Annie Duke has a great book "Thinking in Bets" where she talks about being a professional poker player.
One of the things she hammers on is that just knowing how much/often you win isn't the important part because you can win despite making dumb choices and lose despite making great choices.
The key thing is being able to make the best decision based on the limited information you have, take the consequences (good or bad), and then reset and do it again. This is relevant in poker, investment, or even our careers and a great ideal to reach for.
The TSA uses facial recognition right now at most US airports. While they claim to not store the pictures, they've "accidentally" stored data many other times they promised not to so consider me skeptical.
I haven't been through an airport in over 10 years, but it was my understanding that you could opt out of the facial scanning stuff? I've asked my wife to do it each time she flies to California, just to see what happens, but she doesn't want to be a nuisance. :\
From a human user perspective, HATEOAS is effectively just the web. You follow links to get where you want, and forms let you send data where you want, all traversed from some root entrypoint.
From a machine client perspective, it's a different story. JSON-LD is more-or-less HATEOAS, and it works fine for ActivityPub. It's good when you want to talk to an endpoint that you know what data you want to get from it, but don't necessarily need to know the exact shape or URLs.
When you control both the server and client, HATEOAS extra pain for little to no benefit, especially when it's implemented poorly (ie. when the client still needs to know the exact shape of every endpoint anyway, and HATEOAS really just makes URLs opaque), and it interacts very badly when you need to parse the URL anyway, to pull parts from it or add query parameters.
> But HATEOAS really isn’t about storing state in URLs.
I think saying they are unrelated isn't correct either. In order for hypermedia to be the engine of application state, the continuations of your application must be reified as URLs, ie. they must be stateful. This state could be stored server-side or in the URL, it doesn't matter, as URLs are only meaningful to the server that generated and interprets them.
Jokes aside, the crux of HATEOAS is having a dumb frontend which just displays content and links from backend responses. All logic is on the server side. It is more like a terminal connection than a browser based application.
Not at all. HATEOAS is about defining data formats that the client and server agree on ahead of time.
Browsers running Javascript referenced from HTML is a perfect example of HATEOAS, for example. browsers and web server creators agreed on the semantics of these two data formats, and now any browser in the world can talk to any web server in the world and display what was intended to be displayed to the user.
If the web design hadn't been HATEOAS, you'd need server specific code in your browser, like AOL had a long time ago, where your browser would know how to look up specific parts of the AOL site and display them. This is also how most client apps are developed, since both the client and the server are controlled by the same entity, and there is no problem in hardcoding URLs in the client.
> One of the reasons we know this story is bogus is because of the New York Times story which cites anonymous officials, “speaking on the condition of anonymity to discuss an ongoing investigation”.
Yes, we should be skeptical of anything that is entirely sources from anonymous sources.. even if they align with what we want to believe.
And further, I'd love to see reporters start burning sources that lie to them. After all, the source is risking/destroying the reporter's credibility along the way. Unfortunately, we'll never see that as it's all an access game.
Seems like a positive development from an enviromental point of view.. less low quality crap from Shein and Temu means less energy shipping it and less garbage later. Win win.
Sure, tell me more how it is awesome that I can't order $100 of dollars of small bulk electronic components for my hobby work direct from Huaqiangbei and get them here in a week. There is no US manufacturer replacement. Instead I have to turn to an import/export middleman also sourcing from Huaqiangbei but at 4x cost to me.
The environment cost is higher with the middleman "small business" because they need their own logistics (likely Amazon). So instead of a carrier driving from the boat to USPS/OnTrac, it goes into the warehouses at Amazon. Wow! Thanks! World saved! In the eloquent words of our dear leader: SAD!
Just think of all the American robot jobs this will produce for our AI overlords! More people than ever will be able to stay home and fuel the underground drug trade and/or porn industry: tax free!
If people need clothes they are going to buy clothes, and it makes little difference (other than cost to American consumer) whether it's direct from Shein/etc or bought off Amazon from some American manufacturer. For every shipping container full of Chinese product, there are going to be thousands of Amazon delivery trucks out delivering it to people houses.
It's easy to be snobbish about "low quality crap" from Shein etc if you have the money and preference to buy better, but for many people cheap stuff from China, whether bought in Walmart or online, is a godsend.
In terms of jobs and American manufacturers, there is zero demand for clothing sweatshop jobs in America, just as you don't see Americans lining up to replace illegals for low wage crop picking jobs.
All this is doing is making things more expensive for consumers. It's a consumer tax paid for by those who can least afford it.
And note that basically no other developed country had this carve-out except the US. People are foaming at the mouths about this issue, but no one pointed a finger at the EU or anywhere else.
I’m not sure I follow. The UK and other European countries have equivalents, although the term “de minimis” isn’t used. The UK has a £135 limit, Germany iirc had €150. This is the limit for duty exemptions, VAT still applies.
