I think this topic returns with some regularity... It often ends with justification about the need for a promotion of a particular executive that is involved with that inevitably undeniable success
Would like to see more of the captured data, because a simple "about" dialog, would also need to call some server to check, if it software is in the latest version. To display the "you have the latest version" label.
This is United Statians being the victims of their own crazy date writing style again. (-:
Michael Horowitz did this on 2021-10-22, and it returned the value 2021.1019.1.0.
Today, on 2025-06-07, it is publishing the value 2025.424.19.0. Which would be last April the 24th.
It's blazingly obvious that it's the last date that something downloadable got updated, with a version or sequence number of some kind. The zero in the final field is probably there because someone is using a 4-field version datatype. To publish a date.
I wouldn't be surprised if the final zero is actually intentional; it would allow incrementing it if you need to publish more than one version on the same date. It's not likely to be needed, but if something is on fire and you absolutely need to push out a quick fix, having to figure out what version to call it is probably the last thing you want to have to worry about.
Never attribute to some deeply sophisticated planned ahead engineering, that which can be satisfactorily explained by the fact that it's a lot easier to serialize and deserialize a System.Version in an HTTP body, in a universal fashion that will work for every computer in whatever locale, than it is a System.DateTime plus a separate sequence number. (-:
This is a reasonable reaction to this. I pause when accusations jump immediately to spying as other explanations can exist without adding to FUD and noise online. It's not always difficult to find the purpose of something either with a bit more digging.
I've seen something similar occur for some popular Youtube videos, too. A video author will fire up some arbitrary Windows setup, which can come bundled with third-party software and use Bing for various things including weather in the taskbar and queries in the search bar, then open Wireshark to scaremonger with DNS queries, accusing Microsoft of spying just for requests made by the services/programs/features they have enabled in their install.
When often cursory lookups of the domains in search engines show what their purpose is and are contrary to such videos' alleged (and worse, guessed) purpose.
It's a problem as there are legitimate concerns with certain aspects of Windows software with non-privacy respecting defaults but for an average user it gets muddled with irrelevant/incomplete info that doesn't lead to high quality actionable results.
Hello,
Your Pro plan just got way more powerful with three major upgrades previously available only to Max, Team, and Enterprise users.
Claude Code is now included
Claude Code is a command line tool that gives you direct access to Claude in your >terminal, letting you delegate complex coding tasks while maintaining full control. You can now use Claude Code at no extra cost with your Pro subscription.
"When data subjects exercise one of their rights, the controller must respond within one month. If the request is too complex and more time is needed to answer, then your organisation may extend the time limit by two further months, provided that the data subject is informed within one month after receiving the request."
Backup retention policy 60 days, respond within a week or two telling someone that you have purged their data from the main database but that these backups exist and cannot be changed, but that they will be automatically deleted in 60 days.
The only real difficulty is if those backups are actually restored, then the user deletion needs to be replayed, which is something that would be easy to forget.
Probably most just ignore backups. But there were some good proposals where you encrypt every users data with their own key. So a full delete is just deleting the users encryption key, rendering all data everywhere including backups inaccessible.
Deletion via encryption only works if every user’s data is completely separate from every other user’s data in the storage layer. This is rarely the case in databases, indexes, etc. It also is often infeasible if the number of users is very large (key schedule state alone will blow up your CPU cache).
Databases with data from multiple users largely can’t work this way unless you are comfortable with a several order of magnitude loss of performance. It has been built many times but performance is so poor that it is deemed unusable.
The entire mess isn't with data in databases, but on laptops for offline analysis, in log files, backups, etc.
It's easy enough to have a SQL query to delete a users' data from the production database for real.
It's all the other places the data goes that's a mess, and a robust system of deletion via encryption could work fine in most of those places, at least in the abstract with the proper tooling.
Some of these issues could perhaps be addressed by having fixed retention of PII in the online systems, and encryption at rest in the offline systems. If a user wants to access data of theirs which has gone offline, they take the decryption hit. Of course it helps to be critical about how much data should be retained in the first place.
