I'm curious, how did his name being on this list significantly affect his business?
I live in a different country and I can't imagine checking the "traffic fine registry PDF on a random government website" when considering which plumber to hire.
I don't doubt that this caused him problems, I'm just trying to understand how.
I should have clarified - I only found his business through that list because I noticed his vanity license plate HPPYPPS, which corresponded to a business named Happy Pipes Plumbing which I subsequently found on Yelp.
Also, I found out about his van getting towed because I scraped towing records from Autoreturn (the city's main towing provider - lots of corruption around that deal). Autoreturn's website at the time had a query parameter like "?towid=1", so you could increment that to pull all towing records.
I started working on a pretty in-depth data analysis and visualization, similar to what was done here, but I got caught up with my day job and some rock climbing dreams. I handed over all my research to a few local reporters a while back - they were really excited to talk to me in person about it, but I haven't seen anything published since.
Thanks for clarifying! So basically his van kept getting towed and he kept losing business as a result? Presumably it also cost him to recover his vehicle. So in summary, if you got on this list you're just permanently screwed in SF? And you can get on this list by paying a fine twice by accident?
> "?towid=1"
Funnily, incrementing that number in the country I live in would itself be a crime. If the company I did this to found out, they could probably take me to court and win.
More likely is he paid a ticket incorrectly. Someone said he paid the same ticket twice instead of paying each ticket once. Then the city racked up delinquency fines while making little to no effort to inform him of these fines or the outstanding ticket. One day, he gets towed and can't get his van back until thousands of dollars in fines and penalties are paid from a ticket that he thought had been taken care of long ago.
Either people are broadly ok with being screwed (my personal experience suggests this) or there is a grand conspiracy to prevent anyone who is not screwing their customers from competing in the market.
Maybe it is the latter, who knows. But what I do know is that the non-screwing options exist, but are often less popular and more expensive (either in price, time, or effort).
And this annoys me to no end. Because _I_ don't want to be screwed. But whether I get screwed or not increasingly depends on how much those around me are willing to get screwed or not.
It's not that people are OK with being screwed over but rather that they have been conditioned into being helpless about it. Big corporations hire psychological experts that know exactly how to manipulate you into thinking you need their products or otherwise act against your own best interests, whether that's through advertisement, peer pressure or whatever else they can come up with.
You yourself admit that while you don't want to be screwed you only have the option of not being screwed if those around you also choose not being screwed yet somehow you conclusion that others are different and must be OK with being screwed. Presumably you also often choose being screwed over being socially ostracized? Do you really make sure that all those around you have options to still interact without without being screwed?
Yes people often technically have options of not getting screwed but those options almost exist in a different world and in order to choose them you have to abandon the one you are living in now. That people cannot afford to do that does not mean that they are OK with being screwed.
> Presumably you also often choose being screwed over being socially ostracised?
No, I only choose being screwed over being homeless, or jobless.
Which didn't use to be a particularly likely scenario but the tides are turning.
I don't care about being socially ostracised for refusing to ever use WhatsApp for example.
We teach children not to cave to peer pressure as if it was a choice they could make, and now you're claiming that caving to peer pressure is not something people choose.
"Yes people often technically have options of not getting screwed but those options almost exist in a different world and in order to choose them you have to abandon the one you are living in now."
But the question that remains is this: If the true situation is people who'd desperately like not to be screwed, and would pay the same or more for this privilege, but are made helpless by corporate propaganda and market dominance, why do we not see new players rushing in to fill this need? They could take massive amounts of market share.
There are only two explanations I can see:
1. Monopoly forces or similar at work.
2. This is not the actual situation.
Regarding 1, you can make the argument for a network effect/coldstart problem. That seems possible to me as an alternative explanation, and as a way out. Still, in my personal experience, 90% of people just don't care that much, and so are vulnerable to essentially being "bribed" by short-term corporate incentives. The free/privacy-respecting alternatives would have to match this force, and also match the marketing.
I don't think there is such a specific thing and certainly disagree that all idiomatic rust is somehow slower by default.
You can write rust like you might write a higher level language and then that can end up slower but if you write idiomatic low level rust, the performance is much harder to compare with C. There are things which will be faster in C and things which will be faster in Rust but broadly things will be extremely similar in performance.
I write bare metal embedded rust a lot these days and there are quite complex concepts you can represent in rust which make your code a lot safer without a performance hit.
Idiomatic "low level" rust clocks in at about 10-50% slower than hand-coded C every time I try it. It is also about 10x easier to write the Rust code. Unsafe is just required a lot of the time. Sometimes it's code size or struct size just being larger to express a similar concept. To get back your performance you have to do things that are un-idiomatic (but you have to do in C anyway).
1. Rust structs are generally smaller due to layout optimization.
2. A 10-50% difference is well within the “are you measuring debug builds?” territory.
I’m curious what code you are writing that requires unsafe all the time? I do a lot of low-level optimization, and unsafe is barely ever actually needed.
