Entirely shoot from the hip comment, but at this point I feel it's warranted..
What is with all the Zoom hate? The company have been around for a decade, enjoyed relatively mediocre success until the outbreak of Covid, and suddenly apparently since they're experiencing huge demand and press coverage, every man and his dog is finding reasons to write a blog post complaining about them.
I've read some article splitting hairs over the nuances of "end to end encryption" and how Zoom is so horrible, evil and wrong because they, like almost every telecommunication provider under the sun, can intercept your calls. What makes Zoom so special?
What's driving all this hate? Because it's a far more interesting question than what technical flaws Zoom, or any other product in this category, almost certainly suffer from.
Has someone done any security analysis of Houseparty? It's experienced surge growth in the same period. But in the time I've seen maybe 20 Zoom-hate articles on HN I haven't seen a single mention of Houseparty. What about Google Hangouts: is it "end"-to-"end" "encrypted"? What about its recording feature? Where are the articles? Where is all the hate?
It’s quite simple: Zoom are lying. They’ve doubled down on their lies.
End to end encryption means something. Zoom isn’t that. Zoom is claiming to be that.
There’s not much to it.
They set the stage for it previously, too: they’ve done all sorts of shady things with computers onto which their client is installed. Zoom singled themselves out of the pack by being some of the only name-and-address provided software to use these techniques; everything else that does so is criminal malware.
Apple even pushed an OS malware detection update to remove Zoom’s backdoor.
The issue is not that Zoom is lacking end to end encryption. The issue is that Zoom is claiming to be end to end encrypted while lacking end to end encryption.
Yes, that people should have correct information to base their decisions on seems like an important hill. Even if I personally didn't expect Zoom to be end-to-end encrypted, because I as a technical person know that's difficult for what they're offering (and didn't look at their marketing pages).
Are you actually surprised people don’t like being lied to? Zoom behaves like malware in a number of ways (just look at how the installer works!), and the company outright lies about features like this. Yes, people are going to be upset about this behavior.
I think it’s pretty normal to care about truth in advertising. Also, there have been many revelations in the past few years about internet surveillance. And to top it off, the EARN IT act that’s currently being considered in the US Congress is ultimately aiming to ban end-to-end encryption so passions about this topic are running extra hot. Put all that together with millions of people stuck at home being forced to use Zoom meetings, and you have the ingredients for a pretty good rage cocktail!
This seems really disingenuous, like you care more about dissing someone than understanding the pros and cons of using this tool that suddenly is one of the only ways to connect with people.
b) Zoom is a major phenomenon right now, massive user boost, at first positive articles all over the media about how everyone is now using it for all kinds of things etc. That means people are paying attention to it, and if they find something (and apparently there was a bunch of things to find) the same media is going to pick it up, because it's already talked about everywhere, boosting what normally would be a blogpost somewhere only few read, or a private bug report, to something hitting mainstream channels. Which means more people have opinions about it, which means more space to argue about if those opinions are justified or not, ... (Whereas I haven't heard of whatever "Houseparty" is, neither in positive nor in negative)
c) There's no discussion of Google Hangouts being end-to-end encrypted because Google doesn't claim it is, doesn't claim their servers don't decrypt it, ...
d) If someone finds security issues in hangouts, I'd hope they report it, but given the above it likely wouldn't be as widely reflected in the media. If they'd gotten all the positive attention, more people would be digging there now/rolling out the usual anti-Google talking points/...
It's like a friend invited you to a party at Zoom's house, and you go because of your friend. And then you invite a friend to the next party, and your kids are having parties there.
Until you find out that Zoom's been taking advantage of you and all your friends. And Zoom has been going through your coat in the coat closet, and unlocking your car with your car keys.
You started because of your friend, but now you feel used.
This could have been true except probably half of HN have an Android phone in their pocket. So this, like with Android and Google Play Services, is a case study in perception management. Suddenly the perception of Zoom seems to be forced in a particular direction.
My paranoid 4 glasses of wine self can believe nothing other than money being involved.
It’s very simple: with great power comes great responsibility.
Zoom is having explosive growth, and they very much deserve scrutiny, as half of the world is installing their app, and it’s powering now communication from random birthdays, schools to medical support.
Zoom should have just called it 'Autopilot' instead of end-to-end and HN would have defended it to the death, despite that not actually being what was offered.
I'm several years into the "upgrade" and find myself still swearing daily at the idiocy of the whole thing. Hundreds of scripts used maybe once a year, such as 'dups.py' I tried to run today, broken by a missing parenthesis, and a function moved around.
