There is a pretty staggering difference in terms of how the different insurance companies pay out their claims -- everything from how they dictate services and hourly rates within their Direct Repair Program (DRP), and to the parent's point, where they set thresholds on the percentage of parts on a claim/repair which can be:
* OEM (e.g. genuine parts from the auto manufacturer)
* vs. Aftermarket (e.g. 3rd party clones)
* vs. Remanufactured (e.g. picked up from a salvage yard)
In general, higher-end insurance companies that charge higher premiums tend to want collision repair body shops utilizing majority or even all-OEM parts, whereas other "cut rate" insurance carriers typically try and get body shops to utilize mostly or all Aftermarket parts, some of which can have very questionable reliability.
My company has many clients in the automotive and collision repair industry, and we've even built a number of parts procurement platforms for the US and Canada markets -- in one of those applications, we specifically had a module that put in the DRP part allocation requirements for each insurance carrier, and to run reports for those carriers to show body shops that were in compliance vs. out of compliance with those requirements.
> Depositors have a reasonable expectation that when they choose a bank (especially a publicly traded bank that is regulated) that their deposits are safe
@garry, while it may be a reasonable expectation, it's always been very clear and _explicit_ that it's not a guarantee beyond $250k (or $500k).
What's more troublesome is that VCs and Y! have portfolio companies that either didn't understand this and/or didn't take the time to shore up their exposure to this otherwise very easily, manageable risk.
Open additional accounts, utilize CDARS, etc. -- there are so, so, so many incredibly simple, straightforward ways your portfolio companies could've mitigated this.
And yes, I agree with you -- the risk _was_ negligible. But it was risk nonetheless. And the fact that the mitigation options are _so_ simple but that your portfolio companies didn't do this really brings into question their ability to manage cash / risk management in general.
So then to ask for taxpayer money to bail out companies who didn't take the time, thought or energy to minimize exposure to this is what I think most people on this thread are pushing back on.
> We're asking for depositors to be made whole and for regulation to prevent this from happening to depositors in the future.
In fact, depositors can _already_ prevent this from happening from themselves.
Privacy is bundled under Trust & Security. I don't have precise numbers or estimates, but basically every Google product area has a team of Technical Privacy Engineers, TPMs, TPgMs, and VPs. They are the arbiters who can block a production release if privacy and security issues are discovered and not remedied.
No other company I can think of has invested in such a rigorous Privacy review and support structure in an attempt to reduce risk. Other BigCorps do take it seriously, but get by with much less investment. Despite this, FB et. al. are keen to poach Google Privacy employees, because there are very few Privacy Engineer in existence and Big-G pioneered modern day corporate privacy efforts. Google is a huge target for hacking and public criticism or even loss of human life due to product decisions, especially because the products are so ubiquitous and widespread (browser, mobile OS, search engine, Gmail, ad network, etc). See subjects such as Differential Privacy.
Source: I have a few friends who've worked in the G-Privacy org.
> They are the arbiters who can to block a production releases if privacy and security issues are discovered and not remedied.
Every company I’ve worked at outside of tiny startups has had this level of gating by the security team.
> No other company I can think of has invested in such a rigorous Privacy review and support structure in an attempt to reduce risk.
Which companies have you worked at in the last 8 or so years? It sounds like you’ve just watched the industry mature a bit in PII from the perspective of the inside of Google.
> No other company I can think of has invested in such a rigorous Privacy review and support structure in an attempt to reduce risk.
In recent court cases Google employees admitted they have no idea where user data is stored (specifically location data), which systems have access to it, and how to fully turn tracking off.
80-90% of Google's revenue comes from online ads. There's a huge conflict of interest between Google's business model and whatever "arbiters" pretend they want to block.
And of course the number of privacy things that Google pioneered is minuscule to non-existent. Google has been dragged into caring about privacy against its will, kicking and screaming, by government actions like GDPR and CCPA.
Facebook poaches Google's privacy people because Facebook is the only one of mega corps who are worse than Google, and wants to continue its practices as much as Google.
> In recent court cases Google employees admitted they have no idea where user data is stored (specifically location data), which systems have access to it, and how to fully turn tracking off.
