< Back to the archive

Like what you see? Subscribe here and get it every week in your inbox!

Issue #158 - March 20, 2022

Here are the top threads of the week, happy reading!

Top comment by tomcam

> I have a pattern of loneliness pushing me into making very foolish decisions

That’s pretty unusual self awareness. Respect. Glad you’re asking for help.

Let me proffer some of the obvious suggestions: D&D type of gaming (not for me but my adult child has met many great people that way), going to the gym, yoga class, chamber of commerce, get involved with a charity that means something to you, start going to church.

Try talking to people but when I say talking I really mean listening with all your heart, and being interested in them. Everyone has a story. If you’re genuinely interested, they will reveal everything within a few minutes. my kids make gentle fun of me for interviewing people, but I just like to listen to what people are really saying and respond by learning more about them. (If you are sincere it will incidentally help you enormously with women.)

A slightly less obvious one: get really good at something. When I do this I shoot to be better than about 80% of people, which you can usually do with raw work and without requiring some kind of genetic superiority. If you do it right the process is rewarding, and the outcome is also rewarding. Get fluent at a challenging language like Chinese or Arabic? Work out enough to get fairly ripped? Give away something great on GitHub? You’re a recruiter if your username applies, and maybe just focus on making a lot of money? That sounds shallow and you don’t have to take it very seriously, but I have learned that getting better than most people at some kind of lucrative or socially valued skill just helped me enormously, and you can you can usually do that simply by working hard and with common sense. The reason I harp on this angle is that when you’re pretty darn good at something, it attracts people. And getting good at something usually requires that you take on multiple topics well at once, which makes you feel better about yourself.

You can reach out to me via the email address in my profile and we can chat if you want. I have no agenda but I’m a decent listener.

Top comment by ChrisMarshallNY

I've always found that "living at my means" has paid dividends. To many folks, 'round these parts, they'd consider it "living below my means," but that's mostly because they "live beyond their means."

I avoid personal debt like the plague. If that means living in a small house, and driving an old car, then so be it.

I've also found that learning to deliver software, as opposed to just "writing" software, has made me much more valuable.

Shipping isn't "fun," and many younger developers don't have the patience for it; but, when the rubber meets the road, shipping is what it's all about.

Top comment by tempnow987

I've had requests like this from family members supposedly "stuck overseas" etc. These types of requests are often scams.

My boss recently emailed me (from a weird email) saying the landlords payment hadn't gone through and we needed to wire them the money pronto and they were stuck traveling and couldn't do it. This was a scam.

In my neighborhood folks rent out houses for great deals, the landlord is temporarily traveling and can't meet. A fair number of these turn out to be scams.

I just mention this because if some low level support agent providing support to FREE accounts was able to reset an account based on this narrative - and no phone access - that would be HUGE security HOLE.

If google starts allowing recovery of passwords by folks overseas who are "stuck overseas" with no documents - game over. We are focusing on the folks getting locked out, but google is doing a fair bit to keep folks from getting taken over.

I have a 2FA key (hardware) they ask me for once a month. I'm not sure how someone takes over my account unless they get access to my computer with remote access and then maybe re-uses a session somehow? Even then I have to re-auth when doing security steps... so it's a bit weird to have an account takeover like this.

My request. For a fee of $1,000, an in person visit, fingerprints, and research effort, communication with existing account holder for any disputes (ie, someone sold them the account) google would allow for an account recovery. This last step is what is missing. Charge $2,500 even. In some cases that would be worth it and allow them to make a pretty good job on recovery. Even wipe the account / lock all old messages so they are unreadable on recovery.

Top comment by bane

Not a terrible story, but I was an early employee in a startup and was given a small batch of options to start (and some measure every year as bonus) -- nothing exciting. I think the strike price was like a $.05 a share or something with 20 million total shares and I had ended up with something like 20,000 shares.

As I moved up the ladder I replaced a VP and took on his shares instead as an incentive. It was 1.5 million shares. One year I landed a couple huge deals for the company and brought in bonuses worth more than the strike price on all of that and almost bought them.

While I was thinking about it, the executive in charge of marketing and sales left and I ended up meeting him in a local parking lot to pick up his laptop and some other things. He handed me and envelope and told me to give it to the CEO and that it was confidential. Being curious I looked in the envelope anyways and it was around 4 million shares in stock certificates in the company. I have no idea why they were being transferred but I'm sure it was some contractual contingency to return the shares based on some trigger in his contract.