You are correct that technically this is true. The EU has proposed to eliminate the threshold [1] but in practice EU consumers have not seen the benefit of the de minimis practiced by the US: try and import goods below the threshold from outside the EU and you will be hit by a variety of fees [2], making it uneconomical for a consumer to buy anything from outside.
But it's not. I do not enjoy the benefits of a de minimis as a resident of Denmark. Every policy set in place is to discourage my enjoyment of a de jure de minimis.
If you import goods into this country at below the threshold, you are very likely to pay more than the original price of the good itself. That's the truth. There is de minimis in name only.
>try and import goods below the threshold from outside the EU and you will be hit by a variety of fees [2], making it uneconomical for a consumer to buy anything from outside.
This is completely false. I buy tons of cheap things from outside of EU, including China, and they're insanely cheap (often for the price of quality of course). Maybe it's a Denmark problem?
Look at my other comment. Most countries in the EU levy their own import fees that essentially make any de minimis in practice null.
US consumers have long enjoyed the privilege of actual de minimis, that is straight to their door, no fuss, no additional fees goods below the threshold.
They dont demand it. Its a possibility that the company can do to make shipping easier for the customer.
If they dont, the package will be inspected in the destination country and taxed there. Making the shipment take longer and more expensive for the customer, as shipment companies levy additional fees.
Hi Keith, i met you 13-14 years ago in the austin startup weekend / coworking space.
I'm happy if there's an environmental improvement from this (never bought from the stores you mentioned), but a counterpoint may be in how all this impacts those trying to operate repair shops, labs, and teach science. Bunnie Huang had some arguments on tariffs back in 2018: https://www.bunniestudios.com/blog/2018/new-us-tariffs-are-a...
It's only a win if it's replaced with lower-energy domestic alternatives, though. (Which, needlessly to say, don't remotely exist in almost all cases.) If your argument is that we just don't buy it at all, that's just cheering for economic contraction. I don't think you've thought things through if so.
People think that this just means that their nieces will stop buying junky fast fashion or whatever but that their own clean aescetic lifestyle will be unimpacted. But, no, that avocado toast is bankrolled by your employer and IRA and investment accounts or whatever, none of which are prepared for a 10% GDP contraction (or whatever) because the rubes can't buy their skorts anymore.
Economies are boats. We all sink or swim together.
Not to mention that giving foreign storefronts a tax advantage is questionable at best. Do we really want to advantage random temu/aliexpress shops at the expense of brick and mortar retailers or even amazon, who at least employ local warehouse workers?
A lot of the stuff I am buying in China (electronic components and modules) either does not exists in US shops, or exists with very high markup (3x-5x). And even the stuff that is sold in the US is same Chinese parts, but imported by seller instead of me - so it gets more expensive as well.
I don't think this will give big advantage to US shops, it will mostly be extra expenses for consumers.
>A lot of the stuff I am buying in China (electronic components and modules)
Surely you must realize that's a very atypical use case and is dwarfed by people buying cheap clothes and trinkets? Just go to aliexpress or temu right now and see what the items on the front page are. It's not niche components that you can only order from china, it's the same cheap shit you can order off amazon or buy at a local discount retailer.
That's why I said "brick and mortar retailers", not "locally owned". Moreover despite whatever misgivings you have about walmart's business practices, they at least have more attachment to the local economy than a random e-store shipping out of shenzhen.
That’s true, but “this policy will be good for the environment” is not the same thing as “the people who instituted this policy are unequivocally good for the environment”.
True, but not everything needs to be about declaring people saints or demons. It’s possible to consider a policy’s actual real world impact without turning it into further proof of your strongly held convictions.
The comment was not about the policy’s actual real world impact. That is what I said in my second comment.
That comment was not an attempt to evaluate the policy, bit an attempt to make it sound better due to made up environmental concern.
We are overall already treating too many clearly bad faith arguments as if we all were naive polaynnas. There is no reason to insist on that as mandatory strategy.
Mostly this is going to change which models people buy and make them go through distributers with less variety, not reduce wasteful production and designs.
For the actual shipping, even if we pretend this rule removes the trip across the ocean, that trip across the ocean would have let out a very small amount of pollution per pound. Worrying about cargo ships is iffy to begin with. But GP was talking about the concern being made up, not the underlying issue they're pretending to be concerned about. Fake motivations in a bad faith argument.
I don't know the numbers, but certainly the marketing pushes people toward impulse buys (because everything is so cheap!). And, of course, the replacement cycle is a pretty big environmental impact.
Not sure I can say anything about the claim that some/most/all people expressing concerns over the environmental impact of low quality products are participating in bad faith. I guess you win?
> Not sure I can say anything about the claim that some/most/all people expressing concerns over the environmental impact of low quality products are participating in bad faith.
