I love this. One question: how much emphasis was put on security? Can I safely let the users of my website input any string and feed it directly to the render function?
We never do any unsafe dom manipulations, like using .innerHTML, only createElement and appendChild, so things should be fairly safe. Also, if you do server-side rendering, we escape code that users type in, so that should work well also.
Then I assume you mean that one party is better off and the other party is worse off (taken advantage of). Sure, that can happen. But in the case of Amazon, the workers are better off or they wouldn't work there.
You could be "better off", but still have been screwed out of being "even more better off". That's still being taken advantage of. Consider the legendary story about how Steve Jobs screwed the Woz.
Either definition works. You can take advantage of (exploit) someone at their expense, or your can take advantage of (leverage) their capabilities to mutual gain.
Frank took advantage of Amazon's 2-day shipping to do his last-minute Christmas shopping
These better work conditions would come at a cost. The money has to come from somewhere. You can't just complain that Amazon doesn't treat their employees well enough without explaining where you would get the money to improve their work conditions.
Sounds like a good reason to publicly shame amazon, thus damaging their brand value. If the damage to their brand is high enough, decent working conditions pay of. People start to be proud to claim that they "stopped to use Amazon".
Or what about some tighter regulation of their working conditions? Sounds uncomfortable - might be cheaper to just improve the situation of the workers ...
The unions are just doing their work with Amazon, and they are doing it very well.
If society decides that even low-paid workers should be treated with a modicum of respect (e.g. actually getting paid for the time they work, not being treated like automatons), it's the employer's problem to figure out how to pay for work conditions that meet the standard.
From their bottom line. Maybe the prices they charge are too low. If they can't afford to do business by the law, they shouldn't be in business. Someone who actually complies with the law will fill the void.
You can't just complain that Amazon doesn't treat their employees well enough without explaining where you would get the money to improve their work conditions.
You can't just complain that homeopathy doesn't cure cancer well enough without explaining how you would cure cancer.
So why not create a charity, with everyone paying 10 cents (or more!) and donate it to Amazon workers? Or to anyone else who has entered into a voluntary agreement, who someone else thinks is wronged?
Do we shed a tear for the coal-fired plant operator now forced to pay for scrubbers? No. As such, we shan't cry over Amazon's costs rising ever so slightly to internalize the previously externalized cost of marginalizing their warehouse employees.
When an employer doesn't pay an employee a fair wage, they're being subsidized, either by the government (Walmart is an excellent example; their literature specifically instructs their associates on how to collect government benefits due to them not paying a living wage) or by society as a whole.
From an economics perspective, would you not prefer consumers be responsible for the full cost of the good/services they're receiving?
This is funny. Voting on generated titles is a great idea. If you allowed users to post comments, just like on HN or reddit, that would enable people to play along. Also, I would get rid of classification (Entertainment, Games, Opinion, Reddit, etc.) because it doesn't add much to the website and the categories are inaccurate anyway. Just one list is fine.
The chart you give for discretionary spending goes from 1992 ($803) to 2012 ($1289). It shows an overall 60% increase in discretionary spending in only the last 20 years. Not exactly a trend of decline.
The point of that chart was to show that spending decreased in absolute, not just relative, terms in the 1990's, countering the idea that the trajectory is towards inexorable increase. From 1992 to 2012, real GDP growth slightly outpaced discretionary federal expenditures (63% versus 60%).
Moreover, if you look at the chart on page 30-31 of the PDF in the first link, you can see that non-defense + defense expenditures increased from $761 billion FY2012 dollars in 1977 to ~$1,166 billion in 2012 (adding back ~$123 billion for Iraq and Afghanistan that isn't reflected in that chart),[1] an increase of 53% over 35 years. In that time period, U.S. real GDP grew 152% and the U.S. population grew 43%.
To put it in concrete terms, each person in 1977 bore $3,460 of discretionary expenditures while someone in 2012 bore $3,700 of discretionary expenditures. But in 1977 it was 14.2% per-capita income, while in 2012 it was 8.6% of per-capita income.
[1] Note that 1977 was two years after the end of the Vietnam war.
Let's say that Thailand has a king and that publishing a caricature of the king on the Internet is punishable by death. Meanwhile, I'm an American and I make a website in the Unites States that I call kingofthailand.com that shows nothing but caricatures of the king of Thailand. Am I getting deported?
It looks like they know what they're doing. I was especially curious about deduplication. The way they do it sounds perfectly reasonable:
> MEGA indeed uses deduplication, but it does so based on the entire file post-encryption rather than on blocks pre-encryption. If the same file is uploaded twice, encrypted with the same random 128-bit key, only one copy is stored on the server. Or, if (and this is much more likely!) a file is copied between folders or user accounts through the file manager or the API, all copies point to the same physical file.
Yes, but the first part makes no sense. If the 128-bit key is indeed chosen at random for each file (as it should be), the probability that the same key will be chosen again for a second upload of the same file is effectively zero (1/2^128).
Exactly. Read: There is no real deduplication of data. So if 1 file is reported, there's no way to track all the other copies, or automatically ban a specific file hash.
Then it's easy for law enforcement to force Mega to remove all known versions of certain copyrighted material as they can now prove that Mega are hosting copies of that particular bit of copyrighted material, .e.g.