It is true that protecting the user's privacy costs more than not protecting it, but some organizations feel a moral obligation or have a legal duty to do so. And some users value their own privacy enough that they are willing to deal with the decreased convenience.
As an engineer, I find it neat that figuring out how to delete data is often a more complicated problem than figuring out how to create it. I welcome government regulations that encourage more research and development in this area, since from my perspective that aligns actually-interesting technical work with the public good.
> As an engineer, I find it neat that figuring out how to delete data is often a more complicated problem than figuring out how to create it.
Unfortunately, this is a deeply hard problem in theory. It is not as though it has not been thoroughly studied in computer science. When GDPR first came out I was actually doing core research on “delete-optimized” databases. It is a problem in other domains. Regulations don’t have the power to dictate mathematics.
I know of several examples in multiple countries where data deletion laws are flatly ignored by the government because it is literally impossible to comply even though they want to. Often this data supports a critical public good, so simply not collecting it would have adverse consequences to their citizens.
tl;dr: delete-optimized architectures are so profoundly pathological to query performance, and a lesser extent insert performance, that no one can use them for most practical applications. It is fundamental to the computer science of the problem. Denial of this reality leads to issues like the above where non-compliance is required because the law didn’t concern itself with the physics of computation.
If the database is too slow to load the data then it doesn’t matter how fast your deterministic hard deletion is because there is no data to delete in the system.
Any improvements in the situation are solving minor problems in narrow cases. The core theory problems are what they are. No amount of wishful thinking will change this situation.
Instantaneous deletes might be impossible, but I really doubt that it’s physically impossible to eventually delete user data. If you soft delete first to hide user data, and then maybe it takes hours, weeks, months to eventually purge from all systems, that’s fine. Regulators aren’t expecting you to edit old backups, only that they eventually get cleared in reasonable time.
Seems that companies are capable of moving mountains when the task is tracking the user and bypassing privacy protections. But when the task is deleting the users data it’s “literally impossible”
It would be interesting to hear more about your experience with systems where deletion has been deemed "literally impossible".
Every database I have come across in my career has a delete function. Often it is slow. In many places I worked, deleting or expiring data cost almost as much as or sometimes more than inserting it... but we still expired the data because that's a fundamental requirement of the system. So everything costs 2x, so what? The interesting thing is how to make it cost less than 2x.
You can use row based encryption and store the encrypted encryption key alongside each row. You use a master key to decrypt the row encryption key and then decrypt the row each time you need to access it. This is the standard way of implementing it.
You can instead switch to a password-based key derivation function for the row encryption key if you want the row to be encrypted by a user provided password
This has been tried many times. The performance is so poor as to be unusable for most applications. The technical reasons are well-understood.
The issue is that, at a minimum, you have added 32 bytes to a row just for the key. That is extremely expensive and in many cases will be a large percentage of the entire row; many years ago PostgreSQL went to heroic efforts to reduce 2 bytes per row for performance reasons. It also limits you to row storage, which means query performance will be poor.
That aside, you overlooked the fact that you'll have to compute a key schedule for each row. None of the setup costs of the encryption can be amortized, which makes processing a row extremely expensive computationally.
There is no obvious solution that actually works. This has been studied and implemented extensively. The reason no one does it isn't because no one has thought of it before.
You’re not wrong about the downsides. However you’re wrong about the costs being prohibitive on general. I’ve personally worked on quite a few applications that do this and the additional cost has never been an issue.
Obviously context matters and there are some applications where the cost does not outweigh the benefit
A set of encryption keys is a lot smaller than the set of all user data, so it's much more viable to have both more redundant hot storage and more frequently rotated cold storage of just the keys.
Depends on the processes in place at the company. Presumably if a backup is restored, some kind of replay has to happen after that, otherwise all the other users are going to lose data that arrived in the interim. A catastrophic failure where both two weeks of user data and all the related events get irretrievably blackholed could still happen, sure, but any company where that is a regular occurrence likely has much bigger problems than complying with GDPR.
