After wasting the better part of a decade on speed reading as a teen and using speed reading tools I can only find myself to agree with them. Remove multiple-choice questions and ask questions about the material and speed readers comprehension crumbles apart to such a degree it is difficult to call what they do to be "reading".
There are quite a number of studies on this, but I'll reference a blog that does all the referencing for me [0] since their experience and thirst for knowledge that led them to later be an advocate against - rather than an advocate for - speed reading is basically a 1:1 match of my own.
500-600 WPM is the upper limits, 99.99% of people claiming otherwise are bullshitting, I always leave that 0.01% because some people are literally just built different and are truly one-of-a-kind (or one-of-maybe-a-dozen people on Earth). Anyone claiming such speeds is going to be under a lot of scrutiny the same way I'd be skeptical of anyone else claiming to be in the top 0.01% of anything. If someone tells me they're a Top 10 Challenger ranked League of Legends player I'm not just going to take their word for it without some solid evidence.
All that I have to say about it, is that in a place like Hacker News, you do encounter the top 0.01% on a fairly regular basis. Particularly among those who were here early on. Being too skeptical of it when you see it doesn't sound like that good an idea.
I mean seriously. Why would I lie? And why would I risk the fake reputation on this account on a lie about something stupid, when I have friends who know me here?
People can give children terrible information too and steer/groom them in harmful directions. So why stop there at "AI" or poorly defined "algorithms"?
The only content children should see is state-approved content to ensure they are only ever steered in the correct, beneficial manner to society instead of a harmful one. Anyone found trying to show minors unapproved content should be imprisoned as they are harmful to a safe society.
The type of people who groom children into violence fall under a special heading named "criminals".
Because automated systems that do the same thing lack sentience, they don't fit under this header, but this is not a good reason to allow them to reproduce harmful behaviour.
So selling the Anarchists Cookbook is illegal? Being a YouTuber targeting teens for <extreme political positions> is illegal? This is honestly news to me given how many political YouTubers there are who are apparently criminals?
Given some of the examples I'm not so sure a human would be charged for saying the same exact things the AI has said. Without an actual push to suggest violence and even that's difficult to prove in cases where it does happen (eg. The cases where people pressured others into suicide or convinced them to murder)
I would greatly appreciate if you engaged with what I wrote and not what you think I wrote if you're going to make the bold claim that I'm not engaging in good faith.
Absolutely nowhere did I equate writing a book to grooming. I equated selling the book in the greater context that "providing children with potentially harmful/dangerous information should be illegal because it grooms them to commit harmful actions to themselves or others" and this context would carry the implications that by "selling" I am referring particularly to "selling it to children" since "providing children with potentially harmful/dangerous information should be illegal because it grooms them to commit harmful actions to themselves or others". With my argument being would it be criminal for an AI but not for a human?
So to clarify the argument: Writing the book is fine. Selling the book to adults is fine. Adults reading the book is fine. But if providing dangerous information to children should be made illegal - how would selling such a book to a child not be considered illegal? Because it was written by a human and not an AI?
Every now and again a site exists that has a massive community, tons of resources, ways to speak with other learners, ways to meet language exchange partners, and are greatly successful. Then all of that gets gutted for what is essentially a worse version of Anki but for the web when the company runs out of funding and has to start turning a profit somehow. This burns the community and the people providing most of the value move elsewhere.
It's happened to italki (now iKnow), Memrise, DuoLingo, and a few sites that were so short-lived I no longer remember what they were called.
My takeaway is that language learning apps are a lot like dating apps. They profit less if people actually learn a language and so can't be too good at their job because they'll bleed users faster than they can gain them - similar to dating apps. It needs to work just well enough that users are tricked into believing it is working but not so well that it actually works for most people.
It seems like the ETA before enshittification begins is about 2~3 years. If you're an early enough adopter you might actually benefit from it but you have to be willing to jump ship and not fall for the engagement/gamification tactics that keep you sticking around after it has stopped providing any value.
I spent way too long 'watering my garden' on Memrise before I looked around and noticed all of the once useful community-providing mnemonics were gone, you couldn't correct bad definitions anymore, it was difficult to actually speak to anyone else in the community (unless you could find them on the forums), and eventually I stopped using it altogether. The community I had signed up for and was a huge part of Memrise's success no longer existed.
