If you're familiar with SHA-256 and this is your first encounter with SHA-3:
The main differences between the older SHA-256 of the SHA-2 family of FIPS 180, and the newer SHA3-256 of the SHA-3 family of FIPS 202, are:
* Resistance to length extension attacks.
* Performance. The SHA-2 functions—particularly SHA-512, SHA-512/224, and SHA-512/256—generally have higher performance than the SHA-3 functions. Partly this was out of paranoia and political reasons in the SHA-3 design process.
You're planning on prospecting into one of the most rejection-heavy domains out there with small physical business. These people get dozens of calls per day from companies they've never heard of - many of whom are trying to rip them off - and even the best ones (Groupon, Yelp, google ads, etc.) are basically just rent-seeking. Oh, and most have gatekeepers who don't care the slightest bit about your pitch.
Because of that I'd stay away from all this "smile and dial" advice. You'll have no chance. Go out there and hit the pavement and meet these people at their establishments at off hours. If you catch the owner in there at a good time - do your best to inform them of your products benefits and come up with a really good offer to get started (something that loses you money and time). Free Trial, free month of services, whatever makes sense based on the context of your business. The goal is NOT to make money or build a book of business at this point - it's to get a person happy with your software to sell to later.
If the owner is too busy or whatever - have some stuff printed out for them to read later that you can drop off. Ideally with a small gift (coffee, food, candy, etc.) and come back in a few weeks to see if you catch them at a better time (again with a gift, until they talk).
A solid entry level book would be Fanatical Prospecting by Jeb Blount.
IT Audit/Governance manager here. This is still a very common preventative/detective control in many businesses even outside of Financial Services, so much so that it is taught as part of many IT governance certifications such as the ISC2 CISSP and ISACA CISA.
Although the provenance of the control is to deter and detect fraud, it also helps to highlight key-person dependencies (where a process cannot run without a specific individual present). On the flip-side, humans are very innovative creatures and you can use this control to identify where someone has found a way to bypass parts of the process (the process time suddenly increases a lot when someone in the team is on their mandatory-vaykay, or the quality suddently drops).
I also see it used in smaller companies by bosses who want to simulate the effects of a person quitting, and how confident the rest of the team are to take over the running of a task.
I’m going to pay forward a book rec found via a Hacker News comment: Never Split the Difference by Chris Voss.
It’s mostly tactics on how to negotiate well, and one piece of advice I’ve adopted is to start my questions with “what” or “how”, not “why”.
“Why” comes across as interrogative; forcing “what” or “how” creates enough time to reassess the actual uncertainty and rephrase as a curiosity question, not an implicit accusation of wrongheadedness.
“Why did you choose this algorithm” becomes “how did you choose this algorithm?” or “what factors did you consider when choosing this algorithm?”
It can be manipulative when done in isolation. My other main takeaway from the book was to have a genuine interest and concern for the other person’s needs, even when you disagree.
Between the trick and the mindset, I’ve found it’s served me well.
Perhaps you are being downmodded for the off-the-cuff sounding statistic? But, your general point stands. Control of messaging is extremely powerful. One could argue that Casey achieved success decades ago E.g., the majority of Americans believed ?still do? that Iraq had something to do with 9/11 and that the US war in Iraq wasn't just an opportunistic war of aggression to serve American oligarchs. And, the majority of those misled Americans are not horrible people.
"We'll know our disinformation program is complete when everything the American public believes is false."
- William Casey, CIA Director 1981
I think the media issue can be resolved by media that is not affiliated with corporations, rich benefactors or government. E.g., MI5 used to vet BBC employees to ensure no one on the left would have any editorial influence (MI5 had veto power over hires). And, the CIA had/has journalists on their payroll at major US publications to ensure "proper" messaging. Advertisers can strongly influence what is reported e.g., an oil company threatens to cancel ad campaign if media outlet reports on their suppression of climate research. A single rich man can set the direction of a media organization-- including having their organizations spread known falsehoods in support of their personal ideologies e.g., Murdoch or Hearst.
