There are some alternative policies, for example, banning smartphones in schools. This doesn't completely solve the problem, of course, but at least it limits social media use while the children are under direct supervision of the government.
A more extreme policy would be to treat smartphones themselves the same way we treat alcohol and cigarettes, enforcing an age minimum at the point of purchase. Of course the giant tech corporations would fly into rage over this suggestion and lobby heavily against it.
The driving, smoking, and drinking laws are enforced outside the home. Everyone has to prove their age at the DMV to get a license and at commercial establishments to buy cigarettes and alcohol.
The only way to enforce the social media law age minimum is to force everyone to show their ID just to use the internet, even from their own home. That seems more Orwellian to me.
iPhones have excellent parental controls (by the abysmal standards of consumer software more broadly). You can just not allow insta and such, or set time limits on them per-day (30 minutes, say). I assume Android has something similar. You can set the Web to allowlist-only. Kids can send requests to bypass limits, sends the request right to your own Apple devices, easy to yay or nay it. It’s damn good.
If those work, sure, although kids tend to be pretty clever about getting around parental controls and are sometimes quite a bit more technically sophisticated than their parents.
It ain’t the ‘90s and this ain’t Windows 95 with bypassable-by-accident OS account logins and half-assed website blocking made by the lowest bidder. Getting past app installation restrictions and time limits on iOS would be… challenging.
It sucks as a parent because you get this from both ends: “parent better! (Putting in tons of work that our parents didn’t have to)” and also “lol what are you doing restricting kids on computers is impossible, give up you idiot”.
(And on some platforms it is, for practical purposes, impossible—looking at you, Linux, not just because it’s a powerful open platform but because its permissions and capabilities system is decades behind the state-of-the-art and tools for sensibly managing any of that on a scale smaller than “fleet of servers” and in the context of user-session applications are nonexistent)
To that extent can't kids just pop in a live USB and get a totally ephemeral and open os?
I'd push the implementation to the router and force root certs on devices and have all clients run through your proxy or drop the packets. That way even live usbs will not get network access. Have some separate, hugely locked down network for kids' friends.
Maybe put a separate honeypot network up with some iot devices on it with wifi and a weak password, and let the kids have some freedom once they figure out how to deauth and grab the bash upon reconnections.
Idk. I'm some years away from this problem myself,but someone recommended this in another thread recently.
> It sucks as a parent because you get this from both ends: “parent better! (Putting in tons of work that our parents didn’t have to)” and also “lol what are you doing restricting kids on computers is impossible, give up you idiot”.
I didn't claim that it's impossible, merely that it's difficult sometimes, as you also implied ("putting in tons of work"). The advantage of physically consfiscating phones is that it's a low tech, brute force method available even to the least technically sophisticated parents.
I'm not sure if you're asking as a parent or an observer of parents. But it's not such a clear option given how entrenched we've made devices into children's lives.
My son's cross country team communicates via GroupMe and it's very difficult for him to stay up-to-date with the web version from a laptop. My daughter's friend group communicates via snapchat.
This doesn't mean parents have to allow everything. My daughter doesn't have Snapchat, for example. But there are definite tradeoffs like her being left out of many conversations and slowly getting excluded from friend groups as a result.
It's too much unnecessary complexity added to parenting and the motivation being profit by mega corps is why I suggest regulation is a valid place to start looking.
> I'm not sure if you're asking as a parent or an observer of parents. But it's not such a clear option given how entrenched we've made devices into children's lives.
It doesn't have to be a 24 hour a day ban. A kid could be limited to an hour a day or phone use or something like that.
> It's too much unnecessary complexity added to parenting and the motivation being profit by mega corps is why I suggest regulation is a valid place to start looking.
The inevitable result would seem to be that all adults, parents or not, would be forced to present their identification online to use the internet. I think that's too much personal freedom to sacrifice, regardless of how noble the goal.
Limits help, for sure. But it's like setting limits for addictive products like "one cigarette a day". It's better than a pack a day but the impact addictive products have on kids don't stop once their limit is up.
> I think that's too much personal freedom to sacrifice
That's why I started by saying I don't have the solution. Regulation and fines for companies that target kids feels plausible. While not exactly the same, we curbed teen cigarette use by imposing marketing restrictions and issuing fines to tobacco companies (and drastically reduced adult smoking too for that matter).