Jack Menzel, a former vice president overseeing Google Maps, admitted during a deposition that the only way Google wouldn't be able to figure out a user's home and work locations is if that person intentionally threw Google off the trail by setting their home and work addresses as some other random locations.
Jen Chai, a Google senior product manager in charge of location services, didn't know how the company's complex web of privacy settings interacted with each other, according to the documents.
Thanks. But neither of those sources matches your initial description.
The first is not anyone "admitting" anything in a "court case". Nor does it discuss "where user data is stored" or "what systems have access to it". It is quotes from an email discussion on some article, about the behavior of a UI toggle, with no indication that these are people working on that system who would be expected to know where data is stored but don't.
In the second link you've at least got a deposition, but how is either of those paraphrases relevant to your claim about "not knowing where user data is stored" or "what systems have access to it"?
"State-Provided" funds are calculated by the LCFF (Local Control Funding Formula), which is a combination of both State and Local funds.
Depending on the district, if local funds is not enough to fund the district, then yes, state tax revenue steps in to provide the rest.
However, for districts where local funds is enough or exceeds the district need, then these these districts (referred to as "Basic Aid" or "Excess Revenue" districts) aren't provided state revenue, and they are able to keep the excess local revenue for their needs. (https://www.cde.ca.gov/fg/aa/lc/ and https://www.saratogausd.org/Page/519)
In 2021, their total revenue was $169M, where $156M (92%) came from property taxes. This resulted in spending per pupil of $23,491, far exceeding the state medium of $16,042.
Welcome to the Circular Logic Merry Go Round, where we need to ban people because they're wrong because of course they're wrong, they were banned on twitter....
Actually, I would say anywhere in Taiwan other than Taipei, you'd be fine on $1k USD / month... so for those that would still prefer urban/city life, you should definitely consider Kaohsiung or Tainan -- both urban centers that are in the southern part of Taiwan.
Weather may be a bit more of an issue though (especially in the summertime), but cost of living is still very very reasonable.
Agreed on the language though -- Taiwan in general is a bit tougher to navigate for non-Chinese speakers. You may be able to get by with just English in Taipei, but in the rural areas or in the central/southern urban centers, it'll be a bit tougher.
I'd love to take a moment to talk about the quality of the code (assuming that the full code listing that the Ars article links to is accurate).
It's pretty clear that there are no coding standards, sparse comments (literally just 1), lots of mixed tab/spacing, misspelled names, etc.
Furthermore, the fact that this got into production shows that either the code wasn't even reviewed prior to release and/or it wasn't reviewed carefully.
I think this goes to a much larger issue of devices in this so-called IoT world we live in now. So many of these devices are built by "hardware-first" companies, who oftentimes put very little budget, time or emphasis on the software side of things. As people's daily lives depend more and more on IoT devices, I think this should be more and more of a concern: it doesn't matter how good the hardware is and/or how cost efficient a company's hardware production capability is if you don't value the quality in the software that runs said hardware.
(Full Disclosure: I'm a full-time independent software developer who has worked on many IoT projects, working directly with hardware and device manufacturers)
This is probably also reflected by the fact that they stopped patching it relatively early in its life. Three years of patches for what is effectively an internet-connected hard drive, presumably one that its target audience is going to be using for many years as something that “just works,” reflects a disinterest by Western Digital in living up to its own sales pitch.
Right - if the hardware is no longer selling (due to missing sales targets) then there's little incentive for the companies to still invest significant resources into maintaining it. Of course one option would be to open source it entirely and turn it over the community for long term support, but the companies like holding onto whatever little bits of IP they can (even if they are largely just implementing open source software to begin with, and nothing super speceial).
This is a problem. I don't know the solution, except that companies should really commit to LTS support of things no matter the sales targets.
> This is a problem. I don't know the solution, except that companies should really commit to LTS support of things no matter the sales targets.
The EU and US could mandate that all products sold in the EU/US have their firmware source code, working toolchain as a virtual machine image and all relevant documentation (including SoC docs, BOM and schematics, as well as case and other parts' 3D specs and any digital certificates and private keys) be held in trust at the national public libraries. When the manufacturer ceases to support the device - including not fixing critical security bugs at 90 days post disclosure - the complete archive is released to the public as open source.
