I too miss the dew point feature. The best replacement for Dark Sky I've found is this 10-day view of Weather Underground that's unfortunately only available on their website—I just bookmark the website on my phone home screen. https://www.wunderground.com/forecast/us/tx/austin/30.27,-97...
> that's unfortunately only available on their website
A very old version of their Android app had that view as a 3-day widget for the home screen. Right after it was bought they did a major upgrade and removed a ton of functionality, that widget included.
Private policing predates public policing,[0] and so asserting that this is is a new development is not really correct. The same is true, incidentally, of firefighting: private insurance companies formed their own private brigades to protect their policyholders' property.[1] Lots of things that we tend to think of as "naturally" public services have only very recently taken that form.
The first link appears to have died, at least from my point of view, so I’ll just ask — what era was this early private police force from? In Rome for example it seems like a lot of state-like functions were performed by wealthy/prestigious patrons, right? So the line seems a little blurry there.
On the other hand, I wouldn’t be at all surprised to hear that bounty hunters and private security pre-date the police.
No. Insurance is subject to the "insurable interest" doctrine, which generally prohibits using insurance as naked speculation. There are also far more backstops, reserve requirements, government guarantees, etc., designed to prevent this kind of implosion. Not saying it doesn't happen, but we've had since the South Sea Bubble to learn how to regulate insurance to prevent this kind of thing.
The key difference is that insurance is generally regulated from a consumer protection perspective, since many insurance lines are sold directly to unsophisticated consumers. CDSs are, by contrast, sold primarily these days to sophisticated financial speculators, who are presumably fully aware of the kinds of risk involved.
Huh? People use Credit Default Swaps (CDSs) for decades to speculate on debt defaults...
"South Sea Bubble to learn how to regulate insurance to prevent this kind of thing." - AIG (at the time the biggest insurance company in the US) went down in 2008 during the Great Financial Crisis because they insured sub-prime loans (CDS again).. So I guess there are lots of holes regulators still need to learn....
And yet insurance companies go belly up. Google "failed insurance companies". Remember just 15 years ago? MBIA, Ambac, AIG?
Regulation doesn't get rid of the risk. And it's got zero to do with naked speculation. We simply cannot make risk disappear. Contracting with someone else to eat the risk creates a new risk. Counter party risk just doesn't go away, despite our hopes and dreams.
Even with insurable interest you can have an insurance company wiped out by fraud, mistakes, or (most likely perhaps) a mass event that causes claims at the same time.
This is why flood and earthquake insurance often end up being (underfunded) and run by the state.
Any views on Vanta vs Tugboat Logic vs Laika? I’m trying to choose among them am leaning towards Tugboat Logic. It’s policies seem more thoroughly drafted and they let you test drive the platform, which none of the others allow. Vanta has more integrations but doesn’t currently do Jamf from what I can tell.
Be careful about SOC2 tooling that (1) asks you to do new stuff, or (2) that wants to become part of the fabric of how you manage hosts day-to-day.
Re (1): SOC2 is about adherence to a stated portfolio of controls. Different companies use different controls to reach the same control objectives. Almost all of the control objectives can be met with straightforward best-practices engineering, like having a carefully managed and logged SSO (a reason Okta is so popular), or --- I'm not exaggerating here even a little bit --- being able to describe the basic features of Github to an accountant. I've seen tooling that asks people to install all sorts of random security tooling on desktops and (worse) on servers; having been in SOC2 interviews with major-firm auditors, I can say with confidence none of them know what the fuck any of that shit means.
Re (2): SOC2 is not your security program. SOC2 has no good advice for your security program. Any competently run security program can, with enough grueling documentation, achieve SOC2. The very last thing in the universe you want is "SOC2" literally installing itself on your machines.
I think there's a lot of value in things that help you build and fill out checklists that will allow you to quickly and easily satisfy SOC2 IRL questionnaires; also just to keep yourself organized. But remember that the engineering should come from your engineering team, not from the absolute randos who build prefab SOC2 checklists.
The policy docs are just filler. Auditors never look at them in any detail. They look for last revised date and last review date. Have bought $150 bundle online and submitted as-is without even replacing a single parameter and audit went fine.
but Vanta/Tugboat won't actually do the reviews and training and HR and executive reviews you need. Basically their deal is that they cut volume discounts with the audit firms and then take the rest. They have nice dashboards, don't get me wrong, but only their hand picked auditors will accept them. Others will require you to manually package up the same evidence anyway and upload to their IRL evidence system.
Vanta at least made me sign a separate contract with the auditor, so I’m not sure they’re making money on the difference. The policy docs indeed don’t seem very closely scrutinized, and I’d prioritize the service that can automate more for you. Vanta provided its own client monitoring application which exists alongside JAMF and seems to cover the same controls.
