Sounds interesting, care to elaborate a bit? How do you deal with, eg: CDNs? Whitelist *.cloudfront.net, I suppose? How often do you revisit your whitelist?
I have found I can block cloudfront domains by default with almost no inconvenience.
Occasionally something like a download link, where the webmaster has chosen to use cloudfront for that specific resource, might require that I whitelist a cloudfront domain temporarily. If the domain has a unique subdomain and I am confident no ads are ever served from that subdomain, I might whitelist it permanently.
Every user is different and visits different websites. Each user's needs are to some extent unique. I think you have to find what works for you. No one can do this for you.
The more engaged you become in blocking ads, when you stop relying 100% on a third party to try take care of it for you, I think the more familiar you become in exactly what domains you need to access to accomplish whatever it is you are doing on the web. That knowledge allows you to make yoiur whitelist.
Meanwhile anyone using Chrome can tap into the built-in diagnostics via chrome://chrome-urls to get a very quick and easy analysis of what domains they are requesting and the ones they actually need:
chrome://site-engagement
To answer the second question, if I am visiting new sites, then the whitelist is modified accordingly. Otherwise I have found the majority of IP addresses to be quite stable. If I am visiting many random websites, eventually I will find one or two that are changing their address either perirodically or permanently.
Personally I like to know if websites are changing their IP address. I think there can be good and bad reasons for changing IP address. When one is using whitelisting instead of unrestricted recursive queries to a DNS cache then it becomes easy to identify websites that are changing IP address and to monitor the changes.
Probably offtopic, but would you mind expanding a bit on the mentor requirement a bit? Being in a similar position, I'm a little embarrassed that's not something I've considered so far and that made me a little bit anxious.
Sorry I didn't mean to create anxiousness. Don't freak out.
But basically everything we've found in rigorous study suggests that to master something you need a mentor/coach. It's not that you can't' figure the stuff out on your own. It's that you will save tremendous amounts of time by not doing so.
So one of the big weaknesses of going to work for as startup, especially as a newish dev, is that the mentorship opportunities are frequently lacking (startups have a hard time paying what mentors are worth). But this just means that you have to account for that in other ways:
- make sure your next job is geared around the mentorship opportunities
- go out of your way to develop mentorship relationships outside of work.
There are lots of very good benefits to working at startups. Just be aware of the trade off and make sure you are accounting for it in your career plan. Careers are long, no reason you have to optimize for each thing at each job.
At this point I don't feel guilty anymore when I'm not feeling motivated, because I know it'll be back some time soon. At the beginning I'd get worried I'd never be motivated again, now I just treat it as a "part-time vacation". Read history books, play tennis, cycle and enjoy my family. :)
That's really cool! I used PokerStrategy's equity calculator for a long time and must have thought "hey, I should build one of those to learn how Monte Carlo works" around 100 times.
True. The problem is that websites like Walgreen, which simply break with no JS, are only getting more common. I'd like to make a point of simply closing the tab in such cases, but it's not always possible.
I've always found it fascinating that Windows/Microsoft error messages seem to have some kind of UUID (Error #c101a053 is one I found on my search history from 5 years ago), but you _can't look them up by UUID_ on the MS help pages or even online (and sometimes they don't seem to even be unique). I've always wanted to know what they do with these numbers.
That looks like a NTSTATUS value. You often see also HRESULT values. They are structured values, some of the bits tell you which subsystem generated the error, other bits tell you the error number within that subsystem.
Right. My gripe with it is that you tend to see them thrown into error messages without the corresponding string representation, thus forcing the user to do the lookup by hand.
Seriously, it can't be that hard to call the NT equivalent of strerror(3) when formatting these messages.
I've used that technique in products I built. Not speaking for MS but in my case the UUID was either written into some server log (to hopefully be used to diagnose the problem if reported), or matched diagnostic statements in our source code (so the problem could be diagnosed in conjunction with the code). Using a unique identifier helps prevent the kind of confusion caused when 3 different developers all decide that "this can't happen" is a good diagnostic message to display to the user.
Fwiw the identifier you posted isn't a UUID but the same justification applies.
Right, I expressed myself poorly. Maybe I meant just an ID?
My gripe was just that I expected that to index a knowledgebase of error messages, but the one I mentioned, for instance, isn't even documented.
edit: still, it's far better than the previous state of captchas. I'm glad they did this. But it's like for anything to be considered "advanced" or "good" in tech lately, it has to have been powered by "machine learning".
Well, technically, it is machine learning. Only that the machine learning was likely part of the usual data mining on google accounts and not much specific to the captcha problem...
(That said, whenever I used that checkbox widget they had before this announcement, there was a noticeable framerate drop in the browser while the thing was doing its magic. So I suspect, they are at least doing some browser fingerprinting/benchmarking to see if the widget runs inside selenium or a stock browser.
I also remember rumors that they analyze keyboard/mouse input on the page and check if it looks "human", but I'm not sure if that's true.)
Yeah it's basically browser fingerprinting (incl. GPU fingerprinting, hence the slowdown) plus google cookie.
If your browser is standard (AKA no anti-fingerprinting plugins) and your advertising cookies are not blocked (privacy or adblocker plugins) you'll probably pass with no issues.
If either of those is not true, you have to solve a bunch of image captchas.
Mouse/keyboard input analysis was just marketing talk; at least when they first released the nocaptcha it wasn't even captured.
>Looking at it naively, it seems to follow the rules for the arguments object in Crankshaft
I've never managed to find a good source on the V8 internals and how to target these optimizations (the "rules for the arguments object" the author alludes to).
They are complementary resources, "Optimization killers" helps you avoid pitfalls in practice, "v8-bailout-reasons" tries to document and explain the various Crankshaft bailouts.
