I know it's fiction - but in reality, Karen is likely just as annoyed by this as the author. The spam should go to the person in charge, not the person who is forced to deal with this every day
Or semi-fiction? The author is actually blind and tagged it nonfiction, but I suspect some embellishment.
> but in reality, Karen is likely just as annoyed by this as the author.
When I'm frustrated talking with an agent of a big organization, I try to remember they probably didn't set the policy. But I also expect them to express some empathy for how I'm negatively affected by that policy. The author/protagonist, accurately or not, felt the opposite from "Karen from compliance". In their shoes, I wouldn't feel much empathy for Karen in return.
> The spam should go to the person in charge
I also expect the agent to have a closer relationship with "the person in charge" than I do (none whatsoever). If I mention the policy is absurd, they could at least make some effort to pass that along to their manager.
Also, sending the information to the agent is necessary compliance, even if the volume is malicious.
> not the person who is forced to deal with this every day
Maybe they feeling a bit of the pain themselves might make them more likely to speak up. If this becomes a miserable job that no one will stay in, that might provoke a change.
> Maybe they feeling a bit of the pain themselves might make them more likely to speak up. If this becomes a miserable job that no one will stay in, that might provoke a change.
Unfortunately, it might also just cause anyone who wants to do good to leave, leaving people who just need a job and don't care about doing good.
> Unfortunately, it might also just cause anyone who wants to do good to leave, leaving people who just need a job and don't care about doing good.
I don't think the author would have acted this way toward someone who said "sorry, I know it's a burden, I know it's stressful to be at risk of losing these benefits, and I've told that to everyone I can repeatedly." So how much danger is there really that the inconvenience of reloading the fax machine is pushing out someone who is trying to do good?
(For the sake of argument, I'm going with all the details of the story, including that this caused Karen any distress at all. I think it's more likely a real office like this has a setup for which getting a 500-page fax is no big deal at all. And if it really is a DoS on their processing, the consequence I'd be more worried about is causing acceptance to slow down enough that other disability claims are not processed before their deadline.)
> I don't think the author would have acted this way toward someone who said "sorry, I know it's a burden, I know it's stressful to be at risk of losing these benefits, and I've told that to everyone I can repeatedly." So how much danger is there really that the inconvenience of reloading the fax machine is pushing out someone who is trying to do good?
It's not just the faxing that causes people to act the way Karen (supposedly) acted - it's the anger and maliciousness being directed at them by numerous people, all day, every day, even when they do try to be sympathetic to the fact that the system fucks everyone. But there's only so much empathy one can muster.
(Not to mention the various other factors that push good people out of government, such as working for decades to make the systems better only for them to get worse.)
To be clear, I agree with you to an extent; if instead of being malicious and directing anger at the people doing their best to help, people like the author more calmly expressed their frustration with the system, maybe they can bring it up with their superiors, as you said.
All of it's a mess, and not a single facet of this issue is without blame - not the recipients, not the bureaucrats, not the politicians, and certainly not the voters.
I hear you...to an extent. I just got off the phone with Comcast Business Class, asking for a refund after I had 26 hours of downtime in the past week. Not a company with a great reputation for customer service, and the agent I spoke with was probably not exactly earning a six-figure salary. He was empathetic. The outcome was unsatisfactory [1], but he was polite, he said he understood how important availability is my business, he put me on hold for a while, said he tried for more with his manager, and I believed him. That's all it takes, not like a master study in empathizing with your bitter enemy and de-escalating conflict. I'm mad at Comcast, but I'm not mad at him.
[1] A discount that was less than the delta between consumer-class and business-class prices, when the latter doesn't seem to actually be providing better availability lately.
Yes, some people thrive on talking to a lot of people. For everyone else, it can be exhausting. It's hard to navigate social differences talking to 15+ strangers every hour for 8 hours. Each person has a unique expectation about how to relate to them. It's hard knowing, for example, who wants to be interrupted and who doesn't [0]. Some people talk in vagueries with exposition, making it hard to understand what it is they want, but feel they have communicated clearly, so get upset at being asked questions. I could go on and on about this. The end result is an absolutely JUICED frontal lobe, though. "Why don't you find another job" is a common question to people and I don't think people with a juiced frontal lobe have the capability to reason their way into getting their resume and applying to new jobs. To remember that comment would be to remember 25 calls ago that someone told you to find a new job.
> He was empathetic.
