I have never found protonmail's signup step asking for phone number verification or a recovery email to be unskippable.
Protonmail can still be the best choice for a pseudonymous mail service so long as it's combined with diligent, consistent IP address obfuscation. Protonmail will continue to allow logins and new account creations over Tor. All the major free email providers have long since disallowed new signups over Tor, and most have some form of degraded user experience when logging in over Tor, if they allow it at all. Small, niche email providers appear and disappear so often that relying on them still to exist even a few months into the future is a big gamble. Hosting one's own email requires payment of some type to the hosting provider, so it is not anonymous. Other privacy-oriented free email providers, such as riseup, will do exactly what protonmail did, because if they refuse, their only option is to go the way of lavabit.
The cryptographer Dan J. Bernstein once told me a story that Bruce Schneier kept some cryptographic protocol secure for an additional 24 hours. The researcher demonstrating this protocol's weakness based their proof-of-concept on a proof in Schneier's book. However, Schneier's description contained a mathematical error. When the error in the proof-of-concept was pointed out to the researcher at the conference, this researcher went back to their hotel room, discovered the origin of the error in Schneier's text, and fixed the proof-of-concept for the conference-goers by the following day. Thus, Bruce Schneier kept a cryptographic protocol secure for an additional 24 hours.
The adoption of this motto by a company employing thousands of people provides a great example of why we need more engineers versed in the humanities.
What is evil? If it's violations of the law, then why not "Don't break the law"? (That certainly gives off stronger "already answered my t-shirt" vibes).
Does 'Don't be Evil' mean not violating any principles of Sartrean humanism? Those are all perfectly clear, right? Does it mean keeping the Judeo-Christian decalogue? The Confucian analects? Good thing there are no ongoing debates problematizing those! Or maybe it requires performing Utilitarian harm reduction calculations before all decisions? That's easily calculable, though, isn't it? Or, perhaps it involves abstaining from all meat, alcohol, and cigarettes? Some Jains wear special shoes to avoid accidentally crushing insects while treading, while Mormon ethics require the donning of special undergarments. Will corporate provide either of those?
Aside from the fact that the existence or non-existence of metaphysical evil is still debated both in secular-rational and theological contexts, it's unavoidable that many ethical ideologies fundamentally contradict one another. One can either choose one and rule out all others, hoping that the chosen model proves internally consistent and unambiguous, or one can accept that, as Philip K. Dick once said, "We are all doomed to commit acts of cruelty or violence or evil; that is our destiny, due to ancient factors. Our karma." Neither choice sounds ideal!
Friedrich Nietzsche's theory on the inevitable "transvaluation of all values" lends some weight to the impossibility of retaining this maxim in Google's corporate code of conduct forever. Reading into Google's abandonment of 'Don't Be Evil' this uncharitable idea that leadership has decided "evil" (whatever that is) is ok now, actually, leaves one with the unsatisfactory feeling of missing some perspective.
Instead, I think, the decision shows us that even the most simply worded of slogans, with the best of intentions, are inadequate as frameworks to think deeply about the often impossible contradictions of our beliefs and commitments. Ethical action requires deep thought. It's not a consensus, and it's not majority rule either (probably!). Not doing evil is complicated, and hard. It's not something that every preschooler inherently understands at playtime. And even if we follow through on the most informed decisions, supported by the all-true suppositions and ironclad logic, we may still find ourselves doubting that course of action years down the line as new outcomes are disclosed.
In the late 1990s, my dad attended night classes with other adult learners to earn his MBA. Everywhere he went during those years, my dad had a beeper clipped to his belt for an on-call hospital rotation. During his first week of class, my dad's beeper loudly went off during the middle of the lecture. As my dad scrambled out of the lecture hall to call the number on the little screen, the professor accurately guessed: "You're a doctor, aren't you?"
As an “enterprise” developer in the 80’s, we all had beepers to go along with our suits and ties. People often thought we must be doctors, but we were just corporate mainframe developers.
A law firm I worked for in the mid-90s started a helpdesk rotation with five or six of us taking shift with a single beeper. The only real complain was from the three women on the team, who had no belts or pockets to hang the device from (skirts and dresses were mandatory for female employees at the time, and women's clothes rarely have pockets or belts).