A model that mostly[1] works is that of listener support (not the PBS model with government and corporate funding and also begging listeners for money, but rather the Pacifica model which accepts no funds from anyone but listeners.
Pacifica has a few programs that are usually quite good, like "Letters and Politics" (also available as podcasts linked from kpfa.org). They do have their share of dreck, though. And, being a bunch of lefties (the network was founded by pacifists who met while in US prison for protesting a war) they are equally critical of lefties like themselves, the mainly center-right to right "liberals"/Democrats and the far-right to extreme far-right Republicans (left right spectrum here is based on where the policies, of these groups, fit within the spectrum of world politics).
[1]Pacifica's New York station self destructed after the board was taken over by a group of listeners into all manner of woo, so Pacifica's model still has some issues.
> In fact, the 10x engineer is probably only being paid a touch more for doing a lot more work and having a lot worse work-life balance.
Sometimes, sure.
But often (especially later in a career) overperforming people operate a bit more like senior partners. They have jr staff / understudies to handle crank turning. They can give direction and set things on a solid path without necessarily putting in a ton of hours.
In a healthy org, this is the "architect" role. Or sometimes the "solver," or some combination thereof. I'm sure you're familiar with the adage about the guy who charges $10k to mark the problem, $1 for the time and $9,999 for knowing where to make the mark.
I use AutoEQ (https://github.com/jaakkopasanen/AutoEq) for my headphones. It works by "parsing frequency response measurements and producing equalization settings which correct the headphone to a neutral sound". They also have a huge database of already measured and equalized data, which is what I use.
I'd recommend Circling. It's a practice where people talk together about what they can notice about the present moment for a set time. It has had a huge impact for me on my ability to understand and feel my own emotions and others' emotions, and how to communicate more skillfully, both professionally and privately.
The practice gives you lots of experiences of skilled facilitators' use of language, as well as direct feedback on how your communication is received.
There's Circling Anywhere based in Texas or Circling Europe based in Amsterdam. Both offer online stuff as well as in person stuff. There are also lots of local facilitators all over the world.
I'm building a PDF generation service (DocSpring), so it's probably time to look into using AI to detect fields on uploaded PDFs so that it's easy to create PDF templates. That's been in my backlog for years. It was probably easy to build this many years ago, but maybe it's even easier now with the latest AI libraries and services.
I should really start to get familiar with AI and learn how to use things like PyTorch. I'm a bit nervous though, because it feels very different to all the programming that I've been doing for over a decade. I'm using to building CRUD web apps and mobile apps, writing SQL queries, setting up servers on AWS, etc. I'm not very good at math and I don't really understand how neural networks work or which kind of algorithm I should choose, so it feels like learning a whole set of new skills from scratch. But I can probably figure out how to use some off-the-shelf libraries and frameworks and string something together. Maybe this will be my next weekend project.
Totally agree. Defense in depth, security in layers. You're not protecting against just the most elite hackers, you're protecting against mistakes. Mistakes and change are inevitable, they should be in the design.
Did something similar as an experiment a few years ago, except I used photos and name strings as fuzzy identifiers across social media profiles.
We also scraped individual reactions from social media apps to get a _very_ detailed profile on what they engaged with (like using the "Angry" reaction emoji when Trump said something stupid vs using the "Angry" reaction emoji when someone AOC said something stupid).
Never released it in the wild for obvious ethnical reasons, but was an interesting technical challenge. Also led to super interesting insights – like learning that videos and text links were watched by entirely different audiences on Facebook and Twitter [1]
I've reported directly to good CTOs and really bad ones.
The shitty ones:
- Either never built trust or broke trust.
- Were impulsive and reactionary.
- Didn't rely on the expertise and skills of their reports as much as they told them what to do because they already knew everything. Didn't ask questions. Gave orders.
- Literally used the words, "because I said so".
- Believed that they were the only one doing any real work. Used the words, "easy" to describe work that was assigned to their reports.
- Were very insecure - questions were often received as
challenges to authority.
- Set in place policies which they were the first to violate.
