Given the very interesting comments on the "Ask HN: What is the most impactful thing you've built?", I was wondering about something similar: Things you regret based on ethical implications, bad technical decisions you made convinced you were right but regret/cringe about later, failures on miscalculations on budgets that provoked a bad outcome in the company etc whatever.
Thanks in advance.
I'm a lot more paranoid about privacy these days.
1. Almost all software can be abused or co-opted for surveillance purposes.
2. Some software comes already designed for surveillance purposes up front.
2a. This includes plenty of well-known mass appeal software; importantly, the customer-facing marketing copy and the investor pitch can present a completely different value proposition.
3. Software doesn't become used for surveillance or abuse by accident; there are actual human beings who make a decision to use it in this fashion, or commission it for this purpose.
3a. The "misguided programmers harming people by trying to solve social problems with technology" meme is dumb for many reasons, but it's also distracting (possibly purposefully so) from the fact that it's not software, or people who coded up the software, that are the primary culprits. The coders that were too naive or too self-interested to refuse work or blow the whistle may have some responsibility, but we should start talking about the people who made the decisions to commission or repurpose technology for bad purposes.
which is why it's less of a technical problem and more of a social problem
people need to realize that with how the technology is today we can't afford to rely on marked self regulation for a lot of things especially wrt. privacy protection it just fundamentally does not work
(Or in other words, such usage of employee surveillance should be just plain out forbidden by law not just to be used but to be deployed)
I tend to believe it, "will be."
All tech will eventually be used to try to gain an advantage in war and surveillance. I don't think there's a way to prevent it.
https://en.m.wikipedia.org/wiki/Dual-use_technology
There's probably more illegally unpaid overtime than there's unauthorized (boss doesn't like) breaks. The data can likely prove that, too.
I am sick and tired of how often extremely pertinent information has to be neutered in this way. And I am utterly disgusted at how the legal system is used to protect scummy corporations like this unnamed hotel chain.
I wish we had strong laws that prevented employers from even thinking about threatening employees for talking about their work. Or collective bargaining to make sure employers don't have the leverage to impose such one-sided contracts.
My apartment building has lights in the hallways that are only on when needed, but they just use a basic infrared sensor.
* Minimize installation cost. They just wanted to plug into a light socket, not run network cabling.
* Push data logs to a central server. They didn't want to send a tech physically to each lightbulb to get data for e.g. energy usage certifications.
plus other obvious requirements.
All of that made it really easy to just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs (since they already tracked that to discover who their physical neighbors were). Instant employee monitoring.
For location tracking they specifically called out things like equipment carts, but it was implied that it could track other bluetooth devices.
that's the rule I've always followed.
Deleted Comment
i have never worked in an office environment where people didn’t routinely unwind for a couple minutes. the way we’re treated in an office setting vs those outside an office is in a lot of ways disturbing. a couple years ago my friends dad lost his job of 25 years because he was caught sneaking around a corner, out of eyesight of his foreman, to eat a candy bar. he had been warned about these “unauthorized” snack breaks in the past.
this idea is entirely foreign to any of us who sit at a computer coding or doing whatever desk job that sometimes we don’t stop to think of how ludicrous some workers are treated—my entire post college career, if i wanted to eat a candy bar, i just ate it.
were a decision to come down in just about any office full of engineers which said “unless authorized, you cannot drink or eat anything. if any unauthorized stoppage of typing occurs, there will be consequences.” people would be justifiably outraged.
but they’d be “catching” “unauthorized” non-typers.
the idea that someone somewhere decided to put trackers on human beings is wild.
Even without intending to, everyone would go from a ticket or two per decade to dozens of tickets on every commute.
"But the law is still the same!?!"
Of course it is, but changing from poorly scalable human-required surveillance to always-on, fully-scaled electronic surveillance, changes it from completely reasonable to massively oppressive.
If everyone's productivity is fine, and people take unauthorized breaks, no one will notice, all is cool. If one or two people are noticeably unproductive, the manager will likely investigate and fix the unauthorized breaks, which is also fine.
But with constant electronic surveillance, it's no longer about meaningful productivity differences, it is about oppression.
(I know I’m jumping right to where the slippery slope ends.)
Deleted Comment
Your profile indicates that you've commented on HN on a weekday.
Don't worry - this behavior has already been reported to the authorities.
1. Logs of the CDN were sent in real time to the ministry of technology -- there was about a 15 minute delay if I remember correctly, and they could impose fines if they were delayed. The log included the url visited, the IP address of the visitor, and a few other things. Perhaps the user agent? I forget.
2. The ministry of technology had a special API to block URLs on the CDN. Basically, they provided a list of URLs that would return a 451, and of course those logs also went to the government.
No other country had this kind of access at the time, but it was considered critical for the business to continue to operate in China. As I understand it, these are required to comply with chinese government regulations, and other CDNs like Cloudflare and Cloudfront have also built similar capabilities. Perhaps jgrahamc can comment on what cloudflare did?
I feel quite guilty about being involved with that project, but the business was set on building it, so I did what I could to limit the blast radius. I would not be surprised if someone got arrested or was killed because of it.
So, yes, I regret I couldn't do more, but I don't regret the choices I made with the information I had and the position I was in.
Deleted Comment
Other engineering disciplines have a strong focus on 'engineering ethics' and it may be more acceptable in different branches of engineering to refuse to build something that you consider unethical. I do not know if there are any professional bodies or laws which protect the employment rights of individual engineers who refuse certain work on ethical bases. But I feel that software engineers should be able to exercise their conscience, reference a standard of professional ethical principles, and refuse to work on such projects.
I'm very curious because many Chinese people including me are doing that daily.