I don't understand what this means when people say it. Empathetic means having empathy for someone, which means imagining being in their situation, and feeling the feeling associated with that situation. That takes a long time for me, like a few minutes, uninterrupted, at least. So either I would have to lie and say "wow, that must be so frustrating", which is not empathy, that's just saying words that sound like empathy. And that brings me next to the next thing I don't understand... either that person was also lying or somehow people have the ability to just contemporaneously download the feelings of other people, feel them, but also not act like they're feeling them (because how are you supposed to feel frustrated without being frustrated?) so as not to make the customer upset.
Customers hate to hear (in a sort of "stop being upset that's annoying" way) sadness or anxiety or the braced statements of a person (often perceived as rude) used to having to repeat, for the 50th time, something people don't want to hear. I do have the empathy to recognize this when a customer service agent does it and cut them the slack because probably had to spend all their empathy on someone else.
Then I read about things like surface acting vs deep acting and see that the surface acting part is bad for your emotional health but that deep acting takes a lot of extra energy [1]!
Finally I ask the question of am I evolved to even be able to socially interact with 120 strangers in a given day?
"that's all it takes" might be underselling the dynamic here.
>Yes, some people thrive on talking to a lot of people. For everyone else, it can be exhausting. It's hard to navigate social differences talking to 15+ strangers every hour for 8 hours a day.
Okay. It's a job. I know choices are slim, but "its hard for my mental state" has never been a satisfactory excuse to further displease customers.
>So either I would have to lie and say "wow, that must be so frustrating", which is not empathy,
Sometimes a little white lie is easier than a cold hard truth. Just ask any salesman.
>And that brings me next to the next thing I don't understand... either that person was also lying or somehow people have the ability to just contemporaneously download the feelings of other people, feel them, but also not act like they're feeling them
Given the author is blind, I imagine he's better than average at reading the tone of voice. He could have interpreted it wrong, but I'm sure this dismissive tone isn't new to him.
>Finally I ask the question of am I evolved to even be able to socially interact with 120 strangers in a given day?
Probably not. But I'm not sure what you want me to say. I don't want to be the same as Karen and say "suck it up, it's a job. But this is such a commin feeling on modern society. If we aren't going to collectively rise against its, we're bearing the flood alone.
Given how we're still actively drowning people, I don't see us coming together soon.
This is missing the forest for the trees. You are ignoring the wider corpus of the individual's experiences in favor of a single negative interaction, and then using that single interaction, isolated from all their other experiences, to judge the entirety of their character.
> Okay. It's a job. I know choices are slim, but "its hard for my mental state" has never been a satisfactory excuse to further displease customers.
The chemical reality of the the frontal lobe getting exhausted is not an "excuse". It still misses the forest for the trees: if your frontal lobe (the part of the brain responsible for social understanding, reasoning, executive function, and information recall [0]) is taxed, you are way less likely to even understand that you're displeasing the customer! The ultimate irony here is the tool needed to understand how to not do that thing anymore is also the frontal lobe.
> Sometimes a little white lie is easier than a cold hard truth. Just ask any salesman.
That's a nice way to soften it, but pretending to empathize with someone who you're not actually empathizing with sounds psychopathic. I don't want to model my behavior nor do I want anyone else to model their behavior after an industry that is known for dark triad personalities [1]. A lie is still a lie and lying about something so intimate as feeling their experiences doesn't sit right with me at all. You should read the link I posted in my earlier comment which discusses surface acting and how it is very taxing on the individual.
> Given the author is blind, I imagine he's better than average at reading the tone of voice. He could have interpreted it wrong, but I'm sure this dismissive tone isn't new to him.
Reading a stranger's tone is a guess and negativity bias affects our perception of a stranger's intent [2]. The sum of their total negative experiences absolutely can make them interpret someone else's tone as having "dismissive" intent even though it's just as likely to be what I already described: braced speech in anticipation for a person responding to something they don't want to hear.
And there you can see negativity bias on both sides! The difference is that the representative gets no post-call time to consider what happened before they have to take the next call and they have the issue of not really having the foresight to actively introspect and keep a strong sense of understanding the situation the customer is going through. (As a reminder, both foresight and introspection require some level of functioning frontal lobe, which is already getting juiced for the next social interaction that's about to happen).
> Probably not. But I'm not sure what you want me to say. I don't want to be the same as Karen and say "suck it up, it's a job. But this is such a commin feeling on modern society. If we aren't going to collectively rise against its, we're bearing the flood alone.
I'm not sure what you mean, you effectively said "suck it up, it's a job" at the beginning of your comment when you said "Okay. It's a job". Of course no one wants to be the same as Karen, Karen doesn't want to be the same as Karen, but as I've already explained, is incapable of extricating herself from the dysfunction! Her frontal lobe is shot!