These days I'm working on "proof of execution" and "proof of data availability", which are an interesting application of zero-knowledge proofs to very large sequences of values. The steps aren't revealed, but the rule which the steps must follow is revealed.
It's almost magical how it's possible to prove that N billion steps of a simulated virtual computer, run exactly according to specification, complete with CPU and memory, given a particular set of input files (or even a hash of an input) and program (or hash of a program), produces a particular set of output files.
All summarised in a short proof that a verifier can easily and quickly check, so it doesn't have to redo the computation itself - it can trust the outputs it receives, due to the proof.
All government revenues are the result of taxing citizens. Citizens only have money to be taxed if they are employed in productive money-generating enterprises.
If the laws and regulations of the nation are such that the citizens can’t make money, then the government has no choice but to cut taxes and regulations until private business can flourish again. Otherwise it’s a never ending strangling of business, lower revenues, lower tax takes, and so on in a downward spiral.
I can’t think of any other way out of the problem except enhanced productivity and trade. The government can’t tax what the citizens don’t make. Post-brexit and at the total end of the empire, Britain needs to become something like Singapore or Dubai - a hyper-capitalist free-trade haven.
Of course this will only happen after 10+ years of failure, leading to an erosion of living standards and endless finger pointing and blame. You are already seeing the collapse of the NHS and the FTSE lacking any global relevance.
I use to have a very reliable but simple python script that asks the whois server for the TLD then gets the whois server from it and asks that server the whois of the apex and if it gets another whois it asks that server and so on recursively. It was more reliable than any service I found because a lot of TLDs that aren't mainstream or run by random countries have their own finnicy whois with some custom weird webui bur whois on port 43 is always there and contains a lot more info than RIR whois which is what most services tend to show.
Some parameters are reliably there and in a way it is very easy to parse since it is key value separated by a colon (cut -d ':' -f 1,2) but there is no "schema" you can follow and sometimes I saw unique and extra additions by some servers and missing critical fields by others. "Your domain is compromised, bad guys are doing bad stuff with it" how do I reliably find out the right contact for example? That last bit was always a manual excercise.
This seems like good advice. This is pretty close to the "STAR" framework I've seen used(Situation, Task, Action, Result) - explain the context briefly, what you're doing, what you're doing to accomplish the thing you're trying to do, and what the end result of it all is.
> a lot of colleagues don't know how to give good situation reports.
Another thing that can help, both written and in face-to-face communication, is using the Inverted Pyramid. Let's say the person in your 1-1 has an emergency and you have to cut it short after 5 minutes. In those first 5 minutes you want to get the most important information across. In the next 10 minutes, you give supporting details, and in the final 15 you can geek-out on the nitty-gritty.
I used to work with a very smart man that I'm sure was some kind of secret genius. He's was that sort of tech gofer. Hardware, software, didn't matter, if there was a problem he'd solve it. Sort of guy you'd see carrying a thick ass SQL book around because he 'needed to learn it' to solve just one little problem. He built whole entire solutions for the company I worked at in his spare time that the company once tried to sell for 500k and at a previous company I heard he figured out a way for the pain mixing machines to save on paint or recycle it or something saving them 1.3 Mil a year. When Raspberry Pis first came out he was one of the first people I saw tinkering with them and he was in his 50's doing it just for fun, I think he ended up using it to open and close his garage door from work or something just to scare his wife.
That sort of guy. Well he once told me something about executives and upper managers working for corporations that I have never forgotten. He said to me, and of course I am paraphrasing:
"Change gives the illusion of progress". I asked him what he meant and he responded with something to the effect of "They have the habit of changing big things every 5-10 years on purpose to make it look like they are productive, and to justify their own roles, one guy will come in and 'cut costs', the new guy after him will 'invest'".
You don't gave to measure every one of these, of course. In my experience they are more or less correlated: good lifestyle interventions improve many measures at once.
SMART goals regarding these KPIs are pretty obvious.
Always push back on terms in contracts that you don't like. I deal with a lot of Master Services Agreement and Statement of Work markups. 75% of the time people just put out changes without really being very tied to them. If they want to do the deal, hire you, etc., they will make changes.
