But I do this from my own Pinboard account, which has
superpowers. Specifically, it lets me see private bookmarks
on all accounts. And since I already see everything, I don't
notice when everybody else starts to see everything, too.
I'm a drooling Pinboard fanboy, so I'm probably cutting him more slack here than I would for other services. However: it's been obvious to me since the beginning that "private" in Pinboard-context just means, "this bookmark is not publicly available on my account page." I've had absolutely no expectation that it wasn't accessible by a site admin -- although that would be nice too.
I can't think of a way to store retrievable data, like a bookmark, on his servers without leaving some way for him to access the data if he wanted to.
Yes, retrievable data is obviously accessible by a site admin somehow. But the way he's got things set up:
1) It's trivial for him to inadvertently see something deeply personal to someone just by browsing the 'recent' list or doing a search.
UPDATE: I overstated this one - Maciej let me know by email that he can only access private data on the search / recent page if he intentionally masquerades a user. He can only inadvertently see private data when viewing individual user pages.
2) If his account's ever compromised (let's hope he's not reusing that password elsewhere!) then someone else gets that ability as well, accessible from any browser anywhere.
It's one thing when you have to ssh into a server somewhere and do a SQL query to access someone's private information. It's another thing to set up your admin account so you're casually exposed to it.
I like Pinboard's service too, but this isn't remotely cool.
I'm a paying user and this won't make me stop using the service, but there should be a reasonable expectation of privacy here. Obviously the database has to store this information in a retrievable way, but to expose it so carelessly on a regular basis is completely unnecessary.
this is... a hard choice. I'm not saying I know which way is right, but I think that either way, revealing to your users which choice you make is the right thing.
The choice, really, is "do I look at my user's personal stuff and have a good idea that my service is working for them" vs. "do I not look at my user's stuff, and have much less of an idea if the service is working for them."
(yes, yes, good automated tests are the right way to solve the problem, but good automated test are difficult, especially when a broad range of behaviors could be 'correct')
In my own case, there are two places where I'm erroring on the "don't look at the user's data, even if it would allow you to provide better service" side. First? I don't mount a user's disk. it's a block device, as far as I am concerned.
As you might imagine, this makes backups way, way more difficult. Moves, too. It's possible that if I were to ignore this rule, I'd have enough spare disk bandwidth to do at least half-assed backups (I'm not doing any backups of customer data right now, which is pretty scary for me, because I'm in a business where if you lose the customer's data, you lose the customer in the worst way.)
Now, the right way to solve this problem is some kind of 'snapshot over the network' like zfs has or some other mechanisim that only transfers the change in block devices. Unfortunately, Linux has no such tools. (yes, yes, ZFS on linux is a possibility. So is a NAS. Rsync or something rsync like won't work because the problem is not network bandwidth but disk bandwidth. I mean, it's a problem that can be solved, a better way, but solving it the better way is more work.)
Next, from a technical support perspective? I could provide dramatically better service if I logged all the serial consoles. Dramatically better service. but last time I asked, people seemed uncomfortable with it, so I don't. (the thing is, it's only easy to log all consoles or log none of the consoles; I'd have to spend time and effort building a 'log consoles except for users that opt out' mechanisim, which is the right thing to do here, but due to time constraints that hasn't been done.) (to be clear, when a customer asks for help, or even if soemthing happens with a domain and I'm not sure it's working, I look at the serial console as is. My job would be nigh impossible without serial consoles. Also, by default I log the serial consoles on dedicated servers, though unlike Xen, it is easy for me to opt people out of that. Conserver is the tool I use there.)
Personally, I think I made the right choice when it comes to block devices (I have had good luck with my RAIDs, and treating disks as block devices means my customers can use whatever freaky filesystem they like.) but I think I made the wrong choice on the serial console; there really isn't that much personal stuff that comes up on the serial console, and it gives me a lot of clues.
I guess what I'm saying is that from a testing perspective? being able to see the user's bookmarks has a lot of advantages. It's a valid choice; and he's sharing that choice with the customers, which is the right thing to do.
(the interesting thing here, of course, was that if his account couldn't see the users bookmarks, while usually that would have given him much less diagnostic information, it would have given him more diagnostic information this time.)
Being down also pisses off your customers, so there is no 'guaranteed' choice here. (at least so long as it is a choice between good privacy and good testing.)
I think the key really is communication; letting the user know what you are doing and reading the feedback. It wouldn't occur to me that some people would think serial console logs are super private things, but turns out? many people think they are.
I mean, from that perspective, it seems like pinboard ought to take this feedback into consideration and maybe change that policy. I'm just saying that there were reasonable reasons why that original choice was made, even if it sounds like the decision may have been the wrong one.
Their terms are pretty straightforward. You're not allowed to use their logo in links, since that implies a false association. There's nothing new or broken here.
There's more to it than that. You're not allowed to use their logo in a link, true. However, you're also not allowed make them look bad with any such link. "You may not use any link to the Site as a method of creating an unauthorised association..., and agree that no such link shall portray us... in a false, misleading, derogatory or otherwise objectionable manner."
(Sorry for the snipping, but it was pretty long otherwise. I don't believe I've removed anything that changes the fundamental meaning.)
I'm so sick of people like you on HN. Open the link, look for a tiny snippet of text which looks like it's contrary to what the submitter's point is, and then bash them in the comments.
> no such link shall portray us or any other official London 2012 organisations (or our or their activities, products or services) in a false, misleading, derogatory or otherwise objectionable manner
Davidmp must have edited his comment, because your comment is far worse than his--you make a personal attack against him and provide a citation that is just as selective as his.
"Personal attack", as you put it, would be worse only if it was ad hominem, which it wasn't.
As you can see, davidmp's comment claims that "You can link with text as much as you want." The "selective" quote by tylermenezes is the smallest quote sufficient to prove false davidmp's claim.
By reading other comments, you can also see that several other readers called davidmp out on the exact same behavior as tylermenezes did and used more or less the same quote.
Your headline (which you toned down from the original, to be fair) implied that we can't link to the Olympics website. This is, strictly speaking, wrong. His post suggested that you could do so, if you used text and not a copyrighted image. This is also, strictly speaking, wrong.
You are both wrong. I don't see how your sarcasm is justified.
Yes, and if I change to title more accurately to reflect exactly what the article says then it's likely to get changed by a moderator. I have become circumspect about using title that are accurate instead of the ones on the article.
I claim my response is just and proportionate because it appears that he read only the submission title, quoted from the article, and not the article itself. I believe if you're going to comment on these things and make pronouncements such as he did, then it is beholden upon you to actually read the article.
Interesting point. I think that's also due to some influence on Apple's part, because Macs were never released with sequential numbers like the iPhone.
I'd suspect Apple is purposefully trying to disassociate the iPad with the iPhone and realigning it with the Mac line by changing naming conventions. If that's the case, this post is pretty good evidence that it hasn't really worked out so far.
Right, except for the fact that Apple lists it as "iPad (3rd Generation)", not "iPad (Early 2012)", so if you're right, they're trying to align it with the iPod rather than the Mac. Simple product line => simple names => simplified purchasing experience. No need to read anything more into it.
Generally speaking, I referred to my iPad 2 as an "iPad", and when not in the process of purchasing accessories or arranging repairs, I commonly call my "MacBook Pro (17-inch, Early 2011)" a "MacBook", "Mac", or, most frequently, "computer", in line with the common practice of most everybody I know, technically-inclined or otherwise, unless there's some need to either disambiguate or brag.