Additionally, the US and EU could mandate that any Internet connected device's firmware as well as its development process must pass an audit at certified organizations such as TÜV or UL. We're doing this for electrical and gas appliances already due to the risk these things pose to the general public, it's time to do the same for IT.
Products developed as open source can be exempted from the audit requirement to incentivize open source development.
I've had similar ideas, but with IP/DMCA rights/enforcement being conditional on depositing keys and source code with the Library of Congress, to hold in a sort of public escrow. Maybe even require it for FCC certification, or for courts to to recognize/enforce EULAs or other claims.
If you want to enjoy the public protections of IP, the public needs to get a copy of source code and meaningful device access, upon whatever definition of un-patched software or device abandonment.
Obviously there's a lot to work out, but philosophically, I like the idea better than introducing new jurisdictions of regulatory power, especially when the relief sought should already be attainable under the public contract made in seeking government enforced IP protection.
> Obviously there's a lot to work out, but philosophically, I like the idea better than introducing new jurisdictions of regulatory power, especially when the relief sought should already be attainable under the public contract made in seeking government enforced IP protection.
Putting your code into escrow does not imply it's going to get audited or that it was developed under somewhat reasonable conditions (aka with code reviewing and testing).
We have seen way, way too much damage, to the tune of billions of dollars and everybody's personal data ending up in hacks "thanks" to shoddy software now, it's a matter of national security to create ad enforce regulations.
Maybe we can create exemptions for small companies and startups, but as soon as you hit 10k users in general population you should have at least basic security processes implemented.
Several years back, I did an internship at Western Digital. I was a software intern on a hardware team in testing working on a project that no one on the team was capable of doing. It quickly became obvious it was more appropriate for a contractor to build than an intern, and was even told as much, but they went with the intern route because it "required fewer signatures".
It was glaringly obvious that software was not part of the company's core competency. Worse, was that software was treated as a nuisance and afterthought to the hardware. No idea how today's Western Digital compares, but I generally steer clear of the company's products that rely on any non-trivial software.
I think part of the problem is that the industry doesn't seem to value embedded software engineers. The work embedded software folks do is just as complicated as that of a full-stack developer working for a SaaS company, but the salaries aren't comparable.
It doesn't help things that the skill sets are very transferrable. It's tough to find somebody willing to forego 20-30% of salary just because they enjoy embedded - after a while, people get fed up and move into better paid SE roles. So, embedded software departments are often short-handed. A former employer of mine lost a senior firmware engineer almost three years ago. As far as I know, they still haven't filled the position.
You'd likely be shocked/scared at the amount of terrible code which is out there in the wild running at any time in large companies. Mostly it is outsourced to the cheapest possible vendor, many times who have barely a grasp of what they're doing, and for sure don't understand or think about best security practices.
SEEKING FULL-TIME FREELANCER | Sr. PHP Developer | REMOTE (preferably Eastern Asia tz, but American tz would be considered)
We are Quasidea Development, a team of about 10 people who build custom business applications for primarily medium-sized businesses (or medium-sized departments in larger organizations).
Over the past 20 years, we've been blessed to have built mission critical applications for such well-known clients like NASA, Microsoft, Lockheed Martin, Stanford University, as well as dozens of smaller companies and startups.
We're looking for a full-time remote Senior PHP Developer to help take over the maintenance and build out new features / modules for one of our clients.
This would be a permanent role as a full-time freelance/contractor.
Ideal candidate would be someone who has:
* 8+ years of PHP and MySQL Expertise
* Strong understanding of OO principles and design
* Experience with JavaScript, especially with ReactJS is a huge plus
* Fluent in English (both spoken _and_ written)
* Able to work independently, and very comfortable communicating over IM and online collaboration tools (Slack, Zoom, etc.)
While we are based in San Diego, CA, our team is all over the world, including the US, Latin America and Eastern Asia.
