That's the spirit of the age here in America, no? When so many of our leading public figures are hyper-wealthy individuals who are where they're via various sorts of shuffling costs onto others and pocketing profits, is it any surprise when the public seeks to do the same?
It's ultimately utterly destructive, of course. Wish I had a good solution.
Ah, the choice content providers made a few years back that put us all in this situation to begin with - throw constant ads at us for marginal revenue.
Uh, it's a complete false dichotomy? There is literally no reason you need to participate in a botnet to stream content for free.
That's ... not a thing. Those sticks just glom on to free software maintained by other hardworking unpaid devs to steal residential IPs from unsuspecting buyers drawn to the "all-in-one" pitch for their sketchy VPNs and/or botnets. Then, eventually whatever API keys/endpoints they stole for streaming stop working and all you're left with is the botnet part of the deal.
This is like saying the included porn malware you got bundled with uTorrent from the first sponsored link on Google is a price worth paying to access The Pirate Bay and stick it to Netflix, lol.
Why earth would anyone voluntarily advocate for that/defend the malware authors instead of just downloading qBitorrent from Github like a normal person?!
You absolutely don't have to and I'd encourage people not to (I personally advocate for just using a desktop/pc that you have control over to make the experience more palatable. But I disagree with framing that solution as one where the customer is solely involved in making a bad decision. The old version of Roku, and even streaming sites within recent memory, offered a significantly less enshittified product.
The botnet you bring into your home is only an option people are willing to consider because of how poor the UX has gotten. It's disingenuous to frame this situation as a cavalier abrogation of duty at the sole discretion of the selfish consumer. The malware laiden set top box is a terrible solution, but it being even in the realm of consideration is due to how incredibly terrible set top boxes and streaming platforms have become. In the 2010s torrenting was something of an archaic habit done mostly by those with a strong idealogical bent - gone were the days of everyone installing napster or kazaa to have any access to digitized music that they could actually listen to without a binder of CDs.
Excessive enshittification brought on by the selfish actions of corporations is what is bringing these options back to the table for the mainstream. The consumer should be better and shouldn't bring a malware laden box into their home - but the platforms should also be better and offer reasonable pricing for their value and experience.
I really like the remote. It has mute and volume and like swiping on the top rather than clicking.
I like that it’s aluminum, doesn’t take batteries, and is bluetooth (or at least doesn’t require line of site). It’s the longest lasting of any remote in my house.
You’re probably thinking of earlier versions that were different.
I’ve been a Plex user since the early days. I currently run it on a Synology NAS in a container, using the Plex app on the AppleTV as my primary client device. I tried setting up a Jellyfin container a few months ago as I’ve been concerned about the direction of Plex. It went poorly.
I have a fairly large library, which Plex never seemed to care about. Jellyfin choked. It took forever to go through it all, and I seem to remember questioning of it was working; it wasn’t clear. Plex on the other hand makes it pretty entertaining to watch covers flip over as the metadata is loaded in to see the progress. Then every app I tried on the AppleTV also seemed to have trouble. The one that worked best had to create its own local cache of everything, which required I spend hours browsing to every screen and waiting before it became reasonably smooth. After that, the layout was still pretty strange. I think it would have worked just as well to point it at a file share. Actually playing videos was hit and miss in every app I tried.
I’m still using Plex. If I need to move to Jellyfin at some point, I feel like I’ll need to build a server with a lot more power than Plex requires. Of course that’s just a theory… a theory that will be expensive to test.
For all the fanfare Jellyfin gets online, I expected it to be better. It made me question how honest the people pushing it are. But maybe they have small libraries or only tested it with 5 movies for the review. I don’t think that’s a real-world experience.
> For all the fanfare Jellyfin gets online, I expected it to be better. It made me question how honest the people pushing it are. But maybe they have small libraries or only tested it with 5 movies for the review. I don’t think that’s a real-world experience.
I don't love crapping on open source software, but I had the same experience recently - installed Jellyfin because I wanted to test hardware-accelerated AV1 transcoding, and the whole app experience felt rough compared to Plex. The UI/UX really needs some TLC.
Jellyfin's worst aspect is the opinionated file structure. You have to set up folders the way it wants, and then the resulting UI browser is what-you-see-is-what-you-get. Pretty sure it's done this way for automated metadata discovery.
Ideally, this would be designed in two parts: separate the file structure from the metadata discovery mechanism.
I personally want a file structure managed by the OS. Let me make folders and nested subfolders to whatever structure I prefer.
Then make the metadata discovery slightly more manual. Click a media file, click a hypothetical "add metadata" button, and then a simple search box with "is this your movie?" and click apply to import metadata from a search result. easy peasy.
The UI is clearly meant to resemble a typical media app but falls short if the end user prefers, for example, foobar2000's UI.
Yeah that's the Number 1 issue I have with Jellyfin.
