Unlurker|Replay|About
fuckborderradius.com (fuckborderradius.com)
I mean, the very bible of all things usability has redesigned its website and they put rounded corners almost everywhere. https://www.nngroup.com/
Everything in the real world is rounded to some degree. If anything, it's more weird to feel that boxes on the screen should not be.
Open devtools and add `html * { border-radius: 6px; }` to make this site look lovely.
Border radius has been one of the best things to happen to CSS. If you've done web development during the Internet Explorer 6 era, you'd know what I mean.
<table><tr><td><img src="top-left-corner.gif" ....
Was that the 3x3 table method, or was that for earlier browsers?
I know it's overused and for example in MacOS introduces way too much white space, but people like rounded shapes. They make people more comfortable and make them think the content is simpler than when they get hard angles. It's been tested in so many research papers and the basically all agree - people like bouba more than kiki, whatever the context is.
If we’re going to fuck something, it should be something more consequential like JIRA. https://ifuckinghatejira.com/
I wonder whether they want to fuck the Fernández–Guasti squircle, Lamé's special quartic, or both, and whether their desires extend to higher-dimensional sphubes. Possibly their squigonometry just can't handle such curves, and they can't control themself! Is there a Bresenham-style algorithm similar to the midpoint algorithm for roundrects that can produce other kinds of squircles?
My contribution to the genre: negative border radius Let's make the (digital) world sharper https://x.com/TheOisinMoran/status/1846417247075459235
Apparently made by Twitter handle @getifyX: https://x.com/getifyX/status/1935001870658851288
Non walled: https://xcancel.com/getifyX/status/1935001870658851288
My gripe with border-radius is that it makes everything look the same. I'd really like more corner types. Back in the tables and sliced images days, we'd have all manner of neat angular borders, and tons of variety. Now it's all squircles everywhere.
You can use negative border radius to get some interesting shapes
Checkout.com hacked, refuses ransom payment, donates to security labs (checkout.com)
"The system was used for internal operational documents and merchant onboarding materials at that time" To me it seems most likely that this is data collected during the KYC process during onboarding, meaning company documents, director passport or ID card scans, those kind of things. So the risk here for at least a few more years until all identity documents have expired is identity theft possibilities (e.g. fraudsters registering their company with another PSP using the stolen documents and then processing fraudulent payments until they get shut down, or signing up for bank accounts using their info and tax id).
Passport or ID card scans would never be be stored alongside general KYB information, e.g. the standard forms PSPs use. If you read between the lines of the verbiage here, it looks like a general archived dropbox of stuff like PDF documents which the onboarding team used. Since GDPR etc, items like passports, driving license data etc, has been kept in far more secure areas that low-level staff (e.g. people doing merchant onboarding) won't have easy access to. I could be wrong but I would be fairly surprised if JPGs of passports were kept alongside docx files of merchant onboarding questionnaires.
So, I used to work in the fintech world and it looks to me like what was hacked was merchant KYB documents. I.e. when a merchant signs up for a PSP they have to provide various documentation about the business so the PSP can underwrite the risk of taking on this business. I.e. some PSPs won't deal with porn companies or travel companies or companies from certain regions etc. This sort of data is generally treated very differently to the actual PANs and payment information (which are highly encrypted using HSMs). So it's obviously shitty to get hacked, but if it was just KYB (or KYC) type information, it's not harming any individuals. A lot of KYB information is public (depending on country). Fair play on them for being open about this.
It's not just business data though - usually it will include ultimate beneficial owner and directors' passports, tax ID, etc. So there is a risk of identity theft there of potentially some very wealthy individuals.
> The attackers gained access to a legacy, third-party cloud file storage system. I think the answer is ok but the "third-party" bit reads like trying to deflect part of the blame on the cloud storage provider.
The whole codebase & tools at whatever company I ever worked at was using 99% legacy stuff. Its wild... Often times it would have been easier to rebuild the whole project over trying to upgrade 5-6 year old dependencies. Ultimately the companies do not care about these kinda incidents. They say sorry, everyone laughs at them for a week and then after its business as usual, with that one thing fixed and still rolling legacy stuff for everything else.
