Good catch! Though it misses my primary condition: "disposable" - ha! :-D (this one is a refillable one, and it looks like he is streaming the content from his PC?)

But a very cool link, thanks for sharing! :)

I believe the piece we're missing is the government (citizen?) service which issues (manages, replaces, revokes) constituents' cryptographic tokens for use with such things.

Then our voting systems could be electronic, secure, open, verifiable, and mostly private; assuming effective oversight / this organization does not issue fraudulent tokens or leak keys or identities (big assumption, but I don't think it's impossible.)

Isn't a vote being verifiably tied to a person actually a bad thing? Then you can actually check what e.g. your wife or kids voted for and punish them if they vote wrong. Or get people to pay for votes, but doing that at scale is obviously hard.

Maybe this isn't what you meant by verifiable, but there are systems with this property and they are bad.

The property you are talking about is generally called "deniability" in the literature, whereas the GP is talking "verifiability" ie. being able to verify your own vote is cast correctly. They are both valuable, sometimes mutually exclusive, but not necessarily, see eg. https://petsymposium.org/popets/2024/popets-2024-0021.pdf

Verifiable in this context means I can verify my vote was tallied correctly.

That would also mean someone could force you to show who/what you voted for.

No, because they have no idea what your true ballot ID was.

They can force you to show them a ballot, the idea is that all ballot ID's get made public. You could be showing them anybody's and they'll never have any way of knowing.

It seems you mean something simailar to Selene voting system where a tally board is published containing tracker vote pairs. Each voter can decrypt their tracker once the voting phase closes to check the vote and also means to fake the decryption for claiming another other tracker from the tally board as yours.

Not necessarily. In Colorado they handle this by putting the ballot in a blind envelope inside a trackable envelope. I can verify the details of the receipt of that trackable envelope to the tallying center where it is verified as untampered and opened under video with multiple people present. The unmarked envelope is added to all the rest of the ballots to be counted.

So then you can verify your vote reached the tallying center, but not that it was tallied correctly. Someone can look at your vote and count it wrong.

I think that's fine and the best we can do, but the person I replied to said you can verify your vote is tallied correctly. That implies checking what the actual vote was.

All true, but this is no different than any other ballot in the state. At a certain point you can choose anonymous ballots or you can choose trackable ballots.

Not at all. Make verification possible only at secure physical sites.

Receipt-freeness (i.e., a secret ballot) is usually the desired property. Yes, a lot of people like you state they desire verifiable votes. But that's where you need to respond to the points the person above you is making: how is such a system not also susceptible to coercion and bribery?

(However you would verify your vote, imagine the person who is coercing you is just standing over your shoulder with threat of force. An example might be an abusive husband who does not want to allow their wife to vote freely/against him. A briber might simply force you to allow them to look over your shoulder before they'll pay you off.)

Vs. paper ballots in a polling place: a coercer would not be permitted in the poll booth with me. I get to vote, and when I leave, … I can tell them whatever, but it does not need to match my vote. It utterly defeats bribery, as the briber has no way to verify that I'm doing what they way.

>An example might be an abusive husband who does not want to allow their wife to vote freely/against him

This is an edge cases which could be made illegal. If someone forces someone else to vote you could hang them.

Exactly, we can definitely build a secure online voting system, far more secure than the current paper one, but it will come with some downsides. One of them is a national digital ID mandated to all voters, which obviously can and will be abused by the government.

Another reason (besides what I mentioned in another post below) why such a secure system will never see the light, even if we can technically build it, is that the average person will start to question: why do we still need to vote for representatives if we have such a system in place? Can't we as citizens vote directly on bills/acts? Which makes sense since the current system was designed before all these tech and connectivity.

Yeah, we have certificates on our ID cards, but they need to be manually renewed every 3 years which necessitates a trip to the designated authority. And then the underlying system gets changed every so often invalidating the card types altogether, so they can be used as dummy IDs only.

Thanks, I hate it.

Do folks not leverage built in help commands anymore?

I must be getting old.

Just wait till these whippersnappers find out about man page.

I see both sides, I paid $5 in 2013, but each time I use it I feel like they keep pushing their own content to the home screen.

I tried to use search the other night, for a movie I know I have. It listed 30-some entries, all for their "Plex content" bullshit. I can't find a setting that turns that off. I have no interest in them trying to become a half-assed Netflix.

Likewise the CDN's, probably.

CDNs are necessary for some tools, they wouldn't work without. The do CDNs help eliminate bloat.

I mostly do front-end work, so I get why you would default to CDNs - it's more likely that users ALREADY have that CDN link downloaded and cached on their machine than not. It's absolutely an upgrade for 99.9% of most use cases.

