> I think there is a brain decay that occurs as people become more rich and powerful.
My prevailing hypothesis is that as you advance in leadership roles there's a natural tendency to have the ego grow. After all, you have evidence for your ego: you make important decisions and you've risen up in whatever social structure. And I think there's a natural bias to surround yourself with yesmen. They create less friction, so naturally we want that. And it's hard to distinguish yesmen from people who genuinely believe in the same things as you. But the yesmen are able to hide this way, even by being "disagreeable" in just the right way (which makes it hard to distinguish). With the more proficient yesmen themselves rising to the top too.
So I think it's important for leaders to surround themselves with a distribution of opinions. I think in order to make good decisions we need friction. We need frustration. We need people to tell us we're wrong when we're wrong. We also need people to tell us we're wrong even when we're right, because the challenge of the idea forces us to think deeper. But I think the real challenge is implementing this correctly. It needs most "advisors" to be acting honestly, independently, and in good faith. It's hard to cultivate that and I think to do so you need to let people trash talk you, even egregiously. Because a misinterpretation of punishing someone can be seen interpreted as retaliation (even if completely fair), and upsetting the whole balance. Context can easily be lost
I suspect it's an unstable equilibrium, making it really difficult to maintain.
Yes, the "joke" only works because the implication is that the CEO is out of touch with the lives and working conditions of the average employee. It's pretty overt in meaning.
Should employees be required to discuss things explicitly? Without the natural way people talk? Especially the natural way Americans talk? Seems pretty rigid if you ask me
As a non-web developer I'm interested if anyone can answer this question:
If you're designing for <X> browser, how hard is it to make it work on <Y> browser?
Answering with at least {Chromium,Safari,Firefox}
Because if it's hard when targeting Chromium and adapting to {Safari,Firefox} but easy when targeting Safari and adapting to {Chromium,Firefox} then honestly it seems like Chromium is the problem.
What I want to distinguish is the biases in being used to programming in one environment and actual ease of programming for an arbitrary browser. Regardless of what official standards are, there are "in practice" standards, what is used in practice.
What would be nefarious is if Google is promoting people to program in ways that are not compatible with other browsers, cementing its monopoly. (This may even be achieved without explicit direction. Achievable simply by Chromium devs building tools for devs but not carrying about compatibility with other browsers). After all, the web is for everyone, but just because it's open doesn't mean monopolies/oligopolies/collusion/<other nefarious actions> can't happen.
Tdlr: does developing on chromium encourage browser incompatibility?
> Because if it's hard when targeting Chromium and adapting to {Safari,Firefox} but easy when targeting Safari and adapting to {Chromium,Firefox} then honestly it seems like Chromium is the problem.
Exactly. Test and develop against Firefox and/or Safari first and Chrome afterwards. If it’s not a true web standard and isn’t widely implemented, don’t use it.
The web worked fine for decades without smart fridge integration or whatever weird thing Google has decided that browsers must be capable of most recently.
It's not easy, though. Most of my day job is spent trying to get html interactives on an e-learning platform to work reliably with iOS's ridiculous nonstandard interaction rules around when media is allowed to play. It's worse than working with the 20 year old jsp+servlet system that serves the interactives and business logic. no other browser behaves like iOS safari and to debug and develop against it you need an ios and macos device sitting on your desk. Firefox and Firefox on Android are a breeze but a rounding-error in our usage metrics, even accounting for our development. Apple desparately hobbles the web platform to collect IAP taxes.
> with iOS's ridiculous nonstandard interaction rules around when media is allowed to play.
Are there any standard interaction rules on when media is allowed to play? I thought everyone implements it differently based on their own ideas of security and user engagement
The problem is not Google, I hate Google so I’m not white knighting them or anything but a lot of basic things are just badly implemented on iOS safari. Also if something works in chrome it probably works in Firefox as well. The only odd duck is safari and people who defend clearly have no experience trying to develop for it.
Making things work in chrome and Firefox is trivial and is never hard but when it comes to safari you have to figure out the special dance to make things work properly even when targeting it first.
No developing for chrome does not encourage browser incompatibility.