> Often times it would have been easier to rebuild the whole project Sure buddy, sure
> as good as a response you can have to an incident like this. From customer perspective “in an effort to reduce the likelihood of this data becoming widely available, we’ve paid the ransom” is probably better, even if some people will not like it. Also to really be transparent it’d be good to post a detailed postmortem along with audit results detailing other problems they (most likely) discovered.
Ah yes let's fund literal criminal groups so they have an incentive to keep hacking people
Completely useless take in the real world where these payments are common, it makes no difference whatsoever if an individual or even vast majority of victims stop paying. Ransomware will remain incredibly lucrative until payments are outlawed.
If this is actually frequently happening, your claim should be pretty easy to prove. Most stolen databases are sold fairly publicly. The ransom payments tend to be so big anyway that selling the data and associated reputational damage is most likely not worth the hassle. Basic game theory shows that the best course of action for any ransomware group with multiple victims is to act honestly. You can never be sure, but the incentives are there and they’re pretty obvious. The big groups are making in the neighbourhood of $billions, earning extra millions by sabotaging their main source of revenue seems ridiculous.
> reputational damage Whoa. You're a crime organization. The data may as well "leak" the same way it leaked out of your victim's "reputable" system.
We’re talking about criminal organisations that depend on a certain level of trust to make any money at all. Yes, the data might still leak. It’s absurd to suggest that it’s not less likely to leak if you pay. There’s a reason why businesses very frequently arrive at the conclusion that it’s better to pay, and it’s not because they’re stupid or malicious. They actually have money on the line too, unlike almost everyone who would criticise them for paying.
> The donation is more or less virtue signalling rather than actual insight. I see it more as a middle finger to the perps: “look, we can afford to pay, here, see us pay that amount elsewhere, but you aren't getting it”. It isn't signalling virtue as much as it is signalling “fuck you and your ransom demands” in the hope that this will mark them as not an easy target for that sort of thing in future.
It also serves as a proxy for a punishment. They are, from one perspective, paying a voluntary fine based on their own assessment of their security failings. For customers it signals sincerity and may help dampen outrage in their follow up dealings.
There is not much to research. If companies want security, they should pay for security.
Security is an arms race. Don't expect a leap; do your part to stay ahead.
I'll never not think of that South Park scene where they mocked BP's "We're so sorry" statement whenever I see one of those. I don't care if you're sorry or if you realize how much you betrayed your customers. Tell me how you investigated the root causes of the incident and how the results will prevent this scenario from ever happening again. Like, how many other deprecated third party systems were identified handling a significant portion of your customer data after this hack? Who declined to allocate the necessary budget to keep systems updated? That's the only way I will even consider giving some trust back. If you really want to apologise, start handing out cash or whatever to the people you betrayed. But mere words like these are absolutely meaningless in today's world. People are right to dismiss them.
No trolling on my side, I think having people who think just like you is a triumph for humanity. As we approach times far darker and manipulation takes smarter shapes, a cynical mind is worth many trophies.
There are millions of companies even century or decade old ones without a hacking incident with data extraction. The whole everyone gets hacked is copium for a lack of security standards or here the lack of deprecation and having unmantained systems online with legacy data.
>There are millions of companies even century or decade old ones without a hacking incident with data extraction. Name five.
To me this looks like getting hacked, donating to some public non-profit, deduct it via taxes (essentially spending nothing) and spin it online as a positive.
That’s not how tax deductions work because a tax deduction doesn’t give you the full amount of your donation back it only reduces your taxable income, not your tax bill dollar-for-dollar. Example: You earn $100,000. You donate $10,000 to a qualifying charity. You can now deduct that $10,000, i.e. you’ll be taxed as if you earned $90,000, not $100,000. If your marginal tax rate is 30%, you’ll save 30% of $10,000 = $3,000 in taxes. So you’re still out $7,000 in real money.