The article is about macOS apps, but you're talking about iOS apps.
Apple revokes macOS Developer ID code signing certificates all the time, mostly for malware, but occasionally for goodware, e.g., Charlie Monroe and HP printer drivers.
Also, infamously, Apple revoked the macOS Developer ID cert of Epic Games, as punishment for their iOS App Store dispute.
Then you learn, adjust and try to avoid that in the future, ideally helping others from making the same mistake. Everyone makes mistakes, the scope/extent is slightly different for all of us, but everyone should have chance at redeeming themselves even if they did harm. Otherwise we'll run out of compassion very quickly.
> everyone should have chance at redeeming themselves even if they did harm.
You're changing the subject. Nobody is arguing that the author is irredeemable. On the contrary, the author seems to have recognized his own mistake and changed his course, at least to an extent. The question is whether the author's years in crypto were a waste, and I would say that it's indeed a waste to spend 8 years on something just to "learn" that one shouldn't have done that thing.
> Everyone makes mistakes
This is also changing the subject. Everyone does not spend 8 years in crypto.
I've made some big mistakes, and I think I've also wasted a lot of time. The wasted time was not "valuable" by learning that I wasted my time. It was simply regrettable.
On the other hand, I don't think I've ever spent a lot of time and effort on an activity that broadly harms society. I don't need to do that in order to learn that I shouldn't do that. Some things are just blatantly obvious in advance, or should be. You shouldn't need to dedicate your life to crypto to realize it's all a big casino.
It's not about "learning to not do that single thing" but learning from everything you picked up during that period, good or bad. And even if what you did had the net-effect of being negative to society, you can learn from the things you experienced during that time, meaning it wouldn't be a waste, at least in my mind.
> I don't think I've ever spent a lot of time and effort on an activity that broadly harms society
Me neither. I worked in the cryptocurrency industry, sold drugs, interacted with gangs, and a bunch of other stuff but none of them broadly harmed society, so seems we're more or less the same on that point.
But everyone's frame of reference and reality is difference, there is no absolute truth here, trying to paint it as such is actively doing a disservice to any sort of discourse we could have about the subject.
One could surely argue that making "paid browser extensions" somehow have a net negative impact on the world, and if that was proven, would that mean all the time you spent on those sort of projects were suddenly wasteful and you should have realized this up front? Seems inhumane if so.
> you can learn from the things you experienced during that time
Of course you can learn from your experience, and the author did learn from his experience, which is the entire point of the tweet, so the author doesn't need to be told that he can learn from his experience. He already knows!
Nonetheless, the author considers his time to have been a waste.
> meaning it wouldn't be a waste
This does not follow.
> I worked in the cryptocurrency industry, sold drugs, interacted with gangs, and a bunch of other stuff but none of them broadly harmed society
Ok...
> One could surely argue that making "paid browser extensions" somehow have a net negative impact on the world, and if that was proven, would that mean all the time you spent on those sort of projects were suddenly wasteful and you should have realized this up front?
If that was proven? Well, prove it. Go ahead, make my day. Otherwise, this is just a silly piece of sophistry with no applicability.
I guess that would depend on your own personal moral backbone as to which direction you would go at that point. Undoubtedly you’ll learn something either way, but hopefully someone would adjust for their next effort.
> Isn't social awkwardness sort of inherently impairing in social relationships?
Yes, but I think the distinction is explained in the article: "show significant improvement with practice and maturity" and "generally achieve life goals despite awkwardness".
To put it another way, those who are socially awkward can get better, whereas some of the other diagnoses are lifetime impairments with little or no possibility for improvement or cure.
> This is a straightforward error in the code, which had existed undetected for many years. This type of code error is prevented by languages with strong type systems. In our replacement for this code in our new FL2 proxy, which is written in Rust, the error did not occur.
Cloudflare deployed code that was literally never tested, not even once, neither manually nor by unit test, otherwise the straightforward error would have been detected immediately, and their implied solution seems to be not testing their code when written, or even adding 100% code coverage after the fact, but rather relying on a programming language to bail them out and cover up their failure to test.
