the highest effect size I found in that study was r=0.16 for maternal exposure to a natural disaster, which explains about 2.5% of the variance in outcomes -- and most of that effect size came from a single n=20 study about an ice storm, so I expect the effect size in practice is even smaller than that.
Intelligent working women give up on producing more offspring who are also intelligent
I expect this is almost the entire effect in practice.
It would be far more economically valuable in toto and longterm if women focused on their biological role of mothers, wives, and homemakers.
From a purely economic viewpoint I doubt that. I think the opportunity cost of being a homemaker is genuinely higher now than it used to be. Also the benefits are both distributed across society, and the benefits of choosing the homemaker route are not as legible as they could be to the women making that decision.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
Yes. If you use OA's you don't have to build your own scaffolding though.
You'd want to get completions from an LLM that's been fine tuned on conversational transcripts with timestamps and explicit markings for when the speaker changes. It should be possible to generate the dataset to fine tune on from podcast transcripts in a mostly automated fashion. Something along the lines of this. Getting the quality high enough and the latency low enough is likely to be a challenge.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
Looks like "can distinguish and undistinguish posts and comments but can't do much of anything else". Regular user who can wear the mod hat if I'm reading the code right.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
That means you're not a level 3 admin (I suspect only Zorba is).
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
Then, moreover, they know that there have been many high-profile instances of products shipping, having an interface exposed that is trivially-attackable, and when it's attacked, the manufacturers ignore it and just say some bullshit about how it was supposed to just be for the manufacturer for debugging purposes, so they're not responsible and not going to do anything about it.
Was "lol we didn't mean to leave that exposed" a get-out-of-liability-free card by UK laws before this guidance came out? If so, I can see why you'd want this. If not, I'd say the issue probably wasn't "not enough rules" but rather "not enough enforcement of existing rules" and I don't expect "add more rules" to be very useful in such a case, and I especially don't expect that to be true of rules that look like "you are legally required to use your best judgement".
It's a bullshit thing by bad entity manufacturers who don't care.
I agree, but I don't think it's possible to legally compel companies to thoughtfully consider the best interests of their users.
Honestly, I probably would have not done as good of a job if I had tried to put this set of ideas together from scratch myself.
Neither would I. My point wasn't "the legislators are bad at their job", it was "it's actually really really hard to write good rules, and frequently having bad explicit rules is worse than having no explicit rules beyond 'you are liable for harm you cause through your negligence'".
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
So in your interpretation, 5.6-4 could be replaced by "list the communication interfaces your product has. For each of them, either ensure the interface is disabled or state that the interface is intentionally enabled because a nonzero number of your customers want it to be enabled in a nonzero number of situations".
I think that would be fine, if so, but I don't understand why provisions 5.6-3 and 5.6-4 would be phrased the way they are if that were the case.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
I think it largely depends on which forest we're talking about. If you're through-hiking the John Muir Trail, you would obviously much rather encounter another person (who is probably a hiker) than a bear (which definitely has a much much lower than 25% chance of attacking you, but still isn't something you want to encounter).
But if you're bushwhacking through the Emerald Triangle, and you hear a rustling in the bushes, you are probably relieved to find out that it's a bear.
Again, that interpretation is nice if correct. Can you point to anything in the document which supports the interpretation that saying "We have assessed that leaving this debug interface provides user benefit because the debug interface allows the user to debug" would actually be sufficient justification?
My mental model is "it's probably fine if you know people at the regulatory agency, and probably fine if you don't attract any regulatory scrutiny, and likely not to be fine if the regulator hates your guts and wants to make an example of you, or if the regulator's golf buddy is an executive at your competitor". If your legal team approves it, I expect it to be on the basis of "the regulator has not historically gone after anyone who put anything even vaguely plausible down in one of these, so just put down something vaguely plausible and we'll be fine unless the regulator has it out for us specifically". But if anything goes as long as it's a vaguely plausible answer at something resembling the question on the form, and as long as it's not a blatant lie about your product where you provably know that you're lying, I don't expect that to help very much with IoT security.
And yes, I get that "the regulator won't look at you unless something goes wrong, and if something does go wrong they'll look through your practices until they find something they don't like" is how most things work. But I think that's a bad thing and the relative rarity of that sort of thing in tech is why tech is one of the few remaining productive and relatively-pleasant-to-work-in industries. You obviously do sometimes need regulation, but I think in a lot of cases, probably including this one, the rules that are already on the books would be sufficient if they were consistently enforced, but they are in fact rarely enforced and the conclusion people come to is "the current regulations aren't working and so we need to add more regulations" rather than "we should try being more consistent at sticking to the rules that are already on the books", and so you end up with even more vague regulations that most companies make token attempts to cover their asses on but otherwise ignore, and so you end up in a state where full compliance with the rules is impractical but also generally not expected, until someone pisses off a regulator at which point their behavior becomes retroactively unacceptable.
Edit: As a concrete example of the broader thing I'm pointing at, HIPAA is an extremely strict standard, and yet in practice hospital systems are often laughably insecure. Adding even more requirements on top of HIPAA would not help.
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
That's a nice legal theory you have there.
Let's say you're an engineer at one such company, and you want to expose a UART serial interface to allow the device you're selling to be debuggable and modifiable for the subset of end-users who know what they're doing. You say "this is part of the consumer-facing functionality". The regulator comes back and says "ok, where's the documentation for that consumer-facing functionality" and you say "we're not allowed to share that due to NDAs, but honest this completely undocumented interface is part of the intended consumer-facing functionality".