I don't agree with tracking kids but you're being silly. I ditched in high school and my parents didn't find out. This is true for plenty of people. Sure, it was 20 years ago but we had cellphones too. It's not like we were in the dark ages and schools couldn't call
Usually no. If you missed multiple yeah, but mostly they didn't care.
Though they started to my senior year. You'd get detention or even suspension if you did it too much. It was especially problematic with us in the AP/IB programs. My older sibling's class (AP/IB) ditched so much it was messing with the state attendance records.
But maybe they didn't call because we were in the advanced programs. The people ditching the most were the ones getting good grades. The school still has a pretty good ranking in California (top 20%).
And frankly, if they called... just delete it off the answering machine before your parents got home.
Or the other thing, get your elder sibling to call you out. Or call in pretending to be the parent or elder sibling. People did that all the time. It's not like the school knows your parents' voice. And well, now that's easy to fake, right?
There can be moral (or other) panics to real dangers. That doesn't mean cool heads don't lead to better solutions.
People panic in fires, trampling one another trying to get out. The danger is real, but so is the damage caused by the panic.
Here people are responding to real harms but we're often jumping to conclusions. Trying to act too fast. Thinking it is better to do something rather than nothing. But that's not always true. We see this happen with all sorts of complex problems we face these days. People care more about having an answer than they do a solution. This one is no different. We get bad answers like the above because people are rushing and not thinking about the consequences. But if things were as easy to solve as were wish they were then they'd already have been solved. The "easy" part only comes after a lot of hard work and really only from a high level
And this is really how it should be. Honestly the only thing I want arxiv to do is become more like open review. Allow comments by peers and some better linking to data and project pages.
It works for physics because physicists are very rigorous. So papers don't change very much. It also works for ML because everyone is moving very fast that it's closer to doing open research. Sloppier, but as long as the readers are other experts then it's generally fine.
I think research should really just be open. It helps everyone. The AI slop and mass publishing is exploiting our laziness; evaluating people on quantity rather than quality. I'm not sure why people are so resistant to making this change. Yes, it's harder, but it has a lot of benefits. And at the end of the day it doesn't matter if a paper is generated if it's actually a quality paper (not in just how it reads, but the actual research). Slop is slop and we shouldn't want slop regardless. But if we evaluate on quality and everything is open it becomes much easier to figure out who is producing slop, collision rings, plagiarist rings, and all that. A little extra work for a lot of benefits. But we seem to be willing to put in a lot of work to avoid doing more work
You could imagine separating the "publishing" part, which really should just be open with minimal anti-spam etc, from the "this was reviewed by a trusted group of people so you should give it more consideration" part. You could do the second without it being attached to the publishing.
I think your phrasing was good. A lot of people conflate a work being published is equivalent to peer reviewed and that "peer reviewed" means "correct".
I think when you think about publishing as what it actually is, researchers communicating to researchers, what I said makes much more sense. I do think formal review does help reduce slop but I think anyone who has published anything is also very aware of how noisy the system is and how good works get rejected or delayed because they aren't "novel" enough.
Honestly, my ideal system is journals with low bars. We forget this prestige bullshit and silliness of novelty (often it's novel to niche experts but not to others) and basically check if it looks like due diligence was done, there's not things obviously wrong, no obvious plagiarism, and then maybe a little back and forth to help communicate. But I think we've gotten too lost in this idea of needing to punish fast and that it has to be important. Important to who? Tons of stuff is only considered important later, we've got a long track record of not being so great at that. But we have a long track record of at least some people working on what we later find out is important.
There's a lot of stuff with basic errors in peer reviewed journals. Things also can get rejected for anything from formatting to politics.
I like Arxiv better. I get the paper, know it's probably not reviewed (like in many journals), and review it if I want to. I used to ise Citeseerx, too, to get tons of CompSci papers. Even better, OpenReview might have some good observations.
I don't agree actually that is how it should or can work for everyone. Senior researchers produce good quality research, and they have a network of high quality peers built over decades. Both those are necessary for them to reach out and ask for feedback, and get genuine and high quality feedback.