Large scale infrastructure changes are often by nature completely untestable. The system is too large, there are too many moving parts to replicate with any kind of sane testing, so often, you do find out in prod, which is why robust and fast rollback procedures are usually desirable and implemented.
> Large scale infrastructure changes are often by nature completely untestable.
You're changing the subject here and shifting focus from the specific to the vague. The two postmortems after the recent major Cloudflare outages both listed straightforward errors in source code that could have been tested and detected.
Theoretical outages could theoretically have other causes, but these two specific outages had specific causes that we know.
> which is why robust and fast rollback procedures are usually desirable and implemented.
Yes, nobody is arguing against that. It's a red herring with regard to my point about source code testing.
I am not changing any subject. These are glue logic scripts connecting massive pieces of infra together, spanning what is likely several teams and orgs over the course of many years. It is impossible to blurt something out like "well, source code testing" for something like this, when the source code inputs are not possibly testable outside the scale of the larger system. They're often completely unknowable as well.
With all due respect, it sounds like you have not worked on these types of systems, but out of curiosity - what type of test do you think would have prevented this?
With all due respect, it sounds like you have never heard of unit tests.
Cloudflare states that the compiler would prevent the bug in certain programming languages. So it seems ridiculous to suggest that the bug can't be detected outside the scale of a larger system.
Please explain how unit tests stop a problem from propagating across a system that fields 70 million requests a second and I’ll take you more seriously, otherwise I’m done with this particular subthread.
You're completely missing the point. From the blog post:
if rule_result.action == "execute" then
rule_result.execute.results = ruleset_results[tonumber(rule_result.execute.results_index)]
end
"This code expects that, if the ruleset has action=”execute”, the “rule_result.execute” object will exist. However, because the rule had been skipped, the rule_result.execute object did not exist, and Lua returned an error due to attempting to look up a value in a nil value.
This is a straightforward error in the code, which had existed undetected for many years. This type of code error is prevented by languages with strong type systems. In our replacement for this code in our new FL2 proxy, which is written in Rust, the error did not occur."
The unit tests are for the source code. In this respect, the number of requests a second fielded by the system is irrelevant. Unit tests don't happen in production; that's the point of them.
It's a classic coding mistake, failing to check for nil, and none of your handwaving about "scale" changes that fact.
They don't, akamai has had several outages as well jsut no one notices. Akamai is way way smaller than cloudflare, 20% of internet traffic passes through CF networks, not sure it's even measurable on Akamai.
Quickly Googling about, a commonly repeated figure is that Akamai served 15% - 30% of Internet traffic in the late 2010's. They probably have less of the market today due to others growing, but they're not a minnow.
2024 revenue figures were $1.669 billion for Cloudflare, and $3.99 billion for Akamai, per Wikipedia.
> 20% of internet traffic passes through CF networks
That does not sound right to me. “20 percent of websites” does not mean “20 percent of traffic.”.
There is no public write-up from Cloudflare that proves “we handle 20% of all Internet traffic.” Cloudflare reports around 295,000 paying customers and more than 30 million Internet properties (20% of the web). So most of their users are on the free plan.
agreed, cloudflare says 20% of all websties, which makes sense, digging into it the "20% of all web traffic" seems to have been like a game of telephone in media, social media, and/or AI.
I can't believe they only have 295,000 paying customer, that puts me in a small minority. lol
> It’s not that uncommon for a 3rd party to report a developer for violating Apple ToS. Frequently, it’s out of spite towards the offending party and not out of love for Apple. Also, Apple employees sometimes report stuff they stumble upon too.
What evidence do you have for these claims?
Unless you work for Apple—indeed, unless you work specifically for Apple legal—it's unclear how in the world you would know how common this is or what Apple employees do.
> If he's sanctioned for being a Putin affiliate or whatever
Unless you have specific incriminating evidence, please don't present this hypothetical nonsense as if it's a real possibility. Here's more information about the author: https://blog.kulman.sk/about/
What a shame that comments keep mentioning Russia just because the author's name is not "John Smith" or something.
A more extreme policy would be to treat smartphones themselves the same way we treat alcohol and cigarettes, enforcing an age minimum at the point of purchase. Of course the giant tech corporations would fly into rage over this suggestion and lobby heavily against it.
reply