I'm a lot more paranoid about privacy these days.

1. Almost all software can be abused or co-opted for surveillance purposes.

2. Some software comes already designed for surveillance purposes up front.

2a. This includes plenty of well-known mass appeal software; importantly, the customer-facing marketing copy and the investor pitch can present a completely different value proposition.

3. Software doesn't become used for surveillance or abuse by accident; there are actual human beings who make a decision to use it in this fashion, or commission it for this purpose.

3a. The "misguided programmers harming people by trying to solve social problems with technology" meme is dumb for many reasons, but it's also distracting (possibly purposefully so) from the fact that it's not software, or people who coded up the software, that are the primary culprits. The coders that were too naive or too self-interested to refuse work or blow the whistle may have some responsibility, but we should start talking about the people who made the decisions to commission or repurpose technology for bad purposes.

> To stop the surveillance, [they] would have to get their equipment suppliers to make changes; they would have to change their own back-office systems; they would have to reformulate customer contracts so they would not rely on the data being available in case of disputes; and so on.

> [It] would cost [them] more money to stop the surveillance of their customers than to continue doing it.

> That is quite literally what "surveillance too cheap to meter" means.

If the piece of software you created is unbiased and unopinionated, it can be used for evil purposes. If you make the software deliberatedly against that, you have to (a) take measures without the company knowing (b) have the manpower to do it alone while still reaching development goals (c) those measures can be undone by another developer that cares less that you.

After all, software big enough is collective by nature. It's also unfair to us to think that we're responsible for any misuse as if we were mechanical engineers creating weapons for war

You can quit. Literally, there is something you can do. If your boss asks you to write or adapt something to surveil, then you can quit.

There may be consequences to quitting, perhaps disproportionately felt between you and the company, perhaps consequences that you won't enjoy as much as your current job stability and paycheck, but the choice is always there.

This is why unions are so important, even in a field like software engineering. If you quit on your own, the company may not care. But using the threat of strikes, workers can demand better conditions for themselves and more ethical directions for their company.

If you mean software engineers when saying "tech workers" because unions make it harder to fire people. There's not much that makes a software engineer's job harder than a bad engineer who isn't getting fired and is destroying the quality of the product and the code and creating work for everyone else to fix, all the time.

Unions also result in gaining seniority by time spent in a job instead of competency, and that's also a miserable experience, when someone incompetent is dictating the engineering work. In software engineering you want people who are technically proficient and capable of mentoring to assume leadership positions and positions of increased responsibility, not people who've been there the longest.

Why that is the case is another interesting question.

It's entirely possible that in the post-IBM microcomputer, pre-Google AdWords span, they were correct.

However, it's pretty obvious that current era, power has slid back from labor towards extremely-large corporations.

Sadly history repeats so we'll probably just have another "cultural revolution" and "great leap forward" in the 21st century.

In Marxist terms, lumpenproletariat is a close approximation, but a weird accident of history.

That depends on your baseline, of course. Or to answer your other question:

> Why would you expect anybody getting that kind of money to identify with the lower classes?

I don’t expect it, though I do have deep solidarity myself. Because, to return to the middle of your response:

> If you're making 100k+/year, you're well into bourgeois territory, and FAANG benefits are practically near-instant-owner-class.

I can speak to six figures, and I’m in no way into bourgeois territory. I’m approximately as comfortable as middle class boomers, ie I can make financial decisions to benefit my aging family with some hope I’ll still be comfortable myself. I don’t own anything in the sense meant by “bourgeois” in this context. I may yet, in the sense of a retirement plan. That’s a middle class aspiration. Which, having grown up poor and then broke and then getting by… I recognize very much is still working class.

There certainly is a larger segment of the tech work force than the general population which has reason to believe it can cross the bridge from gentry to ownership… but it’s still a minority of us and it’s mostly scraps. I don’t expect most of my colleagues to be comrades, but I certainly don’t agree with their class analysis which you have expressed so clearly.

I am not actually so much resistant to unions, as I do not see what benefit I’ll get from them. What exactly in my life would have changed for better if I had been a part of a union? Just one thing, can you name?

If you have ever gone up against HR over anything ever, a union would have benefited you.

On call? They paid me $500 a week to have a cellular phone officially, but at the same time unofficially everyone was strictly forbidden to call it. It was an internal political move by the engineering department (see our commitment to this new product? we even put Mike on call), turned into an additional benefit to best engineers.