"They profit less if people actually learn a language and so can't be too good at their job because they'll bleed users faster than they can gain them - similar to dating apps."
This might be why some of the best language-learning content I have seen is from national broadcasters like YLE in Finland. There, once a foreigner learns the language from that material, they then become a consumer of the broadcaster’s main content.
This is actually a remarkably common failure pattern for a lot of language learning apps. Devs see Anki and think "I'm gonna do it better! I'm gonna build Anki, but for a specific language and make it a web app." ... I've lost count how many of these I've seen over the years!
> It seems like the ETA before enshittification begins is about 2~3 years
It's funny, I actually learned the term "enshittification" specifically from friends of mine who were Memrise users. It's honestly a textbook example of the phenomena.
Negativity aside though, I'm actually pretty optimistic about this space despite all that I've seen so far. I think that there's genuinely room to build great language learning software that people will really benefit from. I'm just really pessimistic about most of the people working in the space. Without trying to exagerrate, I'd estimate that probably less than 10% of people working in the language learning industry are actual language learners (at best, they might've learned English as a kid). When you're not actively, seriously learning a language, you become numb to the problems of people who actually care about becoming fluent and just end up building tinder-esque games to addict people with.
Anki for vocabulary building, Ryan Estrada's comic for learning to read Hangul (https://www.ryanestrada.com/learntoreadkoreanin15minutes/) as it sticks true to its promise. Over 8 years ago I spent 15 minutes learning how to 'read' Hangul. To this day I can still slowly sound things out and, at the least, read people's names. It truly is a fantastic writing system although I do sometimes struggle with which vowel is which that's 100% an issue of only having spent 15 minutes learning.
Unfortunately I can't help much with learning grammar as I never dove into actually learning Korean due to a dislike of how it sounds. There's the "Tae Kim Japanese Grammar"-like approach for a Korean grammar guide at: https://www.howtostudykorean.com/ although I'm not a big fan of how overly simplified (and sometimes wrong due to the simplification) Tae Kim's approach for Japanese was. So I can't attest as to whether How To Study Korean makes the same mistakes or not.
As for writing - Korean is simple enough to read/write that you can simply find any Korean news source and practice writing the sentences as you read them.
> Unfortunately I can't help much with learning grammar as I never dove into actually learning Korean due to a dislike of how it sounds.
Ha, one of my main motivations for wanting to learn Korean is how beautiful it sounds to me. Funny how that goes, diametrically different subjetive perceptions.
It's amazing that something that can look so alien to Western eyes is actually pretty straightforward once you try to learn it. I did the same and learned Hangul so I can at least sound things out and do some basic Internet searches etc.
You can do exactly the same with other scripts, e.g. Japanese hirigana and katakana, which are fairly easy to learn, and also Arabic, which looks difficult, but is definitely learnable in an hour.
I started learning Korean but never really got the far. But, straight after learning Hangul you get into sound mixing (https://www.missellykorean.com/korean-sound-change-rules-pdf...). Trust humans to invent something simple and then make it complicated over time!
Japanese has similar stuff with their u-dropping, but not as complicated as Korean.
It's such a common aspect of languages too that many people don't even realize when they're doing it in their native language!
People get lazy - especially natives who don't get confused because it's how most natives will talk. For example, every word ending in "ing" in your comment could drop the "g" sound when spoken. Plenty of English speakers do that when speakin' and not many people would think anythin' of it until a frustrated person learnin' English asks why nobody is pronouncin' the endin' "g". Droppin', changin', and blendin' sounds is why learning a language by listenin' to natives speakin' is so important instead of crammin' textbooks all day.
Some might consider this a regional thing/accent and I'd argue that it both is and isn't. To the extent I tried to illustrate it would likely get seen as an accent but the occasional droppin' of it is somethin' I've heard across so many different English accents that I'd argue it isn't only an accent thing.
In the US it's mostly associated with a Southern accent and in England it would be the English Midlands like Brummie or Mancunian.
And this is how you end up with rewriting the world and spending more time rewriting dozens of existing libraries to avoid adding them as dependencies and less time working on the problem you're actually trying to solve because you're fixing the same dozen bugs that the first person already went through the trouble of fixing for you had you simply used their library instead of eschewing it and having to learn everything that they had already learned for you. Often times because the problem space is deeper than you could have known before getting into the weeds and hopefully you don't get bit by sunk cost and decide to do yourself a favor and just use a library instead of continuing to work on solving problems that aren't related to what you set out to do.