(It would make me more sorry. Sorry.)
In that case, isn't it better for user privacy (not that anyone cares about it in China) to receive an ICP recordal but then wait for an actual request from law enforcement to turn over the logs?
Also, while you wouldn't see anyone from Amazon or Cloudflare comment on your thread, both have the ability to stream logs to a destination, and that is also exposed to customers, so I don't think they needed to build anything else.
At the time, Akamai also had the capability to stream logs, but the ministry of technology required a specific, custom interface to receive them, which required engineering work, especially to do it for an entire country without the customers configuring it themselves. I would be extremely surprised if it required no engineering work at Amazon or Cloudflare to deliver the logs in the way they requested.
As if that makes if any better?
Dead Comment
One meeting in particular really stands out still, a social media giant that everyone knows was in town meeting the founders to sell additional personalization data. Before that meeting, I thought things the start-up were doing were a bit sketchy, maybe borderline unethical. During the meeting itself, it was more like sitting around a table with Dr. Evil and a few henchmen. They were actively, unambiguously picking vulnerable groups for ad re-targeting. And that's not even the worst of it, the meeting wraps up and one of the founders says "OK guys, let's go get some beers and bring some girls". Then this despicable excuse for a man promptly walked out into the office, points at a few female employees and says "You, you and you, come with us now".
I hope this is a message that gets through to young devs. If someone is hiring you, you'll be making them more money than you cost. When you interview with someone, you're interviewing them too. You get a choice in who you make rich the more we make cruel people wealthy the more power they have to damage our society
This fintech didn't exploit them, but it was very obvious how this data could have been used to exploit them and other addicts.
And did everyone clap?
But the partner corp was just a startup, trying to break into some markets, and now had some of those opportunities encumbered by patents and rightfully viewed our partnership as not in good faith (we didn't tell them about the patent work). The engineers at the partner firm were fairly pissed off at me, since I knew them well on a personal level and my name was on those patents. And naturally Big Corp promptly forgot about that business, never doing anything with the "IP".
I've thought about chucking those patent plaques in a fire, but I keep them in a box as reminder of that little snippet of my career, which I'd otherwise probably block out.
My understanding is their strong patent portfolio was a good part of why they are still around after the massive consolidation of DRAM manufacturers through the 80's and 90's.
The boxes were also sold to Syria and Burma, and were used to facilitate censorship and human right abuses
(I guess Bell Canada, which also sells TV services, lost too many customers over this policy to their unthrottled competitors)
https://www.cbc.ca/news/science/small-isps-fight-ruling-that...
Canadian telecom regulators are gutless.
Though I kinda liked it when my university throttled napster and torrents, because that meant my IRC downloads went very very fast!
In a corporate setting, mitm'ing TLS and blocking sites by category is routine practice (better ways to stop bad stuff but expensive firewals are a waste when most traffic is TLS).
I don't know about this. The difference with knives is that they are an old technology, basically they have always existed. If you are responsible for creating a new technology, especially one that is not certain to exist without your involvement, the calculus is different.
Sometimes, the moral calculus is done only retrospectively and that’s when it really becomes problematic.
Deep packet inspection is a terrible practice in my opinion. It adds more security vulnerabilities than it typically helps avoid. I’ve seen one implementation use client software to extract keys from a machine to send to a centralized server. How some companies don’t see how this model can be easily exploited is beyond me. Me and a VP friend of an organization have had long debates about this topic and he insists it makes more sense for him because the employees have been more competent at the companies I’ve worked at than the company he managed (which could be true since his company had high turnover leading to many engineers being hired out of need rather than evaluated merit).
Selling deep packet inspection technology to the government of Syria is different as there is ample reason to believe that government would use it for human rights abuse.
Dead Comment
Deleted Comment
Those people found another way to get paid.
Although I couldn't ever blame you for shutting it down. I'd probably do the same and try to forget about it for many years.
It turns out that the project was more of a demonstration of our ability to get dynamic languages to run efficiently on the CLR. To that end, I think we were successful. But once we achieved that there was not much of a path forward so the project was eventually shuttered.
We couldn't have made it user customizable without something like IronRuby, thank you so much for implementing it!
Maybe it didn't accomplish your original goal, but props for what you did accomplish. Quite impressive.
I remember a conversation ages ago about how you couldn't really get a (common?) lisp running properly, irrc due to limitations in the way CLR modeled classes amongst other things, but FFI came up there too.
It's a good thing that DLR is still there, though. While undeniably niche, sometimes it makes things so much easier. For example, I've used it to support dynamic reloading of C# code in a game, for rapid prototyping of mods.
As a former Microsoftie myself, it saddens me that the company seems to have forgotten this.
And the answer really depends on what you mean by "run on". .NET already supports two-way COM interop, and it does work with DLR to handle stuff like IDispatch. But the COM code in that scenario is still native (or, in case of VBScript, intepreted by its Active Scripting provider).
Implementing VBScript, or even VB6, as a language running entirely on top of .NET, is certainly possible, although it would be somewhat awkward because the object model in VB pre-.NET was specifically designed around COM. You can port the templating engine, as well. But the real hurdle is not the language - it's all the APIs. ASP itself was pretty basic, but most web apps would also need to talk to the database - so now you need ADO. And then there are all the third-party components, most of which were proprietary binary blobs compiled for 32-bit Windows.
And, well, why? There are many better languages running on top of .NET these days, starting with VB.NET.
You wrote me a house.
It feels surreal to come across someone who was responsible for something I hated so much back then. But now I’m just fascinated for some reason. I’d buy you a drink if I could :p
Except on mobile, which is what everybody preferred for obvious reasons.