The author makes some decent points about localStorage generally, but I think really misses the point on what makes Wordle so successful and endearing. It was built as a side project for a very small audience and just happened to have massive, organic growth. If Josh Wardle had thought about all of these described use cases in advance, there's a much higher chance that it never would have gotten off the ground as a side project. Additionally, the massive growth would have presented much harder (or at least much more expensive) scaling challenges, whereas with it being entirely client-side it is much easier and cheaper to scale to millions of users.
I admit focusing on Wordle here may be a popularity hack for this article[1] (though it is also what brought writing it to mind), as obviously Josh Wardle wasn't expecting the results he got. Though I do really hope the New York Times integrates cross-device play at some point... they already have an account system, after all.
I think small audiences also benefit from a server-side component, although ideally one that is also relatively small: With the example of high scores or seeing friends' progress, I wouldn't want to see the entire world's, but maybe share amongst a small group of friends or family. (This is what sharing to Twitter or Facebook largely emulates, in a very indirect way.)
[1] Aside: I briefly wondered if I should figure a way to shoehorn "Wordle" into the title if I was actually hoping to get some traction with this article, but I really think it would've moved away from the point then.
There are definitely downsides to Ohio - namely, political- and weather-related. However, Columbus is a pretty big tech city with a lot of startups, VC money flowing, and a student pipeline from OSU.
I have self-funded, founded and run multiple businesses in the last 40 years.
What I post does not come from a 30 second google session. It comes from having had significant skin in the game, succeeding and failing. Most people think they understand business. And most people have never run a non-trivial business. It's like trying to explain what it is like to fly like a bird without being a bird. Most simply can't get it because they have no context whatsoever.
When things go bad and you have to mortgage your home and top-off your credit cards to keep people employed and keep the doors open, you understand things you cannot possibly comprehend any other way. I've been there.
A nonprofit wants to donate $600K to feed children.
It will cost $400K in operating expenses to be able to do this.
They need to generate $1MM in revenue and $400K in profits in order to be able to make use of $600K in support of their cause. Without this "profit" there is no nonprofit and no support for the cause. It is profit.
One way to define profit is something like what you have left after delivering a product. This hypothetical nonprofit takes in $1MM, delivers $600K in product and has $400K in profit that is used for operating expenses and (likely) to put money away for future needs, growth, etc.
Profit is necessary. We might not call it profit when it comes to these types of organizations, yet they cannot exist without this part of the equation. Call it what you want. They have to make more than they spend --a lot more-- or they cease to exist.
Also, in the US nonprofits are not banned from making what one might term conventional profit. They just can't distribute it. This means they can put money away and grow like crazy. Look at the mega-churches in Texas as a perfect example. If that not profit, I don't know what is.
This is something I fundamentally disagree with. In the case of nonprofits, the profitable venture ends-up being positions that are highly paid and have huge benefits. People tend to have this idea of scrappy, idealistic, ramen-eating organizations when it comes to nonprofits. They are some of the richest companies in the land.
"The highest-paid nonprofit leaders — CEOs, Executive Directors, etc. — all earn at least $900k per year, and into the tens of millions for the largest of hospitals and health systems. While the highest-paid nonprofit CEOs are in healthcare and financial services, things get more interesting when we look at normal charities."
It's interesting that Financial institutions and categories such as "Promotion of Business" are listed in their survey. Nobody imagines an entity promoting the use of petroleum as a nonprofit. Most people think of churches and benevolent community organizations ("feed the X") as nonprofits. Nobody thinks hospitals, oil companies, credit unions, insurance, etc.
I call a lot of their overhead "profit" because, in this day and age, It feels obscene that an organization purporting to "help the X" would need to consume 40% of revenues, own/lease lavish buildings, etc. to deploy the capital they receive. How many on HN could setup a system that could administer, say, a hundred million dollars in donation while consuming just, say, 5% of that to run the show? My guess is many.
If you read through the list of nonprofit CEO salaries on that page you should get a good sense of where my perspective come from. This is profit. We call it something else. Fine. To me this is the individuals running the organization extracting profit from an organization under the cloak of a legal classification with a benevolent sounding name. Who doesn't have a soft spot for anyone who operates without making a profit? Right?
Well...let's look at CEO pay:
Christus Health: $13MM with a $5MM base pay
Star One Credit Union: $12MM
NY Presbiterian: $12MM
Banner Health: $11MM
American Petroleum Institute: $11MM
Electric Power Research Institute: $2.5MM
Jazz at Lincoln Center: $2.3MM
-The CEO takes 9% OF REVENUE as compensation!!!!
University of Minnesota Foundation Investment Advisors: $1.5MM
- This represents 36% of revenue!
The point is, these are profitable pursuits. The profit goes to the people who work there, likely mostly to upper management. If they were scrappy idealistic not-for-profit organizations they would not be paying CEO's and the first layer or two under them tens of millions of dollars.