There's a balance to be struck between LeftPad scenarios and "Now there are 37 competing libraries".
Exactly. The right thing to do is study each dependency and decide whether the reward of having the problem solved quickly is worth the many risks of adding dependencies.
I'll acknowledge here that there seems to be a significant difference between Python projects and Node projects: in my experience, a small Python project has a handful of dependencies and maybe a dozen sub-dependencies, while a small Node project usually has a handful of dependencies and a few hundred sub-dependencies. That's where Python's "batteries included" motto does seem to help.
> There's a balance to be struck between LeftPad scenarios and "Now there are 37 competing libraries".
I think we're actually in agreement. My assertion is that for projects which want to avoid constant maintenance, particularly small projects, you can make architectural decisions some of which could significantly improve the maintenance outcome. Of course there are trade-offs to those, and if you make the wrong architectural decisions it can cause more harm than good.
Maybe I'm glib for calling it "easy" but for many leftpad scenarios it really is a "holy crap why did you think that was ok" scenario in my experience. Lets avoid those scenarios when we can.
The site was taken down earlier today. Mail service remained up for some time. Sent myself a test email - seems I managed to migrate most of my emails over just in time as I'm no longer getting mail.
I used cock.li since about a few months after its initial opening. It was reliable enough and I trusted Vincent had his heart in the right place.
Even if it comes back up - I have no plans to migrate anything back. I've been self-hosting my email for a few years now but never took the time to reset my email everywhere until today. I wish I started about an hour sooner than I did as there are 2 accounts now stuck in potential limbo assuming the domain doesn't get moved elsewhere or temporarily hosted so people have time to migrate away from it.
Most forms of advertisement should be considered criminal, as most modern ads are borderline psychological warfare against a population that doesn't even understand they're at war and losing because the effects aren't immediately noticeable and are very rarely directly physical.
Tear down someone mentally until you can get them to agree to part with their money. Call them ugly, call them fat, call them depressed. Show them how boring and miserable their life is before <product> is a part of their life. But only ever indirectly - if you're too direct the negative emotions they're feeling will be associated with your product instead of themselves. Tease them with beautiful people having fun and enjoying life. This could be you if you buy <product>. Happy and successful. Surrounded by friends laughing and smiling. Remember - ending on a happy emotion makes people associate those feelings with <product> which will increase sales of <product>. Cute polar bears. Drink coke.
It's a form of assault and I refuse to pretend otherwise.
There are very few forms of advertisement that I don't have a major problem with. Public space bulletin boards, word of mouth (non-sponsored), dedicated infomercial spaces (no videomercials w/ the comedy-like over the top failing at life to try and sell the product).
Price, product/service, why you need it and why yours over any competitors. Non-targeted ads by default unless the user opts in for targeted ads.
Mom & pop shops are totally capable of emotion-targeted advertising and it's a problem when they do it too. Corporations just use it more.
For example - how does one advertise perfume over television? A product that requires you to smell it? Emotional manipulation and promise of fantasy. Nothing to do with perfume. A proper commercial would at least try to explain the smell - maybe mention the high/low note fragrances used. Nope. Beautiful models. Lavish party. Brand name.
Fixing advertising will never happen. Advertising runs the world because it already won the war.
so you believe if your teacher or parent tell you not to over eat sugars, not to drop out of school, take care of looks, because these things will prevent you from being rich, relationship, comfort.
you believe this type of messaging shouldnt be shown because we are too mentally weak to handle it? you dont believe parents should parent their child either? you think anything that can possibly make a human form an opinion is inherently evil? do you think a company that lets say shows how boring your life is so they try to sell you a book is wrong.
or a workout machine shouldnt show what it can potentially offer to your life. or basically extending your life. a school that sells prestige and highest level of education should instead never advertise so you dont feel dumb?
