Nonsense. Choosing the correct database isn't "premature optimization", it's the bare minimum of being a competent programmer. Why do we never have time to do it right, but we always have time to do it over?
If you're talking about a startup, you might not even get to the let's do it over stage. You might have six months to just hack something out so you can raise more funding, and in that case Mongo is a great choice.
The needs of your business might also just evolve over time.
Sorry, 100 times out of 100, "rapid prototyping" means "we built this with the wrong database, now we're stuck with it". If it isn't obvious how to store your data up front, then you either aren't planning your software well, or you don't actually know what you're building.
I was also a bit confused by that part. What is it about Postgres that prevents rapid prototyping? It's not like the schema is set in stone, or even particularly hard to change once you've created it.
Well, yes and no. If you already have your database running in production with many transactions and live connections 24/7, changes to the schema might not be hard per se but always needs careful planning and execution. Additionally, in Postgres a change like adding a column locks the whole table (although I hear this is going to change) so writes are off for a short time. If this becomes unacceptable, you go for a blue/green deployment which has its own gotchas.
So, while I agree with your main point - there is nothing in Postgres that prevents rapid prototyping, and I would chose it over Mongo any moment, I understand why some people might prefer the more "dirty" approach.
True enough, and the solutions for lighter-weight schema changes have evolved and weren't always so good, but early stage startups often don't really have the sort of data-weight issues that make this hard, unless they're starting with large data sets already. Even at the scale of small hundreds of millions of rows per table (like the company I'm in charge of the database for) it's not much of an issue.
I had to look it up, apparently adding a column with a non-null default was "fixed" in PG 11 (2018), but with a null default it had been fast for a while:
It's funny, because a few thousand years ago, casting lots (like rolling dice) was considered a totally valid way of divining God's will. I guess this is a more elegant deity for a more... civilized age.
Or fight back! Sometimes successfully. Popular usage is not immune to deliberate attempts to change (or freeze) the language. Prescriptivism is thus a subset of descriptivism.
Yes, and when the climate changes too much, everything dies. I mean, I don't see too many dinosaurs left. The sheer hubris to think that it can't happen again...
Some would wish to end the human race, suicide, stop reproducing. My solution is to just adapt, create new technology, get air conditioners. I'm old enough to remember the UN telling us we would all be dead from climate change by the year 2000:
Now? Read any comment section about climate change here, and a solid portion are just covert denial or people looking down on science and scientists. Some of it is people thinking they're smarter than they are, some of it is cognitive dissonance, and some of it is selfishness, because tackling climate change probably involves limiting some of the wanton excess that the capital class (or aspiring capital class) desperately craves.
Anxiously awaiting all of the "this is good, akshually" posts while ten more people file for bankruptcy because they took an ill-timed ambulance ride to the ER.
Wife had to get an ambulance ride a few years ago in the US. She was apprehensive of getting it because this - wrong - information is repeated over and over online. It and the hospital trip cost a few hundred with insurance. This is why we don't listen to people on the internet.
Sounds like pure luck. My ambulance was “out of network” (as if I had any choice in the matter) and the charges were “unreasonable” for the services provided per the insurance company. They initially billed me for $7k. I eventually got the insurance to pay $3k of that. So $4k out of pocket.
[edit to add this]
I did hear on the radio that a bill was passed in California recently to help fix this to some extent but I don’t recall the details. I believe it goes into effect mid-2024.
$7K USD for ambulance in US? I thought the OP "while ten more people file for bankruptcy because they took an ill-timed ambulance ride to the ER." was being sarcastic.
And below it wrote ambulance with insurance only cost few hundred. So in US without insurance equals waiting to die or bankrupt?
Wasn't there a thing about Obamacare a while ago? I mean That was the first time for many NON-US Citizen to know US doesn't have Universal Health Care system. ( Which a lot of us take for granted )
Health insurance in the US is typically provided by the employer and covers the whole family, so there's a general assumption that everyone has it and it will cover some part of the cost. Medical services quote high to get as much as they can from the insurance, knowing (since everyone should have insurance) you won't be paying the whole amount. Obamacare was in part meant to cover the people missed by this.