I love that too. You definitely don't see as many of them these days. By 2006 they were kind of a punchline (cf the TV series "30 Rock" and their portrayal as a goofy dead-end tech for weirdos, sold by Dennis Duffy).
This might or might not be an interesting digression (apologies if it's the latter!) but many medical professionals still carry beepers or pagers of some kind. Not like "an app on their phone that will ring your phone at you even through Do-Not-Disturb" (I have one of those), but something that is very recognizably an old school beeper. They often have a SIM card in them, and the newer ones sometimes have wifi as well for redundancy.
My wife is a nurse at a cancer treatment center, she coordinates care for extremely sick people who are getting very specialized treatments and she's kind of the front-line person for dealing with them and project managing emergency situations, so she and all the doctors she work with carry them. I thought it was actually pretty cool :)
I asked her about it once, and apparently the hospital system looked at the more modern app-based paging stuff and decided that while it was cheaper, the reliability hit wasn't worth it to them. The physical hardware for these things is outrageously sturdy, they have a lifespan of like a decade, they're extremely easy to replace. Sure, your wifi might be out or your telephony might be down, but that's a problem your app has to deal with too. Apps are easier to provision, but it's an extra layer of stuff that can go wrong (your phone is getting an update or out of battery, you left it in your car because you were playing music with it and forgot to take it out of the console, it got stolen because phones are recognizably valuable) so they just stuck with the old familiar form factor that does one thing, extremely reliably.
This isn't a criticism of the app-based paging systems or anything; they're quite reliable in my experience. I just thought it was a neat additional data point about the considerations that go in to the thought process about provisioning an alarm for your employees when the alarm almost always means either "I have a time-sensitive question about a patient's ongoing medical emergency" or "your patient is about to die".
Hospitals in my area of the US still use POCSAG pagers, totally unencrypted. They do mention patient information, but I guess the obscurity makes it ok.
> Hospitals in my area of the US still use POCSAG pagers, totally unencrypted. They do mention patient information, but I guess the obscurity makes it ok.
Nope, the obscurity doesn't make it okay. If it takes place over the phone lines, it is arguably exempt from encryption requirements under HIPAA (much like a fax).
Otherwise, they're just turning a blind eye and hoping nobody notices (which is surprisingly common when it comes to HIPAA).
The good news (for them, not for patients) is that, even if they get caught, the maximum fine is $2 million per calendar year per category of violation, so if they're flush enough they don't even need to bother being compliant in this area.
It's over the air, not even phone lines. PDW, SDRSharp, and an rtl-sdr dongle is all that's needed.
And yes, there is a lot of patient info in that traffic. It's not illegal for the hospital to broadcast this, and it's not illegal to listen in and decode the signals, but it is very much illegal to do anything with the information gathered.
> It's over the air, not even phone lines. PDW, SDRSharp, and an rtl-sdr dongle is all that's needed. And yes, there is a lot of patient info in that traffic. It's not illegal for the hospital to broadcast this, and it's not illegal to listen in and decode the signals, but it is very much illegal to do anything with the information gathered.
I'm not familiar with this particular technology, which is why I didn't make a definitive claim in my previous comment. But I am quite intimately familiar with HIPAA and related regulations, and I am extremely skeptical of the third sentence you wrote.
Maybe it uses particular spectrum that is considered illegal to tamper with, just like analog cell phone signals, and HIPAA (inappropriately IMHO) leans on that to explain away an exemption from encryption?
I don't think I have any logs of these any more, but when I was listening on the local hospital's pager traffic, I seem to recall messages that were along the lines of [last name][room number][sexually transmitted disease test is complete].
Surprised me at the time too because I used to do work dealing with processing CDA documents into fhir data and I know how crazy HIPAA can be with PHI/PII, but at the same time these legal frameworks often have carveouts or super serious adoption deadlines that keep getting pushed to next year (and then next year, and then next year).
At least twice, I've accidentally set my iOS devices to the Do Not Disturb focus mode. First time made me miss a job interview calendar reminder, leading to me (1) learn there's no way to disable this 'feature', the 'do not disturb' focus cannot be deleted, and (2) setting the DnD-focus-mode-specific wallpaper to something radically different from normal just so I'd spot it faster next time. It did happen again, but the second time I knew what was up even on the lock screen and turned the focus back to normal before it did any harm.
