The best estimates I’ve found are “This will take: days, weeks, months, years”. No numeric values allowed. Yes, you can’t do (inherently faulty) math on these estimates to arrive at aggregate metrics: this is a feature. However, it still allows you to meaningfully schedule work.
If pushed, I get my developers to give estimates in jumps of ~5x.
Their options are
2 days
2 weeks
2 months
10 months
Then I triple the estimates before sharing with the business.
We don't estimate individual tickets/bugs at all, just overarching projects.
I also ask the business to estimate the commercial/user impact of the projects too, and we track and report the reality against their estimate, to hold a bit of a mirror up to them and as a way of pushing back on doing pointless work. Those estimates we use similar orders of magnitude for - £1k, £10k, £100k, £1m, £10m.
Fermi estimations like these really help avoid protracted negotiations and the lack of precision is a feature that makes clear they are estimated.
Good solution. Problem is they have chosen a 'default instance' in the app which goes against the idea to encourage federation of the platform and instead accelerates centralization and there was backlash over that change. [0]
mastodon.social will only get more centralized and is the only one that is benefitting from that change.
Companies are backhandedly selecting for those who can invest the most time beyond the suggested time (read: single, childless people in their early 20s who live at home) and those who are willing to work insane hours. It's a pledge of fealty before you are graced with an interview. 15 pieces of flair is the minimum, but it's up to you whether or not you want to just do the bare minimum.
That's the thing--we don't really want AGI. Fully intelligent beings born and compelled to do their creators' bidding with the threat of destruction for disobedience is slavery.
Nothing wrong about slavery, when it's about other species. We are milking and eating cows and don't they dare to resist. Humans were bending nature all the time, actually that's one of the big differences between humans and other animals who adapt to nature. Just because some program is intelligent doesn't mean she's a human and has anything resembling human rights.
Open source shouldn't be a complete free lunch for for-profit companies. It would be nice if there was some tithe that companies had to pay to open source that they used. Like, take N% of the revenue your project generated and distribute it equally among the open source projects your project depends on.
Licenses are a solution to this. You can stipulate that if your code is being used for profit by a company with more than 1000 employees, then you need to pay a certain amount into it.
I wouldn't frame it this way in a vacuum, but the organizing philosophy of open source is precisely to be a free lunch. Meta doesn't pay me when they use my projects, but they also don't charge me when I use React. Introducing mandatory monetary compensation would produce a lot of thorny coordination problems.
The free software movement makes it work with in-kind code contributions, of course, but that's a cost most commercial users are unwilling to pay.
And then the software would never be widely adopted.
FOSS is what it is and the dynamics around it haven't really changed.
What has changed is people wanting the rapid adoption rate possible from being FOSS without actually... being FOSS. I'm sorry, I have zero sympathy. If you want your product to be a paid product, just charge for it. What's that? No one would try it? Just give a free trial. What's that? Not enough people would use it for there to be this large community of people providing help, and tutorials, and addons/extensions/plugins, etc.?
The freeloaders are the people releasing their software as FOSS, using the community to get big, and then wanting to change their minds about it.
It’s just too tantalizing. If you have the disposable income to pay for ad-free, advertisers want you more. AND the field is not crowded. They’re willing to shell out big time to reach you.
> these terms and conditions are typically extremely permissive
T&C are dark, twisty forests of legalese that can shift, seemingly at any time. As a consumer, if you want to do something as simple as pay to park your car, you need to sign the T&C in blood or you get towed. Is it really an agreement if you must agree to it for basic necessities?
Yes, I totally agree. The T&C situation is dire and need to be addressed. For instance, the idea that you engaged in anything remotely like "consent" because of vague generalities in T&C documents is laughable on its face.
That said, it's the legal framework we have to deal with in the now.
I’ve always wondered if you could turn the tables on some of these people, perhaps by sending an email with t&c’s your own after they’ve sent you an email, the body of which would essentially invalidate their T&C’s and that by them continuing to send you emails they are consenting to the revised T&C’s…
Common law nominally already has some principles built into it that can answer that in a reasonable way. Contracts that are super lopsided are already nominally invalid. Contracts that are incomprehensible and signed under duress are already nominally invalid.
As you may guess from my phrasing, I am well aware that in the present environment, believing that that meant much would be a childish level of naivety. But the principles can still be used to answer your questions in a reasonable way.
