> he goes back to thinking about his next genius business plan
The reverence that people has for rich people astonishes me. Rich people is just average people with money. Actually, they are probably worse at their jobs because they need less effort to earn money.
Rich people are not rich because they are "genius" but because they game the system.
I know very hard working people that created their companies and got rich, they treated their employees fairly and were smart and capable.
They are not your average rich person. Your average rich person is an average person with average intelligence, average knowledge but protected from reality what makes them more gullible and they have a hard time understanding many not so difficult concepts about the economy.
Exceptions exist. Your anecdotal evidence is confirmation bias for your world view, quite far from reality.
Sometimes a comment is tongue in cheek. He might be thinking about a genius business plan, or he might be thinking about redecorating his mistress house. But he probably isn't going to spend hours looking for the cheapest rate for a flight.
I may use a tool time to time, but I do not use anything daily (on purpose at least, as all software nowadays has AI running in the background that I do not care for).
> trying to impress their bosses and curry the next promotion
There are companies where the entire upper echelon is like that. Full of career people that is only looking up to get a promotion and ignoring their responsibilities toward their teams.
One of the symptoms of this disease is that there is a total disconnect between leadership and the average employee. As everybody is looking up there is no connection or communication down.
And it is very difficult to fix. People at the top have that mindset. So, their expectation is that people below them will be tending all their desires and laughing their jokes. They do not understand promotions as a reward for performance but as a reward for personal loyalty.
The bigger the corporation, the easier this occurs. Small companies die when this happens, big monopolistic corporations get so much money that they can afford to sustain such an inefficient way of working. For big enough corporations it looks like "nobility" in a feudal system. Backstabbing, office politics, and sectarization dominates the environment.
I've been meaning to write a blog post about the "level of purpose" in a job:
At level 3, the best level: The company is curing children's cancer or something else that you are personally motivated to do and satisfied by. The work is something you would do without pay (though you might not have as much time to do it if you weren't paid). Your highest purpose is to cure children's cancer.
At level 2: The company is doing work you are not personally interested in, but you work with good people doing good work. The company and people support each other and build a profitable product. Your highest purpose is to make the company profitable.
At level 1: The company starts doing stupid shit and acting in self-destructive ways. The company is run by managers who care more about growing their own headcounts than the overall profitability of the company. Your highest purpose is to make your manager happy.
At level 0: Your manager is also doing bad things. At this level the only purpose the job fulfills is giving you money, and there's no reason to not go full psychopath and do whatever it takes to maximize the amount of money you get. Your highest purpose is to make money without doing anything too illegal and avoid trouble.
What level is your job at?
Level 3 is rare and always will be, that's okay.
Level 2 is good, and I sometimes hear people on HN offering level 2 as the correct attitude to have towards work. But we need to recognize that workers are often asked to do stupid or semi-dishonest things that are not profitable for the company.
Level 1 and 0 are stages of hell, and it's sad how common they are.
I think there are actually two separate axes here, one for the meaningfulness of the job, and one for the behavior of management. There are lots of companies where the work is personally fulfilling (level 3) but the bosses are in it for themselves (level 1 or 0). From what I've heard, SpaceX would fall in this category for me, as would many non-profits.
That's an interesting model, but I see it different: one axis is a prerequisite for the other axis--they aren't separate.
The company as a whole might serve a noble purpose, but your purpose as an employee will have no connection to that if you're just redesigning the coversheet for TPS reports.
> Instead, the challenge is to proof [prove] that an admin team can manage users and their data, software and devices with or without Active Directory and without Microsoft Windows within a migration period of rather 2 years than 20 years.
Get rid of consultancy companies and do the change in house. In my experience, consultancy companies solution for everything is to integrate complex solutions (Microsoft, Oracle, ...) an charge as much as possible per hour. They have all the big-tech certifications possible, and that is what they want to implement. It is a the fox guarding the hen situtation.
The Dutch government literally put out an RFP for 'Microsoft Outlook licenses'. Not mail clients, not email services, but a specific company's product. In an RFP.
That is true for almost all security. It is not impossible to break cryptography, but it is costly enough as to not be viable in most cases. Most of security is about to make it costly enough to break as to not be worth it.
One time pad cryptography generated with truly random pads with no reuse of keys and no leaks in key transmission being the big exception.
But yea, calling it inconvenient for most uses is quite an understatement. It did serve many spies well though during the Cold War using numbers stations, even if the Soviets were known to take short cuts by just having a room full of people randomly hitting keyboards rather than using true randomness.
Important for all countries, except maybe oil producer countries, for that exact reason. Importing energy is high risk for any country. Solar and wind are locally produced, less prone to have chock points and as a plus they are environmentally friendlier.
