As frustrating as it is, the answer seems to be everyone and no one. Data in some respects is just an observation. If I walk through a park, and I see someone with red hair, I just collected some data about them. If I see them again, perhaps strike up a conversation, I learn more. In some sense, I own that data because I observed it.
On the other other hand, I think most decent people would agree that respecting each other's right to privacy is important. Should the owner of the red hair ask me to not share personal details about them, I would gladly accept, because I personally recognize them as the owner of the source data. I may possess an artifact or snapshot of that data, but it's their hair.
In a digital world where access controls exist, we have an opportunity to control the flow of our data through the public space. Unfortunately, a lot of work is still needed to make this a reality...if it's even possible. I like the Solid Project for it's attempt to rewrite the internet to put more control in the hands of the true data owners. But, I wonder if my observation metaphor is still possible even in a system like Solid.
That's part of it, but also Tauri uses Rust on the backend while Electron uses Node. Electron is way more mature with a larger developer community, but Tauri keeps gaining momentum. If memory safety, bundle size, and performance are important to you, Tauri is a nice choice. Electron is not bad but there's a reason there are so many new players.
The main significant difference, Electron bundles it's own version of Chrome which means you have very few cross platform issues when shipping Mac/Windows/Linux. This trades off a few hundred meg for consistency in rendering.
Tauri uses the OS engine which means Windows uses Edge presumably and Mac uses Safari's Webkit so you're going to have rendering differences and feature differences there.
Yes, but it is far more tested, fuzzed, studied and battle hardened than your app code will ever be. So in the grand scheme of things it isn't a high risk for stability or security.
Yes, it would be nice if the full stack is memory safe, but that isn't a good reason to not write your own code in a memory safe language.
I had the privilege of a meeting with one of the founders at NVDA. We were integrating it into to our computer kiosks and Michael Curran joined the call and helped guide us on how best to achieve our goal. It is obvious to me that the NVDA team cares deeply about equal access. Their goal is a noble one worthy of donations. We did not have the same experience swimming around the waters of Martha's Vineyard.
I know the other founder, Jamie Teh. Great guy, and probably the one engineer I've ever met who I can communicate with so well that we can do it in shorthand. I refer to our technical discussions as "mind melds."
I worry about my own liability sometimes as an engineer at a small company. So many businesses operate outside of regulated industries where PCI or HIPAA don't apply. For smaller organizations, security is just an engineering concern - not an organizational mandate. The product team is focused on the features, the PM is focused on the timeline, QA is focused on finding bugs, and it goes on and on, but rarely is there a voice of reason speaking about security. Engineers are expected to deliver tasks on the board and litte else. If the engineers can make the product secure without hurting the timeline, then great. If not, the engineers end up catching heat from the PM or whomever.
They'll say things like...
"Well, how long will that take?"
or, "What's really the risk of that happening?"
or, "We can secure it later, let's just get the MVP out to the customer now"
So, as an employee, I do what my employer asks of me. But, if somebody sues my employer because of some hack or data breach, am I going to be personally liable because I'm the only one who "should have known better"?
You're not really an engineer. You won't be signing any design plans certifying their safety, and you won't be liable when it's proven that they aren't safe.
I assume SoftTalker is referring to SWEs not being Professional Engineers.
Professional Engineer (PE) != Engineer (in many jurisdictions)
> A professional engineer is competent by virtue of his/her fundamental education and training to apply the scientific method and outlook to the analysis and solution of engineering problems.
> He/she is able to assume _personal responsibility_ for the development and application of engineering science and knowledge, notably in research, design, construction, manufacturing, superintending, managing, and in the education of the engineer.
If it's an LLC/Corp you should be protected by the corporate veil unless you've otherwise documented you're committing criminal behavior.
But yea, the lack of security standards across organizations of all sizes is pitiful. Releasing new features always seems to come before ensuring good security practices.
I would personally want to know the law enough to protect myself, push back on anything illegal in writing, and then get written approval to disregard to be totally covered - but I understand that even this can be hard if you’re one or two devs deep at a startup or whatever. Personally, if I didn’t think they were pursuing legal work I’d leave.
As an engineer I'm a small org I think it's our responsibility to educate the rest of the team about these risks and push to make sure they get engineering time to mitigate these issues. It's not easy, but it's important stuff that could sink the business if it's not taken seriously.
As much as I despise the "I was just following orders" defense, do make sure you get anything like that in writing: an email trail where you raise your concerns about the lack of security, with a response from a boss saying not to bother with it.
Not sure where you are located, but I don't know of any case where an individual rank-and-file employee has been held legally responsible for a data breach. (Hell, usually no one suffers any consequences for data breaches. At most the company suffers a token fine and they move on without caring.
> do make sure you get anything like that in writing: an email trail where you raise your concerns about the lack of security, with a response from a boss saying not to bother with it.
A few years ago I was put in the situation where I needed to do this and it created a major shitstorm.
“I’m not putting that in writing” they said.
However it did have the desired effect and they backed down.
You do need to be super comfortable with your position in the company to pull that stunt though. This was for a UK firm and I was managing a team of DevOps engineers. So I had quite a bit of respect in the wider company as well as stronger employment rights. I doubt I’d have pulled this stunt if I was a much more replaceable software engineer in an American startup. And particularly not in the current job climate.
I find humor to be a welcome breath of fresh air in a room full of stale hot air. I reject the view that this forum has to be a dry meeting of the minds.
Not sure about market size, but we're evaluating computer use agents for public kiosks. Lots of local government authorities are deploying kiosks to improve access to services. Housing authorities, police departments, courthouses, etc. In most cases, this means running some preexisting govt website inside of a full screen webview application (electron,nwjs,etc...)
Agents seems exciting to us because have you ever tried getting an 80 year old man to figure out how to pay his town taxes online? Or how to register for some obscure permit?
We hope agents will be able to guide these users to some degree. So many users struggle with basic information and interfaces.
Picture this:
User walks up to kiosk. Wants to pay property tax bill. They have to study the kiosk/website homepage, sift through dozens or hundreds of options/menus/pages (or go through "wizards") to get to the right page for their issue. Then they have to figure out how to use that page!
These kiosks/websites usually support many functions, not just paying property tax.
So the user gets frustrated and says, "I just want to pay my property tax."
Enter the agent.
Anything that "improves access to public services" is what our customers are paying for. And we def see this as a viable option.
Yes. Ive done exactly that. A very large number of people in the US, those under various stages of illegal/legal immigration status, are regularly told not to leave. There was even an episode of Frasier about this, about how the Daphne character was not allowed to leave the country, else she couldnt come back. (The one in the RV where they drive to canada.) It is a normal part of life for many in the US.
EBCDIC can be pronounced as ebb-sid-ick in conversation
reply