Perhaps so, but you still have to show that it is happening, not merely that it is possible. Moreover, you have to show that whatever cures you propose are both 1/proportional to the harm and 2/minimize undesirable side effects. (One challenge with the latter is that for some people, those side effects are actually desirable.)
It seems less hard if you datamine the shit out of everything, exfiltrate the social security database, and feed it into a computer. Get the historical voting records. SELECT address FROM voters that haven't voted in 10 years. Send someone to follow the mailman and steal ballots from that address. Or simply don't mail them out in the first place. They're not likely to notice to complain in the first place.
Not that I think the election was rigged, but if you think it's "unbelievably hard", I think that's a failure of imagination.
You’re describing an attack that entails both hacking the SSN database, 1 to 50 of the state voter databases, then physically following mailmen around and stealing ballots…
> If someone mails in my absentee ballot and I don’t complain, how do you detect that voter fraud?
You get followed up in an audit, if anyone asks. This happened like three million times in Arizona.
> there are currently many ways to vote illegally that don’t get detected
There are. None of the proposed plans limit them. (No county requires scanning and biometrically verifying passports. You could buy a wrapper on eBay and inkjet the pages in most counties.)
There are also lots of ways to blow up public buildings. We don’t require ID to enter DC because the frequency of the harm isn’t matched by the cost of enforcement.
We already handle all of that, comrade. Every corner case floating around your brain was floating around someone else's brain a long time ago. Most of this is covered in high school in the US, and it's all enforced by volunteers from across the political spectrum.
Our documented examples of voter fraud come from a time when in-person voting was the only option, again something we teach in school, while the modern concerns from security professionals focus almost entirely on electronic voting machines.
I do something similar with prepend.com and find it helpful for sorting. Also fun to see which domains sell my email and which dont (blacksocks.com hasn’t show up from anyone else in 20 years).
I'm not a lawyer, but I'm currently working on getting my company HIPAA-compliant, so I know more than the average person about this.
My understanding is that there's a thing called the "conduit exception" which basically says that if data is transiently passing through a channel and it's not being looked at, it's ok. But wherever the data lands must be HIPAA-compliant.
This seems crazy to me, but that's how it works I think. For example, if you encrypt PHI and store it in AWS without signing a BAA with them, that's a HIPAA violation, even though the data is encrypted and Amazon can't see it. But if you send encrypted data through AWS without actually storing it, that's fine.
Mail is specifically mentioned as a thing that qualifies for the conduit exception. I'm not totally clear why it isn't a HIPAA violation the moment it arrives at a destination (it's not in-transit at that point, and it's potentially not in the possession of the intended recipient either), but it seems pretty well accepted that it's not.
All that to say: I think encrypted email would still require a BAA because it's being stored, not just transmitted.
> My understanding is that there's a thing called the "conduit exception" which basically says that if data is transiently passing through a channel and it's not being looked at, it's ok. But wherever the data lands must be HIPAA-compliant.
Sounds like they needed fax to be compliant, and came up with some moon logic to make that happen.
Could you do a p2p connection via browser that would still send the message to the person's "inbox"? I suppose not everyone even has an on-device mail client anymore though.
Honestly, I think it's just because it's a crime to open someone else's mail. For whatever reason that sort of policy isn't extended to encrypted data in the cloud.
It was a law written in the 90s, it should be updated and modernized.
Same goes for phones (and by extention, fax). Since wire tapping is already illegal, it doesn't need to be secure (at least going by the law).
I agree the laws need an update. I'd imagine a general 'common communication channels' or whatever would work, rather than specifing every single one that's allowed to be used. That way, it's still illegal to snoop on your communications, regardless of whether they happen by post, phone, email, SMS, Whatsapp, or whatever else we end up using in 20 years.
Dollar bills are essentially untracked, good everywhere, secure, work no matter what. Same goes for normal mail, and it's a federal offense to tamper with it.
Nothing electronic will ever be secure, unless it is never, ever networked. Networking changes "touch physical thing" into "everyone on the planet plus their bots" can touch it.
Even if you pass harsh laws, you need to geogate network connections to only within that legal jurisdiction. Otherwise, it's pointless.
The real, true problem is anonymousness. I used to advocate for, now I'm done. The problems anonymity solve, are a gnat compared to the ones it creates.
I'm all for ipv8, but with a unique ID in the packet identifying the person directly.
I can't drive a car, own a gun, drive a boat, buy explosives, ply many trades, and 100 other things without a license. Maybe unrestricted internet access is in that category, and bad behaviour means it is revoked.
The Internet was a toy for a long time. Now it's the backbone of all commerce, industry, personal communication, with life threatening implications at times.
I spoke of licensing, for unrestricted internet access. No one will have unrestricted access otherwise.
The criminal intent was giving somebody without a license, access to your gear to spoof you. If someone is too ignorant to not know what that means, then they would never acquire a license.
So no internet for 99% of people? Computer nerds only? You probably don't need any more restrictions with that standard in place. That was the early internet.
No "unrestricted internet" for 99.9% (or even 99.99%) of people.
The massed will still be able to access youtube, google. They won't be able to open random ports without proxies, and yes that means even online gaming is going to be controlled.
It's a crime to open someone else's mail and generally speaking the post office does a pretty good job of reliable delivery. Even if an address is a bit wrong/corrupted, it can likely be delivered just from the name and the zipcode.
Email is a lot harder. The older SMTP standard sends emails unencrypted so there's a possibility of a MITM reading the email. But also addresses if you get them wrong can end up in the wrong hands. For example, if someone sends an email to cogman10, I'll get it, but if they go to cogman1O I won't get it. A lot of the nuance of how secure and when it's secure gets erased by auditors to just "email is insecure".