> Spicy. European courts and governments will love to see their laws and legal opinions being shrugged away in ironic quotes.
The GDPR allows to retain data when require by law as long as needed. People that make regulations may make mistakes sometimes, but they are no that stupid as to not understand the law and what things it may require.
The data was correctly deleted on user demand. But it cannot be deleted where there is a Court order in place. The conclusion of "GDPR is in conflict with the law" looks like rage baiting.
It doesn't really matter from what country the company is. If you do business in the EU then EU laws apply to the business you do in the EU. Just like EU companies adhere to US law for the business they do in the US.
Because we're talking about the personal data of EU citizens. If it's to be permitted to be sent to America at all, that must come with a guarantee that EU-standard protections will continue to apply regardless of American law.
I say temporary because it keeps being shot down in court for lax privacy protections and the EU keeps refloating it under a different name for economic reasons. Before this name it was called safe harbor and after that it was privacy shield.
Of course you don't need permission to do something with your own data. But if someone wants to process other people's data, that's absolutely a special privilege that you don't get without committing to appropriate safety protocols.
I'm not sure they are "retrieving" data. People register on the website and upload stuff they want to be processed and used.
I mean, sometimes the government steps in when you willingly try to hand over something on your own will, such as very strict rules around organ donation, I can't simply decide to give my organs to some random person for arbitrary reasons even if I really want to. But I'm not sure if data should be the same category where the government steps in and says "no you can't upload your personal data to an American website"
Likewise, why should America be able to override European laws regarding European users in Europe?
It's all about jurisdiction. Do business in Country X? Then you need to follow Country X's laws.
Same as if you go on vacation to County Y. If you do something that is illegal in Country Y while you are there, even if it's legal in your home country, you still broke the law in Country Y and will have to face the consequences.
Ditto for service vendors who also deal with user data.
Even within the EU, this is a mess and companies would rather use a simple heuristic like put all servers and store all data for EU users in the most restrictive country (I’ve heard Germany).
If outside EU, then they need to accept EU jurisdiction and notify who is representative plenipotentiary (== can make decisions and take liability on behalf of the company).
> Where does the company operate?
Geography mostly doesn't matter as long as they interact with EU people. Because people are more important.
> What country is the individual user in?
Any EU (or EEA) country.
> What country do the servers and data reside in?
Again, doesn't matter, because people > servers.
It's almost like if bureaucrats who are writing regulations are experienced in writing regulations in such a way they can't be circumvented.
EDIT TO ADD:
From OpenAI privacy policy:
> 1. Data controller
> If you live in the European Economic Area (EEA) or Switzerland, OpenAI Ireland Limited, with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.
> If you live in the UK, OpenAI OpCo, LLC, with its registered office at 1960 Bryant Street, San Francisco, California 94110, United States, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.
As you astutely note, the company probably has it's "HQ" (for some legal definition of HQ) a mere 30 minutes across Dublin (Luas, walk in rain, bus, more rain) from the Data Protection Commission. It's very likely that whatever big tech data-hoarder you choose has a presence very close to their opposite number in both of these cases.
If it was easier or more cost-effective for these companies not to have a foot in the EU they wouldn't bother, but they do.
> It's almost like if bureaucrats who are writing regulations are experienced in writing regulations in such a way they can't be circumvented.
Americans often seem to have the view that lawmakers are bumbling buffoons who just make up laws on the spot with no thought given to loop holes or consequences. That might be how they do it over there, but it's not really how it works here.
EU companies are required to act in compliance with the GDPR. This includes all sensitive data that is transfered to business partners.
They must make sure that all partners handle the (sensitive part of the) transfered data in a GDPR compliant way.
So: No law is overriden. But in order to do business with EU companies, US companies "must" offer to treat the data accordingly.
As a result, this means EU companies can not transfer sensitive data to US companies. (Since the president of the US has in principle the right to order any US company to turn over their data.)
But in practice, usually no one cares. Unless someone does and then you might be in trouble.
> GDPR: “Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognized or enforceable if based on an international agreement…”
That is why international agreements and cooperation is so important.
Regulatory entities are quite competent and make sure that most common situations are covered. When some new situation arises an update to the treaty will be created to solve it.
Seems like the EU should be less agreeable with these kinds of treaties going forward. Though precedent is already set by the US that international agreements don't matter so arguably the EU should just ignore this.
> Regulatory entities are quite competent and make sure that most common situations are covered.
There's "legitimate interest", which makes the whole GDPR null and void. Every website nowdays has the "legitimate interest" toggled on for "track user across services", "measure ad performance" and "build user profile". And it's 100% legal, even though the official reason for GDPR to exist in the first place is to make these practices illegal.