Another way to look at it:
Profit is what you use to run the organization. It's a percentage of revenue available for this purpose. It is important to understand the difference between gross and net profit.
I buy a blender from a wholesaler for $10 and sell it at retail for $20. My gross profit is $10. My net profit takes into account all the other costs, the ones that are required for the organization to exist. If that boils down to $5 per unit, the net profit is $5 per unit or, 25% of gross income.
In the case of an organization classified as a "nonprofit", things are different. They don't generally sell anything (well, hospitals and others do). They get a million dollars gross income from whatever activities. It could be donations. In the case of the company that promotes the use of petroleum, it is likely to be large membership fees paid by oil companies. For hospitals it is whatever they bill for services. Etc. That's their gross income. From that they have fixed costs in the form of buildings, leases, loans, etc. And now we come to what I am going to term the murky water portion: Salaries and other expenses. Million dollar compensation for executives and advisors. Lavish trips. In the case of the church my mother in law worked for, a couple of top-tier Mercedes Benz cars for the pastor and his underlings. Fully paid luxury vacations all over the world. Fully paid conferences at top tier resorts and hotels (think Waldorf Astoria), etc. Profit? I think so.
Anyhow, we can agree to disagree. I think the nonprofit category is deeply abused and a lot of people are getting incredibly rich through this mechanism. Frankly, had I understood this mechanism when I was a young man I probably would have figured out how to start some kind of an engineering nonprofit. I am being a bit sarcastic, of course, but I can imagine some kind of a scheme where someone creates a nicely profitable engineering consulting firm, pays themselves 40% of revenue and laughs all the way to the bank without paying taxes for decades. I am sure this already exists. That's why I call it profit. These are not poor little innocent organizations. They are some of the richest in the world. Let's start with the Vatican as a prime example.
EDIT:
To be clear, I am not saying all organizations legally classified as "nonprofit" are evil. What I am suggesting is that the classification is likely often abused for profit in various forms. One form would be lavish salaries and benefits (cars, trips, etc.). Another motive could be generating profit for allied or supporting organizations, a good example being oil companies financially supporting the American Petroleum Institute a "nonprofit" that likely generates billions for oil companies and whose top management is showered with multi-millions dollar salaries and benefits.
Here's another one: The NRA (National Rifle Association) is legally classified as a nonprofit organization. Technically, from an accounting perspective, I am sure it is. Does it exist for profit? Absolutely. Does anyone doubt that at all?
The category, the classification, is being abuse for profit disguised as something else. Not by all, yet likely by quite a few.
If you had just Googled for 30 seconds to learn the definitions of literally the most basic business terms when someone told you you were wrong, maybe you wouldn’t have had to mortgage the house.
I truly do not know how to respond to this other than to say that the only kind of person who can make such a mean-spirited comment is one who has never experienced the deep dark hole some entrepreneurs experience when things go the wrong way. Some don't come out of the other side. What happened to me took place during the 2008 economic implosion. To put it in the simplest possible terms: All business came to a grinding halt. The music stopped and there were no chairs.
A friend of mind died in 2009 from the sheer stress this moment in history caused him as his business crumbled. That December I penned an email from the darkest place I have ever been. One that was prompted by a revelation I had that day: I experienced a level of clarity I had never before experienced. In a moment, I understood, in no uncertain terms, why someone would commit suicide, jump off a bridge, walk in front of a train or shoot themselves due to undue business pressure and financial troubles. I emailed a friend to let him know I now understood this. I wasn't quite there, but, for some strange reason, I had to share. He drove to my office and spent the rest of the day with me.
So, yeah, I don't know what to say to someone like you. My less-than-intellectual impulse is to deliver the most vile insult I could. Yet, that would mean descending to a level I am not interested in visiting.
I'll leave you with this: I hope you never get to experience some of what many entrepreneurs have to live through when things take a turn for the worse. If you do, I hope the experience humbles you and you become a nicer person.
Wouldn't this just mean that they are putting their employees lives in danger more than the average restaurant? It's got to be hard to choose between following a suggested evacuation and losing your job.
From what I understand they comply with evacuation orders, but have a hefty focus on the logistical support necessary to take an entire location from running to stripped-down and boarded-up to running again as fast as possible.
Supposedly, this is also why FEMA likes the "Waffle House Index" so much in the states where it works, because Waffle House supposedly doesn't pressure employees in emergencies to show up to work and the "menu level" (red/yellow) does also reflect the number of employees that showed up to work that shift in their checklist of which menu to use (rather than the other way around of the menu determining how many employees to call into work), so the "Waffle House Index" also will show some indirect evidence of neighborhood state based on employee ability/interest to get to work (including some indirect overall socioeconomic indicators of a neighborhood's general willingness to evacuate).