> If you have ever gone up against HR over anything ever, a union would have benefited you.

My wife (who is one of the best teachers in California, documented) was fired exactly because of the union rules. The principal wanted to keep her so much, that the district turned his desire into a political tool: oh you want to keep L? she is a good teacher? sign this paper (some financial cover up) and we will give you the money to keep L. The union did not care is she a good teacher, or not. Less seniority? Go away (but we keep your $1000 union fees).

They won't, but its a delusion that favours capital over labour.

My favorite counter-example is a collective action of about a thousand medical workers in SF Hospital demanding from Facebook an increase in censorship (and the censorship is impossible without surveillance).

Why do you think a union will support your ethical choices? And if it would not - you’d have to quit the company and the union, loosing not only your salary, but also union fees.

A union gives you more choices than "surveil or resign".

And if the union fails you because it says "no, you have to surveil" then you can still resign.

If you had a union, or even a professional association whose code of ethics had teeth, you could refuse without having to quit. It's incredible to me that in 2022, most programmers are still anti-union.

Why shouldn't workers in a factory have a say over how their labour is used by those who appropriate it?

Baffled by how obvious solutions appear to have fallen off the radar.

As you say, collective bargaining is usually going to be more effective than individual.

It may be more effective in terms of salary and working conditions (though I doubt that in software engineering I would have been able to get better pay through collective).

But in terms of ethics?

Individually, it’s almost impossible to make me support surveillance and censorship. But a big collective is much more vulnerable to manipulation. Comes 9/11 and you’ll get “collective” support for Patriot act, comes 6/1 and you’ll get “collective” support for censorship.

which is why it's less of a technical problem and more of a social problem

people need to realize that with how the technology is today we can't afford to rely on marked self regulation for a lot of things especially wrt. privacy protection it just fundamentally does not work

(Or in other words, such usage of employee surveillance should be just plain out forbidden by law not just to be used but to be deployed)

Of course, there have always been these kind of people, but in the old days they were easily identified groups of disabled and elderly people, who, most importantly, understood also themselves that they need help.

The bleak future I see that increasing amount of normal people with normal intelligence are just going to be financially destroyed, all while they themselves believe that they are fully qualified and justified to decide whether their money is "invested" in the next cryptard scheme, sent to a nigerian prince to get millions, or put in a crappy health insurance covering accidents once in a blue moon, instead of those damn government elite experts taking their money and actually providing health care and pension. And after they are destroyed, they become even more hostile against the "elite experts" who just seem to be laughing at their faces "told you so".

(To be extremely clear here: I believe intelligence is a highly multi-dimensional thing. And yu can be intelligent only in very limited dimensions. so practically all of us - me very much included - are morons in most of the dimensions. So I am not pointing here to any specific group, but all of us are vulnerable in some dimension. I may be able to above average avoiding certain kind of scams, but I am for sure vulnerable - even laughable stupid looking afterwards - for face-to-face friendly scams. Which, luckily to me, are typically not expensive.)

Unfortunately I have no good solution anywhere in sight. The best idea I have so far is to mock online the idiots who think Ayn Rand was a genius. I have to admit, though, that even that is likely to be useless even in the best case, so most of the time I try to just bite my lip.

By law, like by some Patriot act?

I tend to believe it, "will be."

All tech will eventually be used to try to gain an advantage in war and surveillance. I don't think there's a way to prevent it.

https://en.m.wikipedia.org/wiki/Dual-use_technology

There's probably more illegally unpaid overtime than there's unauthorized (boss doesn't like) breaks. The data can likely prove that, too.

I am sick and tired of how often extremely pertinent information has to be neutered in this way. And I am utterly disgusted at how the legal system is used to protect scummy corporations like this unnamed hotel chain.

I wish we had strong laws that prevented employers from even thinking about threatening employees for talking about their work. Or collective bargaining to make sure employers don't have the leverage to impose such one-sided contracts.

My apartment building has lights in the hallways that are only on when needed, but they just use a basic infrared sensor.

* Minimize installation cost. They just wanted to plug into a light socket, not run network cabling.

* Push data logs to a central server. They didn't want to send a tech physically to each lightbulb to get data for e.g. energy usage certifications.

plus other obvious requirements.