Utterly pointless and reputationally ruinous. I don't do serious work in Python any more
I recognize it may be difficult to understand, but this is a thread about backwards compatibility. Of course if I had any faith in the contemporary Python community, I would still be treating Python as a serious programming language and not be suggesting this is a difficult concept for someone to grasp.
There's really not much to it, but if it's a foreign concept it may require a kind of conceptual leap. Essentially, this code worked perfectly well, and suddenly it no longer worked. From your perspective, as you quite effortlessly put it, this code is broken. For others elsewhere in more conservative parts of the world, it was not my code that broke, but the surrounding ecosystem.
There is a fabulously unending depth to explore in the chasm lying between these opposing world views. It would be more than possible to write a book on the topic and fail to cover it all, however here are some of the most important aspects, from my perspective at least:
* given a perfectly functional tool relied on heavily by its user to perform their job, and given that tool suddenly decides to change shape such that it no longer fits the user's hand without retraining, nor fits with the remainder of the user's toolset, including custom tools the user has invested in producing, the continued utility of the no-longer-functioning tool is called into question, along with a deserved reappraisal of the tool's applicability in the context of the user's original intended problem domain.
* when the reason for its reshaping is to solve what are highly important problems from the perspective of the tool, but much less so from the perspective of the average user, and that user's application of the tool to real world problems, it can no longer be said that the tool is simply an implement that may be called and relied upon at any point in future -- the tool develops a chaotic life and importance all of its own, and may choose to reshape once again at any future moment (and indeed in this case it has). It is no longer a tool, but some sentient entity demanding unpredictable ongoing costs and attention paid all of its own.
* given a tool that promises to cease functioning 'correctly' at any future moment based on its own whim, preferences, industry fashions and styles, in an ecosystem where many similar such tools exist that explicitly promise not to cease functioning over the same time period, it is a fool's errand to pick the tool that promises to externalize additional costs on the user when alternatives exist that avoid any such cost.
* given tool designers who externalize almost frivolously minor technical costs on to every user, where each 'minor' change is amplified perhaps 10000 times over and directly translates into expensive engineering time, the question is easily raised whether the philosophy of the tool is appropriate for its advertised utility, and whether continued reliance on the tool makes business sense. In economic terms, what was the cost to productivity of the retraining and re-tooling of users compared to any alleged future productivity improvement?
* had I written these scripts in bash, C# or C++, they would not have broken even remotely to the same degree. Of course these are not some completely unevolving entities either, however all take the promise of forwards compatibility deadly seriously, and it is more than possible to find 10-20 year old programs written in C++ or bash that continue functioning to the present day. From my perspective, they are therefore excellent and highly dependable tools.
I think in your rush to appear superior, you missed the much simpler explanation. Your first comment was easy to misunderstand:
> print vs print() is what I think the parent comment was referring to.
as another person mentioned is likely what you meant, but it was easy to take your comment as meaning that you had mismatched parens somewhere, which would imply broken python2, as well as 3.
> * given a tool that promises to cease functioning 'correctly' at any future moment based on its own whim, preferences, industry fashions and styles, in an ecosystem where many similar such tools exist that explicitly promise not to cease functioning over the same time period, it is a fool's errand to pick the tool that promises to externalize additional costs on the user when alternatives exist that avoid any such cost.
This is clearly a falsehood, if the tool provides additional value. To bring things back to the topic at hand, if C++ were allowed to break ABI compatibility in very specific ways, it could be faster. stl container types are slower than many third party ones (absl, for example).
Which is to say that if you want "the best" that C++ has to offer, you have to be willing to have your libraries make backwards incompatible changes.
To jump back to python,
> given tool designers who externalize almost frivolously minor technical costs on to every user, where each 'minor' change is amplified perhaps 10000 times over and directly translates into expensive engineering time
I disagree that this happened. The examples you give are trivially fixable with 2to3. There are harder problems that 2to3 doesn't solve, but it sounds like you don't have any, so the frivolously minor technical costs are frivolously minor, and translates into running `2to3 my_code/` one time, to fix all the missing parens and most of the moved functinos.
> bash that continue functioning to the present day
I have yet to encounter a 20 year old program written in bash that functions to this day. It might be syntactically valid, but it won't do what it intended to do.
I mistakenly thought you wanted clarity on my reasoning, instead it seems I've been made a fool of by providing an opportunity for you to argue a position I already understood and couldn't care less about. It's funny, this is also pretty much the reason I stopped relying on Python.
You're welcome to absorb all the externalized costs your heart desires, but in future please consider reviewing HN's rules before bandying attacks like "smug" and "superior".
Understanding ones views doesn't imply agreeing with them. A tool is only useful if, well, it's useful. A slow C++ is less useful than a fast one. So how is it that you can claim so strongly that the value from backwards compatibility is greater than the value from speed by default?