But the author? He does have that capability after the interaction. He is an author, with time to introspect. He chose to be an ass hole instead. Of course, his growth over the years has been stunted by the way he has been treated. I am not in the business of dredging up someone's life experiences and putting them on display, but he has painful experiences beyond being blind in a society not built for blind people.
But I have the privilege of being able to see all that and take it into consideration. Karen does not. She doesn't have the hint about his upbringing that I do. She probably doesn't have the time or mental capacity to introspect, and consider, if what she's doing makes people feel bad.
I can fault neither of these people for being ass holes, because that would amount to faulting them for their upbringing, faulting them for the situation they're in.
> But I'm not sure what you want me to say.
I don't want you to say anything, I want you to think about what empathy really means beyond the surface level. That this isn't a situation where anyone should be trying to say "who has experienced the most hardship" so we can pick who wins empathy and who gets labelled an ass hole for perpetuity.
I want people to stop doing the thing where they only empathize with the person most like them and instead try to feel what it's like to be like the person who is least like them. Sometimes that's not intuitive. Just because the dude is blind doesn't mean he isn't more like you than the person who isn't.
>I don't think the author would have acted this way toward someone who said "sorry, I know it's a burden, I know it's stressful to be at risk of losing these benefits, and I've told that to everyone I can repeatedly."
Have you seen how much public sector employees taking calls get paid to be abused all day?
If you want people with limitless wells of compassion, pay better. Public sector jobs generally get to scrape the bottom of the barrel and compete with the local grocery store.
fascinating. And who is that mythical person in charge
I tried to delete my account on GitHub. I could not. The gdpr compliance email address they provide happily accepts emails but my account is still there, after more than 3 months.
Why am I writing this here? To show you an example of being powerless to the system. The only things I can do is things you can call "petty", like wearing a "Microsoft employees deserve Gulag" t-shirt. Since I tried many other options and failed multiple times
> but it requires knowing what class and value to pass
Unless you use a text editor without any coding capabilities, your IDE should show you which values you can pass. The alternative is to have more methods, I guess?
> why can't I just pass 20 or 20_000 or something
20 what? Milliseconds? Seconds? Minutes? While I wouldn't write the full Duration.ofSeconds(20) (you can save the "Duration."), I don't understand how one could prefer a version that makes you guess the unit.
Yes it is, can't add anything here. There's a tradeoff between "do the simple thing" and "make all things possible", and Java chooses the second here.
> .authenticator(Authenticator.getDefault()), why not just pass bearer token or something?
Because this Authenticator is meant for prompting a user interactively. I concur that this is very confusing, but if you want a Bearer token, just set the header.
> Unless you use a text editor without any coding capabilities, your IDE should show you which values you can pass. The alternative is to have more methods, I guess?
Fair enough, as much as I don't like it, in Java world it's safe to assume everyone is using an IDE. And when your language is (essentially) dependent on an IDE, this becomes a non-issue (actually I might argue it's even a nice feature since it's very type safe).
> 20 what? Milliseconds? Seconds? Minutes? While I wouldn't write the full Duration.ofSeconds(20) (you can save the "Duration."), I don't understand how one could prefer a version that makes you guess the unit.
I would assume milliseconds and would probably have it in the method name, like timeoutMs(...) or something. I will say it's very readable, but if I was writing it I'd find it annoying. But optimizing for readability is a reasonable decision, especially since 80% of coding is reading rather than writing (on average).
This is already a crazy take on its own, why would a fork have to describe their relation to the parent project front and center? Both the Readme and the comparison page link to the origin blog post [1] that describes the lineage clearly.
But even if there were some "ethical reason" to do this, I don't think Gitea is the right project to play up as a victim. Their homepage [2] doesn't mention that Gitea itself is a fork either. Their Readme does, but is this so much better?
You "need a plugin" in the sense that every component of maven is a "plugin". The core plugins give you everything you need to build a self-contained jar - if you wanted to, you don't even have to configure the plugins, if you want to write a long cli command instead.
You can create a native executable with GraalVM. Alternatively, if you want to keep the JVM: With the ongoing project Leyden, you can already "pre-train" some parts of the JVM warm-up, with full AoT code compilation coming some time in the future.
And going the other direction, if you want your C++ binaries to benefit from statistics about how to optimize the steady-state behavior of a long-running process, the analogous technique is profile-guided optimization (PGO).