All of that made it really easy to just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs (since they already tracked that to discover who their physical neighbors were). Instant employee monitoring.

PIRs are cheap and last basically the lifetime of the hotel. I would need to see some actual data to believe this whole project didn't actually cost more than installing a bunch of PIR lamps.

"All of that made it really easy to just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs (since they already tracked that to discover who their physical neighbors were)."

If it's any consolation to the original engineer it feels like a non-trivial thing to add

Using it for location of employees was the new part.

After that initial success, one of the intermediary contractors came up with the surveillance idea (among others) to try and find reasons for <hotel chain> to roll the system out to more facilities.

For location tracking they specifically called out things like equipment carts, but it was implied that it could track other bluetooth devices.

that's the rule I've always followed.

i have never worked in an office environment where people didn’t routinely unwind for a couple minutes. the way we’re treated in an office setting vs those outside an office is in a lot of ways disturbing. a couple years ago my friends dad lost his job of 25 years because he was caught sneaking around a corner, out of eyesight of his foreman, to eat a candy bar. he had been warned about these “unauthorized” snack breaks in the past.

this idea is entirely foreign to any of us who sit at a computer coding or doing whatever desk job that sometimes we don’t stop to think of how ludicrous some workers are treated—my entire post college career, if i wanted to eat a candy bar, i just ate it.

were a decision to come down in just about any office full of engineers which said “unless authorized, you cannot drink or eat anything. if any unauthorized stoppage of typing occurs, there will be consequences.” people would be justifiably outraged.

but they’d be “catching” “unauthorized” non-typers.

the idea that someone somewhere decided to put trackers on human beings is wild.

did you forget about cellphones?

That everyone has accepted that owning a phone means you can be tracked with accuracy most the time, both digitally and physically, is pretty wild.

Even without intending to, everyone would go from a ticket or two per decade to dozens of tickets on every commute.

"But the law is still the same!?!"

Of course it is, but changing from poorly scalable human-required surveillance to always-on, fully-scaled electronic surveillance, changes it from completely reasonable to massively oppressive.

If everyone's productivity is fine, and people take unauthorized breaks, no one will notice, all is cool. If one or two people are noticeably unproductive, the manager will likely investigate and fix the unauthorized breaks, which is also fine.

But with constant electronic surveillance, it's no longer about meaningful productivity differences, it is about oppression.

A reasonable manager would accept the occasional smoke break, but do something about hour long naps.

Often a manager will not have any say over these things. "The metrics speak for themselves!"

Regardless, I don't think we should design systems with the assumption that the people in charge of them will be compassionate and reasonable. There are a lot of petty, corrupt (in the moral sense, not financial) people out there in positions of power over others.

It would always be entirely unworkable at anything resembling the current fine structure, with fines in the $100s for a single infraction. These are based on the assumption that people are rarely caught.

I could see a surveillance-based system working, something on the lines of a congestion toll. Maybe $0.02/mi/mph over the limit, so going 10mph over the limit for 20 miles would be a $4.00 charge. We'd also have to eliminate the bogus insurance surcharges which falsely equate speeding with unsafe driving (barring neighborhoods & construction zones, they can signify either an unsafe driver or a highly skilled driver).

In France, messing with the people's ability to drive affordably led directly to the Yellow Vest riots.

(I know I’m jumping right to where the slippery slope ends.)

Personally, I prefer less on the books and proper enforcement, but many people like a lot on the books and just as many loopholes.

There’s a good quote that goes something like “the law treats all men equally: the rich man and the poor man are punished the same for stealing bread to feed their family.”

And your best solution to this is building automated lighting systems that omit functionality? That's your grand plan?

Reminds me of people that complain about seats being removed from buses to make more room for passengers because homeless people sleep on them.

When you're trying to solve things via tertiary order effects you should consider if that's the real issue at hand .

Your profile indicates that you've commented on HN on a weekday.

Don't worry - this behavior has already been reported to the authorities.

If both pilots left the cockpit mid-flight in order to chill with the stewardesses, I would be fine with them being barred from working as pilots ever again.

I couldn't care less if a receptionist catches a quick smoking break during a slow hour.

1. Logs of the CDN were sent in real time to the ministry of technology -- there was about a 15 minute delay if I remember correctly, and they could impose fines if they were delayed. The log included the url visited, the IP address of the visitor, and a few other things. Perhaps the user agent? I forget.

