I am a user of hackernews with username "advisedwang", an account that was created in Oct 12, 2010. You can find information about me at https://news.ycombinator.com/user?id=advisedwang.
- advisedwangThe GDPR (in art 32) only requires that "the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk". I expect it's quite common for a company to get hacked even if they meet that level. I think the parent comment was imagining that any leak is automatically fined, regardless of whether the company had met some security requirement.
- OK so now "Larry Ellison, a slaver nation, and a PE surveillance focused firm" can "can control American public opinion at the touch of a button"? That seems just as bad.
- The law [1] does not work as an magic all encompassing "ban". It says operating and distributing the app is is unlawful, and the consequence is a huge fine and the enforcement mechanism is suit from the US AG. Nothing says that a sale after doing something unlawful is illegal.
The bigger issue is that the Trump directed the AG not to enforce the law. So something is plainly illegal but is de-facto legal because of executive pronouncement. That is extremely worrying because one aspect of totalitarianism is that the dicta of the ruler has effect of law.
[1] https://www.congress.gov/bill/118th-congress/house-bill/815/...
- > Is that just being ignored while a deal is orchestrated
Yes. There is a series of executive orders (eg [1]) that literally say "To permit the contemplated divestiture to be completed, the Attorney General shall not take any action on behalf of the United States to enforce the Act ...". The "PROTECTING AMERICANS FROM FOREIGN ADVERSARY CONTROLLED APPLICATIONS ACT" only allows the US AG to sue for enforcement, so this essentially is completely waiving enforcement.
This is why congress often gives independent agencies or private actors the right to sue in an act - because the DOJ cannot be trusted to fairly enforce laws if there is even the slightest political or economic valence to them.
[1] https://www.whitehouse.gov/presidential-actions/2025/09/savi...
- If there is a high-demand tourist location (like many parts of Spain) and tourists are more wealthy than locals (like many parts of Spain) then new housing stock will also be soaked up by AirBnBs. In this situation the "just build" argument means you have to build enough housing to house every single wealthy tourist that wants to come before you start seeing any relief to local housing issues. Not only does that mean locals have to wait thought, say, 10 years of construction before their issues are addressed, but in the mean time the tourism sector will have dominated the economy, which is not healty either.
- It's true that you can boil it down a lot. In fact, the book even has a checklist checklist that distills down the advice to one page. However it was overall a very quick read and the extra discussion really did further my understanding of the underlying principles that make a checklist good. I'd recommend reading the whole thing so that you actually make a useful checklist instead of a cargo-cult copy of an aviation checklist.
- People deserve privacy even if they aren't tech savvy enough to use pi-hole, even when they aren't on a network they control, even if they don't know their privacy is under attack.
- I highly recommend The Checklist Manifesto [1] for a excellent guide on how to construct good checklists.
- The more important question is: what is the rate of scientists coming in vs going out?
If they are in balance, then it looks a lot less of a problem. It may even be the case that because of the desirability of working in the US for US institutions the US is gaining the best from all around the world and shipping out a more mixed ability set.
- You probably want to have a UI for account creation and password resets, right? There's a frontend that has to talk directly to identity service.
You may want to bill based on # of active users - well that's interactive with the identity service (you can do this without billing calling the identity services' API, but the alternatives are just other common dependencies.
You may want a tool for the support team to search identity service to find a user or their account status.
If you have a sharing feature, you may want that to verify you are sharing with an account that exists.
- matt3210 clearly means that the content of the website (revealed by the CT log) is what is being stolen, not the data in the CT log
- In particular, note the Google Union's success at getting voluntary buyouts instead of lay-offs for RIFs.
- Exclusively using computed columns, and never directly querying the JSON does have the advantage of making it impossible to accidentally write a unindexed query.
- Requiring that no service is depended on by two services is nonsense.
You absolutely want the same identity service behind all of your services that rely on an identity concept (and no, you can't just say a gateway should be the only thing talking to an identity service - there are real downstream uses cases such as when identity gets managed).
Similarly there's no reason to have multiple image hosting services. It's fine for two different frontends to use the same one. (And don't just say image hosting should be done in the cloud --- that's just a microservice running elsewhere)
Same for audit logging, outbound email or webhooks, acl systems (can you imagine if google docs, sheets, etc all had distinct permissions systems)
- Hedging exposure to copper wire tariffs is not something ordinary people need to do. There's no reason to allow this at a retail level.
- Realistically all but the largest sites are going to contract out age verification to third parties. There will probably be verification companies that will have a wide range of verifications.
- Article says:
> It uses LiveRamp's clean room technology, which lets companies aggregate their data in a privacy-safe environment, without sharing or seeing each other's raw or personally identifiable customer information.
> A hotel brand could use Uber Intelligence to help identify which restaurants or entertainment venues it might want to partner with for its loyalty program, for example.
Not much details on that "Clean room" but it sounds like the third parties get an environment where they can join their data to ubers and then run aggregate queries, but not actually see individual customer records. I'm not sure how I feel about that.
- Whenever I see "President" as a corporate title, I think "over inflated sales title to make clients feel like they are being taken serious and talking to actual leadership". I've seen "presidents" reporting to "vice-presidents"!
- Up until Van Buren v. United States in 2020, ToS violations were sometimes prosecuted as unauthorized access under the CFAA. I suspect there are other jurisdictions that still do the equivalent to that.
- PCs are one of the few things we build ourselves because it's one of the few goods that have standardized and commoditized parts.
If there was a large degree of interchangeability between engines, transmissions, bodies, dashboards (etc) the auto enthusiast community would for sure be building cars from scratch out of parts. But realistically the pieces are tightly coupled and you can't pick and chose.
It's the same with coffee machines - if there were interchangable pumps and boilers and group heads etc, I bet building your own coffee machine would be the norm in a certain crowed.
And to be clear there's good technical, aesthetic, regulatory and business why most large machine's are made of interchangeable parts. I'm not saying car and espresso machine manufacturers have done something nefarious. Just that PCs happen to be free of a major constraint.