But they're required to provide emergency services even to people without insurance, and the cost isn't set in stone. It can be reduced (happened to a family member, he called and asked and I think he said they just did it even without proof) or "financial assistance provided" (says this right on a recent one I have).
Haggling isn't really much of a thing here so I'd guess most people don't know those are options, or if they do are embarrassed to let people know they have financial troubles.
$7k doesn’t sound right. If you were to pay cash (no insurance) for a bog standard ambulance ride, it would typically be several hundred. And likely written off, but that’s beside the point.
My family’s most expensive ambulance bill before insurance was $6k, but that was intensive care transport for our newborn. I believe we paid $250 out of pocket for that.
It’s true that having to pay anything out of pocket affects when people call for ambulances.
Also, keep in mind high car ownership rates mean most people drive or are driven to the ER. Ambulances are typically only used when there was on-scene medical care provided, that continues on the way to the hospital, or when transporting a patient between facilities. A minority of Americans use ambulances because they don’t have personal transportation.
I didn’t receive any notice of the bill until nine months later and was told it would go to collections in 30 days. My insurance company decided to reconsider whether they would pay anything after I called them, and they told AMR they would review the case which put the clock for collections on hold for about six weeks until the insurance coughed up $3k or so.
There is studied pricing data available. For example, Fair, an organization working against surprise bills, tells us average pricing by charge code. Before insurance, basic transport averages under a thousand. Mileage and cost of living accounts for the variation.
People with huge bills before insurance are either receiving advanced care (like my infant daughter) or being transported long distances.
CMS has negotiated average basic transport down to a few hundred. I’d like to see this proliferated. Dispatching keeps ambulances from refusing service in the way CMS pricing dries up proactive care availability.
Certainly share your pain dealing with medical bills and receiving them after they’re overdue. I’m good at it but I know most aren’t, and they come at an overwhelming time. Also, many ambulance companies use crappy overbooked billing call centers so it’s hard to talk to someone. Reforming medical communication is part of the whole solution.
It’s nonsense. When I was broke in college I had to take an ambulance, the cost was $800. I called the payment center and told them I had no insurance and it was reduced to $100. This was a large hospital in a major American city.
What happened was the hospital weote it off. It doesn't detract from the fact that it was thousands initially.
Also that's just for the ride. If they need to stabilize you in any way it's going to increase drastically.
When my ex-wife was pregnant with our first child she caught valley fever and we went to the emergency room.
While there a tatted-up tough as nails gang-banger came in cradling his elderly dad in his arms. He was crying hysterically that his father was having a heart attack and please help.
The lady at the front desk tossed a clipboard at him and told him to fill it out and have a seat.
His father was turning blue. He cried please help he's dying and her response was he should have taken an ambulance.
He replied his dad didnt want to cuz he cant afford it. While crying while holding his dying father.
An EMT was coming out from just having dropped someone off. He heard all this go down and told the guy to call 911. He did while the EMT took his father and placed him on the gurney to wheel him outside.
He then turned around and came right back in, past the receptionist screaming at him and wheeled dude's father to the back while ignoring her.
This same hospital that night told my 7 months pregnant wife with coughing fits and lesions on her legs to go home they dont have a treatment for valley fever and tried to charge us for an overnight stay and stabilization.
Fuck the healthcare system in the US it's completely insane.
I have way too many horror stories I've experienced personally to ever have faith in it.
In 2005, my 55yo uncle died of an overdose in southern california (orange county Kaiser). Ofc he had no insurance. My grandmother was billed over $2500. There are plenty of cases where insurance doesn't apply.
> It and the hospital trip cost a few hundred with insurance.
That’s a major asterisk. People usually lob this complaint with the context of not having any insurance or somehow their insurance not covering the particular ambulance. Your story does not disprove the others.
At least I disclosed my asterisk. When was the last time you read about someone getting a huge bill who also said “btw I don’t have insurance”? Every time it’s just - Don’t take the ambulance or you’ll go bankrupt. And then you have people who aren’t in their right mind endangering themselves because honest discourse on the internet is dead.
In G20 countries other than the USofA with <gasp> social policies this is not the case.