2. The ministry of technology had a special API to block URLs on the CDN. Basically, they provided a list of URLs that would return a 451, and of course those logs also went to the government.

No other country had this kind of access at the time, but it was considered critical for the business to continue to operate in China. As I understand it, these are required to comply with chinese government regulations, and other CDNs like Cloudflare and Cloudfront have also built similar capabilities. Perhaps jgrahamc can comment on what cloudflare did?

I feel quite guilty about being involved with that project, but the business was set on building it, so I did what I could to limit the blast radius. I would not be surprised if someone got arrested or was killed because of it.

So, yes, I regret I couldn't do more, but I don't regret the choices I made with the information I had and the position I was in.

You couldn't have stopped someone from building it. But you could have refused to work on it on principle, or even have become a whistleblower.

Yes, doing so might have been infeasible for you, particularly if you couldn't risk a temporary loss of income. But your involvement was, nevertheless, a choice, and it's important to acknowledge that.

edit: If it was exactly 5 years ago, you may recall that, when you were working on this, China was starting to round up Uighurs to send them to concentration camps. Nobody should take working on this sort of thing lightly.

Also what would whistleblowing do? A lot of companies were operating in China and followed similarly privacy-hostile regulation.

Also to bring up Uighurs in this is ridiculous. Logging ips and urls has no direct correlation with being able to round people up in concentration camps. It has nothing to do with what the Uighurs ideologies were, it has something to do with who they are and the cultural differences they had with mainland China.

To try and look down your nose at an engineer who did the best they could with the position they were in with the belief that there was more that could be done is just naive.

Regardless: this whole attitude strikes me as an overly utilitarian outlook. Yes, if someone else handled the development, the consequences might well have been worse. But it is still wrong to participate in an injustice when you have the opportunity not to do so. "I was just following orders" is a pretty weak excuse.

Again, if the commenter had no other options because they couldn't risk the loss of income, that would be a good reason, but it isn't clear that that was the case.

I think it's pretty naive to assume that this project wouldn't have been used against the Uighur population, given how China has used extensive surveillance against them.

You could have found a new job, driving up their costs or delaying them slightly.

Other engineering disciplines have a strong focus on 'engineering ethics' and it may be more acceptable in different branches of engineering to refuse to build something that you consider unethical. I do not know if there are any professional bodies or laws which protect the employment rights of individual engineers who refuse certain work on ethical bases. But I feel that software engineers should be able to exercise their conscience, reference a standard of professional ethical principles, and refuse to work on such projects.

I'm very curious because many Chinese people including me are doing that daily.

(It would make me more sorry. Sorry.)

In that case, isn't it better for user privacy (not that anyone cares about it in China) to receive an ICP recordal but then wait for an actual request from law enforcement to turn over the logs?

Also, while you wouldn't see anyone from Amazon or Cloudflare comment on your thread, both have the ability to stream logs to a destination, and that is also exposed to customers, so I don't think they needed to build anything else.

At the time, Akamai also had the capability to stream logs, but the ministry of technology required a specific, custom interface to receive them, which required engineering work, especially to do it for an entire country without the customers configuring it themselves. I would be extremely surprised if it required no engineering work at Amazon or Cloudflare to deliver the logs in the way they requested.

As if that makes if any better?

One meeting in particular really stands out still, a social media giant that everyone knows was in town meeting the founders to sell additional personalization data. Before that meeting, I thought things the start-up were doing were a bit sketchy, maybe borderline unethical. During the meeting itself, it was more like sitting around a table with Dr. Evil and a few henchmen. They were actively, unambiguously picking vulnerable groups for ad re-targeting. And that's not even the worst of it, the meeting wraps up and one of the founders says "OK guys, let's go get some beers and bring some girls". Then this despicable excuse for a man promptly walked out into the office, points at a few female employees and says "You, you and you, come with us now".

I hope this is a message that gets through to young devs. If someone is hiring you, you'll be making them more money than you cost. When you interview with someone, you're interviewing them too. You get a choice in who you make rich the more we make cruel people wealthy the more power they have to damage our society

This fintech didn't exploit them, but it was very obvious how this data could have been used to exploit them and other addicts.

