I thought everyone just installed cracked pirate copies ("nulled", as it was called) of IPB. How are they making money? Who is paying them for their software?
Not exclusively, but they're definitely going towards that route. I'm still paying them huge amounts of money for the license to host their software on my own servers but people who do that is a shrinking population.
Running web software without updates from some unknown source doesn't sound like a very good idea. Lots of stories out there of communities using "nulled" software which got hacked because of a backdoor left in.
The original link was already the entire thread on one page. The problem we're complaining about is that the thread very clearly isn't intended to say what happened. No effort is made in that direction; there is not even a hint that it was a goal. It's about as appropriate of a recommendation as an unrelated article in National Geographic.
I would submit this other similar experiment from YouTuber Vsauce [1] where a machine is trained to react to his subconscious thoughts before he consciously chooses to press a button.
One of the biggest downsides in my opinion is that session invalidation becomes non-trivial. Your best bet (assuming you don't want to do any additional network requests) is to reduce the session length to the smallest amount you (or users, depending) will tolerate and perform some kind of re-authentication; i.e. force a logout and do a fresh login or check if they can get a new token based on the old one transparently. For example, a user changing their password should kill all tokens that are in use immediately for good security. You can't do that with JWT. All tokens will stay valid until they expire.
I haven't used JWT but the way you solve this is by having a refresh token that lasts several days that lets you "login" without a password. The refresh token is then used to get the real session token with has a low expiration, perhaps 5 minutes. When the session token expires you just "login" again.
But honestly I don't see the need for the vast majority of applications. Most frameworks cache the permissions, etc on login so the database doesn't have to be accessed on every request.
While I applaud this effort, this will not stop the use of the technology. It will simply steer them to another provider or a custom implementation (on top of AWS if they so choose to) of this now well-understood technology.
I don't know about this argument though. If Amazon bans a book based on their ethics, people freak out about censorship and how one company has so much power and shouldn't be doing that. If their AUP stated what they deemed ethical, how many potential startups or corporations wouldn't be able to start? Take a "simple" example: A business that counsels families on abortion. Is that ethical? Who gets to decide that? I think this is one of those cases where we have to be very careful what we are asking for.
Yeah but... that means the people who do take on this work will be the zealots who never doubt what they're doing. That's not to say that non-zealots should take on this work to keep the zealots out. I'm just saying that we're screwed so long as there are no laws prohibiting governments for doing this sort of stuff, because there will always be devs willing to use their powers for evil.
If there's any correlation between non-zealot-developers and highly-effective-developers (which there may not be, but the optimist in me hope there is), then the world might be a better place as a result of this...
(Note, I have been _tempted_ to take on work that fascinates be on a technical level, that I disagree with on an ethical level. I've never crossed my own personal ethical line there, but - without judging - I can see why the temptation succeeds for some people...)
"it is good to have as many software developers as possible steering away from unethical work."
Is it unethical to track down violent activists?
Is it unethical to check for people crossing the border illegally?
And this thing about the tech being used to single out 'people of colour' I think we can dismiss that out of hand - the tech won't be used for that ... though the application of the tech may disproportionately affect some groups (say the cops create a 'watch zone in S. Chicago' but not elsewhere).
But at least in the former scenarios, it's fairly grey thing.
At border crossings, I can see this could be very reasonable.
Walking down the street in 'wherever USA' tagged for something I can see ethical problems.
It depends on how it's used ... we need some new laws ...
> At border crossings, I can see this could be very reasonable.
Note that it's also least necessary at border crossings. As a non-US citizen I'm already required to give my fingerprints and retinal scan to border control agents.
Like you say it's the "walking down the street" problem - for me at least perhaps more accurately described as the "done at many orders of magnitude more scale, in circumstances where you have no option to opt out". If I don't like border control practices, I have the option of not crossing a border (at whatever cost to me that implies, but I have _some_ agency there). When this is deployed on streets, shopping centers, trainstations, and other similar places - I've lost any agency in being able to choose not to be involved/identified.
(Note too, that the USA defines "border areas" where I'm legally able to be stopped and fingerprinted/retina scanned as "anywhere within 100 miles of a border" which includes pretty much all of California and New York, and anywhere within 100 miles of each coast or the north/south borders.)
>Note that it's also least necessary at border crossings.
Says you. It could replace the fingerprint and retinal scan for all we know, plus you don't have to actually physically interact with the person crossing. I don't think it will, but it seems perfectly reasonable to deploy this technology at the border. I see no issue with the definition of "border areas" either. Seems reasonable to assume that if someone has recently crossed illegally, that, assuming they haven't gotten picked up by vehicle yet, they are likely to be found within less than 100 miles.
Sure, I'm speculating out my ass here (it's what everyone does on The Internet, right?)
Seems to me though, the most recent numbers I've heard for commercial state-of-the-art facial recognition are barely capable of 99% accuracy. I don't know the error rates of fingerprint and retinal scans, but I'd put good money of the combination of passport and fingerprint or passport and retinal scan being several orders of magnitude more accurate that face recognition we have available right now.
(And I probably should have left out the "border areas"comment as part of a different argument - my beef with that is not "how many illegal crossers might you find within 100 miles of a border", but "is it worth reducing the rights of everybody, legal as well as illegal, just because they live/work/travel within 100 miles of a border?" that includes everybody in CA west of a line thru Sacramento, Fresno and Bakersfield.)