It seems to be tolerating whatever semi-organized structure I give it until it just faceplants on some specific show and I have to tediously reorganize the directory structure/names and manual refresh until the metadata lines up correctly.
I like that I don't feel I'm about to be rugpulled on Jellyfin and the client is pretty solid for me but the library scanning is pretty aggravating at times.
Perhaps so, but you still have to show that it is happening, not merely that it is possible. Moreover, you have to show that whatever cures you propose are both 1/proportional to the harm and 2/minimize undesirable side effects. (One challenge with the latter is that for some people, those side effects are actually desirable.)
It seems less hard if you datamine the shit out of everything, exfiltrate the social security database, and feed it into a computer. Get the historical voting records. SELECT address FROM voters that haven't voted in 10 years. Send someone to follow the mailman and steal ballots from that address. Or simply don't mail them out in the first place. They're not likely to notice to complain in the first place.
Not that I think the election was rigged, but if you think it's "unbelievably hard", I think that's a failure of imagination.
You’re describing an attack that entails both hacking the SSN database, 1 to 50 of the state voter databases, then physically following mailmen around and stealing ballots…
> If someone mails in my absentee ballot and I don’t complain, how do you detect that voter fraud?
You get followed up in an audit, if anyone asks. This happened like three million times in Arizona.
> there are currently many ways to vote illegally that don’t get detected
There are. None of the proposed plans limit them. (No county requires scanning and biometrically verifying passports. You could buy a wrapper on eBay and inkjet the pages in most counties.)
There are also lots of ways to blow up public buildings. We don’t require ID to enter DC because the frequency of the harm isn’t matched by the cost of enforcement.
We already handle all of that, comrade. Every corner case floating around your brain was floating around someone else's brain a long time ago. Most of this is covered in high school in the US, and it's all enforced by volunteers from across the political spectrum.
Our documented examples of voter fraud come from a time when in-person voting was the only option, again something we teach in school, while the modern concerns from security professionals focus almost entirely on electronic voting machines.
I do something similar with prepend.com and find it helpful for sorting. Also fun to see which domains sell my email and which dont (blacksocks.com hasn’t show up from anyone else in 20 years).
I'm not a lawyer, but I'm currently working on getting my company HIPAA-compliant, so I know more than the average person about this.
My understanding is that there's a thing called the "conduit exception" which basically says that if data is transiently passing through a channel and it's not being looked at, it's ok. But wherever the data lands must be HIPAA-compliant.
This seems crazy to me, but that's how it works I think. For example, if you encrypt PHI and store it in AWS without signing a BAA with them, that's a HIPAA violation, even though the data is encrypted and Amazon can't see it. But if you send encrypted data through AWS without actually storing it, that's fine.
Mail is specifically mentioned as a thing that qualifies for the conduit exception. I'm not totally clear why it isn't a HIPAA violation the moment it arrives at a destination (it's not in-transit at that point, and it's potentially not in the possession of the intended recipient either), but it seems pretty well accepted that it's not.
All that to say: I think encrypted email would still require a BAA because it's being stored, not just transmitted.
> My understanding is that there's a thing called the "conduit exception" which basically says that if data is transiently passing through a channel and it's not being looked at, it's ok. But wherever the data lands must be HIPAA-compliant.
Sounds like they needed fax to be compliant, and came up with some moon logic to make that happen.
Could you do a p2p connection via browser that would still send the message to the person's "inbox"? I suppose not everyone even has an on-device mail client anymore though.
Honestly, I think it's just because it's a crime to open someone else's mail. For whatever reason that sort of policy isn't extended to encrypted data in the cloud.
It was a law written in the 90s, it should be updated and modernized.
Same goes for phones (and by extention, fax). Since wire tapping is already illegal, it doesn't need to be secure (at least going by the law).
I agree the laws need an update. I'd imagine a general 'common communication channels' or whatever would work, rather than specifing every single one that's allowed to be used. That way, it's still illegal to snoop on your communications, regardless of whether they happen by post, phone, email, SMS, Whatsapp, or whatever else we end up using in 20 years.
Dollar bills are essentially untracked, good everywhere, secure, work no matter what. Same goes for normal mail, and it's a federal offense to tamper with it.
Nothing electronic will ever be secure, unless it is never, ever networked. Networking changes "touch physical thing" into "everyone on the planet plus their bots" can touch it.
Even if you pass harsh laws, you need to geogate network connections to only within that legal jurisdiction. Otherwise, it's pointless.
The real, true problem is anonymousness. I used to advocate for, now I'm done. The problems anonymity solve, are a gnat compared to the ones it creates.
I'm all for ipv8, but with a unique ID in the packet identifying the person directly.
I can't drive a car, own a gun, drive a boat, buy explosives, ply many trades, and 100 other things without a license. Maybe unrestricted internet access is in that category, and bad behaviour means it is revoked.
