HackerTrans
TopNewTrendsCommentsPastAskShowJobs

weezin

no profile record

comments

weezin
·2 months ago·discuss
Agreed, AI is a convenient excuse. If we had covid level interest rates these graduates would have a lot easier time finding a job. Companies are downsizing their bets and counting pennies to cash flow to invest in AI infra, which they wouldn't need to do in a low interest environment.
weezin
·last year·discuss
It isn't that hard to setup a secure SFTP server to automate the exchange. But then again this is a post about configuring a S3 Bucket with public access for SSNs.

The issue with Gmail is sending to the wrong email, sending to a broad email list, having people download it to their local machines. And the amount of PHI being transmitted in these files is larger than this s3 bucket.
weezin
·last year·discuss
It depends there are some exceptions.[0]

>With persons or organizations (e.g., janitorial service or electrician) whose functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all.

Based on the context from the article of the PHI uploaded being incidental, it would probably fall under this exception. It sounds like ESHYFT isn't meant to be storing any PHI based on the privacy policy above.

0:https://www.hhs.gov/hipaa/for-professionals/privacy/guidance...
weezin
·last year·discuss
HIPAA applies to patient data not providers data.

> I also saw what appeared to be medical documents uploaded to the app. These files were potentially uploaded as proof for why individual nurses missed shifts or took sick leave. These medical documents included medical reports containing information of diagnosis, prescriptions, or treatments that could potentially fall under the ambit of HIPAA regulations.

It looks like providers accidentally uploaded some PHI.

IANAL so may be wrong, but I worked for a healthcare company. Whether HIPAA applies to them depends on if they are considered a covered entity or a business associate [0].

IMO they aren't bound to HIPAA requirements as a covered entity.

Business associate is a little tricky to determine. But business associates have to sign a BAA (Business Associate Agreement). And I doubt they would have signed one if they have that in their privacy policy.

Also just as a side note, HIPAA is not a ideal standard to begin with for security. Many large companies exchange bulk PHI via gmail since it is HIPAA compliant..

0: https://www.hhs.gov/hipaa/for-professionals/covered-entities...
weezin
·2 years ago·discuss
Depends on the person. Northwest arkansas is a beautiful place with tons of outdoor activities and the ability to live like a king on a major company CTO salary. I'd rather live there than Seattle or San Francisco.
weezin
·2 years ago·discuss
> Perhaps a better question is - if one can get an offer at other FAANGs and the equivalents... is there a reason to choose Amazon over others?

It kind of depends on the person. I've seen people go from Amazon to Google and they want to go back to Amazon because they are bored. Some people just thrive in high pressure environments. Also everything is pretty team dependent at FAANGs, you could end up at a bad team at any of them.
weezin
·2 years ago·discuss
Idk the ad for the new windows terminal was pretty well received by developers[1].

[1] https://www.youtube.com/watch?v=8gw0rXPMMPE
weezin
·2 years ago·discuss
>If I were put in charge of Alexa, I really think I would lay everyone off and start with a tiny group of really good devs and move as fast as possible to get something approaching the voice version of ChatGPT with all the integrations working

This is literally what they are doing lol.
weezin
·2 years ago·discuss
Really should be up to the government to fine these companies and pay out to those effected to disincentivize lax security standards.
weezin
·2 years ago·discuss
Not entirely convinced the point was to convert the customers to the 8k price today. Seems like the data gained during the demo is the most valuable part long term. They can rinse and repeat offering a demo, gaining data, releasing a new version. As it gets better conversions will increase. All while moving toward their long term goal of fully autonomous driving.
weezin
·2 years ago·discuss
System design isn't coding and reviewing all designs across 40+ people and leading cross team tech initiatives is a full time job.
weezin
·2 years ago·discuss
Looking at their commit history.
weezin
·2 years ago·discuss
Programming is a very small part of the battle of being an effective software engineer.

It leaves out:

- communicating

- teaching

- dealing with ambiguity

- navigating politics

- working cross-functionally

Most high level individual contributors at large tech companies don't even code.
weezin
·2 years ago·discuss
I'm dealing with this right now at another large company. Being asked to write a document for an integration we've done 20+ times because its part of someone else's larger promo project's design.
weezin
·2 years ago·discuss
This post is quite ironic.

https://x.com/paulg/status/1110677737558159360
weezin
·2 years ago·discuss
Personally I feel like the right thing to do is let the engineer closest to the incident lead the response and subsequent action items. If they do well commend them, if they don't take it seriously then it may be time to look for a new job.
weezin
·5 years ago·discuss
Ahh interesting, I assumed since a lot of launch sites are over the ocean and east that it was a requirement.
weezin
·5 years ago·discuss
Can't launch rockets from California. Splitting time between SpaceX and Tesla is a lot harder when its half way across the country.