I feel you're missing the point. Your angle is self perpetuating. People have a higher risk of cardiac arrest at the fear of the consequences of missing the IRS date. The argument being made is that there won't really be any major consequences - if millions of people miss it because of a TurboTax issue, an extension will be granted.
Why should the engineers be stressed and overworked because other people are scared of something that doesn't have to happen?
The world is less stressful and - I think - better without manufactured urgency like what you're defending.
Don't get me wrong, some things are life and death, like life support machines. Taxes are not.
Pretend it's a smaller company. 100k people late. That's small enough to make a special exception quite unlikely, but big enough to be a lot of very stressed people. It's not self-perpetuating logic, it's how deadlines work. Letting those engineers off the hook won't solve the deadline, those people will just be told they should have done it sooner and they will suffer the consequences.
Despite not being anywhere near life or death, the stress is real. And for most people it's not crippling stress, but neither is being on call for a single week out of the year. If we're going to blow that level of on-call into a "risk of cardiac arrest" then to be reasonable we have to do the same thing for tax filing failures.
There's no way for deadlines to not be moderately stressful. You can't decide to avoid urgency and stress.
Again, you're still missing the point by trying to focus on specific examples that perpetuate the idea that everything must have a deadline and a deadline must be fixed and heavily consequential.
If you keep on creating examples where x number of people face consequences for being late, then yes, there will always be stressful consequences for being late.
Yes, there will always be situations like this, actual life or death situations. Don't release this update to address a newly spotted bug, pacemakers are all going to switch off at midnight and people die - worth the stress from the engineer and everyone else involved to keep people alive.
Is a tax return one of those things? It doesn't have to be. Unless you want to insist it has to be. That is my point.
> There's no way for deadlines to not be moderately stressful. You can't decide to avoid urgency and stress.
Owners of deadlines can decide to avoid urgency and stress if they have the resources to be flexible with submissions. Most deadlines are not life, death, urgency and stress, unless people make them to be.
If you're sincerely interested in the answer to that question, I'd highly recommend reading the article, because a good portion is dedicated specifically to answering that.
I read the article - up to a point. The guy goes to such great lengths not to admit that a huge proportion of the physical parts in the phone are from China. E.g, he keeps saying "Western distributor" to avoid saying "China-made." (Think about it: why would any reader care about the distributor's nationality?!) He just rambles on and on, trying to baffle us with bullshit - eventually I stopped reading.
There is zero chance that a smartphone will ever be made out of 100% US-manufactured parts, or even close to it. And the evidence is right in this article, if this is the best effort to manufacture a "US phone."
I've also seen it a lot: sales person at a small tech startup convinces business person in large tech company to ignore their own engineers. I suspect most engineers at large firms have been on one side of this experience at somepoint, and most engineers at small but successful tech startups have been on the other side (lead engineer to sales: "You told them our our product could do _what?!_ That's fine. I never wanted my PTO anyway...:(")
Hell, small in this context can be Snowflake or Databricks, this is the concept of Shadow IT - a slick sales call can convince and move things in a business that an army of engineers will struggle to convince their bosses of.
External sales person says "oh you've been struggling with that for YEARS?!!?!?! We can get that done in 90 days if you can get that group of people on board" (3 years passes, everyone involved doesn't work there anymore, the project is a mess)
External sales person says "oh you've been struggling with that for YEARS?!!?!?! We can get that done in 90 days if you can get that group of people on board" (3 years passes, everyone involved doesn't work there anymore, the project is a mess)
Daily I carry the shame of having been an engineer on both sides. I went from big enterprise to small start up. It's horrible speaking to an engineer at a new client, knowing they can probably do the work you're about to have to do, but better, faster, quicker and cheaper than you. Ultimately we're all just there for "the business" so we just have to get on with it.
Knowing you've built the solution perfectly to the spec, whilst also knowing that the spec wasn't reviewed or endorsed by any technical people so the client's entire engineering team thinks you're incompetent, for just doing what their colleagues asked you to do...
I thought this was an interesting read, but I don't necessarily like or agree with it.
I browse fediverse stuff occasionally, and mess around with single user instances for the technical fun, but I've never really had a mature mastodon account anywhere.
The reason why I occasionally browse mastodon is because the vast majority of content I consume online (alright, often from nerds) also list or have a mastodon profile. Sometimes it's not always up to date. But I see and use the mastodon profile links more reliably than I see and use Twitter ones now.
It clearly works. It's obviously not perfect. But I feel like the author is constantly judging a fish by its ability to climb a tree here. E.g.
> The most immediate problem is that you only have access to posts that are present on your local instance, and posts are only propagated to your local instance if it has expressed interest in them (to the instance where they originate). It’s a chicken-and-egg issue: how do you know whether you’re interested in something if you can’t see it?
Maybe I've misunderstood, but I thought this was the entire sales point and draw of many to mastodon, that it's not just one big messy free-for-all like Twitter. It's partially separated by design, and you get to choose.
But then they go on to speak positively of Bluesky with:
> It offers much of the best of Twitter: with a well-curated set of follows (and a chronological, not algorithmic timeline), I get to hear directly from a lot of true experts commenting in real time on current events.
So Bluesky is good with a curated set of follows, but mastodon is bad because you have to curate who to follow?
IMO, most of the authors problems here are with parts of social networks that are put in place to deal with the products of the worst part of human nature (spam, greed, aggression etc.) I can't help but feel the only sort of social network this author will be happy with is one that doesn't have an humans on it.
I'm finding it hard to make sense of your comment: I can't reconcile some of the stuff you're saying. My gut feeling is you're either ridiculously smart, so smart that defining and implementing a security rules engine for a web server is something genuinely trivial for you, and the world has a lot to learn from you. Or, you're really, really not aware of how much you don't know, so much so that you're going to end up doing something stupid/dangerous without realising.