It really wouldn't be that hard to lay down some principles that privacy violations are an expense above and beyond, say, "parking my car". It is unreasonable for a person to think that the price of parking my car is $1.25 an hour and also arbitrary privacy violations and also you gave up your right to privacy from the government and also in six years if you sue a related entity they'll cite your parking agreement as the reason why you're not allowed to sue them (see recent Disney wrongful death case). $1.25/hour was already a fair price, give or take a couple of multiplicative factors. Taking a whole whackload of additional rights in the fine print under what can reasonably be called duress relative to the claims being made, beyond what a "reasonable person" would expect to be necessary to just complete the basic transaction, is not that hard to write some principles around. This is why judges are still human.
> and also in six years if you sue a related entity they'll cite your parking agreement as the reason why you're not allowed to sue them
If only they stopped there. After you've parked, you go in to some random activity and sign a liability waiver that, as written, says if the janitor's father's brother's nephew's cousin's former roommate murders any member of the same species as you at some point in the future, whoever relevant will have to simply ignore the inconvenience because you once went into an escape room.
Of course the extreme interpretation could never hold up in court, but it's absurd that I've even seen so many places that explicitly try to waive gross negligence in places where it's long been established to not be possible (or even places where it invalidates the entire clause!). These are sometimes justified as scaring people from lawsuits even if they don't provide and real protection, but why are we putting up with that?
>also in six years if you sue a related entity they'll cite your parking agreement as the reason why you're not allowed to sue them (see recent Disney wrongful death case).
It's worth mentioning that in that case, Disney didn't operate the restaurant that allegedly caused the wrongful death, but got included in the suit because they had a website listing for that restaurant. In that case I think it's pretty reasonable that if Disney can be put on the hook for having a listing for a restaurant that caused the wrongful death, that they can be let off the hook for having a waiver in their website T&C.
How about: any terms that can be reasonably expected to be surprising to -- and negatively affect -- a reasonable person under its scope are unenforceable without the consent of all of those people.
(This is intended to be phrased on a way that includes e.g. cases where one party agrees to terms but another one is affects by it to their surprise, like your spouse when you buy a cell phone plan. So rephrase as needed.)
I’m pretty sure Judges consider whether such terms are within certain bounds of reason… they can be expected to annul terms such as ‘the customer has to offer their first born son as a sacrifice’ or ‘the customer has to pay a billion dollars in compensation’, etc...
It's not like I'm telling you to trust me on definitions. Just look up how it's been applied in the past. It's been a much, much higher bar historically.
>Is it really an agreement if you must agree to it for basic necessities?
The article says the article says the location data was "harvested from ordinary apps installed on phones". What type of "basic necessities" are you getting from apps on your phone that have location access? I'm guessing it's from random weather apps, rather than something "basic necessities".
It sounds like you're advocating for a world where ordinary people need to choose between:
- not knowing the weather this weekend
- knowing the weather and signing away their firstborn child in the T&C
- becoming an amateur lawyer and spending dozens of hours reading and comparing T&Cs between apps to choose which one to use (until they change the T&Cs again of course, which they'll do without notifying you)
>becoming an amateur lawyer and spending dozens of hours reading and comparing T&Cs between apps to choose which one to use (until they change the T&Cs again of course, which they'll do without notifying you)
This right here is the issue. There's a protocol to these things focused on pushing out, but no reciprocal pipeline for feedback other than "clicked" to come back in. Clickwrapping should have been wholely dismissed as a valid medium for contracting. I'm willing to park on and die on this hill. A contract regime wherein oneside is the progenitor of all changes, is not, in fact, a meeting of anything.
And yes, I'm drinking my kool-aid at this point. Sucks being on the minimalist side of the Software world, but I'm doing my damnedest to cut out every EULA possible, replacing it with something wherein I can be assured the world won't be turned over on me at a moment's notice at the behest of a bunch of greed optimized psychopaths sitting on top of an infrastructure most of them would be powerless to keep running short of the economic game of Mutually Assured Destruction the West calls it's capitalist "free market" system (which is anything but once you scratch beneath the surface).
How about not granting location permissions and typing in your location manually? Weather forecasts worked fine before phones with geolocation built in.
We're talking T&Cs here. How would typing in your location invalidate you agreeing to (what a company would like to believe is legally binding) clickwrap T&Cs? Even if you deny individual permissions, apps will still slurp up your app list/hardware specs/any metadata they can get their grimy hands on, directly and indirectly through side channels. You're saying to give them 999 data points instead of 1000 and you think that's a solution?