Bluntly, if I could break the ABI to get a 10% speed boost across the board, is that not worth it?
And I'm well aware of the site guidelines. I certainly don't think asking someone to tone down the holier-than-thou in their comments is a violation of them. Just the opposite, it's encouraged. So I'll continue to ask that you do so if you choose to respond.
Notably compared to the 2008 program, this time around they allow dealer banks to take out cash loans using... equities.. as collateral.
Dealer goes bust, market takes a huge hit, and the collateral value shrinks in correspondence to that hit. Madness. And still the markets have barely even sniffed at these announcements.
I expect before this is all over, POTUS will be making those daily coronavirus livestreams wearing fancy dress and cracking jokes just to keep people interested, because they've already spent every last drop of substance in the opening weeks of what promises to be a 6+ month journey.
BoJ has for a long time purchased equities (like the fed will sometimes buy treasuries and MBS.) ECB just announced this as well. Would you rather equities used as collateral or to have the fed purchase them? As collateral, it is an interesting statement of faith on their future value.
If you follow MMT, we could do away with the whole “loan” shenanigans and just print it and distribute directly.
If you print to buy equities, that’s reasonable, as long as you’re distributing the gains to citizens as UBI and not just buying to put a price floor on assets to maintain the wealth of a small subset of the country. So start buying up assets and fire up ACH transfers for citizens to get their dividends.
“Backstop America”, not just the wealthy. That’s the injustice people take issue with (and rightfully so). We’ve seen this before, we’ve seen how it played out, and the appetite for it to be repeated is likely not there.
The appetite for bank bailouts wasn't there in 2008 either, people took issue with how banks paid massive bonuses during that time. Still it happened. We're doomed to repeat the mistake again
Bank bailouts weren’t the problem. Massive amount of fraud the banks allowed was the problem. They allowed people to borrow massive amounts of cash with little to no income. None of the senior execs were prosecuted.
To be clear, the fraud was banks packaging up subprime loans as prime and then dumping them on the secondary market to unsuspecting investors who thought they were getting quality mortgage bonds (I gloss over the nuance of tranches and CDOs for brevity).
This of course hurt homeowners who had loans made that never should’ve been made, but the root cause was investors not getting what they thought they were buying, and the resulting collapse in confidence. Homeowners were collateral damage, and as you mention, prosecutions were underwhelming (only 1 person was prosecuted).
I felt really bad about ordinary people that got clobberd and then just left to fend for themselves. Ordinary people don't buy houses as 'prudent investments'. They do it because that's where they are in life.
The dates are up to present day. Trump is due to give another press conference during market hours (3:30 today), watch the chaos he's wreaking on your friendly neighbourhood index
If there are large scale falsified numbers in China, local and national authorities are certainly acting like they believe them. People are out and about; restaurants are opening; going back to work.
I don't get how people can simultaneously think "China instituted unthinkable totalitarian measures to isolate and quarantine people" and "all the numbers out of China are false, it has to be undergoing exponential growth like other countries."
You can choose one or the other, but not both: they're not self-consistent.
They are self-consistent if “unthinkable totalitarian measures” didn’t work, and the Chinese government has switched to a mitigation strategy without informing the populace.
If you think that people being locked up in their apartments for a month would result in the same transmission rates as people going about their lives freely, I don't know what to tell you: apart from all the other fantastic properties people have imagined SARS-CoV-2 to have, it also apparently can magically infect people who don't have contact with it.
Even if testing completely stopped, presumably an over-strained health system would be obvious and almost impossible to hide.
I can see why people are extremely resistant to believing anything the Chinese government says, but there seem to be indicators that don't rely on their statements.
Because I certainly don't know it, and there isn't anybody around here talking about this for some reason (and ok, even if there were, it would be hard to know if they are reliable - and yes, the entire world knows the reason, China prohibited talking about it).
Images are much bigger than javascript libraries. So by comparison it's a small library. And you're probably decoding, not transcoding.
You want to get browser support, but a gap-filler can keep you from waiting forever to reach 99.9%. And sometimes bandwidth use is more important than clunkiness.
JPEG XR is only supported by IE (since version 2011) and Edge before the switch to Blink/Chromium. Webp is supported by everyone except Safari and IE, but Safari and mobile Safari have about 15-20% combined market share.
New formats are basically only relevant if they get blessed by Google/Chrome, and even then you often need fallbacks for a long time.
Many browsers support some formats that are favorites of some vendor, but the new formats are not supported cross-browser, so the benefits of switching formats are reduced and the costs are raised -- in particular, one benefit of smaller files is reduced storage cost. If you have to support JPEG for legacy and then something else for Microsoft's format and something else for Google you are increasing your storage cost, encoding complexity, etc.