↙ time adjusted for second-chance
Transpiler, a Meaningless Word (2023) (people.csail.mit.edu)
Today's meaningless word: Cloud
I think the note about generators may be a good definition for when one language is "more powerful" than another; at least it's a good heuristic: > The input and output languages have the syntax of JavaScript but the fact that compiling one feature [generators] requires a whole program transformation gives away the fact that these are not the same language. If we’re to get beyond the vagaries of syntax and actually talk about what the expressive power of languages is, we need to talk about semantics. If a given program change is local in language X but global in language Y, that is a way in which language X has more expressive power. This is kind of fuzzy because you can virtually always avoid this by implementing an interpreter, or its moral equivalent, for language X in language Y, and writing your system in that DSL (embedded or otherwise), rather than directly in language Y. Then, that anything that would be a local change in language X is still a local change. But this sort of requires knowing ahead of time that you're going to want to make that kind of change. Sadly https://people.csail.mit.edu/files/pubs/stopify-pldi18.pdf is 403. But possibly https://people.csail.mit.edu/rachit/files/pubs/stopify-pldi18.pdf is the right link.
I think the distinction is meaningful - for example many compilers used to have C backends (GCC for example did) - so you code went through almost the entire compiler pipeline - from frontend to IR to backend where the backend did almost everything a compiler does, it only skipped target machine specific stuff like register allocation (possibly even that was done), arch specific optimizations and assembly generation. A transpiler to me focuses on having to change or understand the code as little as possible - perhaps it can operate on the syntax level without having to understand scopes, variable types, the workings of the language. It does AST->AST transforms (or something even less sophisticated, like string manipulation). In my mind, you could have a C++ to C transpiler (which removes C++ constructs and turns them into C ones, although C++ is impossible to compile without a rich understanding of the code), and you could have a C++ to C compiler, which would be a fully featured compiler, architected in the way I described in the start of the post, and these would be two entirely different pieces of software. So I'd say the term is meaningful, even if not strictly well defined.
Language interoperability is a material question. Outputting Javascript, Python, C++ vs assembler/machine code have very different implications for calls to/from other languages Is JIT also meaningless? But ultimately if you don’t want to use a word, don’t use it. Not wanting to hear a word says more about the listener than the speaker
Whenever someone argues the uselessness or redundancy of a particular word, a helpful framework to understand their perspective is "Lumpers vs Splitters" : https://en.wikipedia.org/wiki/Lumpers_and_splitters An extreme caricature example of a "lumper" would just use the word "computer" to label all Turing Complete devices with logic gates. In that mindset, having a bunch of different words like "mainframe" , "pc" , "smartphone" , "game console" , "FPGA" , etc are all redundant because they're all "computers" which makes the various other words pointless. On the other hand, the Splitters focus on the differences and I previously commented why "transpiler" keeps being used even though it's "redundant" for the Lumpers : https://news.ycombinator.com/item?id=28602355 We're all Lumpers vs Splitters to different degrees for different topics. A casual music listener who thinks of orchestral music as background sounds for the elevator would be "lump" both Mozart and Bach together as "classical music" . But an enthusiast would get irritated and argue "Bach is not classical music, it's Baroque music. Mozart is classical music." The latest example of this I saw was someone complaining about the word "embedding" used in LLMs. They were asking ... if an embedding is a vector, why didn't they just re-use the word "vector" ?!? Why is there an extra different word?!? Lumpers-vs-splitters.
That's very interesting! Splitters make more sense to me since different things should be categorized differently. However, I believe a major problem in modern computing is when the splitter becomes an "abstraction-splitter." For example, take the mouse. The mouse is used to control the mouse cursor, and that's very easy to understand. But we also have other devices that can control the mouse cursor, such as the stylus and touchscreen devices. A lumper would just say that all these types of devices are "mouses" since they behave the same way mouses do, while a splitter would come up with some stupid term like "pointing devices" and then further split it into "precise pointing devices" and "coarse pointing devices" ensuring that nobody has absolutely no idea what they are talking about. As modern hardware and software keeps getting built on piles and piles of abstractions, I feel this problem keeps getting worse.
> An extreme caricature example of a "lumper" would just use the word "computer" to label all Turing Complete devices with logic gates. I don't think that's a caricature at all; I've often seen people argue that it should include things like Vannevar Bush's differential analyzer, basically because historically it did, even though such devices are neither Turing-complete nor contain logic gates.