If they find a ripped version of a movie/ebook/whatever they can just encrypt it using Mega's scheme (which would now derive the key from the data) and get a single version of the file out. They then tell Mega to remove any files that match that encrypted file.
If all files are encrypted with a random key there's no way for law enforcement to do this.
That has a good practical benefit (deduplication of files that most benefit from deduplication), but it doesn't actually solve the security problems at all, it's just choosing to make the trade off one way for large files and a different way for smaller files. If you have a legitimate reason to want privacy against data confirmation attacks then you need what you need regardless of file size.
The whole thing with deduplication is a little bit overblown anyway. You don't want a hundred copies of the same big file, but is that what really happens? Nobody wants to upload the same file a hundred times, especially if the file is very large. Once there is already a copy, passing around a link to it is much easier than uploading it again. So the most common cause for it to happen is when two totally unrelated people upload the same bit-for-bit identical file, which happens, but not so often as to be prohibitive.
And in many cases file-level deduplication is difficult or impossible anyway because users make changes to the files (like editing embedded metadata or pointlessly encapsulating a single already-compressed file into a .rar archive), so the benefits you get from deduplication are not nothing, but there are situations where it is or isn't a reasonable trade off to make against privacy.
They don't seem to do that, though. Note that they claim that it's a random key and that deduplication is "much more likely" to happen when files are copied. If they would derive the key from the data in a deterministic way, they could always dedup and the previous statement (deduplication of copied files is more likely) could not be true.
Based on all the analyses published so far, it does not look like that at all. In your view, what makes it appear that their crypto was implemented in anything resembling a proper fashion?
So it basically dedupes whatever you copy to a different folder on your own account. I guess this is the best they can do without knowing anything about the files (though not really that useful). To get true deduplication, convergent encryption is needed, which reveals more information about what you are storing (e.g. if I store the same file as you I will know what your file is)
Sure, but I think a lot of people have inconsistent opinions re: copyright law. I find it a little odd that people who oppose copyright on freedom grounds have no problem with advertising, even though advertising industry wouldn't exist at anywhere near its present scale without trademark law, which creates far more dire freedom-related concerns.
I'd go further to say that this cognitive dissonance is the product of how money is made in Silicon Valley 2.0: through advertising rather than sales of content.
For what it's worth, I don't think there's anything shady about an extension that replaces the ads in your browser. Web users can already install AdBlock. Or they can hide the ads with post-it notes on their monitor. If that means lost revenue for the ad-based websites, that's a problem with their business model. You can't blame the extension developers for that.
I wonder how much advertising depends on trademark law. I suppose that, without trademarks, companies would advertise their domain name instead of their company name.
While domains are unique, how does it help Prada, Tiffany's, etc? It makes no difference whether the copy-cats are selling rip-offs marked "tiffanys.com" out of a cart. There is also more to trademark that just protecting marks. Trademark protects many aspects of the brand (see: trade dress, dilution, tarnishment, etc).
Companies spend a lot of money advertising because brands are valuable, and trademark basically protects brands. Branding makes goods less fungible, and is really the only reason companies like Prada or Ralph Lauren can sustain such high margins in what would otherwise be total commodity markets. When brands cease to have meaning to consumers, you end up with what you see in the PC industry: a race to the bottom that eats up all your margins.
Why does advertising support so much of the internet? It's a $500 billion industry world-wide, that's why. Without branding, protected by trademark, I think it would be a fraction of the size. And I don't think it would necessarily be a bad thing.
I have a question from another angle: would society be better or worse if Prada/Tiffany's/Rolex etc. could no longer block copy-cat products? The way I see it, trademark law is being used to promote social stratification by inflating the prices of luxury goods. Artificially inflating prices via government monopoly is inherently anti-capitalist and anti-consumer.
Yeah, I understand the value of a brand. I was thinking that, without trademark, there could still be ways to ascertain the authenticity of a product. For example, tiffanys.com could list their physical stores on their website. A fake store wouldn't fool the neighborhood for long enough to be worth the effort.
Ever go to a mall and see all those little carts selling things? You think people go online to verify whether those carts are selling the real deal? What about products purchased online through Amazon, Zappo, etc?
Also, there is a whole world of non point of sale branding. When you give a gift, you pony up for a real Kate Spade bag instead of a perfect knock-off (which are probably made in the same Chinese factory!) You might get those awful D&G glasses with the obvious branding instead of a perfect replica. A lot of the value of branding is rooted in the fact that humans are basically monkeys and we buy products to show the brands off in our social circles. A lot of people would knowingly buy knock-off D&G glasses if they could get the same effect for less money.
Now, I'm not arguing that this would be a bad thing. It'd save parents a lot of money if their kids could show off their "Nike Swoosh" shoes without paying a huge markup for something made in a Chinese sweatshop. But the fact that we can't do that is certainly quite valuable to Nike (and D&G, and Ralph Lauren, etc), and the inability to protect their brands in that way would certainly reduce their incentive to invest so heavily in them through advertising.
You're right. For many branded products (especially clothes and shoes), consumers would indeed prefer to buy cheaper replicas good enough to fool their social circle. If they had the freedom to do so, then yes, Nike would lose much of their incentive to invest in advertising their logo. And yes, that would probably be a good thing for parents. And the only advertisements remaining would advertise quality instead of exclusivity. Or maybe Nike would come up with a way for someone to authenticate someone else's shoes. I don't see how they could do that though.
