I’m waiting for Bookshop.org to offer an integration with any hardware reader for most of their books. When they do, I’ll switch to whatever that reader is.
Yeah as much as I think that Tesla is full of shit, there’s no way this is true. I don’t know a single person that’s driven 500k miles lifetime but everyone I know has been in at least one minor accident.
Not to nitpick, but that means if you sample randomly then you're going to find that the great majority of Americans have, in fact, driven less than 500k miles in their life.
Also I don't think that's correct; that's a ton of driving! I strongly suspect the number you're citing is the number of miles an average American spends in a road vehicle, not actually driving it. But that counts the same "car-mile" multiple times for all the occupants, when the statistic we're arguing about right now is about the vehicle, not the occupants.
I’m trying to leave the Kindle world. I’ve already stopped buying books on Amazon, instead getting them elsewhere and using Calibre to strip the DRM and sideload them.
What I really want is a physical eink reader that can load books from the bookshop.org ebook store. Then I can support both authors and bookstores.
Their website claims that they have an integration with Kobo on the way, but it’s said this for about a year now with no progress.
SOC2 is mainly to check boxes, and forces you to think about a few things. There’s no real / actual audit, and in my experience the pen tests are very much a money grab. You’re paying way too much money for some “pentesting” automated suite to run.
The auditors themselves pretty much only care that you answered all questions, they don’t really care what the answers are and absolutely aren’t going to dig any deeper.
When I worked for a consulting firm some years back I randomly got put on a project that dealt with payment information. I had never had to deal with payment information before so I was a bit nervous about being compliant. I was pointed to SOC2 compliance which sounded scary. Much to my relief (and surprise), the SOC2 questionnaire was literally just what amounted to a survey monkey form. I answered as truthfully as I could and at the end it just said "congrats you're compliant!" or something to that effect.
I asked my my manager if that's all that was required and he said yes, just make sure you do it again next year. I spent the rest of my time worrying that we missed something. I genuinely didn't believe him until your comment.
Soc2 and most other certifications are akin to the tsa, security theater. After seeing the info sec security space from the inside i can only say that it blows my mind how abhorrent the security space is. Prod db creds in code? A ok. Not using some stupid vendors “pen testing” software on each mr, blasphemy?
Unless im missing something, they replied stating they would look into it and then its totally vague when they patched, with Alex apparently randomly testing later and telling them in a "follow up" that it was fixed.
I dont at all get why there is a paragraph thanking their communication if that is the case.
The time to fix isn't really important, assuming that they took the system offline in the mean time... but we all know they didn't, because that would cost to much.
According to the timeline it took more than a week just for Filevine to respond saying they would review and fix the vulnerability. It was 24 days after initial disclosure when he confirmed the fix was in place.
Given that the author describes the company as prompt, communicative and professional, I think it’s fair to assume there was more contact than the four events in the top of the article.
Kinda sad but LinkedIn has fulfilled the original promise of Facebook for me. Almost all the people I’ve met in my career and at school have a verified profile under their real name and when I want to reach out to them, that’s a place I can start if I lost their number.
The feed is hell. The content is cringe. All true. But it’s a very good directory.
I believe they’re using all numbers for a family of four. So two kids. Your numbers are for one kid. Double them and it’s closer to what the article says.
The UN doesn’t say that a human life is actually worth $10 million but that’s the number we’re going to use, so the question is as QALY thing how much is a liver transplant worth and it turns out the liver transplant gets you about 25 QALYs, and so running the numbers a liver is only about $3.75 million.
For our coding interviews we encourage people to use whatever tools they want. Cursor, Claude, none, doesn’t matter.
What I’m looking for is strong thinking and problem solving. Sometimes someone uses AI to sort of parallelize their brain, and I’m impressed. Others show me their aptitude without any advanced tools at all.
What I can’t stand is the lazy AI candidates. People who I know can code, asking Claude to write a function that does something completely trivial and then saying literally nothing in the 30 seconds that it “thinks”. They’re just not trying. They’re not leveraging anything, they’re outsourcing. It’s just so sad to set how quickly people are to be lazy, to me it’s like ordering food delivery from the place under your building.
reply