'computer' is an ambiguous word. In a mathematical sense a computational process is just any which can be described as a function from the naturals to naturals. Ie., any discrete function. This includes a vast array of processes. A programmable computer is a physical device which has input states which can be deterministicaly set, and reliably produce output states. A digital computer is one whose state transition is discrete. An analogue computer has continuous state transition -- but still, necessarily, discrete states (by def of computer). An electronic digital programmable computer is an electric computer whose voltage transitions count as states discretely (ie., 0/1 V cutoffs, etc.); its programmable because we can set those states causally and deterministically; and its output state arises causally and deterministically from its input state. In any given context these 'hidden adjectives' will be inlined. The 'inlining' of these adjectives causes an apparent gatekeepery Lumpy/Splitter debate -- but it isnt a real one. Its just ignorance about the objective structure of the domain, and so a mistaken understanding about what adjectives/properties are being inlined.
Most functions from the naturals to naturals are uncomputable, which I would think calls into question your first definition. It's unfortunate that "computer" is the word we ended up with for these things.
Ah well, that's true -- so we can be more specific: discrete, discrete computable, and so on. But to the overall point, this kind of reply is exactly why I don't think this is a case of L vs. S -- your reply just forces a concession to my definition, because I am just wrong about the property I was purporting to capture. With all the right joint-carving properties to hand, there is a very clear matrix and hierarchy of definitions: abstract mathematical hierarchy vs., physical hierarchy With the physical serving as implementations of partial elements of the mathematical.
Word definitions are arbitrary social constructs, so they can't really be correct or incorrect, just popular or unpopular. Your suggested definitions do not reflect current popular usage of the word "computer" anywhere I'm familiar with, which is roughly "Turing-complete digital device that isn't a cellphone, tablet, or pocket calculator". This is a definition with major ontological problems, including things such as automotive engine control units, UNIVAC 1, the Cray-1, and my laptop, which have nothing in common that they don't also share with my cellphone. Nevertheless, that seems to be the common usage.
Meta replaces WhatsApp for Windows with web wrapper that uses 1 GB RAM when idle (windowslatest.com)
The problem is Whatsapp is now being used more and more in a professional context, even in Europe, and it's just not a pro software by any means. Searching for old messages is a pain, the web version is slow, there is now optimized overview or folders, etc... And now it seems that there is not even a benefit to installing the native vbersion, they will probably do the same for Mac also now.
But the web app is genuinely unusable. Often times takes 2+ minutes to properly load. This issue seems to be quite random though, not everyone has it.
I force reloaded it now and it took only a few seconds. It's on CPU from 2014 on a 4G connection. However we are only two data points. Meta probably has a good knowledge of the distribution of the load times. If your spikes in load time are random it could be the connection, the amount of free RAM on your computer in that very moment, or maybe how well it is syncing with your phone. However I don't know how it handles that. It used to require an online phone but it seems that it can do without it now.
As the person who designed and fought for this app, I am a bit sad about the change. The native app was by no means perfect, but it felt like a real productivity tool that was trying to be respectful of it's environment. I've come to the conclusion that native desktop apps are just not viable from large companies, even if there is headcount. The problem is coordination cost. If you want to launch new features and experiments here, there and everywhere, then the coordination complexity increases nonlinearly with the number of platforms. If you can sustain a more deliberate, low churn pace of development then it's workable. Features can be well defined and then implemented by the platform team as they see fit. But if you want a more fast-paced, "just in time" style of development, you need to coordinate with every team for every change... wouldn't it be nice to just write web code and be done? Even Microsoft are building this way these days. This is why ironically small companies seem more able to support native apps than large ones. The more "stuff" that's being worked on concurrently, the harder it is to support multiple platforms.
This is ridiculous. The real explanation is a level of uncaring incompetence that can only be sustained in large organizations.