Being honest, I turned in the stock certificates as instructed, but decided that something felt "off" and I chose not to execute on purchase of my options.

Over the next 12 months we tried to exit at a $25m valuation (which would have made me on paper at least a small time millionaire), failed to find a buyer, the CEO left, I became President of the company with the task to shut it down rendering my options worthless anyways.

In exchange for sticking it out and helping shut the company down, I left with a very nice parting bonus and a promise of strong reference from our VCs as a former corporate officer which helped me get my next position with another startup (which ended in disaster but that's a different story). All that was worth well more than my options in the end so I guess it was worth it?

Top comment by jawns

Here's how I address this problem.

When I'm developing, but before I create a PR, I'll create a bunch of stream-of-consciousness commits. This is stuff like "Fix typo" or "Minor formatting changes" mixed in with actual functional changes.

Right before I create the PR, or push up a shared branch, I do an interactive rebase (git rebase -i).

This allows me to organize my commits. I can squash commits, amend commits, move commits around, rewrite the commit messages, etc.

Eventually I end up with the 2-4 clean commits that your coworkers have. Often I design my commits around "cherry-pick" suitability. The commit might not be able to stand on its own in a PR, but does it represent some reasonably contained portion of the work that could be cherry-picked onto another branch if needed?

Granted, all of the advice above requires you to adhere to a "prefer rebase over merge" workflow, and that has some potential pitfalls, e.g. you need to be aware of the Golden Rule of Rebasing:

https://www.atlassian.com/git/tutorials/merging-vs-rebasing#...

But I vastly prefer this workflow to both "merge only," where you can never get rid of those stream-of-consciousness commits, and "squash everything," where every PR ends up with a single commit, even if it would be more useful to have multiple commits that could be potentially cherry-picked.

Top comment by hluska

My Dad was a police officer and I moved around a lot as a kid, so I had more than a decade of experience being the new kid before I graduated high school. I figured out some things and still use them when I’m new in organizations.

1.) Learn names.

2.) Avoid tribes at first. It’s tempting to latch onto the first group that welcomes you, but try to avoid this. For at least the first few weeks, focus on developing superficial relationships with lots of people over deep relationships with few.

3.) Find the cool. Starting something new often triggers something like mourning. Give yourself space to mourn the old, but force yourself space to find extremely cool things in the new place. You’re closing one door and opening another. Hunt the cool! It’s easier to do this if you form lots of relationships early on.

4.) Everyone is shy.

5.) I got to know two types of cops’ kids:

- “The place I lived two moves ago was the best.”

- “Whatever town I live in now is the best.”

Guess who had an easier time making friends.

6.) DIY. Your new town might suck and the place you lived last move may have actually been the best town on earth. It got that way because people had ideas and did it themselves. You got the idea from someone else so 5% of the hard work is already done…:)

7.) Once you’ve been the new person, your most important task is to always help new people.

Top comment by Shank

Your intuition is correct. The exception is that DNS will, by-default, be sent to the default router DNS servers, which might monitor/track what you do (most ISPs run DNS that do this too), and unencrypted HTTP. Unencrypted HTTP is more and more rare as time goes on.

Most of the "shame on public WiFi" comes from VPN companies, which are just trying to fearmonger into a sale. Sure, DNS over HTTPs isn't as widespread as it should be. Sure, some websites aren't encrypted, still. But that doesn't mean that routing all of your insecure traffic to a VPN provider so they can handle it instead is going to increase your security. It just moves the threat model from "your public WiFi network and people on it" to the VPN provider.

If you really want to be safe, you could run your own VPN with algo (https://github.com/trailofbits/algo) or manually setup WireGuard and route traffic e.g., back to your home ISP, instead. That's probably my best suggestion, rather than using any of the cliche VPN providers that advertise everywhere.

Top comment by graderjs

Hey. My project Diskernet does this: full text search over browser history.

Put it in "save" mode when using Chrome (linux is fine) and it automatically saves every page you browse (so you can read it offline), and also indexes it for full text search. It's a work in progress and there are bugs (so my advice initialize a git repo in your archive directory, and make regular syncs to a remote in case of failure -- that also gives you a nice snapshotted archive).

Anyway, best of luck to you! :)

Diskernet: https://github.com/crisdosyago/Diskernet

Top comment by elliotpage

+1 to Bitwarden, and in particular the Vaultwarden implementation.

I've been self hosting it for a number of years now and have never had to think about it ever again - it works, has clients for all my platforms, never had any issues.