Ambulances are either free (if part of a low annual fee Ambulance cover network) or capped at affordable, or subsidised if unemployed | disability | etc.
In Australia my brothers trip to hospital for an emergancy stent following a blocked heart artery involved an ambulance, two and days in hospital, and keyhole surgery.
Total cost to him, $400 for ambulance due to no cover, hospital + surgery free via public cover (from his taxes).
Greta forbid someone point out that junk science exists in the state religion of climate change. Don't do your own research, listen to the experts, and delete your tweets panicking about models telling us climate change will kill us all when it turns out that they're wrong for the 10000th time.
If you have some data that shows that climate change doesn't have all of the negative outcomes that the predictions anticipate, you're welcome to share it. Consider that people are alarmed because the outcomes are actually just... alarming. If it makes you uncomfortable, ask yourself why, then ask what you can do to try to help.
What happens when Matter gets acquired? I'm sorry, but all this self back-patting is a bit too little too late for this jaded guy, especially because a thousand other companies have made the same promises in cheery blog posts, before something happens and my social security number winds up on a sticky note on some hacker's monitor in Belarus. Hell, I've worked for companies where I was forced to break users' trust because some executive critter told me to when it was clear the profit faucet wasn't opened nearly enough.
So thanks, but this isn't enough anymore. We need laws that will guarantee that every company that handles our data will do it thoughtfully and safely. In the meantime, I'm not expecting much.
> before something happens and my social security number winds up on a sticky note on some hacker's monitor in Belarus
Isn't the point of the article that they can't leak something they don't have?
So if I never get your social security number from you, then I have zero risk of leaking it or exposing it to hackers. I can't give them (intentionally or unintentionally) something that I don't possess.
The author says:
> Given these criteria and extremes, we decided that our best course of action is to just never have our users' private data.
---
To your next question on what happens if Matter is acquired. Well the app might stop working or change how it works or have new logo in the corner, but your data never left your device, so you don't really have to worry about it being leaked to Belarus.
> Well the app might [...] change how it works [...] but your data never left your device, so you don't really have to worry about it being leaked to Belarus.
You're one update away from having an app that has access to all its data and can ship it anywhere. Do you keep updates off?
Every time I turn on my computer dnfdragora is like "there are 35 new updates!"
Oh yeah? But my computer is working. Those updates could fix problems that I don't have but could break stuff I have as well. I'm not updating until they release Fedora 40. (my nvidia driver stopped working when I upgraded to 39, again...)
To begin with who thought these notifications were a good idea? Just appear meekly on the system tray when you have something to say. The only time a popup is acceptable is if it says "yo, your computer is on fire." Anything less is unnecessary distraction.
I want my software as-is, changing only when I want it to change. The other day a Windows update removed my "show desktop" button from the task bar to insert a copilot button. Who asked for this? The taskbar changes when I say it changes! I started using the program because I liked the way it was. If it wasn't the way it was I wouldn't have started using it, so why change?
To make matters worse, I don't think there has ever been a time a software updated that I said "they finally added X!" It just never happens. It's insane. Things really only get worse with time. Ten years ago GIMP didn't have nondestructive editing. It still doesn't. I'm still waiting for it. They said it will come in GIMP 3, for years. I feel like that update is just never coming. We're at GIMP 2.99.18 now. Can you believe it? 2.99.18. Who even reaches minor version .99?!
This is viable when your app works completely offline.
As soon as it has a server to talk to things changes. It becomes rather expensive to maintain a server that has to support any previous client, or to support all the users who don't know how to update.
In practice auto-update is the best default. Android lets you turn it off. On iOS I don't know.
I can do anecdata too. Photoshop added content-aware fill, and then generative fill. These have been useful additions for me, saving time that was previously tedious stamp-tool work.
You missed the point. It’s not about whether updates are good or bad, because yes anecdotally it could be either. It’s about whether they are consensual. And whether constant harassment that you can’t opt out of counts as consent when you give up or misclick
Hey, no need to cast aspersions on the infosec practices of Belorussian hackers, I bet they store their stolen credentials in an encrypted SQLite database as per industry best practice.