Here are some tips that have worked for me. I am not a lawyer but I've spent a decade plus reading all kinds of contracts. It's kind of a hobby.
1. Read the entire contract carefully.
2. Consult a lawyer if there are things you don't understand. My biggest single disaster was because of failing to do this on a partnership agreement. It almost tanked a company acquisition deal. I always go back to counsel whenever something new pops up. You can think of it as paying lawyers to teach you how to take care of yourself.
3. If you see something you don't like, you can ask a question like the following: "I see you put X in the contract. What's the problem you are trying to solve here?" It sets up a conversation about how to rewrite it in terms that are more acceptable.
4. Provide alternative language whenever you can. This is better than forcing the other side to go back to their lawyers who may be motivated to cover their butts / show they are putting in the time rather than finding a real solution.
There are things that counterparties see as vital so at some point you'll hit things where they simply won't budge. At that point you can make an informed decision whether you want the overall deal. Meanwhile you get the other stuff that's important to you.
Places I tend to be really careful: matters related to IP, liability, and indemnification. These are all areas that can get really painful if things go south. There are a number of tricks to do end runs around liability in contracts. Check with counsel if you have any doubt and push back hard.
Places where I'm more flexible: terms for payment, length of termination period, governing law, venue for resolution of disputes (e.g., arbitration vs. courts), etc.
Again I'm not a lawyer and your experience may be different.
I have pushed back against contract clauses. Sometimes it works, sometimes it doesn't. The most important outcome is the communication itself. Done well, the discussion builds mutual respect. Both sides want to enter into an agreement that is healthy for them as individuals and, in the best case, for the relationship itself.
An example: I've always looked very skeptically at NDAs. I pushed pretty hard for a sunset clause on one once. The other side pushed back. I ultimately decided to sign, as everything else about the arrangement was very acceptable. Once privy to the information on the other side, I understood their reluctance.
Also, there are some states with reasonable worker IP protections. Those change the foundations of some contracts for the better.
There are a couple of techniques that I have used in the past that have worked well.
First, don't edit the proposed contract itself. Instead, add a rider that specifically overrides the provisions you don't like. Something like "Intellectual Property. Work produced by employee shall be considered work-for-hire. 'Work" is defined as..." Then add a line to the bottom of the rider that says "If any portion of this rider is in conflict with the main contract, the terms of the rider will override the terms of the contract." The benefit of this approach is that you avoid the back-and-forth niggling over particular words in the main contract, and you often overcome the other party's resistance to changing the language their lawyers said had to be there. It's stupid, but it works.
The second technique is simply to say, "this contract isn't large enough to justify these provisions. If you would like to bump the contract, we can talk. Otherwise, no." This has worked for me in negotiating software licenses. I haven't tried it in an employment situation. It works because it forces the other side to acknowledge that their demands have costs, and they can have what they want only if they pay for it. They never do.
I am not a lawyer. Heed this advice at your own risk.
Oof, only now do I realize I need to record account deletions somewhere independent of my database backups so I don't accidentally restore accounts I shouldn't if something goes horribly wrong. Not sure why I didn't think of this before.
Zapier is a god send for the non developer portions of a company.
I work in marketing. Marketing projects are inherently speculative, you don't know what they will achieve until they're done. Add to this that dev teams at every company have full sprints planned for months. Getting a marketing project done through the dev team is months of exertion and sweat.
Or... get Zapier approved by security, get platforms plugged in officially, nice and tidy. And then the marketers can do what they need in the platform, and they're able to iterate and learn at a much faster pace. It changes the whole game.
The main differences between the older SHA-256 of the SHA-2 family of FIPS 180, and the newer SHA3-256 of the SHA-3 family of FIPS 202, are:
* Resistance to length extension attacks.
* Performance. The SHA-2 functions—particularly SHA-512, SHA-512/224, and SHA-512/256—generally have higher performance than the SHA-3 functions. Partly this was out of paranoia and political reasons in the SHA-3 design process.
Further reading: https://crypto.stackexchange.com/questions/68307/what-is-the...