As a Floridian, I have to say it sucks sitting in the humidity for a week with no power so I’m sure most of their workers are happy go in and help get people a meal.
>How do you know when Micro Snitch spies on you? I couldn't find the source code anywhere.
Source code isn't really necessary. Nor sufficient for that matter even if it was there, you'd need verifiable builds and an assurance of no self updating capability too, basically for certain minimal products you need some level of trust. As far as extra verifying though you'd probably start the same way you would minimally blackbox anything: stick it on a virgin test box and monitor all I/O in a controlled setting (VM could work too, though if you're super paranoid you might take into account that can be detected and runtime behavior modified). I guess you could start disassembling it and poking around its memory and such too if you wanted.
But seriously, it's a Mac product, so source access everywhere should kind of obviously be off your list already. How do you know when Apple spies on you? You won't find the source code. And the answer is you blackbox it and mostly you trust that it'd get noticed at some point and Apple would get the crap sued out of them and be investigated by governments worldwide etc etc. Objective Development is a very long standing dev and has put out a far more critical long standing security product that has been used by a lot of sec people for a very long time. Sure they could be compromised in the same way any dev could, but on the lowest critical factor level they're unlikely to be the biggest risk in most users' threat model.
It's worth noting there is one way to verify camera activity without needing to offer source code or elaborate test setups: embed a "camera-on" LED on the power circuit. As long as somebody does a teardown to prove it and you're pretty sure no one has compromised your specific machine's hardware, it ought to be safe.
I don't meant to detract from the "trusting trust" question, there are lots of issues which really are best handled by just pushing the problem problem outside the average user's threat model. Even source-code verification isn't actually terribly robust on the user level: are you sure you got a clean install? Are you sure nothing has modified it? And so at a certain point "just trust Apple" is entirely reasonable.
But I do think we sometimes rely on webs of trust, elaborate app signing schemes, and other software or legal solutions when we could be getting by with a simple hardware answer. (And the entire IoT domain looks a lot like undoing solved hardware problems...)
> Source code isn't really necessary. Nor sufficient for that matter even if it was there, you'd need verifiable builds
Actually it is sufficient. On macOS one can install homebrew and add the build from source option. Most Linux distributions provide similar facilities.
Of course on can go Hardcore and use Gentoo, but yeah, in that case verified builds + OSS are the more efficient option unless on has access to a cluster.
I have used Gentoo on my desktop for a long time, but it still requires a lot of trust. How many Gentoo users recompile the whole toolchain, which itself is no guarantee?
Most just unpack the stage3, follow the handbook, and be on their merry way. Hell, I'm super paranoid and I haven't bootstraped on every install.
I was about to say, this would be the greatest social hack to get paranoid people to uncover their cameras only to use this very application to spy on them.
I got MicroSnitch as part of a bundle with LittleSnitch, without really knowing what it was at the time. When I figured it out, I had the same thought as you.
It's definitely not something I'd ever trust completely, not only could it be spying on you, but I also don't really trust my hardware. However, I must say, it's still very nice to have. It at least narrows the possible spying vectors, and it's nice to know immediately what apps are listening; the best example being Android Studio emulator: always listening.
LittleSnitch does tell you when LittleSnitch and MicroSwitch phone home (auto-update checks only as far as I've seen), but they're the same developers so theoretically if one could fake one, one could fake both: they could be tightly coupled.
So you have to implicitly trust the ObDev guys, and you have to implicitly trust the hardware, but beyond those two assumptions they function great for any other threat models.
Would still be nice if they were both open source but hey: I use the open source vscode and it phones home uncontrollably all the time, so source code only benefits us so much.
Agreed. I replied in a sibling[0], which I think is relevant here. It seems I should definitely queue looking into what testing has been publicly done, etc. and collate that.
>Would still be nice if they were both open source but hey: I use the open source vscode and it phones home uncontrollably all the time, so source code only benefits us so much
Interesting thought. I would assume some audits have been done via blackbox testing of some sort (e.g. hardware monitor, routing all traffic through a proxy and logging it, etc.) by some infosec group/Co, but I also haven’t researched that.
I think there was a talk on breaking LittleSnitch at either Defcon or B-sides a few years back. I couldn't get in though; it was full. Whatever it was is probably fixed by now anyway.
That class is free. Everybody should take it. Lots if insights on how to deal with procrastination, effect of physical activities on our brain efficiency, etc...
Giving you a vote for this. This Coursera course helped me reframe my study habits after graduating university and has proven to be invaluable for my self directed learning.
I found myself developing various rules in my head with negatives versus division, etc. to solve these quicker without having to do most of the math. Interesting game, thanks for sharing!
I did exactly the same, and got fairly high accuracy. Funny how we can use heuristics with a relatively high success rate more quickly than doing the math.