But the partner corp was just a startup, trying to break into some markets, and now had some of those opportunities encumbered by patents and rightfully viewed our partnership as not in good faith (we didn't tell them about the patent work). The engineers at the partner firm were fairly pissed off at me, since I knew them well on a personal level and my name was on those patents. And naturally Big Corp promptly forgot about that business, never doing anything with the "IP".

I've thought about chucking those patent plaques in a fire, but I keep them in a box as reminder of that little snippet of my career, which I'd otherwise probably block out.

My understanding is their strong patent portfolio was a good part of why they are still around after the massive consolidation of DRAM manufacturers through the 80's and 90's.

The boxes were also sold to Syria and Burma, and were used to facilitate censorship and human right abuses

(I guess Bell Canada, which also sells TV services, lost too many customers over this policy to their unthrottled competitors)

https://www.cbc.ca/news/science/small-isps-fight-ruling-that...

Canadian telecom regulators are gutless.

Though I kinda liked it when my university throttled napster and torrents, because that meant my IRC downloads went very very fast!

The ability for Napster to resume was a much later feature. You had to find someone sharing the exact same filename, and I don't think they made it easy. I can't remember if they eventually allowed multi-source downloading.

Independent Napster servers did continue to operate after the fall of Napster Inc as a service.

https://boards.straightdope.com/t/napster-but-not-all-other-...

I recall using Napigator which provided a browse of official and independent napster servers and then modified your HOSTS file so your client would connect to the independent server instead of Napster Inc servers.

https://www.gwern.net/docs/technology/2018-07-25-johnbackus-...

In a corporate setting, mitm'ing TLS and blocking sites by category is routine practice (better ways to stop bad stuff but expensive firewals are a waste when most traffic is TLS).

I don't know about this. The difference with knives is that they are an old technology, basically they have always existed. If you are responsible for creating a new technology, especially one that is not certain to exist without your involvement, the calculus is different.

No such guarantee exists for technology of this sophistication.

There are dozens of academic and GNOs that track democracy, e.g., [0]. Just select a reasonable cutoff of some level of democracy, and don't sell to anyplace below that.

That does require management and sales to have ethics. Some do.

[0] https://www.democracymatrix.com/ranking

Yes, I have a fairly good idea of how my country operates, including the understanding that fighting espionage, transnational criminal gangs, terrorism, and war get very dirty, and on all sides, including ours.

I also know at least the democracies have oversight & constraints in place that creates real constraints and corrects and punishes overreach. The fact that you and I know of some of the bad events is BECAUSE of that oversight and constraints.

I also know that the choices are to either lay down our arms and yield to the autocracies, or to continue fighting to remain a self-determining people.

You only need to look to Chechnya, Syria, Georgia, Ukraine, or many other places to see the consequences of either yielding or losing that fight.

Yes, we have some abuses like Abu Grabe and soldiers & leaders were held responsible & punished. Yes, there are times where surveillance overreaches.

What we do not have (yet) is literally political parties literally using the security apparatus to blow up multiple civilian apartment blocks as a false flag to influence the election; it's how Putin came to power in Russia. We do not have a wholesale co-opting of technology and industry, complete with mobile execution vans to ensure compliance, as does the CCP.

If you cannot tell the difference, I suggest that you learn some history, or just feel free to relocate to one of those other countries.

I also wish that none of the defense or espionage apparatus was necessary. But as long as there are local bullies or expansionist authoritarians, then staying better armed and prepared will be necessary.

Sometimes, the moral calculus is done only retrospectively and that’s when it really becomes problematic.

Deep packet inspection is a terrible practice in my opinion. It adds more security vulnerabilities than it typically helps avoid. I’ve seen one implementation use client software to extract keys from a machine to send to a centralized server. How some companies don’t see how this model can be easily exploited is beyond me. Me and a VP friend of an organization have had long debates about this topic and he insists it makes more sense for him because the employees have been more competent at the companies I’ve worked at than the company he managed (which could be true since his company had high turnover leading to many engineers being hired out of need rather than evaluated merit).

Selling deep packet inspection technology to the government of Syria is different as there is ample reason to believe that government would use it for human rights abuse.

Critically (compared to cash) it allows remote transactions. Cash requires presence which limits the customer base geographically, and carries enormous personal risk. (you're already transacting with a criminal, do you want to be alone with him as well?)

The killer app for crypto is illegal activities. (which may in some cases be moral, but nevertheless are illegal.)