im not saying this is the ideal utopia. this is reality. for businesses to work they need money, for a country to prosper it needs successful businesses whether it be govt or otherwise. you want to teach kids to be able to handle reality not play victim. ofc this is just my way of seeing things. but i believe being able to use what is being offered to your advantage is what makes successful people. and ill be damned if someone in the states believes they dont have all the opportunities in the world with the most access to whatever they want with govt regulating the things you are so afraid of to at least a reasonable level. being able to identify the evil in everything thus shutting themselves off is counter productive imo and its honestly even a blessing to be able to think like this lol. many countries this cant even be a factor because these companies cant even exsist to give you these evil messages. because they dont survive in those small economies
There are literally hundreds if not thousands of studies about precisely how to navigate people in aggregate and take advantage of every little bit of human psychology to maximize profits. It's not about people being mentally weak but about corporations and marketers knowing how to best break past people's mental barriers.
You are not unique among the millions of people. Advertising works - and it also works on people who adamantly believe that it doesn't work on them. Often because people think of themselves are more intelligent than the average person.
Almost nobody claims to like advertising. They might prefer advertising over subscriptions as a form of payment - but not because they like ads but because it doesn't take money from them directly but rather indirectly. Yet despite the almost universal hatred of advertisements its the worlds largest business.
Advertising would not be in the top 10 of worlds largest businesses if it didn't work on hundreds of millions of people. It bears repeating. You are not special. Neither am I. Despite my best attempts at avoiding advertising I can nearly guarantee it affects my purchasing decisions perhaps without my awareness of it at all. Subconsciously there like a parasite. Because that's how advertising actually works.
Nobody sees an ad and goes "I want <ad product>". That's not how advertising actually works but it's how people think it works. 3 months down the line you're buying beer for a party and buy a pack of Heineken without thinking too much about it. And that is when they have won.
As opposed to the “security” of closed source software? Where severe vulns are left in as long as they aren't publicized because it would take too much development time to justify fixing and the company doesn't make money fixing vulns - it makes money creating new features. And since it isn't a security-related product any lapses in security are an "Oopsy woopsy we screwed up" and everyone moves on with their lives?
Even companies that are supposed to get security right have constant screw ups that are only fixed when someone goes poking around where they probably shouldn't and thankfully happens to not be malicious.
I think your comment works as a reply to claiming closed source is more secure than open source - you try to bring them both to the same level.
I dont think it replies to what the user asks though. It seems reasonable expecting widely used open source software to be studied by many people. If thats true it would be good to question why this wasnt caught by anyone. Ignoring all ssl errors is not something you need to be an expert to know is bad...
Codebases outside of security-contexts are rarely audited, much less professionally so. The culture of code reviewing PR's from 14 years ago is a little different from today and is also why any "quick hacks to make things work" should always have some form of "//HACK: REVIEW OR REMOVE BY <DATE>" attached to it to make it easy to find.
From a security perspective there are only two kinds of code bases: open & closed. By deduction one of those will have more eyeballs on the codebase than the other even if "nobody looks".
Case in point: It may have taken 14 years but someone looked. Had the code base been closed source that may never have happened because it might not have been possible to ever happen. It's also very easy to point to the number of security issues that never made it into production because it was caught in an open source code review by passerbys and other contributors while the PR was waiting to be merged.
The fact it was caught at all is a point for open source security - not against it. Even if it took 14 years.
> From a security perspective there are only two kinds of code bases: open & closed. By deduction one of those will have more eyeballs on the codebase than the other even if "nobody looks".
Is that the classification that matters? I'd think that there are only following two kinds of code bases: those that come with no warranty or guarantee whatsoever, and those attached to a contract (actual or implied) that gives users legal recourse specific party in case of damages caused by issues with that code (security or otherwise).
Guess which kind of code, proprietary or FLOSS, tends to come with legal guarantees attached? Hint: it's usually the one you pay for.
I say that because it's how safety and security work everywhere else - they're created and guaranteed through legal liability.
Can you cite an example where a company was sued over bad code? I want to agree with you and agree with your reasoning (which is why I upvoted you as I think it is a good argument) but cannot think of any example where this has been the case. Perhaps in medical/aviation/government niches but not in any niche I've worked in or can find an example of.
The publicly known lawsuits seem to come from data breeches and the large majority of those data breeches are due to non-code lapses in security. Leaked credentials, phished employee, social engineering, setting something Public that should be Internal-only, etc.