I looked at alternative image formats for a photo site I was working on and never convinced myself that the benefits of switching formats was worth the trouble.
The most common thing I've heard is "blast radius reduction", i.e. the general public are not yet smart enough to run large shared infrastructures. That seems something that should be obviously true.
People had exactly the same experiences with Mesos and OpenStack, but k8s has decent tooling for turning up many clusters, so there is an easy workaround
I still feel like that would only work in very niche cases.
I mean, if people aren't smart enough to run a large shared infrastructure, how can I trust them to run a large number of shared clusters, even if each cluster is small. The final scale is still the same.
The UK HMRC has just absolutely devastated the London contracting market due to a rule shakeup like this. Speaking as an ex-contractor and current hiring manager, the result has been disastrous.
Salaried devs in London are drastically underpaid, contractors make up the difference. Hopefully this will at least push up the salaries to a more reasonable level.
They moved responsibility for determining whether a person is acting as an employee or a vendor in the vast majority of cases to the client, who must demonstrate a bunch of factors (I'm not a tax guy), not least
- the "vendor's" right to substitute himself for a replacement they subcontract (via employment or otherwise) to, irrespective of the client's deemed suitability of the chosen replacement
- the "vendor's" right to a significant level of autonomy, such as the ability to choose their working hours and lunches, and have high level control over their workflow
- the process of determination 'employee' vs 'vendor' must be significantly documented and can be challenged in retrospect for years after completion of the contract
Falling on the wrong side of a determination could leave the client liable for mandatory national insurance and pay-as-you-earn tax deductions. Now HMRC need not prosecute individual contractors, but instead clients (who may hire hundreds of contractors), making the enforcement process much more efficient for them, and much higher risk for the clients.
Net result for companies: building big overnight temporary teams out of contractors e.g. for 6-12 month projects are vastly less likely to do so, for fear that at some future date, the tax man could claw back a year's worth of tax for e.g. 20 contractors on the same project, with non-compliance and late payment penalties lumped on top (which themselves increase with respect to how long it took HMRC to get around to investigating you). It could be the case (hypothetically) that it would only require one member of a team to report the inability to substitute, or the presence of a line manager, for an entire project team's worth of tax to get a question mark placed next to it.
Net result for contractors: anyone who understands what's going on has either pivoted into becoming a permanent employee, avoiding the whole mess, since contracting is an expensive activity to begin with, and the premium has now been removed, or has banded with a few friends and attempted to set up "micro agencies". I've already encountered these, where substitution was advertised very early in conversation.
Net result for the market: it will be all but gone by April 2020.
The bit that sucks, if you are a legitimate contractor, is that rather than clients determining on a case by case basis whether or not a contract falls under IR35, they're short circuiting the whole thing by assuming every contract falls under IR35.
However I suspect this is because _most_ of their contractors are actually just disguised employees, and I say this as a contractor myself. However the legitimate contractors are also getting hit by the backlash now that the clients are on the hook for penalties.
Personally, I'm going to keep contracting past April as I generally only work with small businesses anyway and they can see quite clearly that my contract does not fall within IR35. If however they had 100 contractors instead of say, 1-2, it's much harder to make that determination.
> Net result for companies: building big overnight temporary teams out of contractors e.g. for 6-12 month projects are vastly less likely to do so, for fear that at some future date, the tax man could claw back a year's worth of tax for e.g. 20 contractors on the same project
Why shouldn't the companies be paying the required taxes for the 6-12 months exactly? It sounds like they are doing temporary employment. In other words, this finding sounds exactly correct.
Are there no fixed-length employment contracts in the UK? For these projects, wouldn't the correct thing to do be having these people employed on a limited term contract as full employees, and have to pay all the correct employment taxes and such? This seems like a logical thing for the government to want, and I don't blame them for enforcing it.
And wouldn't the person who's doing this work benefit from it as well? They get benefits this way, and it's not like being fully employed by different companies for 6-12 month stretches is that different from not technically being employed by those employees but working exclusively for them nonetheless over 6-12 month periods.
It eliminates the sizeable premium that previously attracted skilled labour to the instability of contracting. Without premium, why bother with the risk?
FWIW, prior to the recent change, I believe the situation had been the status quo since well into the 90s. I only started contracting circa 2007
Why would it eliminate the premium? Companies would still be willing to pay extra for shorter term highly skilled workers that produce results.
And if that premium only existed because the company wasn't having to pay the employment taxes and benefits that they should, then it deserves to go away. It was tax avoidance, not an actual premium.
Well, from your feedback, the law seem to have had the required effect combining supression of disguised employment, assigning the right responsibility to parties involved and avoiding dilution of said responsibility.