It sounds like you work with people who don't really know C. Understanding how to pack a struct is a pretty basic skill. Write an optimized database or network stack without unsafe for me.
I said "every time I try it" and I said "idiomatic Rust." The fast rust implementations are consistently starred there, indicating use of hand SIMD or unsafe or others. If you read them, they are not very idiomatic.
Also note that 3 of 4 comparisons in favor of Rust are marked "contentious" for using different algorithms with different limitations - they are not equivalents. The last one is k-nucleotide, which is a very algorithmically heavy problem where nobody has given optimized C and Rust has won at producing a decently optimized thing quickly. Note that the fastest C++ implementation handily beats Rust on that one, also.
It just fundamentally does not make sense to compare languages by comparing codegen backends. GCC and LLVM do not produce the same code for equivalent code, especially when optimizations are applied. It's an apples-to-oranges comparison.
Using Clang instead of GCC, the comparison becomes slightly better, at least for microbenchmarks that don't rely too much on libraries.
These benchmarks are still useful from a practical viewpoint - answering the question "what's the expected performance bracket of using language X in real projects today". But it doesn't say anything fundamental about the language design or even the quality of the implementation.
I know what you said. I just don't think it was interesting. If by idiomatic rust, you mean generic "unoptimized" Rust being slower than optimized C, then yeah. No shit.
On a similar note, I don't think it's worth talking about C as if the only C being written is highly optimized hand rolled assembly style of C. That's one in a thousand projects.
Now, as for the benchmarks game, you mean 3 of 6 comparisons in favor of Rust. Rust is winning the benchmarks against C there.
I had a look and the top Rust and C entries are using the same pcre2 library in regex-redux. Same for pidigits where both libraries are using GMP.
The only library difference I can see is that the C entries are using OpenMP and both Rust entries are using Rayon. Now, you could claim that using Rayon gives Rust an unfair advantage. But an entirely userland library beating an industry standard with support from compilers is not a good look for C.
I’m not really sure what your point is by linking the benchmarks game. I mean, it’s a fun activity, but this is saying nothing about C vs. Rust. It may or may not be saying something about GCC vs. LLVM.
I also did not say "always," I said "every time I try it." The benchmarks game is a public example of this, with well-optimized implementations in all languages.
Why can't people just take the win of "10% slower, 10x easier"?
#!/usr/bin/env python3
from urllib.parse import urlparse, parse_qs
from sys import argv
print(parse_qs(urlparse(argv[1]).query)['url'][0])
This is unsafelinks. Pass it a safelinks url, and it will print the original URL. Very important when you have a one-time-use link which safelinks can break.
In my personal experience as someone who has spent the last 6 years of his career in the security industry, almost nobody actually uses CVSS the way it is intended, they just almost arbitrarily tweak the CVSS inputs to produce an output they like.
You are correct that the attack complexity probably shouldn't be high in this case. But presumably the person calculating the CVSS score thought it was too high if attack complexity wasn't set to high.
CVSS has other issues, like people trying to apply it to things that are not vulnerabilities. I would ignore most CVSS scores you see and just read what the issue is instead and make your own judgement call.
I can do the things that are hard to start but fine to continue. But sometimes you have a very long slog which is hard to start and hard to continue and hard to finish. That's where the difficulty lies.
SafetyNet works in GrapheneOS. What Google Pay requires is that the attested signature is trusted by them, a lot of apps, including many banking apps (at least in the UK) use safetynet but do not require the signature is trusted.
But like, it won't matter how many viable Linux phones there are if the government tells you that if you want to pay your taxes you must first buy a piece of hardware blessed by an american corporation and running blessed software which doesn't let you control the device in order to access the tax payment portal.
Because if you don't pay your taxes, the government will insist that you go to prison.
The problem isn't really what google is doing, the problem is that were letting our existence as free citizens in a society depend on a piece of blessed hardware/software we must carry around with us everywhere we go.
We need to strongly resist having software/to become strongly codependant on hardware broadly speaking. But especially software/hardware that we can't control and which is sold by two american companies.
Maybe, who knows. It was an example. All I know is countries like Denmark and maybe soon all of Europe seem completely carefree with regard to making citizenship depend on device ownership so...
Quite a few banks in the UK now require an app, and that's a liability for me as who knows when they'll arbitrarily decide to lock me out of my account because I am not running stock google android.
The bank I'm with uses a hardware token which I can tolerate because, while it does require a codependence on hardware, at least the hardware is provided for free by the bank. I can also manage my account over the phone without the hardware.
I mean, it's hard to avoid indirectly using things that use npm, e.g. websites or whatever. But it's pretty easy to never have to run npm on your local machine, yes.
I live in a different country and I can't imagine checking the "traffic fine registry PDF on a random government website" when considering which plumber to hire.
I don't doubt that this caused him problems, I'm just trying to understand how.
reply