More to do with the fact a pager will reach places a phone won't. Operating theatres are often in the basement or the middle of the building where mobile signals don't reach but pager signals do. They're super high power and lower frequency so they penetrate further.
The history of phone tech is "can we get more done with less joules?", while a pager is "you have one job".
Even when a pager is implemented on top of normal cellular networks like 3/4/5G, it's still better because there's nothing else on the system to drain the battery.
But it doesn't need to be on those systems at all, it can be an even less 'smart' radio receiver such as POCSAG system, on its own frequency, chosen specifically for getting though concrete etc., and disregarding any concerns about bandwidth because 1.2 kb/s is probably more than it needs.
It actually makes a lot of sense. A lot of pagers operate on lower frequencies (~100 mhz instead of 400 or 700) that can penetrate way deeper than the higher frequencies used by modern phones. Plus the data rate is substantially lower, which acts in the favor of getting reception.
So yeah it makes a ton of sense. These are very different devices operating using different frequencies and protocols.
Pagers are typically unidirectional. So a client's inability to transmit back an ACK deep inside a building is not a constraint. Just crank up the broadcast power on the network side.
Just because the number of abstraction layers can be reduced doesn't mean they need to be. You might gain back some CPU cycles, some milliseconds of execution time. But the tradeoffs of maintainability, legibility, and developer quality-of-life may, in the long run, reintroduce abstraction layers of some other type back into the overall SDLC.
The VIPER pattern is my biggest bug-bear (but older than I realised: I didn't see it until recently, and it still seems to only be described on the German Wikipedia and not the English one), which seems to come with more glue code than business logic.
I also get annoyed by HTTP 200 responses containing JSON which says "server error", and web pages which use Javascript to re-implement links, image loading, and scrolling — all of which are examples of a high-level abstraction reinventing (badly) something that was already present in a lower-level of abstraction.
Lasse Collin pulled everything back to a standalone git repo, with all of the compromised code removed: https://git.tukaani.org/, which is now, I presume, the official distribution source for XZ.
Many open source projects often already do receive US government funding, mostly through an onerous grant-application process. Nationalizing American open source projects could make them operate more like European open source where their EU funding is open and clear. The detrimental trade-off, however, is that the American agencies most capable to support and contribute directly to infrastructure security have burned away all trust from the rest of the world. Direct contributions directly from those USG agencies would reduce global trust in those projects even worse.
> Virginia Woolf wrote a famous essay, 'Shakespeare's sister', about how a figure like her could never hope to be a writer or have her writing preserved, so she has become something of a symbol for all the lost voices of early modern women.
This is a central point also that Woolf makes in _A Room of One's Own_.
The quote you give, is a nice example to see how history, historical research, etc has everything to do with setting the scene for the present, and not much to do with the past.
History is a present day activity. It is akin to the background scenery in a play - it provides the context for the present, it sets up our current stories. It's all to do with interpretation, and that is only ever present.
Yes, and of course all of the rights and social privileges which applied to the monarchy applied likewise to everyone else, and thus all women during the Elizabethan era were precisely as free as Elizabeth herself.
My apologies. I keep keep forgetting people here are incapable of detecting sarcasm.
Your perspective is skewed. Virginia Woolf lived in the 20th century, and the Elizabethan period ended a few centuries before she was born. You can't use Virginia Woolf to prove anything about gender norms in the Elizabethan period, much less compare the norms between royal, noble and common women during Shakespeare's time.
Protonmail can still be the best choice for a pseudonymous mail service so long as it's combined with diligent, consistent IP address obfuscation. Protonmail will continue to allow logins and new account creations over Tor. All the major free email providers have long since disallowed new signups over Tor, and most have some form of degraded user experience when logging in over Tor, if they allow it at all. Small, niche email providers appear and disappear so often that relying on them still to exist even a few months into the future is a big gamble. Hosting one's own email requires payment of some type to the hosting provider, so it is not anonymous. Other privacy-oriented free email providers, such as riseup, will do exactly what protonmail did, because if they refuse, their only option is to go the way of lavabit.