Feel free to reach out to me directly (I'm the founder and Principal Engineer) if you're interested. You can contact me via my profile. Thanks!
Quasidea Development | Sr. PHP Developer | REMOTE (preferably Eastern Asia tz, but American tz would be considered) | Full-Time Contractor (Permanent)
We are a team of about 10 people who build custom business applications for primarily medium-sized businesses (or medium-sized departments in larger organizations).
Over the past 20 years, we've been blessed to have built mission critical applications for such well-known clients like NASA, Microsoft, Lockheed Martin, Stanford University, as well as dozens of smaller companies and startups.
We're looking for a full-time remote Senior PHP Developer to help take over the maintenance and build out new features / modules for one of our clients.
Ideal candidate would be someone who has:
* 8+ years of PHP and MySQL Expertise
* Strong understanding of OO principles and design
* Experience with JavaScript, especially with ReactJS is a huge plus
* Fluent in English (both spoken _and_ written)
* Able to work independently, and very comfortable communicating over IM and online collaboration tools (Slack, Zoom, etc.)
While we are based in San Diego, CA, our team is all over the world, including the US, Latin America and Eastern Asia.
Feel free to reach out to me directly (I'm the founder and Principal Engineer) if you're interested. You can contact me via my profile. Thanks!
Maybe this is just way too niche, but I've been wondering why there hasn't been any e-ink based laptops with a powerful enough of a processor (e.g. 10th/11th gen core i7 would be great) and ability to put enough RAM (e.g. 16GB) to run a development environment.
Something like that would be oh so light and great/easy to carry around. And something purely used for dev doesn't need to have the ability to play videos, etc. (that would just be distracting anyway, right? =)
I know there have been a few tablet/reader-based devices that use e-ink and have the ability to run Linux, but of the ones I've seen, none of them seem to have powerful enough of a CPU (and definitely not enough RAM).
Because programming on e paper would be horrible. You can’t scroll text properly. You would be limited to page up/down. And then it takes a second or few to do that.
And then the e paper panel costs a bunch so what would be a $1000 laptop becomes $4000 and is strictly worse for the vast majority of users.
e-ink screens are objectively worse for our eyes than an IPS panel screen. I mean, this is besides the fact that e-paper screens are also more expensive and less capable than the standard iridescent screen that we spend 24 hours on daily.
Is an IPS screen displaying static content better than a properly illuminated sheet of paper? I hardly believe that.
Of course I remember how difficult was to properly illuminate my notebooks when I was a kid. I guess I'd end up with two lamps on my sides and they are difficult to move as easily as a laptop.
For dynamic content, eg ls -la, scrolling through a file, watching to a video, doing a video call, it's no contest.
"If you are a night owl, you might be better off with a tablet, but if you are a daytime reader who prefers reading outside in the Sun, then a reflective e-reader or a physical book is a better option.
Other than that, there is no difference between the two screens."
> e-ink screens are objectively worse for our eyes than an IPS panel screen.
That's not actually true. I have glasses explicitly to prevent eye-strain for when I'm working on the computer, even when it is an IPS/retina display with 2X pixel scaling. However I don't need glasses at all when reading books on a kindle or kobo.
I went to an optometrist and got a prescription. I actually went to two different optometrists and one of them misdiagnosed me. My prescription is extremely minimal, +1.25 on one eye and -1.25 on the other or something like that but it makes all the difference. If your eyes are extremely strained you may need to ask for the extremely strong eye relaxant drops when you visit your optometrist.. and warn him or her that you may have minus eyes. Apparently it's hard to properly diagnose minus eyes without doubling up on the eye drops.
Weren't blue-light filtering glasses proved to be with no known benefits? E.g. [1].
Personally, I'm very sensitive to light and get frequent debilitating headaches. Blue light filter changes very little for me. Making the whole screen just red with something like flux (together with my glasses that also block blue light) might help around 5-10%, but the migraine still comes full force (maybe 10-15m later).
I think your experience with migraines can hardly inform a typical person's experience with blue-light filters and a random hidden camera exposé is not really going to "prove" anything. Also, flux is aimed at sleep regulation, where blue-light filtering is aimed at claimed damage reduction and increased acuity.