The point is that none of these problems are insurmountable - they are all processes and practices that have been in place since long before GDPR and long before I started in this industry 25+ years ago. Even if deletion is only eventually consistent, even if a few pieces of data slip through the cracks, it is not hard to have policies in place that at least provide a best effort at upholding users' privacy and complying with the regulations.
Organizations who choose not to bother, claiming that it's all too difficult, or that because deletion cannot be done 100% perfectly it should not even be attempted at all, are making weak excuses. The cynical take would be that they are just covering for the fact that they really do not respect their users' privacy and simply do not want to give up even the slightest chance of extracting value from that data they illegally and immorally choose to retain.
> The organisation might need you to prove your identity. However, they should only ask you for just enough information to be sure you are the right person. If they do this, then the one-month time period to respond to your request begins from when they receive this additional information.
In my domain, our set of services only authorizes Customer Centre system to do so. I guess I'd need to ask them for details, but I always assumed they have checks in place
"flabbergasted" ? That's quite a strong reaction. It's somewhat normal for nerdy mc-nerdfaces, which the writer definitely is (in all the good ways), to tell people about their hardware. Or at least it used to be? Seemed pretty geek-norm to me even if it was jarring.
I chose not to write it earlier but my candid thoughts were that he seemed too old to still be doing this. Its just younger enthusiasts and professional gamers that do this, and the younger enthusiasts eventually get enough money for a mac and choose that.
The PSU is completely overkill, as if he was going to get GPU's. But then he has this completely outdated and old, power inefficient GPU in it instead, which is nothing to brag about and doubly warrants an explanation if the rig is to be explained at all. All while newer GPU's from the same company solve all of his driver and OS problems.
> However I will never forget how the one man, who never actually did any work, who interrupted everyone, and who made these accusations, was basically doing everything he could do "seem like he had a job".
Judging from your description, you could actually be a threat to his position. So that might be a preemptive strike.
I had not even thought of that! I did accidentally after a 10 hour day - slip for for half a second and said "what!?!?" it was less than a second and I was half way through leaving - it was after working hours, it was a big, complex question and interrupted my flow brashly, I didnt even realise I had said it in the wrong tone and that other poeple may have heard it. I immediately did my best to answer the question, but that slight slip up must have made him feel embarrased and under threat. I remember it now. To be fair it was after work, the wrong moment and really an interruption, when a calm "can we discuss this at one point" was expected in that env.
A lot of people in management also have imposter syndrome which makes anyone under them that appears competent seem like a danger to them.
While doing a contract and consulting I've ran into this, but nothing like my wife in her career.
First corporate job as webdev/design, had her boss get fired for embezzlement of about quarter of a mil. Bosses after that kinda sucked so she left.
Second job (marketing manager/design) was fine for a while, until her great boss left and they replaced her with a sketchy character. I listened in on a number of her meetings and we came to the conclusion that he wanted to bring in a contracting group that was going to give him kickbacks. This guy seemed highly threatened by her. She found another job and within 6 months that guy was fired and the people that still worked there didn't know the exact details but there were hush hush whispers of fraud.
Third job (sr marketing manager) was fine with the first boss over her. But as always, that person found an even better paying position and left. Next director had an issue with taking other people's work and calling it her own. Wife did something unintentionally to embarrass the director in a meeting when the director had taken my wife's work and put her name on it and upper level management saw it. A few days later my wife was put on a PIP by her manager the director even though she had got outstanding remarks on the last quarter review that had ended a month before. Needless to say she did the following. Went and got a better job (director level now) but didn't tell them that. Then went to HR and filed a complaint over the PIP and ethics violations. After some back and forth it ended up with her leaving with a severance.
Really everything I've seen in management as you go up higher in the food chain is that it seems everyone is willing to, and expects others to knife them in the back in a lot of companies.
Another wild, unsubstantiated guess... The reason for him interrupting others, might be the stress caused by not understanding what's being said, but having to hold the professional image
YouTube on the other hand...
reply