Junior researchers don't have these typically. They also benefit more from anonymous feedback, which enables the reviewers to bluntly identify wrong or close to wrong results. So I think open journals should continue to exist. They fill an essential role in the scientific ecosystem.
Mostly I'm fine with journals and conferences but I think it's the prestige that has fucked everything over.
I want reviews of my papers! But I want reviews by people who care. I don't want reviews by people who don't want to review. I don't want reviews by people who think it's their job to reject or find flaws in the work. I want reviews by people who care. I want reviews by people who want to make my work better. I want reviews by people who understand all works are flawed and we can't tackle every one in every paper (the problem isn't solved, so there's always more!).
So low bars. Forget the prestige, citation count, novelty, and all the bullshit and just focus on the actual work and that the act of publishing is about communicating. Publishing is the main difference between private and public labs. Private labs do fine research, without all the formal review. It's just that nobody learns about it. They don't give back to the community.
So my ideal system still has reviewers, journals, and conferences but I think we'd get along just fine without them. I believe that if we can't recognize that then we can't use these other tools to make things better.
They aren't fundamental tools needed to make the process work, they're tools that can make the process work better. But I'm not convinced they're doing a good job of that right now.
> The OS could require the parent to manually update it.
How is their age verified?
At some point one of two things is required:
1) A promise that the user is a certain age
- Which puts us exactly where we are
2) Official identification is used to verify age
- Which creates a PII nightmare
That's it. There's only those two options. You may not believe #2 is going to be a privacy nightmare but we're already seeing it happen with Discord/OpenAI/LinkedIn and everyone else that uses Persona[1]. They aren't doing the minimal security things and already aren't doing what they claimed (processed on device, then deleted). This "hack" couldn't happen if that was true
The difference here is it can be set by the parent on the OS and locked. Requiring sudo equivalent to change.
The way it is now, there's nothing stopping a (18-) user from logging out of a 'parental control enabled' account and making a new account without those controls on any service from Facebook to Steam. So the only effective option at that point is to entirely block that app or service.
This gives more power to parental control software. And yeah moves the responsibility from the service to the parents, which is what the services want cuz COPPA and other similar laws.
But you do bring up another issue people aren't discussing. That the default setting is under 18.
So we protect the children from adults by... having no way to actually verify someone is a child?
The problem is less kids getting access to porn and more pedos getting accounts to spaces designed for children. Places like Club Penguin or very famously Roblox.
Here's the problem, you can't verify children. They don't have identification in the same way adults do. And worse, if we gave them that then it only makes them more vulnerable!
Then we have the whole problem of a global internet. VPN usage is already skyrocketing to circumvent these policies.
So the only real "solution" to this is global identification systems where essentially everyone is carrying around some dystopian FIDO key (definitely your phone) that has all your personal information on it and you sign every device you touch. Because everything from your fridge to your car is connected to the Internet.
But that's a cure worse than the poison. I mean what the fuck happens to IOT devices? Do we just not allow them on the internet? That they're assumed 18+? So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies. That information spread like wildfire and you bet it got easier as the smarter kids put in the legwork.
This is a losing battle. It's not a cat and mouse game it's While E Coyote vs Road Runner.
We're on HN FFS. If there's anywhere on the Internet that the average user is going to understand how impossible this is it should be here. We haven't even talked about hacking! And yes, teenage script kiddies do exist.
These policies don't protect kids, they endanger them. On top of that they endanger the rest of us. Seriously, just try to work it out. Try to create a solution and then actually try to defeat your solution. Don't be fucking Don Quixote.
> But you do bring up another issue people aren't discussing. That the default setting is under 18.
Some things do that. This law doesn't have a default. If the admin sets all the user accounts to 18+, then the users are stuck with the setting being 18+.
> I mean what the fuck happens to IOT devices? Do we just not allow them on the internet?
Sounds pretty good to me.
But yeah they need a different handling of some manner. Maybe a "give no access to anything age-gated" category, though is that really different from under-13 in practice?
> So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies.
Just delaying unrestricted access to high school would already solve most of the problem.
> These policies don't protect kids, they endanger them. On top of that they endanger the rest of us.