The Internet was a toy for a long time. Now it's the backbone of all commerce, industry, personal communication, with life threatening implications at times.
I spoke of licensing, for unrestricted internet access. No one will have unrestricted access otherwise.
The criminal intent was giving somebody without a license, access to your gear to spoof you. If someone is too ignorant to not know what that means, then they would never acquire a license.
So no internet for 99% of people? Computer nerds only? You probably don't need any more restrictions with that standard in place. That was the early internet.
No "unrestricted internet" for 99.9% (or even 99.99%) of people.
The massed will still be able to access youtube, google. They won't be able to open random ports without proxies, and yes that means even online gaming is going to be controlled.
It's a crime to open someone else's mail and generally speaking the post office does a pretty good job of reliable delivery. Even if an address is a bit wrong/corrupted, it can likely be delivered just from the name and the zipcode.
Email is a lot harder. The older SMTP standard sends emails unencrypted so there's a possibility of a MITM reading the email. But also addresses if you get them wrong can end up in the wrong hands. For example, if someone sends an email to cogman10, I'll get it, but if they go to cogman1O I won't get it. A lot of the nuance of how secure and when it's secure gets erased by auditors to just "email is insecure".
Isn't the post office heroics normally when it's not deliverable? If the sender wrote down 744 Evergreen Terrace but they meant 742, that mail will be delivered to your neighbor and hopefully they'll redirect it to you.
The post office is heavily regulated not to open your letters with severe criminal penalties if they do. An attacker also can't quietly X-ray your letter in transit to get a sneaky copy.
It’s hard to tell. I’ve worked on projects with 50 programmers and it seemed many did nothing and a few did negative work.
We went through a round of layoffs and I had to “finish” another programmer’s work. It was a java app with servlets and JSP and a bunch of web forms submitting back to a database. He had just copy and pasted the html into his JSP so it had the sample data and messages. Everything submitted and went to the next page, but nothing was posted or saved.
He did this like 20 times for all his modules. Maybe six months of “work” was like nothing done.
I like to work on small teams that collaborate enough so if someone isn’t doing anything then we know. And I don’t think anyone’s work in my immediate vicinity is performative.
That being said, it’s hard to know people’s process and what is productive to them. If you take a small sample you might not understand. And what you think is performative may be essential. This seems common when I was younger when I thought “I don’t understand it, therefore it’s not important.”
I’m currently thinking through a tough program and browsing HN at 10am and it’s an essential part of my workflow.
My whole career (15+ year) is built on orgs (Fortune 500s, academia, government, and even startups) hiring me to actually get something done that an employee spent months "working on" that ended up useless and scrapped. It's everywhere, all the time.
Additionally, you can be productive from a development sense, ship functional software that is to spec, and everybody is happy - and it still never gets used, or gets canceled, and does nothing for anyone. This too, could also be considered performative.
The money does put food on the family dinner table, so be it.
The most shocking thing about entering Software as a career was the enormous number of "Brillant Paula Beans"[1] that are out there silently working, doing meetings, participating in all the software rituals, but producing useless and ultimately scrapped work product.
Yeah, the second one is really the most bitter pill - work for a year or more, see that the PMF or the actual product isn't going to meet the needs; raise red flags, nobody cares (or worse, people actively fight you and torpedo you) and then you get to see it literally do nothing in production.
I have seen this a lot in the mid sized business (<300 employees usually) and its the "we have enough money and no accountability and terrible processes to even understand the world" but my favorite one is my friend spent six months building a product offshoot from a core product, got pulled into meetings with directors to tell him to shut up about how it wasn't going to work for the target market, and when he finished they sold 4 units.
I’ve been in such a work context for the better part of two years, as a contractor, and by God it is soul crushing to give your best to do a good job, and to see it ultimately ends up in the bin.
I quit weeks ago, and they are already begging me back because I was good at what I was doing, to work on yet another hallucination from the higher ups that will be scrapped in 6 months.
The good money doesn’t make up for the existential pain. Maybe I’m too old for this shit. (20 year career and a burnout that made me reassess the value of my time on earth)
I work almost exclusively in small (<100 employees) firms, usually no more than 20 developers, and it’s a complete mix here too.
One firm might have the most dialed in effective team you’ve ever dreamed of. The next four are average or OK. Then you get companies run by absentee owners and half the developers are stacking a $150k a year paycheck and literally not working at all. The company itself is highly profitable so the owner doesn’t care
It’s just a mixed bag all over everywhere you go. No generalities to be found in size but only in culture and outcome.
There's that, and then there's the other kind of negative work, whereby a rockstar engineer develops something that works but only he understands, completely failing to document it well. When this engineer leaves, the project is unmaintainable by virtue of being incomprehensible. In both cases, the management has been clueless.
reply