As a side note, the volatility in the crypto value, caused mostly my legal speculators being exploited by scammers, hurts the utility of crypto in all contexts, including illegal ones.

Those people found another way to get paid.

Although I couldn't ever blame you for shutting it down. I'd probably do the same and try to forget about it for many years.

It turns out that the project was more of a demonstration of our ability to get dynamic languages to run efficiently on the CLR. To that end, I think we were successful. But once we achieved that there was not much of a path forward so the project was eventually shuttered.

We couldn't have made it user customizable without something like IronRuby, thank you so much for implementing it!

Maybe it didn't accomplish your original goal, but props for what you did accomplish. Quite impressive.

I remember a conversation ages ago about how you couldn't really get a (common?) lisp running properly, irrc due to limitations in the way CLR modeled classes amongst other things, but FFI came up there too.

AFAIK, that's what JRuby does but Java had (has?) a bigger community and is more platform independent. Microsoft was a different company back then and wasn't supported on Linux. Betting on IronRuby/IronPython meant you had to use Windows as your platform.

It's a good thing that DLR is still there, though. While undeniably niche, sometimes it makes things so much easier. For example, I've used it to support dynamic reloading of C# code in a game, for rapid prototyping of mods.

As a former Microsoftie myself, it saddens me that the company seems to have forgotten this.

And the answer really depends on what you mean by "run on". .NET already supports two-way COM interop, and it does work with DLR to handle stuff like IDispatch. But the COM code in that scenario is still native (or, in case of VBScript, intepreted by its Active Scripting provider).

Implementing VBScript, or even VB6, as a language running entirely on top of .NET, is certainly possible, although it would be somewhat awkward because the object model in VB pre-.NET was specifically designed around COM. You can port the templating engine, as well. But the real hurdle is not the language - it's all the APIs. ASP itself was pretty basic, but most web apps would also need to talk to the database - so now you need ADO. And then there are all the third-party components, most of which were proprietary binary blobs compiled for 32-bit Windows.

And, well, why? There are many better languages running on top of .NET these days, starting with VB.NET.

ES3 is nice, and short of prayer or sacrifice one was able to import Crockford's JSON library and Ramda. Server-side Node.js without npm (for better or worse).

With Babel, the idea was to use ES6 constructs and transpile it down to something IIS could run. Or Ruby, or anything else, and VBScript becomes kind of like the "machine language" description of the program.

VBScript is less painful with aspunit [1] and plenty of comisseration/resources with drian bamaged [2], aXe, and even [3].

It was amazing how much could get done with Microsoft SQL Server, a loop, and Response.Write(). Enough to build a company and to get acquired, even. Could have been a right place/right time thing for the owner.

  [1] https://github.com/rpeterclark/aspunit
  [2] blogsite
  [3] the person with the classic ASP book

That reminds me: it actually happened. An existing VBScript parser was used with a custom C# transpiler to generate the port to .NET, in order to realize performance and maintenance benefits.

With so much functionality stored in stored procs, VBScript was essentially just looping records and writing things out to tables. But there was lots of business logic there too.

It felt like I had a purpose liberating "old database" logic into application code--the sky castles of Brooks, as it were--where it could be changed "more easily."

Given the app was ported to C#, I suppose the stored procs would be the last to go.

Recently, I learned Cloudflare had started with lots of the domain living in the db. So it is not an unfamiliar technique, but a pleasant surprise to hear of it (for me).

For some reason, to me VBScript feels like I can whip up something really quickly, and VB.NET is "all the power of the CLR, with a bit of sugar to help transition to .NET."

VB.NET does feel a bit weird. Maybe some compromises to transition folks to .NET, and from there to C#.

You wrote me a house.

It's the worst software in my PC by far. The only reason it is used by my company is because it's free with Office 365. Even ICQ was a better chat client in 2002.

I wonder if the Teams guys feel guilty about all the unnecessarily burned CPU time. Every time I'm compiling code my Teams experience degrades to a point where I wonder if I'm using a 133 MHz PC again and forgot to press the Turbo button.

Have also been experiencing this, call finishes so I press play to turn music back on, hear teams dialling tone. Annoyingly triggering

It feels surreal to come across someone who was responsible for something I hated so much back then. But now I’m just fascinated for some reason. I’d buy you a drink if I could :p

Except on mobile, which is what everybody preferred for obvious reasons.