However, there do seem to be no studies proving efficacy, indeed.
> I think your experience with migraines can hardly inform a typical person's experience with blue-light filters
I would guess it's the opposite--because I'm extremely sensitive to light in general, I'd think if blue-light filters were effective, they'd be even more effective on me, which they aren't.
> Also, flux is aimed at sleep regulation
People seem to equate "less blue light" with "better" and yet when I make my screen dark orange/red, it does nothing.
Also note that I said something like Flux.
Last but not least, my glasses also have blue-light filter in them. So I'm reducing blue light with both HW and SW and it has very minuscule effect on me, personally.
Of course, it's anecdotal experience and nothing more. But I get an eye twitch when I see stuff like "blue filter is a game changer". Sounds like placebo to me.
>And then the e paper panel costs a bunch so what would be a $1000 laptop becomes $4000 and is strictly worse for the vast majority of users.
IMO, this is fundamentally a niche object. But that nicheness means that if it did exist, it would have several options without worrying about pissing off the mainstream.
#1 on that list is that you don't need to seamlessly emulate an LCD screen with an e-ink screen - instead of having a single multiplexed screen, have 2-3 80-char-wide separate e-ink screens and have text on each of them.
This has two advantages: one, it's cheaper because e-ink screen costs scale geometrically with size, not linearly. And two, AIUI partial-refresh doesn't work well when you're literally refreshing a third or half of your screen, but two completely independent screens can obviously refresh independently of each other. I'm assuming partial refreshes are faster due to taking a smaller absolute number of pixels, and not due to being a smaller proportion of the screen, so e.g. a quarter of a 4" screen will refresh the same speed as a full 2" screen refresh but faster than a full 4" screen refresh.
Ideally, you'd want to split the e-ink screen into as many smaller screens as possible anywhere it makes sense (and design the UI in hardware), simply to reduce costs.
Sadly, large cheap single screens have made the concept of software controlled UIs so obvious that people don't even consider the alternative.
cough Back then in the old days you used page down/up because the computer was too slow to make scrolling line by line useful. You can live without scrolling.
I purchased a Boox Max2 and got the version with HDMI to code. What I had not realized is that I would miss source code highlighting with color coding so much. Everything else can be more or less worked around, scrolling did not bother me.
My Eink tablet does ~15 fps in monochrome operation.
It can very much scroll, though you are right, one would typically use page up/down functionality. But you'd not really have to wait.
Check this ThinkBook Plus by Lenovo (2nd Gen)[1]. The latest version has an updated e-ink secondary screen with bigger and higher resolution to match the main conventional screen.
I'm guessing the BOM cost of the display would be far too high.
Dasung's 13" external e-ink display costs $1200.
Boox's 10" e-reader costs $500.
I can't imagine there are enough people willing to trade color and syntax highlighting for that crisp e-paper goodness on their $3000 13" development machine.
You can try the impromptu DIY version of such a device by just setting any android-based ereader in front of your laptop display and use VNC/RDP or similar to mirror your screen on the eink reader.
I personally went a step further and used my boox nova 3 and a BT keyboard [1] directly to ssh into my workstation for a while.
Though I agree, an eink based laptop in a X1 or MBA form factor would be amazing, just for the battery life alone.
[1] Logitech K480, comes with integrated tablet holder
There is a pretty staggering difference in terms of how the different insurance companies pay out their claims -- everything from how they dictate services and hourly rates within their Direct Repair Program (DRP), and to the parent's point, where they set thresholds on the percentage of parts on a claim/repair which can be:
In general, higher-end insurance companies that charge higher premiums tend to want collision repair body shops utilizing majority or even all-OEM parts, whereas other "cut rate" insurance carriers typically try and get body shops to utilize mostly or all Aftermarket parts, some of which can have very questionable reliability.My company has many clients in the automotive and collision repair industry, and we've even built a number of parts procurement platforms for the US and Canada markets -- in one of those applications, we specifically had a module that put in the DRP part allocation requirements for each insurance carrier, and to run reports for those carriers to show body shops that were in compliance vs. out of compliance with those requirements.