I don't think you understood my post at all. The point was to disentangle low quality products from de minimis and cross-ocean shipping. I am not making the claim you're accusing me of making. watwut was also not making the claim you accused them of making.
To put it a different way: The environmental concern you're expressing is valid but not affected much by this rule change. The actual environmental impacts of this rule change are pretty small, so be critical of anyone using those impacts as a major reason to support it.
And there is a trend of people claiming whatever they wanted anyway is better for the environment, especially when the claims are small and hard to measure. Again in this situation that would be people talking about the effect of this specific rule change, not the general concern over mass produced junk.
That depends on how inefficiently substitute item is made. It's entirely possible that making a thing domestically will produce more CO2 than making it far away and shipping it.
Americans are rich and will buy wastefully made expensive item if cheaper alternative is not available.
It's connected. Taxing people more might reduce consumption and CO2 or might make them make worse choices and increase CO2. As with any other effects of tariffs, it's really hard to guess which is going to happen.
I launched and worked on OAuth 2.0 at Okta for ~5 years and spent most of my time showing people how to do it well and (gently) finding the holes and mistakes in their implementations. Sure, we were selling "OAuth as a Service" but most had introduced usability problems (at minimum) and gaping security vulns (at worst).
For a deep dive, check out Aaron Parecki's book: https://oauth2simplified.com/ - he's deeply involved in the (coming) OAuth 2.1
When I led re-implementation at pangea.cloud over the last couple years, we dropped most of the capabilies deprecated in 2.1 (resource owner password, implicit) and went straight to Auth Code with PKCE to make it a bit more manageable.
What is your opinion on token response type and/or id_token for oidc being part of the fragment of redirect uri? I have noticed that apple only supports "code" response type, which is the most secure way. Downside is that it requires a back channel and a second request to be made, but i cannot imagine a use case where this would be a problem as I don't see a pure Single-Page Application having any use for this in a any way, except purely rendering some protected data in a different format, which seems like a silly use case.
I think the strongest counter-signal that there's a "secret cure for cancer" is that rich, powerful people still get it (in various forms), go through debilitating treatment, and often still die.
Unless, of course, they're faking their deaths and transplanting their consciounesses into younger, healthy bodies. Then I got nothing.
> You need peace, law enforcement, trust in others to lower stress and increase creativity, good teachers and education.
This is a great point.
The flip side is that if a government fails to deliver those, they have failed their side of the social contract. Then ideally, the citizens they've failed should be able to opt out..
Maliciousness, incompetence, and accidents all look EXACTLY THE SAME from a replication perspective. We can't tell the researchers' intent.
Until the "industry" (defined vaguely as scientists, their institutions, universities, funding entities, etc, etc) cleans house and punishes those researchers, we're quickly approaching a time where we'll have to take EVERY study skeptically until it can be replicated.
* Punishment could range from "no, we won't publish your stuff without data+methodology" to ratcheting back funding to "we publicly document your lying/incompetence" (hardest and riskiest) to a variety of other things.
> we're quickly approaching a time where we'll have to take EVERY study skeptically until it can be replicated
I've always felt like this should be the norm. Why would you trust something before it can be replicated? Even if it's unintentional, people make mistakes.
> I've always felt like this should be the norm. Why would you trust something before it can be replicated? Even if it's unintentional, people make mistakes.
If you are close enough with a scientist, generally they will admit they don’t trust a single study
Some fields also have guardrails, such as the LIGO being two separate detectors a with two independent teams
Unfortunately, we have a media and political structure that uses the most recent study/model/whatever to advocate for, design, and enact policy before that review.
There isn’t really a way to “clean house” on a large scale, everyone has to somehow be more virtuous and not lie to themselves when p hacking or publishing data they know someone wouldn’t be able to reproduce.
I do think that you can tell apart these cases. Outright fabricated data is very different from p-hacking, which is very different from a meaningless garbage paper.
On the other hand, convenient laboratory errors might be hard to tell apart from fabrication (though not always, sometimes people get caught using photoshop), and statistical incompetence might be hard to tell apart from p-hacking. So I agree this is why it's hard to punish fraud.
no they don't. sometimes incompetence can stumble on the correct answer. like you could repeat the experiment, get very different results, be convinced of the charlatanism and incompetence of the original reporter, and then sigh a huge sigh of disgust because the data may have all been wrong but it points to the same overall/big-picture conclusion.
One of the things she hammers on is that just knowing how much/often you win isn't the important part because you can win despite making dumb choices and lose despite making great choices.
The key thing is being able to make the best decision based on the limited information you have, take the consequences (good or bad), and then reset and do it again. This is relevant in poker, investment, or even our careers and a great ideal to reach for.
I included a small blurb on my 2021 reading list: https://caseysoftware.com/blog/my-reading-list-2021
reply