It's more that there is a market price for SOC2 that auditors can charge, and they are adding $20-25K to the price tag, so they need the auditors to subsidize that. At least when I talked to these firms, you could not bring your own audit firm. You had to go with theirs. Nothing wrong there and kudos to them for innovating on the pricing/biz dev, but you can pocket that savings yourself by negotiating the same price drop directly with the audit firm, and using your own scripts or open source to collect evidence. Vanta and Tugboat have nice UIs definitely. It's just the difference between buying a Honda vs. Mercedes. Not everyone cares about paying the lowest amount for a solution. If your budget affords high end convenience, go for it.
Christina, Vanta founder here. Can confirm we don’t make money on any difference, and no money changes hands between us and auditors. It’s just a lower price for customers.
I think this depends on your internal resources. TugBoat and Laika are more project management tools, a great question to ask is if you integrate with my Infrastructure, how many controls within the SOC2 framework are you actually automating. Vanta has been around awhile but I’ve heard mixed feedback from auditors as well as companies that use the tool. I’d recommend looking into Drata, they have the most automation and great auditor relationships. Happy to provide an intro to one of their audit partners that I used to work with to learn more from their perspective.
We did a Type 1 audit with Tugboat last year. I came away quite impressed - the default templates are a great starting point, and the evidence tasks are basically a giant todo list to assign and grind through. It turned a complex project with lots of unknowns into a much more straightforward project.
IANAL but the way our in-house counsel explained it to me is that a pandemic shouldn’t necessarily be a force majeure event, which is about the inability of the parties to execute the contract.
A pandemic would cause a force majeure if the work can only happen onsite and the government has shut down the physical offices.
A pandemic may cause a force majeure for a solo contractor if they catch the disease and are in the ICU.
A pandemic would not cause a force majeure because a company has decided to rethink its priorities as a result of a pandemic.
So a pandemic is covered by the concept of a force majeure without being explicit. The again, we were arguing that the pandemic isn’t/wasn’t force majeure so someone else may have other opinions.
Second workflowy. There are other zoomable nested lists (e.g., dynalist), but they're too slow. Workflowy forces minimalism, which ensures your data is portable and that the handling of it is fast.
Adding colored tags[2] and the Workflowy Code Formatter extension[1] makes it really great.
I was a heavy Workflowy user for my own personal notes for a few years, and then I switched to Dynalist after a colleague recommended it to me. It can do a lot of things that Workflowy can't (or at least it could when I switched a couple years ago) such as format LaTex code. I rely heavily on this software for organizing my thoughts in both work and my personal life, and I use it daily.
I've tried using these tools in a work environment but my colleagues have never really loved it, so it's more of a personal tool. We just use Google Docs in my current work environment.
Scuttlebutt is a social network platform where each uxer has a personal diary where each page is a signed message that links to the previous page. to receive updates on someone's diary, you follow the person. on each page, content is free-form. the most common message type is 'post', but there's a chat app (similar to Cabal) that uses message type 'scat_message': https://www.scuttlebutt.nz/applications#scat.
Cabal is a chat app, built using the Dat protocol (https://datproject.org/). Dat has a similar architecture, except the diaries (sigchains) are centered on content rather than people. so to receive updates on a diary, you follow the _content_, which in Cabal is a chat group similar to a Slack group.
I looked at the faq, but it's rather non-technical. Is there a security/privacy faq? My initial reading is that it's a lot like Twitter or things shouted out in a pub that films and archives everything that goes on? : no expectation of privacy, no secure private messages, no deniabilty?
> I assume any recipient can prove to a third party that someone said something
All public messages are signed with the author's key, so any third-party can verify it.
Private messages are different, though. You need one of the recipient / sender's keys to decrypt that, and so for a third-party to verify it they would need one of those private keys.
You can now generate an unbox key for a private message send it to a non-recipient for them to be able to access the message, which is really cool. No private key sharing necessary!
That is cool. But the point stands that public (to all) and private (to designated recipients) messages are "on the record" and can forever be proven to be made by someone that held your private key at the time?
So if I say: "let's fight racism!" and you later decide to collaborate with a (now) racist government - you could prove (not merely allege) that I should go to the gulag?
our plan is to eventually add a side protocol for off-chain ("off the record") messages which re-use the same cryptographic identities, for all your other conversations. :)
I too find it a bit discouraging that my data would leak away to the whole network eventually. I'd like to have "an island" (I believe this metaphor was used in some docs) to myself and those close to me. Or maybe I haven't yet grasped how SSB works.
hi dmos62, Scuttlebutt is designed to allow users to create social communities with trust-based boundaries, but there's just a lot of work to do to bring our implementation up to match our intentions. for example here's a recent step in that direction: https://github.com/ssbc/ssb-incoming-guard.
How does discovery happen in Cabal or in Scuttlebutt?
Does it use any kind of DHT like Kademlia? I know you want to avoid singletons but are there any hubs that are DHTs or what? How does discovery work? And do you support Web Push?