This isn't just a theoretical point. Chrome extensions are the canonical example of products which start off with the best intentions, get acquired, and then ...
Not sure about GP, but I did read the post. If they get acquired, I don't see anything stopping the acquirer from pushing an update that decrypts stuff and sends the plaintext to the servers.
I'm rather baffled at this level of nitpicking. Yes, if the software was being written by completely different people with completely different goals they might then start to acquire user data but what does that have to do with the point (that data this team and this management don't have cannot be leaked)?
Because their current solution doesn’t meet their own stated goals.
> even if we are competent enough to prevent a leak from ever happening, and even if our users trust us to do what we say, we must be resilient to being strong-armed by a future controlling power (e.g. if someone we don't trust buys us)
They could be strong armed into collecting data and then handing it over.
And you as a customer can simply stop using their services if you no longer trust their intentions and (and this is a very clear and straightforward point) the company and the new controlling power would have nothing on you. Because it did not exist in the first place.
Why are so many of you so keen for them to be "wrong"? Like what even is the alternative approach here supposed to be? Don't build a product in the first place?
No you see, at any moment this company can get acquired and can start pushing malware as updates. It's quite an elementary mistake to not account for this possibility, and the author of this post should hang their head in shame for even pretending to have a solution. /s
Is there any kind of legal promise that could be made and not rescinded by the board, not swept away by mergers and acquisitions? I assume not but that’s almost what is needed here more than a software architecture fix which, no matter how well designed, is only as stable as the whims of internal stakeholders.
I don't track management changes for the apps I use because who has the time? How can we protect ourselves against a malicious company changing their tech behind the scenes?
This. And how likely is it that if their users value their app's data then there's an acquirer willing to wipe out all the users' data from the phones before they take over?
While I agree with your sentiment, after re-reading the post and looking at some of the blog posts, I think you missed a major point, that being:
1. You can't leak what you don't have.
That is, even if the company gets bought out or is hacked, if they don't have the data, there is nothing to leak. This point is also at least partially enforced by another point from the post:
2. Advanced app users can audit their network traffic from the app
Now, granted, I wouldn't expect many users to do this, but highlighting it at least serves as a warning that it should be harder for the app to surreptitiously change what is sent to the server (and to emphasize, I know this can be worked/hacked around, but I don't think working around this could ever be done with plausible deniability).
Given the fact that companies and products jettison their high-minded policies as soon as it becomes economically inconvenient, the only other thing I'd recommend for the author is to have a good, simple export tool, e.g. something that dumps all the "memories" to a directory or PDF file. The post talks about backup and restore, but if I were a potential user I'd like to know that if the company does kick their privacy policy to the curb at some point that I could get all of the investment and data out of the app without needing to continue to rely on the app for at least the base data I put into it.
Hi, I also work at Matter. Our current backup/restore implementation exports a zip file of complete JSON data. We will improve backups in the future, but no pull request will be merged to remove the existing implementation for at least as long as I’m leading the app team.
Hello. Agreed that we need comprehensive privacy reform.
You should probably read the article, though. (-;
I have access to everything (on the tech side) at Matter, and if you put your social security number into the app, I wouldn't be able to access it to write it on a sticky note. That's the whole point.
I don’t think the article really answers this. All these decisions you’ve made to not store data are decisions that you could unmake.
To put it concretely: if everyone at Matter tomorrow became malevolent and wanted user data, what happens? For example, if you push an app that sends home my private text, how would I know? Could you?
Isn't this an argument against putting any personal information into any app? Signal could turn malevolent tomorrow and start sending all your chats to their servers, which could have life-threatening implications for people vs just potentially being embarrassing.
Do you compile your own open source client for your phone? Or do you install it from an app store? Most people are going to install it from the app store, so I believe my point still stands. What correlation is there between what's in the app store vs what is published in the open source repo? e.g. how do you validate that the app store client was compiled from a specific commit in the open source repo?
The Signal Android app has (had?) reproducible builds. You can see what is on the site and in the App Store is the same as when built from source. One person doing this provides some confidence for everyone else.
Still, I’m less confident in saying any other company fulfill’s Matter’s promise than saying they aren’t.