Either way, an example of a supposedly fast web server written by you should clear it up pretty quickly.
Sorry, because this feels a little rude, and I don't mean it to be, but you're contradicting quite a lot of widely held common sense and best practise in a very blasé way, and I think that makes the burden of proof a little higher than normal.
Not OP, and also not a web server genius, but I read OP's comment as allowing server administers to write policy in OPA then just using https://github.com/microsoft/regorus/ to determine whether to allow or forbid the connection. The web server author can clearly document what is available in input/data to be checked against in the policy. Is it really more complicated than that?
I honestly don't know. I'm in the same place as you: not a web server expert. But I did spend a bunch of time in security a while ago, so maybe it's my own bias to be sceptical of anyone who casually suggests building and implementing their own boundary security solutions.
As well as that, the idea that the language any software is written in is largely irrelevant, especially in the context of performance, is not at all obvious or intuitive to me. I get that it would look that way if you reduce a web server down its core functionality. But that also is a common mistake in educated but inexperienced early career software engineers.
I don't know this stuff, but I know enough to know how well I don't know this stuff. I'm trying to work out if the stuff I'm reading is from someone who I should learn from, or if it's from someone with a lot of confidence but limited experience. It could be either, I'm sincerely on the fence, but a git repo of their web server would help clear it up for me personally.
> Is it really more complicated than that?
I can't say without really doing a thorough review. Even if regorus is 100% reliable rules engine, my understanding is it's a rules engine. I assume there's still a bunch of custom integration needed to manage and source the rules, feed them to the engine, and then implement the result effectively and safely across the web server. It can be done quickly and easily, but to consider everything and be confident it's done correctly and securely? I don't think that can be done trivially by the average human without some compromise.
a rules engine for a web server isnt difficult if it doesnt have to carry responsibility for the web app security itself. then its as the posted outlined really...
that being said, its common for new servers to have old vulns, not many coders will go over cve reports of apache and nginx and test their own code against old vulns in those.
i do find a lot of claims about performance or security are oftend unsupported as with this server. it just says it on the readme but provides no additional contex or proof or anything to back up those claims.
my thought is that original commenter gott riggered by that, perhaps rightfully, and points out thia fact more than anything. if you want to claim high performance or security, back it up with proof.
the simple fact its in rust doesnt make it more secure. and using async in rust doesnt imply good performance. it could in both cases. wheres the proof.?
You're comparing something generic, like an internet connection, to a personal website. They're not really similar.
It sounds like you want to be able to express yourself personally, but you don't want to be personally responsible for what you use to express yourself.
Have you considered social networks? E.g. twitter and facebook: they're pretty painless to setup, integration isn't easy but is well documented. Migration isn't nailed yet, but mastodon and bluesky have approaches to that covered, so how about them?
I like this, thank you! I just lost an hour of time to the exact sort of random but considered personal websites that I think made the Web great in the first place.
Thanks for the great feedback:-) This is what searchmysite.net is attempting to do - help make "surfing the web" a fun leisure activity once more. It is good to see more people seem to get that point now. When it was on HN nearly 3 years ago[0], many people saw a search box and thought it must be a Google replacement, but were disappointed to find it wasn't. And I guess now more than ever it is useful to have a way of finding content on the web which has been made by humans rather than AI.
At a big corporate, we had an Apache Solr based search which had some reasonably clever lemmatization and stats analysis and spell check config to suggest alternative searches if not many results were found for the original query, but one day someone reported an unfortunate edge case which caused a bit of a panic - if you searched "annual report” it returned "did you mean anal report?" (we were in the finance sector rather than medical sector, but there were a lot more documents in the corpus containing words like analysts, analysis, analytics etc). Anyway, the point is yes, it is great to have that sort of functionality, but it does come at a cost, and a small project like this might prefer to keep it simple.
Generating suggestions from something other than what your users have already given you is inevitably going to result in something different and potentially offensive being shown to them.
One solution is to offer suggestion from a list of previous searches.
Also, that is very much a big corporate problem: I imagine most searchmysite users are mature and stable enough not to have a melt down at the word "anal".
But I agree with your point, sometimes seemingly small features take a disproportionate amount of support, and this could be one of them!
> For the vast majority of people lifestyle is much more deterministic than genetics.
How much of lifestyle do you think is determined by genetics, if any, and how much of that link do we currently understand?
I feel the concern around genetic data privacy has normally been the risk of unknown future stuff, rather than any current known vectors. I'm not saying it's a legitimate fear, but I don't know if it's one that is placated with "we can't currently do anything bad".
The impact of lifestyle is undeniable and large. Good genes will not protect your body from alcoholism. And if I were a betting man, I would bet against determinism emerging from a better understanding of combinatorial genetics.
I do think over time we will get a clearer picture of risk predisposition based on your entire genetic profile. However, I believe that genetic predisposion will remain a relatively small contributor for most disease states.
That's fair, thanks for the response, appreciated.
I agree that genetic predisposition will remain a small contributor for most disease states. However, I (an idiot who has no authority or experience with anything relating to genetics) feel we're going to learn a lot about how our genetics indirectly influence our behaviour and decision making though.
I think it'll be a boring dystopia: the biggest problem will be that the more complex, distant relationships between genetics and life outcomes are discovered, the more opportunities the bodies responsible for health will have to say "well we have to protect ourselves from the uncertainty, and that's going to cost you/be profitable for us".
Why should the engineers be stressed and overworked because other people are scared of something that doesn't have to happen?
The world is less stressful and - I think - better without manufactured urgency like what you're defending.
Don't get me wrong, some things are life and death, like life support machines. Taxes are not.