Isn't the post office heroics normally when it's not deliverable? If the sender wrote down 744 Evergreen Terrace but they meant 742, that mail will be delivered to your neighbor and hopefully they'll redirect it to you.
The post office is heavily regulated not to open your letters with severe criminal penalties if they do. An attacker also can't quietly X-ray your letter in transit to get a sneaky copy.
It’s hard to tell. I’ve worked on projects with 50 programmers and it seemed many did nothing and a few did negative work.
We went through a round of layoffs and I had to “finish” another programmer’s work. It was a java app with servlets and JSP and a bunch of web forms submitting back to a database. He had just copy and pasted the html into his JSP so it had the sample data and messages. Everything submitted and went to the next page, but nothing was posted or saved.
He did this like 20 times for all his modules. Maybe six months of “work” was like nothing done.
I like to work on small teams that collaborate enough so if someone isn’t doing anything then we know. And I don’t think anyone’s work in my immediate vicinity is performative.
That being said, it’s hard to know people’s process and what is productive to them. If you take a small sample you might not understand. And what you think is performative may be essential. This seems common when I was younger when I thought “I don’t understand it, therefore it’s not important.”
I’m currently thinking through a tough program and browsing HN at 10am and it’s an essential part of my workflow.
My whole career (15+ year) is built on orgs (Fortune 500s, academia, government, and even startups) hiring me to actually get something done that an employee spent months "working on" that ended up useless and scrapped. It's everywhere, all the time.
Additionally, you can be productive from a development sense, ship functional software that is to spec, and everybody is happy - and it still never gets used, or gets canceled, and does nothing for anyone. This too, could also be considered performative.
The money does put food on the family dinner table, so be it.
The most shocking thing about entering Software as a career was the enormous number of "Brillant Paula Beans"[1] that are out there silently working, doing meetings, participating in all the software rituals, but producing useless and ultimately scrapped work product.
Yeah, the second one is really the most bitter pill - work for a year or more, see that the PMF or the actual product isn't going to meet the needs; raise red flags, nobody cares (or worse, people actively fight you and torpedo you) and then you get to see it literally do nothing in production.
I have seen this a lot in the mid sized business (<300 employees usually) and its the "we have enough money and no accountability and terrible processes to even understand the world" but my favorite one is my friend spent six months building a product offshoot from a core product, got pulled into meetings with directors to tell him to shut up about how it wasn't going to work for the target market, and when he finished they sold 4 units.
I’ve been in such a work context for the better part of two years, as a contractor, and by God it is soul crushing to give your best to do a good job, and to see it ultimately ends up in the bin.
I quit weeks ago, and they are already begging me back because I was good at what I was doing, to work on yet another hallucination from the higher ups that will be scrapped in 6 months.
The good money doesn’t make up for the existential pain. Maybe I’m too old for this shit. (20 year career and a burnout that made me reassess the value of my time on earth)
I work almost exclusively in small (<100 employees) firms, usually no more than 20 developers, and it’s a complete mix here too.
One firm might have the most dialed in effective team you’ve ever dreamed of. The next four are average or OK. Then you get companies run by absentee owners and half the developers are stacking a $150k a year paycheck and literally not working at all. The company itself is highly profitable so the owner doesn’t care
It’s just a mixed bag all over everywhere you go. No generalities to be found in size but only in culture and outcome.
There's that, and then there's the other kind of negative work, whereby a rockstar engineer develops something that works but only he understands, completely failing to document it well. When this engineer leaves, the project is unmaintainable by virtue of being incomprehensible. In both cases, the management has been clueless.
Yup, the visualization didn't help me understand the concept any more than plain text. Superficial in the way that you would expect from a system that has no real world reference for what it is creating.
To get something better I expect more than a one-shot is needed, and the knowledge to guide it in the right way.
You're pretty lucky, then. This kind of file sync is a cursed problem in general (in that a truly robust solution is just not possible), but onedrive seems to be particularly bad in terms of reverting local changes, not syncing changes, and generally messing things up, especially when there's a lot of files, and even when there's only one user of the data. (it also makes anything involving writing lots of temporary files even slower, like most software builds).
It needs to read the repo under .git; that’s a lot of files that may not be synced, depending on local disk space, frequency of use, etc. The local disk is just a cache.
There may be an option to Always keep on this device, which might help.
Thanks for your note. I’ve wanted to get off gmail for years and your description answered many nagging questions I had been too lazy to look up.
I switched my domain over to fastmail and have been using it for the past hour and seems promising. The interaction with the company is nice too and they seem very much “do one thing well” and doesn’t make me feel scummy like every time I interact with google’s products.
Interestingly I didn’t realize how slow gmail was until switching. Not just the web ui. I use the ios mail app and gmail didn’t support push, only fetch. And the app is 17.8MB (compared to gmail’s 716.7MB). Crazy that it’s 40x smaller.
I would rather invest 10 x 60 Eur = 600 Eur every 10 years into new laptop or bigger RAM rather then trying to switch to non-free email and lose whole Google ecosystem.
Not having much spam is number one priority for me. 50ms delay in refresh rate is OK. In fact I have never noticed and it have never came to my mind that Gmail is slow. Yes, it needs RAM but I was never annoyed by any "slowness".
Losing google ecosystem is a bonus for me and is the main reason I want to leave.
Google has been slowly sucking more and more each year and I have to spend mental energy figuring out how they are trying to screw me over or bill me for something.
It’s worth $50/year to not have that mental stress.
What do you mean by this? It seems pretty likely to be wealthy by investing in these indices. Certainly a “normal” worker who started investing $10k/year in SPY when it started in 1993 has enough wealth to allow them to retire now.
Or if someone knows their friend is sick and votes without an id, how do you detect that?
It seems like there are currently many ways to vote illegally that don’t get detected.
reply