This is why legal governance is important. One could argue it's the customer's choice to enter into a theme park, so they could choose not to go instead if they don't want to give up their biometric data. But imagine you get in a car with friends to go to a theme park for the day and then you arrive and they want your fingerprints. That's a tough choice to say no, and most consumers won't say no. However, then when Six Flags sells or breaches the data later and folks have to deal with identity theft fallout they will suffer.
On the other hand, as long as we use biometrics as identifiers but not authenticators then it's not problematic if the data becomes public. Indeed, having a fingerprint might be a good option if that can allow for then not storing any other PII data. I think once companies really start to understand that PII is a liability, not an asset, we'll slowly see a shift in the industry back towards pseudo-anonymity.
The author seems to have buried the lead here:
"Someone on the team noticed that if you refresh the page, you get logged in as the user that was making the API request"
And that is how the implementation works for many of Docusign's customers as a 'feature'. If that's true, that would seem like a potentially exploitable security hole. However, I'd have to question if that had something to do with the particular implementation, otherwise I'd expect more focus on the security repercussions.
They should get Captain Marquet of "Turn the Ship Around!" to go get them ship shape. The book has some really good lessons on how shifting leadership style and culture can produce dramatically better results.
They sort of weaken their own premise, first saying that:
"In the past two decades house prices have doubled in real terms"
Then saying:
"Most empirical work shows that a 1% rise in the housing stock leads to a 2% fall in prices and rents, all else being equal. On that basis, a mass-downsizing would imply a cut in prices of about 5%."
When things have doubled in price, getting 5% off isn't really much help, especially when, as they noted, purchase taxes have gone up considerably.
Except, there are lots of reasons to subsidize subways, for example to encourage ridership which in effect can then decrease public roadway congestion. Thus, even the people who don't directly ride the subway still benefit. It also can reduce pollution as well has have local economic benefits. All of which benefits others, not just the riders.
I believe the subtle point is that Struensee did these actions for the good of the people, only for the people to then use these new tools against him.
I'm not sure we know of Struensee's motivations, but we can see that he advocated for and temporarily obtained some outcomes that can be seen as almost universally good for the people.
Regardless, maybe one takeaway can be, just because you have given your life towards something good for others, don't expect to be thanked.
Would it be possible to run a comparison vs. some of the ultra-efficient mini-fridges out there? I had previously seen a few folks on youtube showing some of their setups with existing mini-fridges.
I live out on some land with just solar power and batteries for stretches of time and am weighing refrigeration options.
Yes and no. Some developers really want to stay in the same place working on the same sorts of things and to have control over the domains they are working on. There are usually many reasons for this, some ones are easy to understand such as people who value autonomy in their work over the pure dollar value of salary that could be gained by job-hopping. For some folks, the idea of having to go somewhere new with different practices and where they may not be in charge of making decisions on the codebase (or at least not having any control over what goes into it) is terrifying.
I see this often with someone who has made it into a senior role and then is attempting to ensure job security through complexity. Reflecting this on to junior developers further reinforces that said developer has adopted (usually subconsciously) a fear-driven approach.
This one hurts because I recommended to and helped a number of business users to use Fusion tables as an alternative to building out something in-house.
It's really weird for them to write: "Google has developed several alternatives, providing deeper experiences in more specialized domains" and then not actually provide any alternatives.
Everything has a cost. Controlled burns cost money.
Is the cost of regular controlled burns < the cost of eliminating most risk of wildfire starts? Im not sure we are qualified to answer that question without data and analysis.
Who is best to work on this? Is there a firm that you'd recommend that specializes in this? We had a great person for a hard to fill position (blockchain skills needed) from a country that should be easy (Australia) but for various reasons this took us over 3 months to complete. Surely, we could do better than this for countries with exceptions such as Australia? Or is that the typical experience?
Or at least hire review coordinators who can manage the program effectively. Our volunteers review 15,000+ loans a month. Happy to share insights with Mozilla on how to run an effective volunteer community and keep the pipeline flowing.
On the other hand, as long as we use biometrics as identifiers but not authenticators then it's not problematic if the data becomes public. Indeed, having a fingerprint might be a good option if that can allow for then not storing any other PII data. I think once companies really start to understand that PII is a liability, not an asset, we'll slowly see a shift in the industry back towards pseudo-anonymity.