HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mehdim

582 karmajoined قبل 14 سنة
Founder at ALIAS, a decentralized data and identity platform. Previously founder of APIdays conferences and OAuth.io.

Submissions

Opensourcing Multiplayer AI in Discord

bunnyandcloud.com
2 points·by mehdim·أمس·0 comments

Show HN: Is This PII?

isthispii.com
2 points·by mehdim·قبل 4 سنوات·1 comments

Show HN: Making GDPR Machine-Readable

github.com
2 points·by mehdim·قبل 4 سنوات·0 comments

[untitled]

1 points·by mehdim·قبل 4 سنوات·0 comments

[untitled]

1 points·by mehdim·قبل 4 سنوات·0 comments

Ask HN: Replacing the word “Cookie” by “Tracer/Tracker” in banners

16 points·by mehdim·قبل 4 سنوات·5 comments

[untitled]

1 points·by mehdim·قبل 4 سنوات·0 comments

[untitled]

1 points·by mehdim·قبل 4 سنوات·0 comments

[untitled]

1 points·by mehdim·قبل 4 سنوات·0 comments

Show HN: The Interactive API Industry Landscape

apilandscape.apiscene.io
1 points·by mehdim·قبل 5 سنوات·0 comments

Ask HN: What critical open source software you use that is not well maintained?

3 points·by mehdim·قبل 5 سنوات·3 comments

[untitled]

46 points·by mehdim·قبل 5 سنوات·0 comments

comments

mehdim
·قبل 4 سنوات·discuss
In bullet points : - GDPR is a risk management policy about personal data protection more than a privacy regulation

- for any personal data (PII) all companies must declare the following :

  - purpose of the collection and the treatment of the specific data

  — legal base of the treatment (6 available, they are the field card in Magic the gathering, they define a context of what is possible to do)

  - data category (what type of data you are collecting i.e if you declare collecting delivery shipping information for a purpose, you limit yourself to data that correspond to that category )

  - data retention duration (how long you declare storing the data in production and then in archive)

  - list of recipients (all the 3rd party companies who will access the data)

  - security measures (what is the level of security for keeping that data safe from breaches)

  - some infos about the company, the data controller (who is responsible) etc…
So all companies must do a internal data mapping to know and declare where is the data and where it flows in production and write for every PII a ROPA (record of processing activity) You can find an open source specification UROPA here)

https://github.com/uropa-project/uropa

- consent is just one of the 6 legal bases to collect and treat data. The comment above that everything is possible with consent is wrong.

- below 250 employees you don’t need officially a DPO
mehdim
·قبل 4 سنوات·discuss
We are building one such service and I agree (to name a few services doing GDPRaaS : soveren.io, ethyca.com, securiti.ai, datagrail.com, alias.dev) .this is so much needed as there is almost no legally valid answer on the whole comment section! I started to write an article on all the points above… should get back in 2 hours and post it here
mehdim
·قبل 4 سنوات·discuss
I am a multiple meetup organizer and owner on meetup.com and I find it actually great that the meetup can stay alive if the organizer stop to pay. Your communities are not owned by you. Also, they don't give subscribers infos but just "an access" to send them email communication to the list, not the "list" with email list etc...
mehdim
·قبل 4 سنوات·discuss
Either you don’t do business anymore with Eu users or any user on Eu territory (but how do you know there are not actually on Eu territory), either you try to automate it so you continue to “not care about it”
mehdim
·قبل 4 سنوات·discuss
Yes! an "Echoes for Open source" contributions may be one day. Nice work btw, I will try Echoes with my team.
mehdim
·قبل 4 سنوات·discuss
Nice. Do you plan to match it with marketing/sales budget per product line or Business unit? To be sure that the effort of "maintaining legacy" is equally measured versus over funded efforts on new features for growth?

Disclaimer : I am running a non profit in my country called "The Maintainers", this is why I look for products that can give more merit to code maintainers.
mehdim
·قبل 4 سنوات·discuss
What is the "Unit of technical/economic value you identify for that? You do it at the Commit level? Build? Deploy?
mehdim
·قبل 4 سنوات·discuss
We have never been successful showing that internal maintainers of the legacy were the ones really paying the bills and delivering the current value of the company. Fame and payroll was mostly towards the cool engineers working on new tech not yet in production serving real customers. I hope Echoes helps giving merit to the one contributing to the economic value of the company
mehdim
·قبل 4 سنوات·discuss
I made a list of all resources on privacy engineering, including meetups groups, tech conferences on privacy engineering https://github.com/progressive-identity/privacytech-resource...
mehdim
·قبل 5 سنوات·discuss
The link between "groups never admit failure" and "non-profit organizations are not sustainable by design" is a little bit too direct and non relevant.

Lots of non-profits make revenues, selling stuff with customers, they just don't pay dividends by design and re-invest everything. So what he says does not apply.

And again, even foundations are at least oriented to hear feedbacks from donators who are their "customers". So it does not apply here.

The only valid point is that yes, group never admit failure as a whole, but the post should have stopped after this
mehdim
·قبل 5 سنوات·discuss
Updated : not "well maintained". Or not enough maintained compared to their criticity and their global use.