Have lawyers familiar with EU law vetted your technique? Could you share their legal reasoning? If not, why would anyone ever take the risk to use your product and face huge fines?
I am all for privacy, use uBO, Firefox Focus / Incognito and Google alternatives. But if I have to consult a lawyer each time I write some code or write up a blog post, I'll take up gardening instead.
How about just consulting a lawyer each time you abuse a protocol to get user's software to behave in a way that is invisible to them and benefits you?
There is already a correct way to tell a browser to tell the server something with each subsequent request: Cookies. Nobody needs to "write some code" here; it's already written. Working around the protocol isn't engineering, it's just lying.
This blog post is just another cynical degredation of trust between users and their browsers, and browers and the servers they talk to. Just another part of HTTP that we can't use for what it was designed for anymore because servers want so desperately to track visitors uniquely and a significant subset of visitors would prefer not to be remembered uniquely.
It doesn't track visitors. It just counts how many came back and how many bounced. It's very privacy friendly, but still doesn't meet your standards? I think you just like to complain.
This is simple. Why not use cookies? Because people don’t like cookies, or people delete cookies, or there are regulations surrounding cookies. So we’re doing what cookies are for with a different part of the protocol to circumvent all those issues.
Though, of course, it doesn’t circumvent any of them. Nobody who firmly rejects cookies is amused, and no court that ever made a cookie-consent law will shrug its shoulders and say “technically it’s not a cookie so I guess they’re in the clear”.
It’s ridiculous to call this privacy friendly, and I think you just like to track your users without asking.
Instead of putting a real, appropriate value in "last-modified", we're putting an arbitrary value, totally unrelated to actual response caching that the user's browser will unwittingly use next time it calls us and in so doing remind us of something about them. Maybe all it reminds us of is visit count, because we have restraint and that's all we're exploiting this for (for now). So now, for the third time:
Why not use a cookie?
The problem with this is encoded in the answer to that question. You're being willfully ignorant if you can't see that the answer to that question is: "Because I don't like certain governments, users, and user agents' way of handling cookies (e.g. deleting them, or requiring consent)".
So you agree it doesn't track users. At least we're on the same page there now.
Why not use a cookie? Because then they can't advertise that they don't use cookies. It's like how they put No-GMO label on food that doesn't even have GMO crop varieties. It's meaningless, but people are uneducated on the subject so it sells products.
You could use a cookie here, and you could do it completely legally without requiring consent. The laws don't care about cookies or other technical implementations, they care about tracking. So the reason to use this cache header instead of cookies is simply because people are uniformed on the subject and it sells better this way.
> Why not use a cookie? Because then they can't advertise that they don't use cookies.
Oh, so they can be craven motherfuckers who abuse protocols for the sake of web analytics. With you so far.
> The laws don't care about cookies or other technical implementations, they care about tracking.
This is flat-out wrong. The law cares about any cookies that aren't strictly necessary for the site's operation. This very well might qualify as a cookie that isn't strictly necessary for the site's operation. It's not implemented as a cookie, but what you say is half right; "the laws don't care about... technical implementations". A judge might not care that you've come up with a clever way of storing your cookie with a different header. It's the same thing as a cookie, and it's not necessary for the site's operation.
Even the good guys are craven motherfuckers to you. Who does measure up to your standards of flawless perfection?
This is an analytics service that respects user privacy. We would be wishing them all the success in the world, not criticizing them for not meeting your ridiculous notions of HTTP header purity.
What a ridiculous notion! Using cookies when you want to set a cookie! Absurd! What we are trying to do is set a cookie while also proclaiming to the world that we don’t use cookies. What’s the matter with that?
I’m sorry, but “I want to sort of lie” is just not a very compelling reason to me. I guess I just have ridiculously high standards.
No need for this kind of hyperbole. I wouldn't ask this question if the OP's post didn't contain grandiose claims such as "No cookies, no consent banners, no ad networks, 100% GDPR & CCPA compliant, low footprint web analytics." OP made a claim about their compliance with EU law. I'm asking for proof or at least an explanation.
How so? That's a day 1 experience for Ruby. Typos and calls for the methods on the wrong objects will always get you a NoMethodError. Anybody past their first Ruby tutorial will be familiar with this exception.
This is the kind of problem you encounter once, scratch your head, look it up on stack overflow, understand why it is, and then commit this little quirk to memory and it never really troubles you again.
(Or more realistically, your IDE underlines your error in red and you never even see the error message)
I like it because it encourages the newcomer to understand that the `=` "operator" in `foo.bar = 123` is actually just a part of a method named `bar=`.
Though, to be honest, rather than an "instructive" error message... I sort of wish the language syntax itself forbade that space and simply forced you to write `foo.bar= 123` instead of `foo.bar = 123`.
I wonder if Matz himself has ever second guessed that choice he made in the 90s? =)
> I sort of wish the language syntax itself forbade that space
This syntactic sugar is definitely a bit weird, but it seems necessary in the "everything is an object" design, and to simultaneously meet Ruby's prime directive of maximizing developer happiness.
Can you imagine the howling from the haters if `x = 1` was a syntax error?
This is a pretty basic facet of Ruby. You do not need extensive experience to be familiar with Ruby's approach to getters and setters. This will be surprising to people whose expectations come from other languages, but I doubt it would surprise any Ruby developer.
Agreed. The second chapter of Programming Ruby, "Classes, Objects, and Variables", shows you how to manually implement 'attributes' before introducing you to the attr_* methods. This is fundamental stuff.