I'm coming up on 3 years now with very minimal progress on returning media to users and getting the site fully operational.

There are a lot of places where in hindsight I could have made better decisions. At every point the best course seemed to stand out, only to sour with unexpected obstacles.

At first I thought I could stay in the warehouse, but then the returns became too much to complete before I had to vacate. COVID struck, and delayed the container move. Then I couldn't use my warehouse, and couldn't unload the containers. This is delayed efforts to return media and restore files that would have been easy to replace if I could unload the containers. Meanwhile Murphy customers have been 3 years without their discs or access to their media. I feel terrible about it. Some have died without getting their media.

I'm still fighting to do the right thing. I've filed a lawsuit against the city for refusing to issue permits, and I'm constantly looking for solutions, but I feel like I've failed a lot of people.

I think there were always some nay-sayers around in replies, but I appreciated what you were trying to do and despite the negative outcome am glad you at least gave it a shot.

Thanks for sharing your story on hn, I feel like I got to learn a lot vicariously.

There is a fantastic Australian film called “The Castle” (that you won’t regret watching!), but there’s a line from it where the main character is facing failure (and about to lose his entire neighbourhood)

“I don’t know what the opposite of letting someone down is. But you’ve done the opposite.” T Thanks for fighting to do the right thing. The world needs more people like you.

The whole product was positioned for process optimisation but I know for a fact that it was used to monitor and eventually reduce headcount at multiple customers. I still feel gross just thinking about it but the company is supposedly making good money off of it given that they just announced a new version.

I got deep into gathering all the data and ML analysis, to the point I started brushing with digital forensics. I got spooked and abandoned it when I've realized I can never release such tool without it being abused for surveillance ;(

I had a friend Josh who worked at Los Alamos National Labs, who wrote a script that automatically filled out his timesheet with plausible looking working hours and tasks, an emailed it in at the right time every month.

One month his boss was chatting with his assistant about how happy he was with how promptly and efficiently Josh always sent in his time sheets, saying what a good worker he was, and that he just received his timesheet on time that day.

The assistant explained to the boss that Josh was actually away on vacation that week.

So when Josh finally got back from vacation, his boss summoned him into his office for an awkward sit down talk.

And insisted that Josh set him up with the same system to automatically fill out and send in his time sheet, too!

You can optimise for many other things such as on-time delivery in production processes or duplicate/late/early payments of invoices just to name some straightforward examples. In the former case you're optimising the process with the goal of increasing customer satisfaction and in the latter you're optimising many things such as cash flow and working-capital while balancing early payment discounts and late payment penalties.

The first changes I made to the poc was making the ability to identify which employees did what and when so hard that if they asked us to do it, it would either not be possible or cost so much that it wouldn’t be feasible.

My company built the smart helmet used to track Qatar’s army of abused workers. The claim is GPS and accelerometer where used to track if a worker stopped moving or fell due to an accident; the geo fencing was supposedly for tracking if they had enough workers in an area for the job.

The reality is the helmets where/are used as mass surveillance tech to ensure workers are continuously active and never leave their assigned areas for petty things like going to the bathroom or finding shade to prevent heat stroke.

If this is real you should get in touch with investigative journalists, e.g. ProPublica.

("Get in touch with investigative journalists" probably applies to a bunch of the people posting in this thread.)

If the company that makes the helmet is based in a country with good government, maybe a reasonable regulation would be to score workers on productivity, but place limitations on the scoring somehow. E.g. the helmet stops showing the worker's location when they've spent too much time in the heat. Or the helmet estimates the fraction of the workday that the worker spent offsite, but all workers who spend 20% or less of their time offsite are given a score of 20%, so the employer can't force the worker to spend more than 80% of their time onsite. I don't think productivity scoring has to be dystopian in principle; generally speaking it seems reasonable to pay people according to how productive they are.

You could also argue for regulating the helmet out of existence, but I assume in that case it would just be built somewhere else with lax regulations. So the trick is to put in regulation that creates a humane experience for workers, but not so much that Qatar is incentivized to contract the development of a new, more draconian helmet in a different locale. I don't think this should be too hard, because creating a humane experience for workers should also help productivity to a degree.

There's also a security dimension here -- you don't want abusive employers to be able to circumvent these limitations. So you could make it so the helmet only runs code which has been signed with the company's private key, or have a lot of the functionality server-side.