In fact, in many proprietary products they rely on FLOSS code which resulted in an exploit and the company owning the product may be sued for the resulting data breeches as a result. But that's an issue with their product contract and their use of FLOSS code without code review. As it turns out many proprietary products aren't code reviewing the FLOSS projects they rely on either despite their supposed potential legal liability to do so.
> I say that because it's how safety and security work everywhere else - they're created and guaranteed through legal liability.
I don't think the legal enforcement or guarantees are anywhere near as strong as other fields, such as say... actual engineering or the medical field. If a doctor fucks up badly enough they can no longer practice medicine. If a SWE fucks up bad enough they might get fired? But they can certainly keep producing new code and may find a job elsewhere if they are let go. Software isn't a licensed field and so is missing a lot of safety and security checks that licensed fields have.
Reheating already cooked food to sell to the public requires a food handler's card which is already a higher bar than exists in the world of software development. Cybersecurity isn't taken all that serious by seemingly anyone. I wouldn't have nearly as many conversations with my coworkers or clients about potential HIPAA violations if it were.
> Can you cite an example where a company was sued over bad code?
Crowdstrike comes to mind? Quick web search tells me there's a bunch of lawsuits in flight, some aimed at Crowdstrike itself, others just between parties caught in the fallout. Hell, Delta Airlines and Crowdstrike are apparently suing each other over the whole mess.
> The publicly known lawsuits seem to come from data breeches and the large majority of those data breeches are due to non-code lapses in security.
Data breaches don't matter IMO; there rarely if ever is any obvious, real damage to the victims, so unless the stock price is at risk, or data protection authorities in some EU countries start making noises, nobody cares. But the bit about "non-code lapses", that's an important point.
For many reasons, software really sucks at being a product, so as much as possible, it's seen and trades as a service. "Code lapses" and "non-code lapses" are not the units of interest. The vendor you license some SDK from isn't going to promise you the code is flawless - but they do promise you a certain level of support, responsiveness, or service availability, and are incentivized to fulfill it if they want to keep the money flowing.
When I mentioned lawsuits, that was a bit of a shorthand for an illustration. Of course you don't see that many of them happening - lawsuits in the business world are like military actions in international politics; all cooperation ultimately is backed by threat of force, but if that threat has to actually be made good on, it means everyone in the room screwed up real bad.
99% of the time, things get talked out without much noise. Angry e-mails are exchanged, lawyers get CC-d, people get put on planes and send to do some emergency fixing, contractual penalties are brought up. Everyone has an incentive in getting themselves out of trouble, which may or may not involve fixing things, but at least it involves some predictable outcomes. It's not perfect, but nothing is.
> I don't think the legal enforcement or guarantees are anywhere near as strong as other fields, such as say... actual engineering or the medical field. If a doctor fucks up badly enough they can no longer practice medicine. If a SWE fucks up bad enough they might get fired? But they can certainly keep producing new code and may find a job elsewhere if they are let go. Software isn't a licensed field and so is missing a lot of safety and security checks that licensed fields have.
Fair. But then, SWEs aren't usually doing blowtorch surgery on live gas lines. They're usually a part of an organization, which means processes are involved (or the org isn't going to be on the market very long (unless they're a critical defense contractor)).
On the other hand, let's be honest:
> Cybersecurity isn't taken all that serious by seemingly anyone.
Cybersecurity isn't taken all that serious by seemingly anyone, because it mostly isn't a big problem. For most companies, the only real threat is a dip in the stock price, and that's if they're trading. Your random web SaaS isn't really doing anything important, so their cybersecurity lapses don't do any meaningful damage to anyone either. For better or worse, what the system understands is money. Blowing up a gas pipe, or poisoning some people, or wiping some retirement accounts, translates to a lot of $$$. Having your e-mail account pop up on HIBP translates to approximately $0.
The point I'm trying to make is, in the proprietary world, software is an artifact of a mesh of companies, bound together by contracts. Down the link flows software, up the link flows liability. In between there's a lot of people whose main concern is to keep their jobs. It's not perfect, and corporate world is really good at shifting liability around, but it's doing the job.
In this world, FLOSS is a terminating node. FLOSS authors have no actual skin in the game - they're releasing their code for free and disclaiming responsibility. So while "given enough eyeballs, all bugs are shallow", most of those eyes belong to volunteers. FLOSS security relies on good will and care of individuals. Proprietary security relies on individual self-preservation - but you have to be in a position to threaten the provider to benefit from it.