GraalVM is terrible. Eats gigabytes of memory to compile super simple application. Spends minutes doing that. If you need compiled native app, just use Golang.
I used to be really excited about GraalVM but this, together with limitations in what Java code can run (reflection must be whitelisted - i.e. pain) made me run away from it. I do use Go, but my favourite substitute for Java is actually Dart. It can run as a script, compile to a binary or to a multiplatform "fast" format (a bit like a jar), and performance wise it's par on par with Java! It's faster on some things, a bit slower on other... but in general, compiling to exe makes it extremely fast to start, like Go. I think it even shares some Go binary creation tooling since both are made by Google and I remember when they were implementing the native compiler, they mentioned something about that.
I can use Wero just fine in my banking app. Can't try the app that's called Wero in the Play store because it just directs me to my banking app. But I can open it at least ...
Hack-backs are a topic that comes up every few months from government representatives here. There are two big problems I have with this:
- you don't know "who" you hit. The case in TFA is still rather simple (just send the "hack" as the response), but you will still most likely hit some residential proxy and nuke some random person instead of the responsible actor
- (this is not too related to TFA but a point in discussions about hack-backs on a state-actor level) unless you're doing a very simple "attack", you need to have some sort of vuln ready to perform any kind of hack-back. Which leaves the ethical dilemma that actors are now motivated to keep vulnerabilities available, thus making the world more unsafe. And once you have used your vulnerability, your "enemy" probably knows it as well.
> Legitimate use cases, including security research, web archiving, and search engine crawling, can be distinguished from credential scanning by scope and target: no valid automated process needs to probe arbitrary third-party servers for .env or .git files.
What about security researchers scanning for their research? What about scanners that notify you?
Hi, if you are still interested - I updated the post/paragraph and included:
Another approach would be not to make the files 1 TB in size, but only about 50 MB, while distributing them collectively. This would spread responsibility across many participants and reduce the individual burden of liability. If many users offered such files, automated scanners or bots would effectively end up cluttering themselves with useless data, without any single participant impacting the system to a degree that could be framed as deliberate destruction.
[...]
A possible safeguard for legitimate scanners would be to operate only within defined time limits or request quotas. In contrast, uncontrolled or unrestricted scanners would gradually overwhelm themselves with this distributed noise.
You are right. I am not satisfied with this sentence myself and will revise it. In its current form it sounds contradictory and nonsensical. However, I have not yet been able to identify a reliable demarcation criterion...
Insofar as the thing we're talking about here isn't exactly "hack-back" per se, but more like "booby trapping your honeypot", I think you might be able to make an argument analogous to the one that would apply as a booby-trap defense:
Namely, that if "common sense" is enough to prevent someone from suffering any injury from a booby trap even when they do trigger it, then it's not really a "booby trap" in the classical definition. It's just an object with dangerous edge-cases.
In the literal booby-trap case, you might picture, say... a garden hose.
It would be hard to imagine someone being harmed by "normal" use of a garden hose. Most ways to engage with it wouldn't result in any harm. You could turn it on, maybe get a bit wet or lashed if the hose whips around as it stiffens. Point it at yourself and use it to wash yourself clean. Maybe point it in your mouth and choke.
The only clear way to harm yourself with a garden hose, would be to put the hose in your mouth and then turn it on. And then to not remove the hose when you begin to feel very, very uncomfortable.
And that's very silly! Why would you do that? You could have stopped drinking from the hose at any time!
A garden hose has a dangerous edge-case: the water stream is infinite, and the hose fits in your mouth, and the internal stomach capacity of a human is finite. But it's an absurd dangerous edge-case. Nobody with common sense would encounter this edge-case. So a garden hose is not a booby trap. And an abandoned house with a garden house connected to a water supply, is not a booby-trapped house.
See what I'm getting at here?
You can give up and stop streaming (/ parsing / building-up-your-in-memory-ADT-from) an HTTP response that "just keeps going and going" at any time. And any vuln-scanning client programmed by someone with some common sense (e.g. a professional security researcher) would have that common sense built into it. So a 1TB .env-file HTTP response is not a booby trap.
And yet, of course, it will catch (and break) those "special" clients, built by people with no software-engineering common sense, i.e. script kiddies. But it's not your fault that some people have built deranged software that goes around wrapping its mouth around strangers' garden hoses!
Besides the fact that 99% of the general population won't be able to understand this, a $5€ wrench says that you show me proof of the correct private key (either by you showing me the letter you received, me being present when you set it up, or however it is set up)
reply