Why is the accuracy of the technology relevant at all? I think you're assuming that we already have fingerprint and retinal scans of everyone entering, which is quite obviously not true. We might, however, have a rough facial footprint of a known bad actor. I'm fine with this technology being employed in such a manner.
The accuracy matters (at least it seems to be so to me) because if all you have is "a rough facial footprint of a known bad actor" and you use a technology with a 1% error rate - given that there's probably something like several hundred million airport border crossings a year in the US - _somebody_ is going to have to deal with a million false positives a day, which doesn't seem like a win given I suspect the number of bad actors for which facial features are know but cannot be detected with the in-place passport/fingerprint/retinal crossing system is probably in the single digits per year...
The aggregated individual cost to the 1% false positives - when deployed against a population of several hundred million travellers a year - seems outrageously high to me.
Easily solved by simply fingerprinting and retinal scanning the positives and the "unknowns", which is essentially the status quo. Nothing changes except our confidence level that we are actually engaging the right people. The cost, to me, is simply in terms of how expensive implementation would be in terms of dollars.
" As a non-US citizen I'm already required to give my fingerprints and retinal scan to border control agents"
Well that's my point - we already do stuff on par with ID recognition - so while it's uncomfortable and debatable, it seems 'within bounds' in our current state of affairs.
And yes, the 'all seeing eye' part is hugely contestable.
Sure. I think my (perhaps badly made) point was - There are two existing technologies already in use at borders, each of which have similar or better accuracy than facial recognition, so the additional benefits of deploying it there is likely to be small.
Unless, as pointed out by bdhess in another response to my comment, the aim is to detect people for whom border control do not have any passport/fingerprint/retinal information for, but some reason still consider to be a "person of interest" at a border. Which has it's own set of scary implications...
> Note that it's also least necessary at border crossings. As a non-US citizen I'm already required to give my fingerprints and retinal scan to border control agents.
I think your argument assumes that the US government has already captured either a fingerprint or retina scan of all of its persons of interest. I don't think that's a safe assumption.
That the aim is to detect people for whom border control do not have any passport/fingerprint/retinal information for, but some reason still consider to be a "person of interest" at a border?
I'm not sure if that's a valid point, or a scary overreach...
Part of me worries about using a barely 99% accurate face detection technology (perhaps trained on Facebook or YouTube jihadist videos?) on what must be at least several hundred million airport border control crossing a year is inevitably going to result in several million false positives a year - presumably mostly for bearded middle eastern males. The invasiveness of recording and storing facial data on every international traveller with the possible payoff of detecting someone genuinely "interesting" amongst the million per day or so stream of false positives seems like a poor security solution.
Another part of me acknowledges that the US (and, to be fair, every sovereign nation) can invade everybodies privacy at the border _anyway_ and what's the problem with adding just this one tiny straw to the camel's back?
As Wil Wheaton so eloquently pointed out, I'm a middle aged, white, heterosexual, cisgender man - I live life on the lowest difficulty setting. This is unlikely to affect me in any way apart from giving me a great opportunity to rant on internet forums. If you have any 15-30 year old male friends of middle eastern descent, ask them how _they_ feel about an algorithm with a well known 1%+ error rates most likely trained on "terrorist suspects" being pointed at _them_ every time they fly in or out of the US...
You're right - there's _lots_ of grey area here, and some people's ethics are different from mine (and mine are probably different from yours, at least at the boundaries. _Most_ people agree on basic human rights, they just all define them differently sometimes...)
While I agree we need new laws, I also recognise that laws by necessity change slower than fashions, so there's always a period (often a long period) where laws trail behind what's going on in society. It's during those periods where approaches like "it is good to have as many software developers as possible steering away from unethical work." might help.
Where it stops being grey is when the authorities start setting up concentration camps for forcibly separated children. At that point, yeah, it's unethical as hell, and so is aiding and abetting it in any way (which may include some of the activities that you've listed). Context matters.
I have had issues with playing music via Bluetooth (essentially the volume being too low) and research brought me to the Facebook app being open and closing it fixed it. Facebook is definitely doing funky stuff with audio that it should not be doing.
I think the scenario shadeless was describing is that the author of the PR shouldn't be able to merge but anyone else with write access could. It would be my ideal scenario as well. (You could of course bypass this by doing it in Git if you really needed to.)
Gotcha, so if three users have write access then when a PR is opened by one of them, one of the other 2 users has to approve it?
If your scenario only has two users (you and one other person) then this flow can already be accomplished (the two are both reviewers, and you set approval required by "everyone" -- so you approve your own PR and then the other user has to also). If you've got more than two users, that's something we'll have to add but it sounds like it's worth doing!
It's being replenished constantly. Ozone is created when UV radiation hits reguly Oxygen molecules.
The problem is that we used to release large so amounts of stuff like the CCl4 mentioned in the article that ozone got destroyed quicker than it was created.
So this might explain why I started sleeping better when I installed f.lux[1] which starts eliminating blue light from your screen as soon as the sun sets.
debian/ubuntu users can `apt-get install redshift`. you can add it to your ~/.xsession if you're a luddite like me, or find some other way to make sure it's always running when X is running.