The contexts of security by obscurity is usually in regards to data that would attract people who would specifically target you for being a mark that will make them a lot of money rather than opportunistically target you because you are an easy mark that will make them a quick & easy profit of unknown value.
If someone wants to rob you - a door lock isn't going to stop them. Likewise if someone wants to pwn you - a little obfuscation isn't going to stop them.
Security by obscurity only works in the case that you aren't known to be worth the effort to target specifically and so nobody bothers. Much like very few people bother to beat my CTF. I'm sure if I offered a $1,000 reward for beating it the number would increase tenfold because it is suddenly worth the effort to spend a bit of time attacking. But as it stands with no monetary incentive the vast majority (>99%) give up after a few days.
The issue you're missing is the scale of the cheating.
When it is some small percentage of games you might shrug, hope you don't run into the cheater again, and move on to the next game where nobody is cheating. A few matches of your day get ruined but you still get to enjoy >95% of them so it's overall still a good experience. It has a very small impact on your enjoyment but you can move on and still enjoy most of your time.
It becomes a problem when there are so many cheaters that you encounter one in nearly every single game you play. Making it nearly impossible to play or win because the aim botting, wall hacking, infinite ammo, one-hit-kill, teleporting, invincible hacker is mowing down you and your entire team and the round ends in a few minutes. Except now it is 5 out of every 6 games you play and you hardly get to enjoy playing.
Additionally, back in the day you could leave matches without really getting punished for it. If you encountered an obvious hacker you could just leave and rejoin a new game. Now you get punished for leaving matches and might have to sit out a 15-60 minute timer if you leave too many games. Mix that with some high percentage of cheaters and you might be sitting in lobby waiting to play the game more than you're actually playing the game.
Let's say you enjoy playing Chess. How long would you enjoy playing against Alpha Zero - especially when expecting to play against someone your own ELO? At what ratio of playing against people cheating with Alpha Zero would you stop bothering to try and play Chess? I could tolerate it occasionally but if every single person I was playing against was just using Alpha Zero I'd stop trying to play Chess at all. It's no fun to lose every single time because the other person is always cheating.
If they worked to any acceptable level of efficacy then they could be tolerated. They're only tolerated by people who think they work as well as they claim to work (security theater) but anyone who knows about the performance impacts and/or are tech-savvy enough to understand it is a rootkit and potential exploit (that would fully pwn your device) hates them.
Some cheats are getting rather sophisticated now. There's an ever-increasing number of Pi-devices where the cheating is done externally.
They're also chosen by users when the game is filled with cheater. Counterstrike 2 is an example of this with players moving to FaceIT and ESEA (with kernel anti cheat) as the higher ranks of official competitive matchmaking are filled with cheaters.
Proven by who and what proof? Because Denuvo is the only one outspoken about how it doesn't impact performance despite all evidence to the contrary and they provide no evidence of their own beyond claiming it doesnt. Then saying they'll prove it doesn't and then backing out of proving it.
DRM and anti-cheat aren't the same though. That link is talking about denuvo DRM, not denuvo anti-cheat. Also, just because one implementation impacts performance doesn't mean they all have to.
I'll believe it when Irdeto manages to provide any evidence amounting to more than "Just believe us".
Both the anti-tamper and anti-cheat affect performance and it's incredibly noticeable to anyone who isn't building a new bleeding-edge hardware PC every year or two.
There are quite a number of studies on this, but I'll reference a blog that does all the referencing for me [0] since their experience and thirst for knowledge that led them to later be an advocate against - rather than an advocate for - speed reading is basically a 1:1 match of my own.
500-600 WPM is the upper limits, 99.99% of people claiming otherwise are bullshitting, I always leave that 0.01% because some people are literally just built different and are truly one-of-a-kind (or one-of-maybe-a-dozen people on Earth). Anyone claiming such speeds is going to be under a lot of scrutiny the same way I'd be skeptical of anyone else claiming to be in the top 0.01% of anything. If someone tells me they're a Top 10 Challenger ranked League of Legends player I'm not just going to take their word for it without some solid evidence.
[0] https://www.scotthyoung.com/blog/2015/01/19/speed-reading-re...
reply