> The problem is coordination cost. If you want to launch new features and experiments here, there and everywhere, then the coordination complexity increases nonlinearly with the number of platforms. Why not use a common library, where platform teams can update what features they use from it at their own pace? Or why not use some other tech that allows multi-platform native shipping? The company I just started at, RemObjects, builds software for Mac and Windows (and iOS etc) from a common codebase. They just keep the UI separate, and all that is done when there's a new feature is _only_ UI layer coordination. So an app has a C# (say) or Go codebase, and a UI layer in WPF and Cocoa. I feel like coordination cost goes way down with both of these: a) Library approach: central functionality, platform teams not tied to specifics b) Shared codebase where all logic lives: platform teams do only UI Edit: forgot to add, all this is can be across languages, ie maybe you have a Go shared library and write your Cocoa UI layer in C#, that's fine, their tech makes it all interop.
Separating the UI from the functionality is not as easy as it sounds. Often the first iteration of a program has the business logic tightly coupled to the UI, and is designed for a single platform. You need engineers with foresight to refactor before it becomes a mess Also even the non UI is not trivial. I once worked on a very la4ge code base that was console only. We en we eventually gave up on our Windows and Mac ports. Granted it was C++ …
"only" is doing a lot of work here
If you can deploy your wxwidgets app as a networked app in the browser too, then sure.
That's not what the issue here is. The issue is not that a native Windows app needs to run in a browser. The issue is that a native Windows app has been replaced by yet another browser.
> Microsoft provided APIs are a disaster that keeps getting rewritten every half decade What a wrong and misleading statement. Not they aren't. Otherwise Winamp 2.95 from 2003 wouldn't flawlessly work on my Windows 11 install 23 years later. Same with my Unreal Tournament 99 installation that I just copied over via a CD left from my Windows 98 PC. As long as you haven't used any undocumented APIs or made your app hack its way into the OS via hooks like some games did back then for performance optimizations or some anti-piracy SW did, then most Windows apps from over 20+ years ago will still work today and it's also why WINE works so well to get Windows app working on Linux, is precisely because Microsoft HASN'T changed the APIs.
While the old APIs keep working, Microsoft does like to come up with completely new APIs every five years or so. If you want to do basic UI on Windows today, you can use: - Win32 UI - MFC - .NET WinForms - WinFX - .NET WPF - WinRT - UWP And I'm sure there are many others that I'm forgetting.
Adding new APIs does not hinder your ability to use the old APIs you're familiar with.
It's not wrong nor misleading at all. Win32 doesn't even support dark mode properly because it's effectively "deprecated" like all the others in the graveyard. Who cares if they keep working if the only way to get dark mode is to custom render the whole UI yourself? Might as well do something non-native at that point. Microsoft does not provide a serious UI library for applications to use. It provides 10 half broken and deprecated ones.
>It's not wrong nor misleading at all. Yeah it is. >Who cares if they keep working A lot of people.
> The Microsoft provided APIs are a disaster that keeps getting rewritten every half decade, and even Microsoft barely uses them. What are you talking about? The Windows APIs have been stable for at least 20 years.
Stable is the wrong way to view it. Frozen is the right way to view it. You have a graveyard of frozen APIs you can use, with new features only available on the later ones.
They are talking about UI. Winforms (abandoned), WPF (abandoned), UWP (abandoned), MAUI. Windows itself was always using their own custom stuff and not any of those. The closest thing to an established framework in Windows is react native that is sprinkled here and there. And QT that OneDrive uses
you can still use all of them to write windows apps, even though they might not receive the latest & greatest shiny features
Every time I use it, it has some huge box over a third of the page saying I must "verify sessions". It's incredibly slow to propagate messages. Initial set up is very confusing and offers far too many choices. I've never worked out how to find rooms. Regularly someone will give me a room name and I can't find it or join it. Their entire service went down (did someone say "decentralised"?) a few months ago.
> Every time I use it, it has some huge box over a third of the page saying I must "verify sessions". do you use element web on the phone? > It's incredibly slow to propagate messages. was > Initial set up is very confusing and offers far too many choices. thing of the past, currently there are two choices, in the future there will be only one > I've never worked out how to find rooms. Regularly someone will give me a room name and I can't find it or join it. let someone invite you to the room or share a link > Their entire service went down (did someone say "decentralised"?) a few months ago. afaik only matrix.org went down
 Top