How do you expect that to go over with the regulator? Before that, how do you expect the conversation with the legal department at your company to go when you tell them that's your plan for what to tell the regulator if they ask?
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
Searching "debug interface", I see three places:
The first is on page 10, in section 3.1(Definition of terms, symbols and abbreviations: Terms)
debug interface: physical interface used by the manufacturer to communicate with the device during development or to perform triage of issues with the device and that is not used as part of the consumer-facing functionality
EXAMPLE: Test points, UART, SWD, JTAG.
The second is on page 20, in section 5.6 (Cyber security provisions for consumer IoT: Minimize exposed attack surfaces)
Provision 5.6-4 Where a debug interface is physically accessible, it shall be disabled in software.
EXAMPLE 5: A UART serial interface is disabled through the bootloader software on the device. No logon prompt and no interactive menu is available due to this disabling
The third is on page 32, in Table B.1: Implementation of provisions for consumer IoT security, where, at the bottom of the table, there is a "conditions" section, and "13) a debug interface is physically accessible" is the 13th such condition:
Provision 5.6-4 M C (13)
For reference
M C the provision is a mandatory requirement and conditional
NOTE: Where the conditional notation is used, this is conditional on the text of the provision. The conditions are provided at the bottom of the table with references provided for the relevant provisions to help with clarity.
So, to my read, the provision is mandatory, conditional on the product having a debug interface at all.
"But maybe they just meant that debug interfaces can't unintentionally be left exposed, and it should be left to the company to decide whether the benefits of leaving a debug interface open are worthwhile", you might ask. But we have an example of what it looks like when ETSI wants to say "the company should not accidentally leave this open", and it looks like
Provision 5.6-3 Device hardware should not unnecessarily expose physical interfaces to attack.
Physical interfaces can be used by an attacker to compromise firmware or memory on a device. "Unnecessarily" refers to the manufacturer's assessment of the benefits of an open interface, used for user functionality or for debugging purposes.
Provision 5.6-4 has a conspicuous absence of the word "unnecessarily" or any mention of things like the manufacturer's assessment of the benefits of an open interface.
So coming back to
They're still completely free and clear to have any interfaces for debugging or anything else that are meant to be usable by the user.
Can you state where exactly in the document it states this, such that someone developing a product could point it out to the legal team at their company?
faul_sname
Fuck around once, find out once. Do it again, now it's science.
6mo ago
Another part is that merely having a regulatory framework transforms your industry from "building cool stuff" to "checking regulatory boxes and making sure all the regulation-following is documented" [...] They didn't get into the field to sit in meetings where you discuss whether the SSDD paragraph 2.0.2.50 is properly related to the SDD paragraph 3.1.2, the ICD paragraph 4.1.2.5, and the STP paragraph 6.6.6, which lines of code implement SDD paragraph 3.1.2, and to make sure the SIP properly specifies the update procedures
Is this the bitter voice of experience of someone who has worked on software for the financial industry?
and drives the sort of people who do innovative work out of the field
In my experience, companies that operate in compliance-heavy industries that also have hard technical challenges frequently are able to retain talented developers who hate that kind of thing, either by outsourcing to Compliance-As-A-Service companies (Stripe, Avalara, Workday, DocuSign, etc) or by paying somewhat larger amounts of money to developers who are willing to do boring line-of-business stuff (hi). Though at some point most of your work becomes compliance, so if you don't have enough easily compartmentalized difficult technical problems the "offload the compliance crap" strategy stops working. I know some brilliant people work at Waymo, which has a quite high compliance burden but also some incredibly crunchy technical problems. On the flip side, I can't imagine that e.g. ADP employs many of our generation's most brilliant programmers.
Yes.
I'll give an example. A few months ago, my wife and I welcomed our first born child. The birth did not go smoothly, and without medical intervention I would likely have lost my wife, my daughter, or both. Fortunately, we live in a time and place with access to modern medicine, and both my wife and my daughter are recovered and healthy. I expect them to remain healthy for the next several decades.
By my best estimate, the childhood mortality Bronze Age Chaldeans was 30-50%, largely during infancy. A significant fraction of parents would bury their own children.
That's not to say our modern world is perfect. Obesity is high. Attention spans are low. Children grow up hearing that they can be anything they want to be, anything at all, and then run head-first into reality at some point. People believe that they can have all the things they want in life, and, by trying to pursue too many different goals, frequently end up achieving none of them.
And yet.
We do not, as a rule, bury our children.
Yes. If you look at the list of problems about the modern world, you'll notice that they are problems stemming from abundance and choice. Sometimes, when people have lots of resources, they spend them destructively. Sometimes, when people have many choices, they choose poorly.
And so developments which led to more abundance, and to more choice, would deliver more progress. Enough progress and the differences start to look pretty fundamental. At the extreme end something like "a cure for senescence" would qualify, although I expect something much more modest like "cheap batteries with 10x the energy density of the modern state of the art" would also do the trick.
If you were hoping for a more philosophical take on Progress, I expect you'll be disappointed. But that's because I don't think progressive culture is downstream of progressive ideology so much as it's downstream of material abundance. To the extent that I have an ideological position here it's "abundance is good, choice is good, there are downsides to both but I don’t think we're anywhere near the point that having more abundance and choice is net harmful rather than net helpful".
More options
Context Copy link