Exactly. The ECJ flapped a bit in 2019 about this but then last year opined that the current interpretation "legitimate interest" by the Dutch DPA is too strict (on the topic of whether purely commercial interests counts)
It's a farce and just like the US constitution they'll just continuously argue about the meanings of words and erode then over time
None of those use cases are broadly thought of as legitimate interest and explicitly require some sort of consent in Europe.
Session cookies and profiles on logged in users is where I see most companies stretching for legitimate interest. But cross service data sharing and persistent advertising cookies without consent are clearly no bueno.
"legitimate interest" is a fact about the data processing. It cannot be "toggled on". It also does not invalidate all other protections (like the prevention of data from leaving the EEA).
legitimate interest is, for example - have some way to identify user who is logged in. So keep email address for logged in users. Have some way to identify people who are trying to get account that have been banned, so have a table of banned users with email addresses for example.
none of these others are legitimate interest. Furthermore combining the data from legitimate interest (email address to keep track of your logged in user) with illegitimate goals such as tracking across services would be illegitimate.
It's weasel words all the way down. Having to take into account "reasonable" expectations of data subjects etc. Allowed where the subject is "in the service of the controller"
preventing fraud and info security are legitimate, direct marketing may be legitimate but probably is not.
direct marketing that I believe is legitimate - offers with rebate on heightened service level if you currently have lower service level.
direct marketing that is not legitimate, this guy has signed up for autistic service for our video service (silly example, don't know what this would be), therefore we will share his profile with various autistic service providers so they can market to him.
Fraud prevention is literally "collect enough cross-service info to identify a person in case we want to block them in the future". Weasel words for tracking.
> therefore we will share his profile with various autistic service providers so they can market to him.
This again falls under legitimate interest. The user, being profiled as x, may have legitimate interest in services targeting x. But we can't deliver this unless we are profiling users, so we cross-service profile users, all under the holy legitimate interest
> Fraud prevention is literally "collect enough cross-service info to identify a person in case we want to block them in the future". Weasel words for tracking.
You're literally not allowed to store that data for years, or to sell/use that data for marketing and actual tracking purposes.
You would not be allowed if not for legitimate interest.
Websites A and B buy fraud prevention service FPS, website A flags user x as fraudulent, how should FPS flag user x as high risk for website B if consent from user x was required?
Legitimate interest literally allows FPS to track users, build cross-service profiles, process and store their data in case FPS needs that data sometime in the future. Under legitimate interest response to query "What's the ratio of disputed transactions for this user?" is perfectly legal trigger to put all that data to use, even though it is for all intents and purposes indistinguishable from pre-GDPR tracking.
Basically, the GDPR doesn’t guarantee your privacy at all. Instead, it hands it over to the state through its court system.
Add to that the fact that the EU’s heavy influence on the courts is a well-documented, ongoing deal, and the GDPR comes off as a surveillance law dressed up to seem the total opposite.
Quite right it doesnt absolutely protect your privacy. I'd agree that it's full of holes, but I do think it also contains effective provisions which assist with users controlling their data and data which identifies them.
Which courts are influenced by the EU? I don't think it's true of US courts, and courts in EU nations are supposed to be influenced by it, it's in the EU treaties.
While writing code I think about what I am doing, improvements, etc. To write easy boilerplate code helps me to find improvements or even realize that there is some risk I overlooked. It is a zen state that helps with the deep thinking part.
Not writing code forces me to read and reread the code to get the same realization. That is why it is harder to work with code written by other people.
In the age of AI all code is code written by someone else that I have to maintain, it looks like a nightmare.
Yeah I have the same. In general, writing (and experimenting) is how I _think_. If I read code, it takes me a lot longer to understand.
Sure, I save some time by not having to do any trial and error, I'm looking at a solution that already works according to some testing. But then I start to wonder about edge cases, leaky abstractions and such, and not having done the work, that's where a lot of the effort saved by not writing it comes back, at a stage where the work is seemingly already done and "just" needs reviewing, which is somehow more frustrating.
Perhaps people are just different. I work great on a blank canvas. I know a lot of people struggle immensely with it. Hell, some people type so slow or have such low mastery of their tools, I really feel their pain watching them.
One old trick that helps a bit with understanding, is to not copy paste what the AI suggested, but rather to manually copy the code suggested the way you would do it with a physical book.
The reverence that people has for rich people astonishes me. Rich people is just average people with money. Actually, they are probably worse at their jobs because they need less effort to earn money.
Rich people are not rich because they are "genius" but because they game the system.
reply