> 1) I like the consistency of all web pages being rendered by the same engine and having access to similar capabilities, no matter if it's a web-view inside an app, or in a browser.
Then use Safari and don't install another browser. Why should other people be prevented from installing other browsers based on your preferences?
> 2) Safari's a pretty great default for mobile devices, so I don't feel like I'm losing out by being "stuck" with it.
Then use Safari and don't install another browser. Why should other people be prevented from installing other browsers based on your preferences?
> 4) Conveniently for me, I also happen to have no interest in having other browser engines on my phone or tablets, since this one's pretty good, and in some ways best-available, anyway.
Then use Safari and don't install another browser. Why should other people be prevented from installing other browsers based on your preferences?
> I don't know if it's correct to call China a "dictatorship" but I'll humour you for a moment.
Seriously? What's your definition of "dictatorship"? Let's take Wikipedia's one for example:
> A dictatorship is a form of government which is characterized by a leader or a group of leaders which holds governmental powers with few to no limitations on them.
This argument about whether Xi is a dictator or not actually plays out with fair regularity on his Talk page[0] on Wikipedia. The general consensus – whether astroturfed by CCP I cannot tell – usually ends that he is not.
Wikipedia also deletes articles about female academics who go on to win the Nobel prize the next day. I don't particularly care about the "consensus" that they build.
I lived 30 years of my life in Soviet Union. If I have to choose a single thing which sucks even more than living best years of my life in this country, it's the people from free world discussing whether communism is bad or not so bad, dictatorship or authoritarian, whether the general idea of communism is right or not etc.
China is a lot of things, it's nominally communist but that doesn't quite capture the whole situation on its own, it's technically a "dictatorship" by that definition (probably more so recently with Xi Jinping consolidating power) but that also doesn't quite capture it all either. I don't want to debate terminology because it's tedious and detracts from the actual point I was making - that just because the CCP has a lot of power, doesn't mean they don't believe they need a face-saving way out of zero-Covid.
Well, don't start your comment by nitpicking terminology if you don't want to debate terminology. You can't just drop an argument and then evade contradiction like that.
I made a comment with a very light disagreement, but went along with the China=dictatorship premise anyway and you blew your top, didn’t engage with the original comment.
It’s the way of the internet, people think they smell blood in the water, get all riled up and lose sight of the actual topic
Let's be real for a minute. What you're actually saying is these hobbyists don't really matter and they don't even deserve to name their projects. Only Real Projects created by Real Programmers at Real Big Tech corporations get the cool names.
This is the kind of disrespect that pushed people to create trademark laws.
The actual issue here is you acting like a name collision is a huge problem. It isn't, it's an everyday occurrence on Github alone. We just add a bit more info, like the account name in the case of Github or the year of release for movies/series/games etc.
If a name really isn’t such a big deal, then it shouldn’t be a big deal to change it to something else that wasn’t already taken. If there’s resistance to that idea, then maybe names are a big deal after all.
For a language dev, the name of the language is all you really own about it. These days, developers expect their languages and tools to be free, and of course open source and permissively licensed. The name and logo of the language is really the only IP most PL devs actually fully control, and costs actual money and time to maintain (registering and defending trademarks, domains, etc.)
To just step on names like Google has repeatedly done shows a crass disregard for what independent language devs go through.
We are talking about "rune", a common English noun. It's not like Google called it Zig or Jai. And how many github repos are just called "Lisp"?
Google isn't exactly innovative with their naming: Fuchsia, Dart, Pixel, Go, Drive, Ara, ... Aside from rare short-term experiments like Stadia everything outside a basic dictionary should be safe.
I'm not going to defend Google, but this specific case isn't one that I'd lose my mind over.
name collision becomes a problem when at least one of the entities is willing to bring lawyers to bear. not saying that's happening here, but certainly more of a concern in a situation where you have a hobbyist going up against a big company.
Hobbyists do deserve to name their projects. And other people can name their projects the same thing. Not a big deal.
(By the way, the reverse scenario here should be okay, too. If Google makes a project with with a common noun name, then others should be able to use that noun to name their projects.)
If Google can just stomp on anyone's name and that's fine by you, then what does it mean to say that hobbyists "deserve" to name their projects? What you're really saying is that whoever has the loudest voice backed by the most money gets claim over the name, regardless of who had claim to it first. In that world, hobbyists get whatever is leftover by by big corps, and don't really "deserve" anything.
> What you're really saying is that whoever has the loudest voice backed by the most money gets claim over the name, regardless of who had claim to it first.
No, I’m saying that nobody has “claim over the name”. Naming collisions happen all the time, and I don’t know why we get so bent out of shape about it. There are two multibillion-dollar software companies called Epic. There are a million businesses called AAA. I’ve been to three different breakfast restaurants called Sunrise.
Yes, actually, or at least until abandoned by the original authors. That's pretty much the norm in the PL community. There are enough names out there that no one needs to step on any toes. Although I guess Google engineers don't care much about community norms.
But in the spirit of being real: what are you trying to do by calling the Rune devs "a couple of hobbyists"? Is that an attempt to minimize them, as if they are not a corporation therefore they don't have any naming rights to their projects? "A couple hobbyists" are how many great language you know and love started out. Their rights are important too. We don't want the norm to be big corporations snuffing out hobbyist projects by making them unsearchable, like Google did to Go!. That's bad for everyone.
Send them... How? You're planning on setting up a MITM attack on everyone's internet access?