Here, on the other hand, you are trying for peak privacy, though, so the situation reverses. Every single third-party request is a potential attack vector. Contrary to general best practices, you would want to force yourself to include every CDN package unless there was some MASSIVE benefit to excluding them (and disabling the utility that relies on it), like hundreds of MBs of data for a rarely-used utility, or something that you wouldn't want to force on the majority of users.

That aside, I really appreciate this collection! Local first will always be preferred to server apps as far as I'm concerned, so this is fantastic!

> it's more likely that users ALREADY have that CDN link downloaded and cached on their machine than not

This isn’t how it’s worked for years. Browser isolate isolate assets like this to mitigate fingerprinting which renders the whole concept of use-CDN-since-it’ll-be-cached moot.

> CDNs are necessary

What exactly can't be repackaged / hosted alongside?

The bloat is still there, regardless of where its downloaded from.

It could all be done alongside but this seems redundant to me, the resources are already hosted elsewhere specifically for this purpose.

Right, including extra user tracking.

Yes, everything online seems to want to track you. I will seriously consider making all resources local. Then the tools could be used offline as well.

If you can avoid this transition I would recommend it. Say no, take a pay cut, feign ignorance.

9/10 times the new manager is miserable and doesn't add anything to the employees' day to day aside from stressing about your next 1:1, and is then locked to that role for the duration.

That misery is real. That's actually a hidden use case for this simulator: play it, realize you hate the politics, and happily decide to stay an IC before accepting the promotion!

The simulator is an excellent reminder that engineering managers sign up for an eternity in the Kobayashi Maru scenario, and there's no way to Captain Kirk it, either.

https://en.wikipedia.org/wiki/Kobayashi_Maru

I've had the fortune to be able to steer my career back down to IC with no loss of income every time I have been pushed up into an EM role.

Only one data point, but I'm 100% happier as IC than EM.

Tall order.

Like most of the internet, this site included, it's about how you use it and where you choose to participate.

You can get dirty by digging, of course. But there are still excellent communities on reddit that you really can't find anywhere else.

I'd argue it's more true on Reddit than anywhere. Subreddits are fairly self contained.

Other social media sites I feel like I'm fighting off a wave of whatever the site wants / momentum of all the users is.

Granted that doesn't mean they're completely isolated, a lot of smaller subs I was a part of have fallen into a mess of spam and engagement bots and so on so my total subs I'm interested in has fallen off.

It used to be the case Reddit itself would run spambots, and if you reported them you'd be banned. Also they have a habit of, if a subreddit isn't moderated how they like, finding excuses to ban the moderators and then either ban the subreddit for being unmoderated or replace the moderators. There were also times they just replaced a moderator list because they didn't like how the subreddit was moderated if there was a financial or reputation incentive to do so. Are these things not still the case?

>It used to be the case Reddit itself would run spambots, and if you reported them you'd be banned. Wow, do you have a link to where I could read more about that stuff? I tried doing a quick search, but couldn't find anything. Banning users for reporting bots is a crazy moderation decision...

Since it happened several years ago it would be hard to find now. Here's a different, related issue that I did find (with links to several more threads): https://www.reddit.com/r/ModSupport/comments/17bkv3f/false_b...

This is my view of Tiktok and Instagram as well. People always complain about how it's all AI or dancing videos, but if you use it properly you can very easily get thoughtful stuff. I get musicians, local restaurant recommendations, film analysis, simpsons clips etc.

It's up to you to learn not to doomscroll where it starts showing you garbage after it burns through your personal feed.

Just because you can find good things on these services doesn’t mean it isn’t worth talking about their problems.

While I wish JSON formally supported comments, it seems more sensible (compatible) to just nest them inside of a keyed list or object as strings.

  {
    foo: "bar",
    ans: 42,
    comments: {
      ans: "Douglas Adams"
    }
  }

Works right up until you get an entity where the field `comments` is suddenly relevant and then you need to go change everything everywhere. Much better to use the right tool for the job, if you want JSONC, be explicit and use JSONC.

Surely it could be suffixed or keyed with a less likely collision target than this very simplistic example. I suppose JSONC and similar exist, although they are rarely used in the wild in contrast to actual JSON usage, compatibility is important.

Hadn't heard of JSONC, but I've always been a proponent of JSON5 for this reason.

https://github.com/json5/json5

Personally, I think if your JSON needs comments then it's probably for config or something the user is expected to edit themselves, and at that point you have better options than plain JSON and adding commentary to the actual payload.

If it's purely for machine consumption then I suspect you might be describing a schema and there are also tools for that.

idk... "ans: 42 // an old reference from DA API" seems easier to read than wasting 4 lines of yours

multiply that for a long file... it takes a toll

---

also sometimes one field contains a lot of separate data (because it's straight up easier to deserialize into a single std::vector and then do stuff) - so you need comments between data points