They do not. Some totally different system could endanger people, but this one doesn't.
Really? Be a bit more serious now. There are a lot of things that connect to the internet, and not just for stupid data harvesting reasons. I gave other examples. I think you can understand that this gets pretty hairy pretty quickly. If you don't, then dig in deeper to how the networking is done. You're an older account so I'm assuming you actually understand computers.
> They do not.
They definitely do. I explicitly stated how that happens too. If you want me to take you seriously you have to respond with something better than "trust me bro".
There is no evidence that these companies are actually handling that data properly. There is a lot of evidence that they are handling it improperly. That data being leaked does in fact, endanger kids.
I'm also unconvinced these things even achieve the goals they claim to be after. Which is keeping pedos away from kids. i.e. the reason I said you're missing the point. So either it is not achieving that goal, or lulling people into a false sense of security. Imagine if Roblox was saying "we don't allow adults on the platform" and so now all the tech illiterate parents and kids think their kids are exclusively talking to other kids. That's just a worse situation than now.
> They definitely do. I explicitly stated how that happens too. [...] data being leaked
Again "Some totally different system could endanger people, but this one doesn't."
Any system that has companies handling personal data and able to leak it is not the system this kind of law talks about.
> false sense of security. Imagine if Roblox was saying
In that situation, Roblox is the problem, not the law.
> So what do these laws even solve?! I'm serious
If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.
It wouldn't replace direct checks from the parent on what their kids are doing, but it would greatly reduce the risk profile. And making it simple and built-in means that non-tech-expert parents can set it.
>> Be a bit more serious now.
> The serious answer is in the next line.
> ...
> Again "Some totally different system could endanger people, but this one doesn't."
>> If you want me to take you seriously you have to respond with something better than "trust me bro".
I do have a hard time taking you seriously
> If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.
People keep telling you option 1 is the correct one, and that it's not actually useless.
You keep describing privacy problems that only exist with option 2.
This law is not option 2. Stop interpreting people as if they're badly defending option 2. They're not.
> HOW
They take an OS where only admins can change the age setting. They set the age on a non-admin account, which they give their child access to. The OS passes the age setting along to programs, which pass it along to services that need to restrict behavior.
This is not the same as how it works today. It's impossible for a parent to do this today. The best they can do is try to keep track of every account their child has and dig through the settings manually.
> They employ some of the best security analysts in the world and have $10-30B/yr revenue
I'll never not be impressed by how many people will defend trillion dollar organizations and say that things are too expensive. Especially when open source projects (including forks!) implement such features.
I'm completely with you, they could do these things if they wanted to. They have the money. They have the manpower. It is just a matter of priority. And we need to be honest, they're spending larger amounts on slop than actual fixes or even making their products better (for the user).
“Priorities” is far too soft a term in this context. These are anti-priorities: not just things they choose not to work on, but things they’ll spend big money to prevent, up to and including bribing, uh I mean lobbying, lawmakers.
Neither big players have refined enough permissions. These set users up for giving away more data than they think.
Maybe one clear example is needing a permission once for setup and then it remaining persistent.
An easy demonstration is just looking at what Graphene has done. It's open source and you wana say Google can't protect their users better? Certainly Graphene has some advanced features but not everything can be dismissed so easily. Besides, just throw advanced features behind a hidden menu (which they already have!). There's no reason you can't many most users happy while also catering to power users (they'll always complain, but that's their job)
So I think it's important for leaders to surround themselves with a distribution of opinions. I think in order to make good decisions we need friction. We need frustration. We need people to tell us we're wrong when we're wrong. We also need people to tell us we're wrong even when we're right, because the challenge of the idea forces us to think deeper. But I think the real challenge is implementing this correctly. It needs most "advisors" to be acting honestly, independently, and in good faith. It's hard to cultivate that and I think to do so you need to let people trash talk you, even egregiously. Because a misinterpretation of punishing someone can be seen interpreted as retaliation (even if completely fair), and upsetting the whole balance. Context can easily be lost
I suspect it's an unstable equilibrium, making it really difficult to maintain.
reply