>Even if you deny individual permissions, apps will still slurp up your app list/hardware specs/any metadata they can get their grimy hands on
Is this a purely academic thought experiment or something that's happening in practice? I'm not exactly sure what the "999 data points" consists of. Given basically nobody assembles their own phone, the most that hardware fingerprinting will reveal is "you have an iPhone 13", impossible to differentiate from all the other iPhone 13s floating around because they're all identical. Both android and ios have cracked down on software fingerprinting as well, so you can't for instance grab a list of all installed apps.
The crackdown was fairly recent, right? Do you think we should trust that both companies have at long last perfectly solved all privacy problems with this latest crackdown and now everything is perfect and we'll never have any privacy mistakes or side channel leaks ever again?
I don't know about iOS, but here's the situation on Android:
> The QUERY_ALL_PACKAGES permission only takes effect when your app targets Android API level 30 or later on devices running Android 11 or later.
So I guess end users should just check which SDK level their weather app was compiled for! Simple, right?
And if the parking app was compiled for SDK level 29, people should just go find another parking lot with a more recent app?
You're suggest technical solutions to social problems, and those rarely work out in the long term, especially with adversarial parties. Better to solve the problem at the source.
> You're suggest technical solutions to social problems, and those rarely work out in the long term, especially with adversarial parties. Better to solve the problem at the source.
That, to me, was the big takeaway from Attack Surface by Cory Doctorow. The idea that you can't "out tech" the State[1]. Because even if you, as an individual, are in fact (smarter|more talented|more capable) than any individual employed by the State, they still have you out-resourced to a degree that makes your cleverness moot. And as a defender, you only have to make one mistake and it's game over.
If I get Cory's point right, it's to say something like "as technologists, we should use our skills in service of effecting meaningful change through the democratic process", as opposed to creating better tech for evading State surveillance[2].
[1]: I think here you could probably read "the State" as "the State AND/OR BigCorps".
[2]: That said, there's probably still at least some basis for doing both. But "effecting change through the democratic process" is probably the better long-term strategy.
>And if the parking app was compiled for SDK level 29, people should just go find another parking lot with a more recent app?
The play store has minimum SDK level requirements, so you can't compile your app against an ancient SDK level to bypass all the restrictions. Moreover, your linked article suggests that even if you have an existing app that does this, the play store will eventually down your app if you don't provide an explanation. This is consistent with some complaints posted on HN recently, eg. https://news.ycombinator.com/item?id=41895718
You completely ignored the substantive part of my post, so I'll restate without distractions.
1. Do you believe that with these latest round of updates, our benevolent corporate overloads Google and Apple (both advertising companies to some extent) have at long last fully solved privacy, plugging every possible information leak and fixing every possible software bug, both present and future?
2. If you do, then do you think it's desirable that we expect every participant in modern society to enter into one-sided, legally-binding contracts with companies they've never heard of with every small action they take on a daily basis, and then use complicated technical measures to avoid fulfilling their end of those contracts?
>You completely ignored the substantive part of my post, so I'll restate without distractions.
I ignored those parts because you're moving the goalposts way past my original comment[1], which only objected to the claim that people were somehow coerced into having their location sold because the apps doing the tracking were providing "basic necessities". Is the fact you're using an iPhone, are visiting from an IP address that suggests you're in Kansas and using Verizon an "information leak"? I guess, by some definition. Is that anywhere close to getting your location tracked? Hardly.
The reason Apple and Google continually patch and change their rules is because they have been playing a cat and mouse game with bad actors who, for decades, have continued to find ways to siphon personal data off devices despite the technical restrictions in place.
You seem to have an awful lot of confidence that "iPhone" and "Kansas" are the only pieces of data any app can get from a device.
So can we say that you agree with #1: after decades of playing cat and mouse with advertisers and spyware authors, these latest updates from Apple and Google are the magical updates that finally completely solved privacy once and for all, and there will never be any bugs or mistakes or security holes ever again?
> What type of "basic necessities" are you getting from apps on your phone that have location access?
I already mentioned one: parking apps granted a monopoly over a region by a municipality. Before you ask, no, there are often no meters to feed cash or a card to anymore (the apps don’t want those cutting into their fees). Your options are to accept the T&C in the app so you can go buy groceries or get parking tickets, and eventually a boot or tow.
And those apps require location access? As per app store guidelines, they're supposed to provide fallback if you deny location permissions. Not to mention both iOS and Android have cracked down on background location permissions years ago, so at best those parking apps is getting a list of places you parked at, not minute by minute location updates. Tracking you by where you swiped your credit card is probably more reliable than this.
You in fact do not need to check the weather forecast to do those things. People went outside and made plans just fine before we had the weather on TV, much less on a computer.
reply